Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data has migrated to a new base image for the Operators used by our Speech Services. The following vulnerabilities...

LeakSearch - Search & Parse Password Leaks

LeakSearch is a simple tool to search and parse plain text passwords using ProxyNova COMB Combination Of Many Breaches over the Internet. You can define a custom proxy and you can also use your own password file, to search using different keywords: such as user, domain or password. In addition, y...

USN-6581-1: GNU binutils vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of...

CentOS 9 : less-590-2.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the less-590-2.el9 build changelog. - In GNU Less before 609, crafted data can result in less -R not filtering ANSI escape sequences sent to the terminal. CVE-2022-46663 Note that Nessus ha...

CentOS 9 : xz-5.2.5-8.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the xz-5.2.5-8.el9 build changelog. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a...

CentOS 9 : cpio-2.13-16.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the cpio-2.13-16.el9 build changelog. - GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that...

CentOS 9 : gcc-toolset-13-binutils-2.40-8.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the gcc-toolset-13-binutils-2.40-8.el9 build changelog. - GNU binutils gold gold v1.11-v1.16 GNU binutils v2.21-v2.31.1 is affected by: Improper Input Validation, Signed/Unsigned...

PYSEC-2024-41

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...

USN-6655-1: GNU binutils vulnerabilities

It was discovered that GNU binutils was not properly handling the logic behind certain memory management related operations, which could lead to an invalid memory access. An attacker could possibly use this issue to cause a denial of service. CVE-2022-47695 It was discovered that GNU binutils was...

GNU Aspell: Heap Buffer Overflow

Background GNU Aspell is a popular spell-checker. Dictionaries are available for many languages. Description Multiple vulnerabilities have been discovered in GNU Aspell. Please review the CVE identifiers referenced below for details. Impact GNU Aspell has a heap-based buffer overflow in...

GLSA-202402-31 : GNU Aspell: Heap Buffer Overflow

The remote host is affected by the vulnerability described in GLSA-202402-31 GNU Aspell: Heap Buffer Overflow - objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::duptop called from acommon::StringMap::add and acommon::Config::lookuplist. CVE-2019-25051 Note that...

Ubuntu 20.04 LTS / 22.04 LTS : GNU binutils vulnerabilities (USN-6655-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6655-1 advisory. It was discovered that GNU binutils was not properly handling the logic behind certain memory management related operations, which could lead...

SUSE CVE-2024-25711

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...

Gnu Coreutils Buffer Overflow Vulnerability

Gnu Coreutils is a core toolset of the GNU community. Gnu Coreutils suffers from a buffer overflow vulnerability that stems from the presence of a heap overflow, which can be exploited by an attacker to cause an application crash and denial of service...

gimp: psp off-by-one RCE

A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSP file, possibly enabling the execution of unauthorized code within the GIMP process...

GNU Tar: Out of Bounds Read

Background The GNU Tar program provides the ability to create tar archives, as well as various other kinds of manipulation. Description A vulnerability have been discovered in GNU Tar. Please review the CVE identifier referenced below for details. Impact GNU Tar has a one-byte out-of-bounds read...

GLSA-202402-12 : GNU Tar: Out of Bounds Read

The remote host is affected by the vulnerability described in GLSA-202402-12 GNU Tar: Out of Bounds Read - GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrate...

CLSA-2024-1708029490 gnutls: Fix of 3 CVEs

Add CVE-2024-0567 PoC test - Remove src.rpm from sources - CVE-2023-5981: removes branching that depends on secret data to prevent potential side-channel attack - CVE-2024-0553: minimize branching after decryption...

The vulnerability of the __vsyslog_internal function in the glibc library, which allows a hacker to cause a service failure

The vulnerability of the vsysloginternal function in the glibc library is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

CVE-2024-25118

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this...