Updated stb packages fix security vulnerabilities

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in startdecoder. The root cause is a potential integer overflow in sizeofchar f-commentlistlength which may make setupmalloc allocate less memory...

SUSE CVE-2024-35818

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Define the ioaw hook as mmiowb Commit fb24ea52f78e0d595852e "drivers: Remove explicit invocations of mmiowb" remove all mmiowb in drivers, but it says: "NOTE: mmiowb has only ever guaranteed ordering in conjunction wit...

EulerOS Virtualization 3.0.6.0 : libwebp (EulerOS-SA-2024-1689)

According to the versions of the libwebp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform a...

EulerOS Virtualization 3.0.6.6 : libwebp (EulerOS-SA-2024-1656)

According to the versions of the libwebp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform a...

CVE-2024-4761

An out-of-bounds write vulnerability was found in the Chromium web browser. If a remote, unauthenticated attacker tricks a user into visiting a specially crafted HTML page, the attacker could write to memory, which is out of bounds. This issue could have impacts to integrity, availability, and...

Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2024-1656)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dsa-5689 : chromium - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5689 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5689-1 [email protected] https://www.debian.org/security/ Andres...

CVE-2024-4761

Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2024-4761

Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2024-4761

Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2024-4761

Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

Microsoft Edge (Chromium) < 124.0.2478.105 (CVE-2024-4761)

The version of Microsoft Edge installed on the remote Windows host is prior to 124.0.2478.105. It is, therefore, affected by a vulnerability as referenced in the May 14, 2024 advisory. - Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out...

Google Chrome < 124.0.6367.207 Vulnerability

The version of Google Chrome installed on the remote Windows host is prior to 124.0.6367.207. It is, therefore, affected by a vulnerability as referenced in the 202405stable-channel-update-for-desktop13 advisory. - Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remot...

Google Chrome < 124.0.6367.207 Vulnerability

The version of Google Chrome installed on the remote macOS host is prior to 124.0.6367.207. It is, therefore, affected by a vulnerability as referenced in the 202405stable-channel-update-for-desktop13 advisory. - Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote...

RHEL 7 : mozilla (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Mozilla: Malicious Extension could obtain auth codes from OAuth login flows CVE-2020-6823 - An error occu...

Fedora 39 : stb (2024-4c8d4cda0d)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-4c8d4cda0d advisory. Security fix for CVE-2023-45681 / CVE-2023-47212 Tenable has extracted the preceding description block directly from the Fedora security advisory...

Fedora 38 : stb (2024-5e5d8c2581)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5e5d8c2581 advisory. Security fix for CVE-2023-45681 / CVE-2023-47212 Tenable has extracted the preceding description block directly from the Fedora security advisory...

RHEL 8 : nasm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nasm: use-after-free in pastetokens in asm/preproc.c CVE-2019-8343 - NASM nasm-2.13.03 nasm- 2.14rc15...

RHEL 9 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - kernel: Linux ebpf logic vulnerability leads to critical memory read and write gaining root privileges...

VulnCheck KEV: CVE-2024-4761

Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...