AlmaLinux 9 : fribidi (ALSA-2022:8011)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8011 advisory. - A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi...

CVE-2022-34667

CVE-2022-34667 affects the NVIDIA CUDA Toolkit SDK, specifically the cuobjdump component, due to a stack-based buffer overflow . An unprivileged local attacker could trigger this by convincing a user to download a crafted file and run cuobjdump locally, potentially causing a limited denial of ser...

CVE-2022-34667

NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged remote attacker could exploit this buffer overflow condition by persuading a local user to download a specially crafted corrupted file and execute cuobjdump against it locally, which m...

Synology DiskStation Manager (DSM) 6.2.x < 6.2.3-25426-3 Multiple Vulnerabilities (Synology-SA-20:26) - Remote Known Vulnerable Versions Check

Synology DiskStation Manager DSM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

RHEL 9 : fribidi (RHSA-2022:8011)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8011 advisory. FriBidi is a library to handle bidirectional scripts for example Hebrew, Arabic, so that the display is done in the proper way, while the te...

Netatalk contains multiple error and memory management vulnerabilities

Overview There are six new vulnerabilities in the latest release of Netatalk 3.1.12 that could allow for Remote Code Execution as well as Out-of-bounds Read. Description Below are the new CVEs. Per ZDI: CVE-2022-0194 This vulnerability allows remote attackers to execute arbitrary code on affected...

fribidi security update

An update is available for fribidi. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FriBidi is a library to handle bidirectional scripts for example Hebrew,...

Ubuntu 16.04 ESM : Vim vulnerabilities (USN-5723-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5723-1 advisory. It was discovered that Vim could be made to crash when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause...

Debian dla-3182 : vim - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3182 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3182-1 [email protected]...

Stack overflow

Due to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code Execution can be triggered when payload forces:Re-use of dangling pointer which refers to overwritte...

Siemens Teamcenter Visualization and JT2Go

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2022-41211

The CVE-2022-41211 issue concerns SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, specifically in the parsing of DST files. Connected sources describe a Use-After-Free vulnerability in DST file parsing that can lead to Remote Code Execution. Exploitation typically requires us...

Amazon Linux 2022 : cifs-utils, cifs-utils-devel, cifs-utils-info (ALAS2022-2022-204)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-204 advisory. A stack-based buffer overflow issue was found in pifs-utils. Parsing the mount.cifs ip command-line argument can lead to local attackers gaining root privileges. CVE-2022-27239 A flaw was found...

D-Link DIR-1935 HNAP_AUTH Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Login requests to the web management portal. When...

D-Link DIR-1935 SOAPAction Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of http requests to the web management portal. When parsi...

SAP 3D Visual Enterprise Viewer IV File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

SUSE SLED15 / SLES15 Security Update : hdf5 (SUSE-SU-2022:3829-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3829-1 advisory. - A out of bounds read was discovered in H5VMmemcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow...

SUSE SLES15 Security Update : hdf5 (SUSE-SU-2022:3826-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3826-1 advisory. - A out of bounds read was discovered in H5VMmemcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or...

Updated nbd packages fix security vulnerability

It was discovered that nbd prior to 3.24 contained an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name resulting in a write to a dangling pointer CVE-2022-26495. Stack-based...

EulerOS 2.0 SP3 : vim (EulerOS-SA-2022-2639)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Use after free in appendcommand in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protecti...