SUSE-SU-2023:3639-1 Security update for libeconf

This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econfwriteFile' function bsc1211078. - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'readfile' function...

Ivanti Avalanche MDM Buffer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Avalanche MDM Buffer Overflow', 'Description' = %q This module exploits a buffer overflow condition in Ivanti Avalanche MDM versions befor...

OSV-2023-849 Stack-buffer-overflow in ulocimp_toLanguageTag_74

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62348 Crash type: Stack-buffer-overflow WRITE 1 Crash state: ulocimptoLanguageTag74 icu74::Locale::toLanguageTag localemorphfuzzer.cpp...

The vulnerability of the Vim text editor arises from buffer overflows on the stack, allowing an attacker to execute arbitrary code.

The vulnerability of the Vim text editor arises from buffer overflow on the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the library for serializing and deserializing YAML documents in SnakeYAML, related to buffer overflow in the stack, allows attackers to cause a service failure.

The vulnerability of the YAML serialization and deserialization library SnakeYAML lies in buffer overflows in the stack. Exploiting this vulnerability can allow an attacker to cause a service failure...

Amazon Linux 2 : php (ALASPHP8.0-2023-009)

The version of php installed on the remote host is prior to 8.0.30-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.0-2023-009 advisory. GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixe...

Amazon Linux 2 : php (ALASPHP8.2-2023-002)

The version of php installed on the remote host is prior to 8.2.9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.2-2023-002 advisory. GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixed...

Amazon Linux 2 : php (ALASPHP8.1-2023-004)

The version of php installed on the remote host is prior to 8.1.22-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.1-2023-004 advisory. GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixe...

The vulnerability of the CNCSoft-B numerical control software and the DOPSoft software, caused by buffer overflow in the stack, allows a hacker to execute arbitrary code.

The vulnerability of the CNCSoft-B numerical control software and the DOPSoft software is caused by buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of D-Link DIR-868L router’s microprogramming software arises from buffer overflow on the stack, allowing an attacker to trigger a buffer overflow.

The vulnerability of the D-Link DIR-868L router’s microprogramming software arises from buffer overflow on the stack. Exploiting this vulnerability allows a remote attacker to trigger a buffer overflow...

Siemens JT2GO 安全漏洞

Siemens Teamcenter Visualization is a software that provides teamwork capabilities for designing 2D and 3D scenarios.Siemens JT2GO is a JT file viewer. A stack buffer overflow vulnerability exists in Siemens Teamcenter Visualization and JT2Go, which can be exploited by an attacker to execute code...

The vulnerability of the DDP microprogramming software-based wireless access points from D-Link, model DAP-2622, allows a intruder to execute any arbitrary code.

The vulnerability of the DDP microprogramming software-based wireless access points from D-Link, such as the DAP-2622, is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...

Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2023-324)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-324 advisory. In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities...

The vulnerability of the uv_encode() function in the LibTIFF library, caused by buffer overflows in the stack, allows attackers to trigger a service denial.

The vulnerability of the uvencode function in the LibTIFF library arises due to buffer overflow on the stack. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the fax3encode function in the LibTIFF library, which allows a hacker to trigger a service failure.

The vulnerability of the fax3encode function in the LibTIFF library arises from buffer overflows in the stack. Exploiting this vulnerability could allow a malicious actor to cause a service failure...

The vulnerability of the rotateimage() function in the LibTIFF library allows a attacker to cause a service failure.

The vulnerability of the rotateimage function in the LibTIFF library arises due to buffer overflow on the stack. Exploiting this vulnerability could allow an attacker to cause a service failure...

Oracle Linux 7 : qemu (ELSA-2018-4262)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4262 advisory. - net: ignore packet size greater than INTMAX Jason Wang Orabug: 28762625 CVE-2018-17963 - pcnet: fix possible buffer overflow Jason Wang Orabug:...

OSV-2023-797 Stack-buffer-overflow in QBuffer::readData

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62075 Crash type: Stack-buffer-overflow WRITE Crash state: QBuffer::readData QIODevicePrivate::read QDataStream::readRawData...

Debian dla-3555 : libapache2-mod-php7.3 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3555 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3555-1 [email protected]...

Debian dla-3556 : aom-tools - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3556 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3556-1 [email protected]...