BIT-TYPO3-2023-47126

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory e.g. /var/www/html/var/transient/. This applies to composer-based scenarios only...

Moderate: Red Hat Security Advisory: emacs security update

An update for emacs is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

Moderate: Red Hat Security Advisory: gmp security update

An update for gmp is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

gnutls: incomplete fix for CVE-2023-5981

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...

GNU indent buffer overflow vulnerability

GNU indent is a utility program of the American GNU community that has existed since the Unix era. It can be reindented into C and C++ code in a user-defined programming style. GNU indent suffers from a buffer overflow vulnerability that stems from a heap-based buffer overflow contained in...

RHEL 8 : emacs (RHSA-2024:1103)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1103 advisory. GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp,...

RHEL 8 : gmp (RHSA-2024:1102)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1102 advisory. The gmp packages contain GNU MP, a library for arbitrary precision arithmetics, signed integers operations, rational numbers, and floating point...

Exploit for Out-of-bounds Write in Gnu Glibc

Tested...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data has migrated to a new base image for the Operators used by our Speech Services. The following vulnerabilities...

LeakSearch - Search & Parse Password Leaks

LeakSearch is a simple tool to search and parse plain text passwords using ProxyNova COMB Combination Of Many Breaches over the Internet. You can define a custom proxy and you can also use your own password file, to search using different keywords: such as user, domain or password. In addition, y...

CentOS 9 : xz-5.2.5-8.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the xz-5.2.5-8.el9 build changelog. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a...

CentOS 9 : gcc-toolset-13-binutils-2.40-8.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the gcc-toolset-13-binutils-2.40-8.el9 build changelog. - GNU binutils gold gold v1.11-v1.16 GNU binutils v2.21-v2.31.1 is affected by: Improper Input Validation, Signed/Unsigned...

USN-6581-1: GNU binutils vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of...

CentOS 9 : cpio-2.13-16.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the cpio-2.13-16.el9 build changelog. - GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that...

CentOS 9 : less-590-2.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the less-590-2.el9 build changelog. - In GNU Less before 609, crafted data can result in less -R not filtering ANSI escape sequences sent to the terminal. CVE-2022-46663 Note that Nessus ha...

PYSEC-2024-41

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...

USN-6655-1: GNU binutils vulnerabilities

It was discovered that GNU binutils was not properly handling the logic behind certain memory management related operations, which could lead to an invalid memory access. An attacker could possibly use this issue to cause a denial of service. CVE-2022-47695 It was discovered that GNU binutils was...

GNU Aspell: Heap Buffer Overflow

Background GNU Aspell is a popular spell-checker. Dictionaries are available for many languages. Description Multiple vulnerabilities have been discovered in GNU Aspell. Please review the CVE identifiers referenced below for details. Impact GNU Aspell has a heap-based buffer overflow in...

GLSA-202402-31 : GNU Aspell: Heap Buffer Overflow

The remote host is affected by the vulnerability described in GLSA-202402-31 GNU Aspell: Heap Buffer Overflow - objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::duptop called from acommon::StringMap::add and acommon::Config::lookuplist. CVE-2019-25051 Note that...