SUSE CVE-2024-42105

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix inode number range checks Patch series "nilfs2: fix potential issues related to reserved inodes". This series fixes one use-after-free issue reported by syzbot, caused by nilfs2's internal inode being exposed in the...

RHEL 8 : protobuf-c (RHSA-2024:3812)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3812 advisory. The protobuf-c packages provide C bindings for Google's Protocol Buffers. Security Fixes: protobuf-c: unsigned integer overflow in parserequiredmembe...

protobuf-c: unsigned integer overflow in parse_required_member

A vulnerability was found in protobuf-c. This security flaw leads to an unsigned integer overflow in parserequiredmember...

Moderate: Red Hat Security Advisory: protobuf-c security update

An update for protobuf-c is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

ASB-A-321326147

In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

UBUNTU-CVE-2024-1298

EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability...

RHEL 7 : protobuf-c (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - protobuf-c: invalid arithmetic shift via the function parsetagandwiretype may lead to DoS CVE-2022-33070 ...

RHEL 6 : openvswitch (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openvswitch: Buffer over-read while parsing the group mod OpenFlow message CVE-2017-9265 - In Open vSwitc...

Fedora 40 : libcoap (2024-75863445ff)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-75863445ff advisory. Patch to fix CVE-2024-31031 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

CVE-2024-32481 vyper's range(start, start + N) reverts for negative numbers

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. This issue is caused by an incorrect assertion...

RHEL 7 : rh-php72-php (RHSA-2019:3299)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3299 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later...

CVE-2024-31031

An issue in coappdu.c in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow...

CVE-2024-31031

An issue in coappdu.c in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow...

CVE-2024-31031

An issue in coappdu.c in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow...

CVE-2024-31031

An issue in coappdu.c in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow...

CVE-2024-31031

An issue in coappdu.c in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow...

CVE-2024-31031

CVE-2024-31031 affects libcoap 4.3.4 (coap_pdu.c) with undefined behavior caused by an unsigned integer overflow when processing a sequence of messages. Fedora advisories indicate patches exist for libcoap (e.g., 4.3.4a-2 in FC39/FC40); Nessus/OpenVAS entries reference a patch to fix CVE-2024-310...

DEBIAN-CVE-2021-47159

In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix a crash if -getssetcount fails If ds-ops-getssetcount fails then it "count" is a negative error code such as -EOPNOTSUPP. Because "i" is an unsigned int, the negative error code is type promoted to a very high value...

CentOS 9 : protobuf-c-1.3.3-13.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the protobuf-c-1.3.3-13.el9 build changelog. - protobuf-c before 1.4.1 has an unsigned integer overflow in parserequiredmember. CVE-2022-48468 Note that Nessus has not tested for this issue...

CVE-2024-1633 FIP Header Integer Overflow

During the secure boot, bl2 the second stage of the bootloader loops over images defined in the table “bl2memparamsdescs”. For each image, the bl2 reads the image length and destination from the image’s certificate. Because of the way of reading from the image, which base on 32-bit unsigned integ...