GOCR: Multiple Vulnerabilities

Background GOCR is an OCR Optical Character Recognition program, developed under the GNU Public License. It converts scanned images of text back to text files. Description Multiple vulnerabilities have been discovered in GOCR. Please review the CVE identifiers referenced below for details. Impact...

[SECURITY] Fedora 39 Update: coreutils-9.3-5.fc39

These are the GNU core utilities. This package is the combination of the old GNU fileutils, sh-utils, and textutils packages...

Fedora: Security Advisory (FEDORA-2024-6b85e8848f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Heap-based Buffer Overflow in Gnu Glibc

GNU C Library's Dynamic Loader Vulnerability CVE-2023-4911...

SUSE CVE-2024-0684

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit function, potentially leading to an application crash and denial of service...

Firefox 121 / Chrome 120 Denial Of Service

Minor firefox DoS - semi silently polluting /Downloads with files part 2 Tested on: firefox 121 and chrome 120 on GNU/linux Date: Thu Jan 18 08:38:28 AM UTC 2024 This is barely a DoS, but since it might affect Chrome too we decided to disclose it. If firefox user visits a specially crafted page,...

CVE-2024-0684

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit function, potentially leading to an application crash and denial of service. Mitigation Mitigation for this issue is either not...

GNU coreutils 缓冲区错误漏洞

Gnu Coreutils is a core toolset of the GNU community. Gnu Coreutils suffers from a buffer overflow vulnerability that stems from the presence of a heap overflow, which can be exploited by an attacker to cause an application crash and denial of service...

PT-2024-1284

Name of the Vulnerable Software and Affected Versions: GNU coreutils versions affected versions not specified Description: A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line bytes split...

Fedora: Security Advisory for exim (FEDORA-2024-e0841c83bb)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-1ef6197a49)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2024-0553

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

Security Bulletin: Multiple security vulnerabilities affect IBM Robotic Process Automation for Cloud Pak.

Summary Unbound is used by IBM Robotic Process Automation for Cloud Pak as part of antivirus functionality. CVE-2019-25033. ISC BIND is used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP. CVE-2022-3094. GNU Binutils is used by IBM Robotic Process Automation for Cloud Pak a...

GnuTLS Security Vulnerabilities

GnuTLS is a free secure communications library for implementing the SSL, TLS and DTLS protocols. A security vulnerability exists in GnuTLS, which stems from a difference in response time for ciphertexts that are formatted incorrectly versus ciphertexts that are correctly padded, which could allow...

EulerOS Virtualization 2.9.0 : binutils (EulerOS-SA-2024-1003)

According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function...

EulerOS 2.0 SP11 : emacs (EulerOS-SA-2023-2639)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or...

EulerOS Virtualization 2.11.1 : emacs (EulerOS-SA-2023-2721)

According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a...

EulerOS 2.0 SP9 : glibc (EulerOS-SA-2023-3330)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an...

EulerOS 2.0 SP11 : emacs (EulerOS-SA-2023-2681)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or...