Security Bulletin: IBM Storage Fusion is vulnerable to denial of service due to Apache Commons Compress and ion-java.

Summary commons-compress and ion-java is used by IBM Storage Fusion as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-26308, CVE-2024-25710, CVE-2024-21634. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is vulnerab...

RHEL 7 : speex (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - speex: stack-based buffer overflow in speexenc.c via a crafted WAV file CVE-2020-23904 - A Divide by Zero...

RHEL 8 : cfitsio (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cfitsio: Stack-based buffer overflow in ffghtb allows for potential code execution CVE-2018-3849 - In the...

RHEL 6 : file (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - file: out-of-bounds read via a crafted ELF file CVE-2018-10360 - File before 5.43 has an stack-based buff...

RHEL 7 : libxml2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libxml2: Missing validation for external entities in xmlParsePEReference CVE-2017-7375 - libxml2:...

RHEL 6 : libtasn1 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libtasn1: Stack-based buffer overflow in asn1findnode CVE-2017-6891 - The asn1extractderoctet function in...

RHEL 5 : quagga (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - quagga: VPNv4 NLRI parser memcpys to stack on unchecked length CVE-2016-2342 - quagga: Double free...

RHEL 5 : zsh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - zsh: buffer overrun in symlinks CVE-2017-18206 - In builtin.c in zsh before 5.4, when sh compatibility mo...

RHEL 8 : imagemagick (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ImageMagick: Uninitialized variable in coders/mat.c:ReadMATImageV4 allows for memory corruption...

RHEL 6 : ncurses (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ncurses: Stack-based buffer overflow caused by format string vulnerability in fmtentry function...

RHEL 5 : python (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python: Heap overflow in zipimporter module CVE-2016-5636 - python: Stack-based buffer overflow in...

RHEL 6 : speex (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - speex: stack-based buffer overflow in speexenc.c via a crafted WAV file CVE-2020-23904 - A Divide by Zero...

RHEL 5 : gd,_php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gd, php: Stack based buffer overflow in dynamicGetbuf CVE-2016-8670 - The dynamicGetbuf function in the G...

RHEL 6 : transfig (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - transfig: Buffer underwrite in read.c:getline via crafted FIG file CVE-2018-16140 - An array index error ...

RHEL 8 : liblouis (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - liblouis: invalid free in compileRule function in compileTranslationTable.c CVE-2018-11410 - Liblouis 3.5...

RHEL 7 : dcraw (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - dcraw: Stack-based buffer overflow in the findgreen function CVE-2018-19655 - dcraw: Buffer overflow caus...

RHEL 5 : pcre (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pcre: stack-based buffer overflow write in pcre32copysubstring CVE-2017-7246 - In PCRE 8.41, the OPKETRMA...

RHEL 7 : pcre (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pcre: stack-based buffer overflow write in pcre32copysubstring CVE-2017-7246 - In PCRE 8.41, the OPKETRMA...

RHEL 7 : mgetty (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mgetty: command injection in faxrunq CVE-2018-16741 - mgetty: Stack-based buffer overflow in faxnotifymai...

RHEL 6 : cracklib (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - cracklib: Stack-based buffer overflow when parsing large GECOS field CVE-2016-6318 Note that Nessus has not tested...