Security Bulletin: IBM Spectrum Control (formerly IBM Tivoli Storage Productivity is affected by an OpenSSL vulnerabilitiy (CVE-2018-0739)

Summary An OpenSSL vulnerability was disclosed March 2018 by the OpenSSL Project. OpenSSL, used by IBM Spectrum Control formerly Tivoli Storage Productivity Center, has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-0739 DESCRIPTION: OpenSSL is vulnerable to a denial of...

Mageia: Security Advisory (MGASA-2017-0003)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2015-0038)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2020-0205)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2017-0094)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-46195

A flaw was discovered in the GNU libiberty library within the demanglepath function in rust-demangle.c, as distributed in the GNU Compiler Collection GCC. This flaw allows a crafted symbol to cause stack memory to be exhausted, leading to a crash...

Real-Time Innovations Connext Dds多款产品缓冲区错误漏洞

Real-Time Innovations Connext Dds Professional and Connext Dds Secure are both products of Real-Time Innovations, Inc. Connext Dds Professional is a software framework designed to meet the demanding connectivity requirements of autonomous systems. Connext Dds Secure is a trusted software...

EulerOS 2.0 SP5 : exiv2 (EulerOS-SA-2021-2495)

According to the versions of the exiv2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialize...

Stack-based Buffer Overflow in gwsw/less

Description The less utility is a pager used by many applications and setups. One such setup is access to log files. If permissions are not sufficient for regular users, less can be called with sudo. LESSSECURE=1 can be set to disable many dangerous operations which a regular user should not be...

OracleVM 3.4 : kernel-uek (OVMSA-2021-0030)

The remote OracleVM system is missing necessary patches to address security updates: - In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User...

Buffer overflow and format vulnerabilities in ncurses

ncurses exposes functions from the ncurses library which: Pass buffers without length to C functions that may write an arbitrary amount of data, leading to a buffer overflow. instr, mvwinstr, etc Passes rust &str to strings expecting C format arguments, allowing hostile input to execute a format...

Information Disclosure

Linux is vulnerability information disclosure. The vulnerability exists due to uninitialized data structure from the kernel stack memory...

openSUSE 15 Security Update : libu2f-host (openSUSE-SU-2021:1755-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1755-1 advisory. - Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An...

SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2321-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2321-1 advisory. - An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrmstatefini...

The vulnerability of several functions in libscp_v0.c allows an attacker to access confidential information or cause service failures, due to buffer overflows in the stack of the RDP server xrdp.

The vulnerability of several functions in libscpv0.c affects the RDP server xrdp. It involves buffer overflow in the data stack buffer. Exploiting this vulnerability can allow an attacker to access confidential information or cause service failures...

SUSE-SU-2021:2324-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak the contents of arbitrary kernel memory and therefore, of all physical memory via a...

FreeBSD : Exiv2 -- Multiple vulnerabilities (d49f86ab-d9c7-11eb-a200-00155d01f201)

Exiv2 teams reports : Multiple vulnerabilities covering buffer overflows, out-of-bounds, read of uninitialized memory and denial of serivce. The heap overflow is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to...

MGASA-2021-0296 Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.46 and fixes at least the following security issues: In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted e.g., because of type confusion and consequently an unprivileged BPF program can read arbitrary memory...

MGASA-2021-0295 Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.46 and fixes at least the following security issues: In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted e.g., because of type confusion and consequently an unprivileged BPF program can read arbitrary memory...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.46 and fixes at least the following security issues: In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted e.g., because of type confusion and consequently an unprivileged BPF program can read arbitrary memory...