Moderate: Red Hat Security Advisory: protobuf-c security update

An update for protobuf-c is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

ALSA-2023:6621 Moderate: protobuf-c security update

The protobuf-c packages provide C bindings for Google's Protocol Buffers. Security Fixes: protobuf-c: unsigned integer overflow in parserequiredmember CVE-2022-48468 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, ref...

RHEL 9 : protobuf-c (RHSA-2023:6621)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6621 advisory. The protobuf-c packages provide C bindings for Google's Protocol Buffers. Security Fixes: protobuf-c: unsigned integer overflow in parserequiredmembe...

Rocky Linux 8 : gnome-software and fwupd (RLSA-2020:4436)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:4436 advisory. - A PGP signature bypass flaw was found in fwupd all versions, which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is...

CVE-2023-47249

In International Color Consortium DemoIccMAX 79ecb74, a CIccXmlArrayType:::ParseText function for unsigned short in IccUtilXml.cpp in libIccXML.a has an out-of-bounds read...

CVE-2023-47249

In International Color Consortium DemoIccMAX 79ecb74, a CIccXmlArrayType:::ParseText function for unsigned short in IccUtilXml.cpp in libIccXML.a has an out-of-bounds read...

CVE-2023-47249

In International Color Consortium DemoIccMAX 79ecb74, a CIccXmlArrayType:::ParseText function for unsigned short in IccUtilXml.cpp in libIccXML.a has an out-of-bounds read...

PT-2023-30390 · International Color Consortium · Demoiccmax

Name of the Vulnerable Software and Affected Versions: International Color Consortium DemoIccMAX version 79ecb74 Description: The issue is related to an out-of-bounds read in the CIccXmlArrayType::ParseText function for unsigned short in IccUtilXml.cpp within libIccXML.a. Recommendations: For...

CVE-2023-46256 PX4-Autopilot Heap Buffer Overflow Bug

PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of parserbufindex value checking. A malfunction of the sensor device can cause a heap buffer overflow...

CVE-2023-46256 PX4-Autopilot Heap Buffer Overflow Bug

PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of parserbufindex value checking. A malfunction of the sensor device can cause a heap buffer overflow...

Grub2: out-of-bounds write at fs/ntfs.c may lead to unsigned code execution

...

CVE-2023-28804 Linux ZCC allows unsigned updates, allowing elevated Code Execution

An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105...

SUSE-SU-2023:4141-1 Security update for grub2

This update for grub2 fixes the following issues: Security fixes: - CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. bsc1215935 - CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. bsc1215936 Oth...

SUSE-SU-2023:4140-1 Security update for grub2

This update for grub2 fixes the following issues: Security fixes: - CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. bsc1215935 - CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. bsc1215936 Oth...

SUSE CVE-2023-39332

Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings see CVE-2023-30584 and Buffer objects see CVE-2023-32004, but not through non-Buffer...

SUSE: Security Advisory (SUSE-SU-2023:4085-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-6410-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6410-1 grub2-signed, grub2-unsigned vulnerabilities

It was discovered that a specially crafted file system image could cause a heap-based out-of-bounds write. A local attacker could potentially use this to perform arbitrary code execution bypass and bypass secure boot protections. CVE-2023-4692 It was discovered that a specially crafted file syste...

An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.

...

CVE-2023-33034 Signed-to-unsigned conversion error in Audio

Memory corruption while parsing the ADSP response command...