EulerOS Virtualization 2.9.1 : protobuf-c (EulerOS-SA-2023-2516)

According to the versions of the protobuf-c package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - protobuf-c before 1.4.1 has an unsigned integer overflow in parserequiredmember. CVE-2022-48468 Note that Tenable Network...

EulerOS Virtualization 2.9.0 : protobuf-c (EulerOS-SA-2023-2529)

According to the versions of the protobuf-c package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - protobuf-c before 1.4.1 has an unsigned integer overflow in parserequiredmember. CVE-2022-48468 Note that Tenable Network...

Cisco NX-OS CLI Command Software Image Signature Verification (CVE-2019-1811)

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not...

AZL-40910 CVE-2022-28737 affecting package shim-unsigned-aarch64 for versions less than 15.8-3

There's a possible overflow in handleimage when shim tries to load and execute crafted EFI executables; The handleimage function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code...

AZL-41063 CVE-2022-28737 affecting package shim-unsigned-x64 for versions less than 15.8-3

There's a possible overflow in handleimage when shim tries to load and execute crafted EFI executables; The handleimage function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code...

Amazon Linux 2 : protobuf-c (ALAS-2023-2142)

The version of protobuf-c installed on the remote host is prior to 1.0.2-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2142 advisory. protobuf-c before 1.4.1 has an unsigned integer overflow in parserequiredmember. CVE-2022-48468 Tenable has extracted the...

Medium: protobuf-c

Issue Overview: protobuf-c before 1.4.1 has an unsigned integer overflow in parserequiredmember. CVE-2022-48468 Affected Packages: protobuf-c Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...

WellinTech KingHistorian

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: WellinTech Equipment: KingHistorian Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Signed to Unsigned Conversion Error 2. RISK EVALUATION...

EulerOS 2.0 SP10 : protobuf-c (EulerOS-SA-2023-2365)

According to the versions of the protobuf-c package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - protobuf-c before 1.4.1 has an unsigned integer overflow in parserequiredmember. CVE-2022-48468 Note that Tenable Network Security has...

Huawei EulerOS: Security Advisory for protobuf-c (EulerOS-SA-2023-2391)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for protobuf-c (EulerOS-SA-2023-2365)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

The firmware update package for the wireless card is not properly signed and can be modified...

CVE-2023-25178 Controller design flaw - unsigned firmware

Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning...

CVE-2023-25178 Controller design flaw - unsigned firmware

Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning...

Okio Signed to Unsigned Conversion Error vulnerability

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class...

Huawei EulerOS: Security Advisory for protobuf-c (EulerOS-SA-2023-2338)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for protobuf-c (EulerOS-SA-2023-2318)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : protobuf-c (EulerOS-SA-2023-2318)

According to the versions of the protobuf-c package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - protobuf-c before 1.4.1 has an unsigned integer overflow in parserequiredmember. CVE-2022-48468 Note that Tenable Network Security has...

EulerOS 2.0 SP9 : protobuf-c (EulerOS-SA-2023-2338)

According to the versions of the protobuf-c package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - protobuf-c before 1.4.1 has an unsigned integer overflow in parserequiredmember. CVE-2022-48468 Note that Tenable Network Security has...

CVE-2023-29532

A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not...