Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 Remote Root Exploit

Summary The C-Bus Network Automation Controller 5500NAC and the Wiser for C-Bus Automation Controller 5500SHAC is an advanced controller from Schneider Electric. It is specifically designed to unite the C-Bus home automation solution with common household communication protocols, from lighting an...

GNU LibreDWG Heap Buffer Overflow Vulnerability (CNVD-2022-52260)

GNU LibreDWG is a C library for processing DWG files from the GNU community.A heap buffer overflow vulnerability exists in versions of GNU LibreDWG prior to 0.12.4, which stems from a boundary error in copybytes of decoder2007.c when handling untrusted input. No detailed vulnerability details are...

GNU LibreDWG Heap Buffer Overflow Vulnerability (CNVD-2022-52261)

GNU LibreDWG is a C library for processing DWG files from the GNU community.A heap buffer overflow vulnerability exists in versions of GNU LibreDWG prior to 0.12.4, which stems from a boundary error in copycompressedbytes of decoder2007.c when handling untrusted input. No detailed vulnerability...

Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2022-1714)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GNU Mailman Postorius Access Control Issues

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...

GHSA-V83X-78Q3-GR2J GNU Mailman Postorius Access Control Issues

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...

Security Bulletin: Multiple vulnerabilities impact System Storage DS8000 Hardware Management Console (HMC)

Summary Multiple vulnerabilities in the DS8000 Hardware Management Console are covered in this bulletin. These include: - IBM® Runtime Environment Java™ Technology Edition that is used by the DS8000 Hardware Management Console. These issues were disclosed as part of the IBM Java SDK critical patc...

Security Bulletin: Vulnerabilities in Bash affect DS8000 HMC (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by the DS8000 HMC. Vulnerability Details This update provides details on...

OpenRazer buffer overflow vulnerability

OpenRazer is an open source driver and userspace daemon used to control Razer lighting and other functions on GNU/Linux. Used to control Razer lighting and other features on GNU/Linux, a buffer overflow vulnerability exists in OpenRazer version 3.3.0 and earlier, which stems from a boundary error...

GNU LibreDWG 缓冲区错误漏洞

GNU LibreDWG is a C library for processing DWG files from the GNU community.A heap buffer overflow vulnerability exists in versions of GNU LibreDWG prior to 0.12.4, which stems from a boundary error in copybytes of decoder2007.c when handling untrusted input. No detailed vulnerability details are...

SurgeMail Detection (IMAP)

IMAP based detection of SurgeMail. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it...

Fedora: Security Advisory for dotnet6.0 (FEDORA-2022-256d559f0c)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2018-20431

GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function processmetadata in plugins/ole2extractor.c...

CVE-2019-6456

An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function recfexsize in the file rec-fex.c of librec.a...

CVE-2018-14347

GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTORmpegextractmethod mpegextractor.c...

openSUSE: Security Advisory for php7 (SUSE-SU-2022:1768-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-6459

An issue was discovered in GNU Recutils 1.8. There is a memory leak in recextracttype in rec-utils.c in librec.a...

CVE-2018-20430

GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function historyextract in plugins/ole2extractor.c, related to EXTRACTORcommonconverttoutf8 in common/convert.c...

Oracle Linux 8 : cpio (ELSA-2022-1991)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-1991 advisory. 2.12-11 - Fixed CVE-2021-38185 1992511 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

new packages: gnu-efi

An update is available for gnu-efi. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...