16966 matches found
Moderate: cockpit security update
Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: command injection when deleting a sosreport with a crafted...
RHEL 8 : cockpit (RHSA-2024:3667)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3667 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELin...
glibc: Out of bounds write in iconv may lead to remote code execution
An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of...
glibc: netgroup cache assumes NSS callback uses in-buffer strings
A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash...
glibc: null pointer dereferences after failed netgroup cache insertion
A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit...
glibc: stack-based buffer overflow in netgroup cache
A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity...
SUSE CVE-2021-33645
The thread function doesn't free a variable t-thbuf.gnulonglink after allocating memory, which may cause a memory leak...
SUSE CVE-2021-33646
The thread function doesn't free a variable t-thbuf.gnulongname after allocating memory, which may cause a memory leak...
RHEL 8 : aspell (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - aspell: UCS-2 and UCS-4 null-terminated string handling OOB read CVE-2019-20433 - libaspell.a in GNU Aspe...
RHEL 7 : libidn (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libidn2: Integer overflow in punydecode.c/decodedigit CVE-2017-14062 - The stringpreputf8toucs4 function ...
RHEL 9 : gcc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libiberty: Heap/stack buffer overflow in the dlanglname function in d-demangle.c CVE-2021-3826 - binutils...
RHEL 7 : patch (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - patch: directory traversal via file rename CVE-2015-1395 - GNU patch 2.7.1 allows remote attackers to wri...
RHEL 4 : glibc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - glibc: posixspawnfileactionsaddopen fails to copy the path argument CVE-2014-4043 - glibc: heap/stack gap...
RHEL 7 : emacs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - emacs: multiple temporary file issues CVE-2014-3424 - emacs: command execution via shell metacharacters...
RHEL 7 : aspell (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - aspell: UCS-2 and UCS-4 null-terminated string handling OOB read CVE-2019-20433 - libaspell.a in GNU Aspe...
RHEL 9 : tar (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - tar: Incorrectly handled extension attributes in PAX archives can lead to a crash CVE-2023-39804 Note that Nessus h...
RHEL 8 : gcc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Developer environment: Homoglyph characters can lead to trojan source attack CVE-2021-42694 - The...
EulerOS 2.0 SP11 : ncurses (EulerOS-SA-2024-1805)
According to the versions of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in GNU ncurses 6.4-20230610. It has been rated as problematic. This issue affects the function tgetstr. There is no...
EulerOS 2.0 SP11 : ncurses (EulerOS-SA-2024-1792)
According to the versions of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in GNU ncurses 6.4-20230610. It has been rated as problematic. This issue affects the function tgetstr. There is no...
RHEL 5 : tar (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tar: Bypassing the extract path name CVE-2016-6321 - tar: Infinite read loop in sparsedumpregion function...