Advisory ROSA-SA-2025-2893

Software: libtiff 4.0.9 OS: ROSA Virtualization 3.0 packageevrstring: libtiff-4.0.9-34.rv30 CVE-ID: CVE-2017-17095 BDU-ID: 2019-03339 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the LibTIFF library is related to a heap-based buffer overflow in TIFFSetupStrips. Exploitation of the vulnerability...

CVE-2021-21850

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “trun” FOURCC code due to unchecked...

Alibaba Cloud Linux 3 : 0005: rsync (ALINUX3-SA-2023:0005)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0005 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-37434: zlib through 1.2.12 has a heap-base...

RHEL 7 : qemu-kvm-rhev (RHSA-2016:1763)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1763 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provid...

[SECURITY] [DLA 4097-1] vim security update

Debian LTS Advisory DLA-4097-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton March 30, 2025 https://wiki.debian.org/LTS Package : vim Version : 2:8.2.2434-3+deb11u3 CVE ID : CVE-2021-3872 CVE-2021-4019 CVE-2021-4173 CVE-2021-4187 CVE-2022-0261 CVE-2022-0351...

Linux Distros Unpatched Vulnerability : CVE-2017-9776

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service...

Linux Distros Unpatched Vulnerability : CVE-2016-7167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple integer overflows in the 1 curlescape, 2 curleasyescape, 3 curlunescape, and 4 curleasyunescape functions in libcurl before 7.50.3 allow attackers to...

Linux Distros Unpatched Vulnerability : CVE-2014-9835

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file. CVE-2014-9835 Note that Nessus relies on the presence of the package as reported by the vendor...

Linux Distros Unpatched Vulnerability : CVE-2011-2939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Off-by-one error in the decodexs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent...

Security Bulletin: NVIDIA nvJPEG2000 - February 2025

NVIDIA has released a software update for NVIDIA® nvJPEG2000 to address the issues listed below. To protect your system, download and install this software update from nvJPEG2000 Downloads page. Go to NVIDIA Product Security. Details This section provides a summary of potential vulnerabilities th...

CVE-2024-51737 RediSearch Integer Overflow with LIMIT or KNN arguments can lead to RCE

RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an...

Unspecified Vulnerability in Honeywell Experion Server (CNVD-2024-24966)

Honeywell Experion Server is a high-performance industrial control system server from Honeywell, primarily used in the Experion Process Knowledge System PKS platform. A security vulnerability exists in Honeywell Experion Server, which stems from the fact that the server's receipt of a malformed...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: iouring/afunix: disable sending iouring over sockets CVE-2023-52654 In the Linux kernel, the following vulnerability has been resolved: blk-mq: make sure active queue usage is held for biointegrityprep...

Impact of Chromium vulnerabilities CVE-2023-4863 and CVE-2023-5217 on Cloud Software Group products

Cloud Software Group will continue to update this post as additional information becomes available. Summary Google Chromium Heap-Based Buffer Overflow Vulnerability Cloud Software Group is aware of the vulnerabilities CVE-2023-4863 and CVE-2023-5217 that impact Chromium. CVE-2023-4863 description...

SUSE-SU-2023:1592-1 Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-15020024112 fixes several issues. The following security issues were fixed: - CVE-2023-26545: Fixed double free in net/mpls/afmpls.c upon an allocation failure bsc1208909. - CVE-2023-1078: Fixed a heap out-of-bounds write in rdsrmzerocopycallback bsc1208838...

VMware Workstation and Horizon Client Out-of-Bounds Read Vulnerability

VMware Workstation and VMware Horizon Client are both products of Vmware, Inc.VMware Workstation is a suite of virtual machine software. VMware Workstation is a suite of virtual machine software that provides the ability to run multiple virtual machines with different operating systems at the sam...

Red Hat Satellite Buffer Overflow Vulnerability

Red Hat Satellite is a system management platform from Red Hat. The platform can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. A security vulnerability exists in Red Hat Satellite. The vulnerability stems fro...

Design/Logic Flaw

A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating...

SUSE-SU-2020:2513-1 Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-19729 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgaconscroll bsc1174247. - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs bsc1174186. -...

SUSE-SU-2020:2526-1 Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-19718 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgaconscroll bsc1174247. - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs bsc1174186. -...