snappy-java's Integer Overflow vulnerability in compress leads to DoS

Summary Due to unchecked multiplications, an integer overflow may occur, causing an unrecoverable fatal error. Impact Denial of Service Description The function compresschar...

CVE-2023-34454 snappy-java's Integer Overflow vulnerability in compress leads to DoS

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error. The function compresschar input in the file Snappy.java receives an array of characters and compresses it. I...

CVE-2023-34453 snappy-java's Integer Overflow vulnerability in shuffle leads to DoS

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error. The function shuffleint input in the file BitShuffle.java receives an array of integers and applies a bit shuffle on it. It...

Ubuntu: Security Advisory (USN-6151-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.1 : apr-util (EulerOS-SA-2023-1991)

According to the versions of the apr-util package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Integer Overflow or Wraparound vulnerability in aprbase64 functions of Apache Portable Runtime Utility APR-util allows an attack...

Huawei EulerOS: Security Advisory for apr-util (EulerOS-SA-2023-1969)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-3420-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Android elevation of privilege vulnerability (CNVD-2023-50311)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to an integer overflow in the PowerVRSRVBridgeRGXKickSync of the PowerVR kernel driver, which can be exploited by an attacker to escalate privileges...

SUSE-SU-2023:2122-1 Security update for redis

This update for redis fixes the following issues: - CVE-2022-36021: Fixed possible integer overflow via specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands bsc1208790. - CVE-2023-28856: Fixed possible DoS when using HINCRBYFLOAT to create an hash field bsc1210548. - CVE-2023-25155...

Fedora 37 : mingw-freetype (2023-ddc617c87f)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-ddc617c87f advisory. Backport fix for CVE-2023-2004. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

RXSA-2023:0951 Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free caused by l2capreassemblesdu in net/bluetooth/l2capcore.c CVE-2022-3564 kernel: stack overflow in doprocdointvec and procskipspaces CVE-2022-4378 kernel: use-after-free in...

Debian: Security Advisory (DLA-786-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Debian dla-3332 : libaprutil1 - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3332 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3332-1 [email protected] https://www.debian.org/lts/security/...

SUSE SLES15 Security Update : libksba (SUSE-SU-2023:0056-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0056-2 advisory. - Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. CVE-2022-47629 Note that Nessus has not...

SUSE-SU-2023:0274-1 Security update for redis

This update for redis fixes the following issues: - CVE-2022-35977: Fixed an integer overflow that could allow authenticated users to cause a crash bsc1207202...

RHEL 8 : libksba (RHSA-2023:0592)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:0592 advisory. KSBA pronounced Kasbah is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are...

Slackware: Security Advisory (SSA:2023-032-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5832-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5814-1: Linux kernel vulnerabilities

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2022-4378 Tamás Koczka discovered that the Bluetooth L2CAP handshake...