USN-6581-1: GNU binutils vulnerabilities

It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. CVE-2022-44840, CVE-2022-45703...

Security Bulletin: IBM Automation Decision Services December 2023 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: python-requests could...

Ubuntu 20.04 LTS / 22.04 LTS : GNU binutils vulnerabilities (USN-6581-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6581-1 advisory. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An...

[SECURITY] Fedora 39 Update: exim-4.97.1-1.fc39

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

[SECURITY] Fedora 38 Update: exim-4.97.1-1.fc38

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

Low: Red Hat Security Advisory: libarchive security update

An update for libarchive is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

USN-6541-2: GNU C Library regression

USN-6541-1 fixed vulnerabilities in the GNU C Library. Unfortunately, changes made to allow proper application of the fix for CVE-2023-4806 in Ubuntu 22.04 LTS introduced an issue in the NSCD service IPv6 processing functionalities. This update fixes the problem. We apologize for the inconvenienc...

Ubuntu 22.04 LTS : GNU C Library regression (USN-6541-2)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6541-2 advisory. USN-6541-1 fixed vulnerabilities in the GNU C Library. Unfortunately, changes made to allow proper application of the fix for CVE-2023-4806 in Ubuntu 22.04 LTS...

Security Bulletin: A vulnerability in GNU Binutils may affect IBM Robotic Process Automation for Cloud Pak and result in a denial of service (CVE-2019-9074).

Summary GNU Binutils is used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP. CVE-2019-9074. Vulnerability Details CVEID:CVE-2019-9074 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an out-of-bounds read leading to a SEGV in bfdgetl32 in libbfd.c i...

Security Bulletin: Vulnerabilities in Watson NLP and WebSphere Liberty may affect IBM Robotic Process Automation for Cloud Pak

Summary Python is used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP and WebSphere Liberty. CVE-2022-48565. GNU gdb is used by IBM Robotic Process Automation for Cloud Pak as part of WebSphere Liberty and base container images. CVE-2023-39129. Vulnerability Details...

glibc: buffer overflow in ld.so leading to privilege escalation

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

RHEL 8 : Red Hat Virtualization Host 4.4.z SP 1 (RHSA-2024:0033)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0033 advisory. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-nod...

PT-2025-6691

Name of the Vulnerable Software and Affected Versions GNU grub2 affected versions not specified Description The issue concerns an out-of-bounds write in the strcpy function within the hfs.c file of the GNU grub2 software, specifically affecting the hfs filesystem module. Recommendations At the...

OESA-2023-1991 tar security update

GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored. Security Fixes: A flaw was found in...

NewStart CGSL MAIN 5.04 : gettext Vulnerability (NS-SA-2023-0068)

The remote NewStart CGSL host, running version MAIN 5.04, has gettext packages installed that are affected by a vulnerability: - An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read- catalog.c, related to an invalid free in pogramparse in po-gram-gen....

NewStart CGSL MAIN 5.04 : gzip Vulnerability (NS-SA-2023-0103)

The remote NewStart CGSL host, running version MAIN 5.04, has gzip packages installed that are affected by a vulnerability: - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, thi...

NewStart CGSL MAIN 6.06 : cpio Vulnerability (NS-SA-2023-0088)

The remote NewStart CGSL host, running version MAIN 6.06, has cpio packages installed that are affected by a vulnerability: - GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-boun...

Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data 4.8.1 has addressed security vulnerabilities

Summary IBM Cognos Dashboards on Cloud Pak for Data 4.8.1 resolves vulnerabilities reported in GNU gcc, GNU glibc, shadow-maint shadow-utils and RabbitMQ. Please refer to the table in the Related Information section for vulnerability impact. Vulnerability Details CVEID:CVE-2023-4641 DESCRIPTION:...

Exploit for Heap-based Buffer Overflow in Gnu Glibc

CVE-2023-4911 - Looney Tunables This is a atm very rough pr...

Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2023-3428)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...