40 matches found
SUSE-SU-2023:0602-1 Security update for google-osconfig-agent
This update for google-osconfig-agent fixes the following issues: Updated to version 20230222.00 and bumped go API version to 1.18 to address the following bsc1208723: - CVE-2021-38297: Fixed data overwrite when passing large arguments to GOARCH=wasm GOOS=js bsc1191468. - CVE-2022-23806: Fixed...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.16.0.1)
The version of AOS installed on the remote host is prior to 5.16.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.16.0.1 advisory. - OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of...
CVE-2021-29632
In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before r370674, 13.0-RELEASE before p6, and 12.2-RELEASE before p12, certain conditions involving use of the highlight buffer while text is scrolling on the console, console data may overwrite data structures associated with the syst...
SUSE-SU-2021:2765-1 Security update for libmspack
This update for libmspack fixes the following issues: - CVE-2018-14681: Bad KWAJ file header extensions could cause a one or two byte overwrite. bsc1103032 - CVE-2018-14682: There is an off-by-one error in the TOLOWER macro for CHM decompression. bsc1103032...
Ubuntu 16.04 LTS : OpenSLP vulnerability (USN-4919-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4919-1 advisory. It was discovered that OpenSLP did not properly validate URLs. A remote attacker could use this issue to cause OpenSLP to crash or possibly execute arbitrary code...
SUSE-SU-2020:1733-1 Security update for curl
This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option bsc1173027. - CVE-2020-8169: Fixed an issue where could have led to partial password leak over DNS on HTTP...
SUSE-SU-2020:1732-1 Security update for curl
This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option bsc1173027...
Huawei EulerOS: Security Advisory for openslp (EulerOS-SA-2020-1418)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for openslp (EulerOS-SA-2020-1038)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2497-1)
This update for the Linux Kernel 3.12.61-5283 fixes several issues. The following security bugs were fixed : - CVE-2017-1000112: Prevent a race condition in net-packet code that could have been exploited by unprivileged users to gain root access bsc1052368. - CVE-2017-7645: The NFSv2/NFSv3 server...
CVE-2017-13709
In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree...
CVE-2008-5284
The CVE-2008-5284 issue affects multiple products where the web server component can crash due to a crafted HTTP Content-Length header with a negative value. Affected are IEA Software RadiusNT/RadiusX (versions 5.1.38 up to but not including 5.1.44), Emerald (5.0.49 up to before 5.0.52), Air Mars...
CVE-2008-0665
wmlbackend/p1ipp/ipp.src in Website META Language WML 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file...
CVE-2007-1444
netserver in netperf 2.4.3 allows local users to overwrite arbitrary files via a symlink attack on /tmp/netperf.debug...
Remote file inclusion
PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS"CLPath" parameter to 1 reconfig.php and 2 srxclr.php. NOTE: this might be due to a globals overwrite issue...
CVE-2006-2570
PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS"CLPath" parameter to 1 reconfig.php and 2 srxclr.php. NOTE: this might be due to a globals overwrite issue...
Moderate: Red Hat Security Advisory: krb5 security update
Updated Kerberos krb5 packages that correct buffer overflow and temporary file bugs are now available for Red Hat Enterprise Linux. Kerberos is a networked authentication system that uses a trusted third party a KDC to authenticate clients and servers to each other. A heap based buffer overflow b...
GLSA-200410-16 : PostgreSQL: Insecure temporary file use in make_oidjoins_check
The remote host is affected by the vulnerability described in GLSA-200410-16 PostgreSQL: Insecure temporary file use in makeoidjoinscheck The makeoidjoinscheck script insecurely creates temporary files in world-writeable directories with predictable names. Impact : A local attacker could create...
DSA-458-3 python2.2 - buffer overflow
Bulletin has no description...
diffutils sdiff creates temporary files insecurely
Overview diffutils, a set of utilities distributed with many versions of linux, contains a utility called sdiff, which creates temporary files of predictable names in an insecure fashion. Using a symbolic link attack, an intruder can cause overwrite of any file writable by the user executing sdif...