Moderate: LibRaw security update

LibRaw is a library for reading RAW files obtained from digital photo cameras CRW/CR2, NEF, RAF, DNG, and others. Security Fixes: LibRaw: stack buffer overflow in LibRawbufferdatastream::gets in src/librawdatastream.cpp CVE-2021-32142 For more details about the security issues, including the...

Low: gdb security update

The GNU Debugger GDB allows users to debug programs written in various programming languages including C, C++, and Fortran. Security Fixes: libiberty: Heap/stack buffer overflow in the dlanglname function in d-demangle.c CVE-2021-3826 For more details about the security issues, including the...

squid:4 security update

libecap squid 4.15-6.0.1 - Improve HTTP chunked encoding compliance CVE-2023-46846 - Fix stack buffer overflow when parsing Digest Authorization CVE-2023-46847...

Rocky Linux 8 : shim (RLSA-2021:1734)

The remote Rocky Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2021:1734 advisory. - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw...

Rocky Linux 8 : fwupd (RLSA-2021:2566)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2566 advisory. - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw...

Rocky Linux 8 : redis:5 (RLSA-2019:2002)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2019:2002 advisory. - A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before...

Rocky Linux 8 : cairo and pixman (RLSA-2022:1961)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1961 advisory. - A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's...

OSV-2023-1110 Stack-buffer-overflow in dynapi_set_helper

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63824 Crash type: Stack-buffer-overflow READ Crash state: dynapisethelper dwgdynapiheadersetvalue jsonHEADER...

PT-2023-35563 · Git +1 · Libredwg

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack-buffer-overflow read crash. Technical details include the involvement of specific functions such as dynapi set helper, dw...

squid security update

7:5.5-5.el92.1 - Improve HTTP chunked encoding compliance CVE-2023-46846 - Fix stack buffer overflow when parsing Digest Authorization CVE-2023-46847 - Fix userinfo percent-encoding CVE-2023-46848...

Stack overflow

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase...

CVE-2023-39281

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase...

The vulnerability of the Xpedition Layout Browser software, which is used for viewing and analyzing electronic circuits and printed circuit boards, stems from buffer overflow in the stack. This allows an attacker to execute arbitrary code.

The vulnerability of the Xpedition Layout Browser software for viewing and analyzing electronic circuits and printed circuit boards is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

OSV-2023-1093 Stack-buffer-overflow in ndpi_handle_rule

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63746 Crash type: Stack-buffer-overflow WRITE Crash state: ndpihandlerule ndpiloadprotocolsfilefd fuzzfilecfgprotocols.c...

Huawei EulerOS: Security Advisory for json-c (EulerOS-SA-2023-3009)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-35554 · Git +1 · Ndpi

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A stack-buffer-overflow issue was identified, potentially causing a crash. The crash involves the ndpi handle rule and ndpi load protocols file fd...

Huawei EulerOS: Security Advisory for json-c (EulerOS-SA-2023-3032)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-02: Stack Buffer Overflow to Remote Code Execution (RCE) in Moxa NPort W2150a/W2250a

The vulnerability was identified in Moxa NPort W2150a/W2250a v.2.3 and lower. It is possible to execute OS commands on the device as a privileged user root due to a stack buffer overflow vulnerability. Exploitation of the vulnerability is possible for an unauthorized user by sending payloads to a...

Oracle Linux 8 : php:8.0 (ELSA-2023-5927)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5927 advisory. libzip php 8.0.30-1 - rebase to 8.0.30 - Resolves: RHEL-11946 php-pear php-pecl-apcu php-pecl-rrd php-pecl-xdebug3 php-pecl-zip Tenable has extracted t...

Ubuntu 20.04 LTS : AOM vulnerabilities (USN-6447-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6447-1 advisory. It was discovered that AOM incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file,...