Astra Linux - уязвимость в vino

The commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak CWE-655 in the VNC server code. This flaw allows an attacker to read stack memory, and it can be exploited for information disclosure. Combined with another vulnerability, this flaw can be used to leak stack memory and...

CVE-2026-34945

A flaw was found in Wasmtime's Winch compiler. This vulnerability, present in versions from 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, arises from an incorrect translation of the table.size instruction for 64-bit WebAssembly tables. An attacker, by crafting a malicious WebAssembly guest, could...

EUVD-2019-2746

Malware in sbrugna...

EUVD-2023-54382

Malicious code in bioql PyPI...

CVE-2024-32910

In handlemsgshmmapreq of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CentOS 8 : glibc (CESA-2023:5455)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:5455 advisory. - A flaw was found in glibc. When the getaddrinfo function is called with the AFUNSPEC address family and the system is configured with no-aaaa mode vi...

Oracle Linux 8 : glibc (ELSA-2023-5455)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5455 advisory. - CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode. - CVE-2023-4813: potential use-after-free in gaihinet RHEL-2435. Tenable has...

GLSA-202310-03 : glibc: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202310-03 glibc: Multiple vulnerabilities - An issue was discovered in the GNU C Library glibc 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and...

Fedora 38 : glibc (2023-2b8c11ee75)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-2b8c11ee75 advisory. Security fix for CVE-2023-4911, CVE-2023-4806, and CVE-2023-4527. CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the environment...

Fedora 37 : glibc (2023-028062484e)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-028062484e advisory. Security fix for CVE-2023-4911, CVE-2023-4806, and CVE-2023-4527. CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the environment...

Debian DSA-5514-1 : glibc - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5514 advisory. The Qualys Research Labs discovered a buffer overflow in the dynamic loader's processing of the GLIBCTUNABLES environment variable. An attacker can exploit...

CVE-2023-4527

CVE-2023-4527 concerns a flaw in the GNU C Library (glibc) where, when getaddrinfo is called with AF_UNSPEC and no-aaaa mode is set (via /etc/resolv.conf), a DNS TCP response larger than 2048 bytes could disclose stack contents in the returned address data and may crash the application. The issue...

K01709026: PHP vulnerabilities CVE-2017-7890 and CVE-2017-9226

Security Advisory Description CVE-2017-7890 The GIF decoding function gdImageCreateFromGifCtx in gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized...

SUSE CVE-2019-11038

When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized...

SUSE CVE-2019-13117

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character...

Siemens PADS Standard/Plus Viewer 缓冲区错误漏洞

PADS Standard and Standard Plus provide PCB schematic design and layout functionality in an intuitive and easy-to-use environment.A stack corruption vulnerability exists in Siemens PADS Standard/Plus Viewer, which can be exploited by an attacker to disclose information in the context of the curre...

Mageia: Security Advisory (MGASA-2021-0243)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CURL-CVE-2021-22925 TELNET stack contents disclosure again

curl supports the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl. This rarely used option is used to send variable=content pairs to TELNET servers. Due to flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on uninitialized data from a stack bas...

Security update for curl (moderate)

openSUSE Security Update: Security update for curl Announcement ID: openSUSE-SU-2021:1762-1 Rating: moderate References: 1186114 SLE-17956 Cross-References: CVE-2021-22898 CVSS scores: CVE-2021-22898 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-22898 SUSE: 5.3...

SUSE-SU-2021:1809-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22876: Fixed an issue where the automatic referer was leaking credentials bsc1183933. - CVE-2021-22898: Fixed curl TELNET stack contents disclosure bsc1186114. - Fix for SFTP uploads when it results in empty uploaded files bsc1177976. -...