Huawei EulerOS: Security Advisory for json-c (EulerOS-SA-2023-3181)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for json-c (EulerOS-SA-2023-3216)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OSV-2023-1122 Stack-buffer-overflow in dxf_header_read

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63919 Crash type: Stack-buffer-overflow READ Crash state: dxfheaderread dwgreaddxf llvmfuzz.c...

kernel: cpufreq: qcom: fix writes in read-only memory region

In the Linux kernel, the following vulnerability has been resolved: cpufreq: qcom: fix writes in read-only memory region This commit fixes a kernel oops because of a write in some read-only memory: 9.068287 Unable to handle kernel write to read-only memory at virtual address ffff800009240ad8...

kernel: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one Eric Dumazet says: nfconntrackdccppacket has an unique: dh = skbheaderpointerskb, dataoff, sizeofdh, &dh; And nothing more is 'pulled' from the...

squid:4 security update

libecap squid 4.15-6.0.1 - Improve HTTP chunked encoding compliance CVE-2023-46846 - Fix stack buffer overflow when parsing Digest Authorization CVE-2023-46847...

Rocky Linux 8 : shim (RLSA-2021:1734)

The remote Rocky Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2021:1734 advisory. - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw...

Moderate: LibRaw security update

LibRaw is a library for reading RAW files obtained from digital photo cameras CRW/CR2, NEF, RAF, DNG, and others. Security Fixes: LibRaw: stack buffer overflow in LibRawbufferdatastream::gets in src/librawdatastream.cpp CVE-2021-32142 For more details about the security issues, including the...

Low: gdb security update

The GNU Debugger GDB allows users to debug programs written in various programming languages including C, C++, and Fortran. Security Fixes: libiberty: Heap/stack buffer overflow in the dlanglname function in d-demangle.c CVE-2021-3826 For more details about the security issues, including the...

Rocky Linux 8 : cairo and pixman (RLSA-2022:1961)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1961 advisory. - A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's...

Rocky Linux 8 : redis:5 (RLSA-2019:2002)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2019:2002 advisory. - A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before...

Rocky Linux 8 : fwupd (RLSA-2021:2566)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2566 advisory. - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw...

OSV-2023-1110 Stack-buffer-overflow in dynapi_set_helper

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63824 Crash type: Stack-buffer-overflow READ Crash state: dynapisethelper dwgdynapiheadersetvalue jsonHEADER...

PT-2023-35563 · Git +1 · Libredwg

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack-buffer-overflow read crash. Technical details include the involvement of specific functions such as dynapi set helper, dw...

squid security update

7:5.5-5.el92.1 - Improve HTTP chunked encoding compliance CVE-2023-46846 - Fix stack buffer overflow when parsing Digest Authorization CVE-2023-46847 - Fix userinfo percent-encoding CVE-2023-46848...

Stack overflow

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase...

CVE-2023-39281

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase...

The vulnerability of the Xpedition Layout Browser software, which is used for viewing and analyzing electronic circuits and printed circuit boards, stems from buffer overflow in the stack. This allows an attacker to execute arbitrary code.

The vulnerability of the Xpedition Layout Browser software for viewing and analyzing electronic circuits and printed circuit boards is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

OSV-2023-1093 Stack-buffer-overflow in ndpi_handle_rule

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63746 Crash type: Stack-buffer-overflow WRITE Crash state: ndpihandlerule ndpiloadprotocolsfilefd fuzzfilecfgprotocols.c...

PT-2023-35554 · Git +1 · Ndpi

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A stack-buffer-overflow issue was identified, potentially causing a crash. The crash involves the ndpi handle rule and ndpi load protocols file fd...