EulerOS Virtualization 2.11.0 : json-c (EulerOS-SA-2023-3377)

According to the versions of the json-c package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in json-c from 20200420 post 0.14 unreleased code through 0.15-20200726. A stack-buffer-overflow exists in...

EulerOS 2.0 SP10 : json-c (EulerOS-SA-2023-3181)

According to the versions of the json-c package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in json-c from 20200420 post 0.14 unreleased code through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : Libspf2 vulnerabilities (USN-6584-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6584-1 advisory. Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system wer...

squid34 security update

7:3.4.14-15.0.1 - Fix stack buffer overflow when parsing Digest Authorization CVE-2023-46847Orabug: 36053795...

squid security update

7:3.1.23-24.0.1 - Fix stack buffer overflow when parsing Digest Authorization CVE-2023-46847Orabug: 36053765...

OSV-2024-9 Stack-buffer-overflow in _canonicalize

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65635 Crash type: Stack-buffer-overflow READ Crash state: canonicalize ulocimpgetBaseName75 uresopenWithType...

PT-2024-40872 · Git +1 · Icu

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack-buffer-overflow read crash. The crash state involves several functions, including canonicalize, ulocimp getBaseName 75, a...

[SECURITY] [DLA 3709-1] squid security update

Debian LTS Advisory DLA-3709-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany January 09, 2024 https://wiki.debian.org/LTS Package : squid Version : 4.6-1+deb10u9 CVE ID : CVE-2023-46846 CVE-2023-46847 CVE-2023-49285 CVE-2023-49286 CVE-2023-50269 Debian Bug :...

Fedora 39 : espeak-ng (2024-5661c87b25)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5661c87b25 advisory. Security fix for CVE-2023-49990, CVE-2023-49991, CVE-2023-49992, CVE-2023-49993, CVE-2023-49994. Tenable has extracted the preceding description blo...

CVE-2023-34325

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest disks. Pygrub runs as the...

CVE-2023-34325

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest disks. Pygrub runs as the...

CVE-2023-34325

CVE-2023-34325 concerns Xen’s copy of libfsimage (derived from grub) used by pygrub. A stack buffer overflow can be triggered by guest-controlled input when pygrub runs with superuser privileges in a privileged domain. Xen notes patches to run pygrub in deprivileged mode to avoid exploitation. CV...

CVE-2023-34325

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest disks. Pygrub runs as the...

CVE-2023-34325 Multiple vulnerabilities in libfsimage disk handling

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest disks. Pygrub runs as the...

CVE-2023-34325 Multiple vulnerabilities in libfsimage disk handling

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest disks. Pygrub runs as the...

Pico HTTP Server in C Security Vulnerability

Pico HTTP Server in C is a very simple Unix HTTP server from the individual developer Aleksey Kurepin. A security vulnerability exists in Pico HTTP Server in C, which stems from a stack buffer overflow in the voidroute function in main.c, leading to remote code execution...

OSV-2024-3 Stack-buffer-overflow in icu_75::TZDBTimeZoneNames::getMetaZoneNames

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65486 Crash type: Stack-buffer-overflow WRITE 1 Crash state: icu75::TZDBTimeZoneNames::getMetaZoneNames icu75::TZDBTimeZoneNames::getMetaZoneDisplayName TestNames...

Stack overflow

A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtionetflushtx function if guest features VIRTIONETFHASHREPORT, VIRTIOFVERSION1 and VIRTIONETFMRGRXBUF are enabled. This could allow a malicious user to overwrite local variables...

CVE-2023-6693 Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx()

A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtionetflushtx function if guest features VIRTIONETFHASHREPORT, VIRTIOFVERSION1 and VIRTIONETFMRGRXBUF are enabled. This could allow a malicious user to overwrite local variables...

Stack Buffer Overflow

MP3Gain is vulnerable to Stack Buffer Overflow. The vulnerability is caused due to the WriteMP3GainAPETag function.This potentially leads to Denial of Service DoS Attack...