squid:4 security update

libecap squid 4.15-6.0.1 - Improve HTTP chunked encoding compliance CVE-2023-46846 - Fix stack buffer overflow when parsing Digest Authorization CVE-2023-46847...

Rocky Linux 8 : fwupd (RLSA-2021:2566)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2566 advisory. - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw...

Rocky Linux 8 : redis:5 (RLSA-2019:2002)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2019:2002 advisory. - A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before...

Rocky Linux 8 : cairo and pixman (RLSA-2022:1961)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1961 advisory. - A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's...

OSV-2023-1110 Stack-buffer-overflow in dynapi_set_helper

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63824 Crash type: Stack-buffer-overflow READ Crash state: dynapisethelper dwgdynapiheadersetvalue jsonHEADER...

PT-2023-35563 · Git +1 · Libredwg

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack-buffer-overflow read crash. Technical details include the involvement of specific functions such as dynapi set helper, dw...

squid security update

7:5.5-5.el92.1 - Improve HTTP chunked encoding compliance CVE-2023-46846 - Fix stack buffer overflow when parsing Digest Authorization CVE-2023-46847 - Fix userinfo percent-encoding CVE-2023-46848...

Stack overflow

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase...

The vulnerability of the Xpedition Layout Browser software, which is used for viewing and analyzing electronic circuits and printed circuit boards, stems from buffer overflow in the stack. This allows an attacker to execute arbitrary code.

The vulnerability of the Xpedition Layout Browser software for viewing and analyzing electronic circuits and printed circuit boards is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2023-39281

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase...

OSV-2023-1093 Stack-buffer-overflow in ndpi_handle_rule

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63746 Crash type: Stack-buffer-overflow WRITE Crash state: ndpihandlerule ndpiloadprotocolsfilefd fuzzfilecfgprotocols.c...

Huawei EulerOS: Security Advisory for json-c (EulerOS-SA-2023-3009)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-35554 · Git +1 · Ndpi

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A stack-buffer-overflow issue was identified, potentially causing a crash. The crash involves the ndpi handle rule and ndpi load protocols file fd...

Huawei EulerOS: Security Advisory for json-c (EulerOS-SA-2023-3032)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-02: Stack Buffer Overflow to Remote Code Execution (RCE) in Moxa NPort W2150a/W2250a

The vulnerability was identified in Moxa NPort W2150a/W2250a v.2.3 and lower. It is possible to execute OS commands on the device as a privileged user root due to a stack buffer overflow vulnerability. Exploitation of the vulnerability is possible for an unauthorized user by sending payloads to a...

Oracle Linux 8 : php:8.0 (ELSA-2023-5927)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5927 advisory. libzip php 8.0.30-1 - rebase to 8.0.30 - Resolves: RHEL-11946 php-pear php-pecl-apcu php-pecl-rrd php-pecl-xdebug3 php-pecl-zip Tenable has extracted t...

Ubuntu 20.04 LTS : AOM vulnerabilities (USN-6447-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6447-1 advisory. It was discovered that AOM incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file,...

Ubuntu 16.04 ESM : Long Range ZIP vulnerabilities (USN-5171-2)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5171-2 advisory. USN-5171-1 fixed vulnerabilities in Long Range ZIP. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has...

Oracle Linux 9 : php (ELSA-2023-5926)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5926 advisory. 8.0.30-1 - rebase to 8.0.30 - Resolves: RHEL-11946 Tenable has extracted the preceding description block directly from the Oracle Linux security...

The vulnerability of the SonicOS operating system, related to buffer overflows in the stack, allows a hacker to trigger a service failure.

The vulnerability of the SonicOS operating system is related to an overflow in the buffer in the stack at the end of the URL address plainprefs.exp for the SSL VPN. Exploiting this vulnerability allows a malicious actor to cause a service failure through a specially crafted HTTP request...