Out-of-bounds

Liblisp through commit 4c65969 was discovered to contain a out-of-bounds-read vulnerability in unsigned getlengthlispcellt x at eval.c...

Oracle Linux 9 : protobuf-c (ELSA-2023-6621)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-6621 advisory. 1.3.3-13 - Applied patch for for CVE-2022-48468 2186677 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

CVE-2023-20568

Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution...

nodejs: path traversal through path stored in Uint8Array

Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings see CVE-2023-30584 and Buffer objects see CVE-2023-32004, but not through non-Buffer...

Moderate: Red Hat Security Advisory: protobuf-c security update

An update for protobuf-c is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

protobuf-c: unsigned integer overflow in parse_required_member

A vulnerability was found in protobuf-c. This security flaw leads to an unsigned integer overflow in parserequiredmember...

PT-2023-7302 · Amd · Radeon Rx Vega M Graphics Driver

Name of the Vulnerable Software and Affected Versions: RadeonTM RX Vega M Graphics driver for Windows affected versions not specified Description: The issue is related to improper signature verification of the RadeonTM RX Vega M Graphics driver for Windows. This may allow an attacker with admin...

ALSA-2023:6944 Moderate: protobuf-c security update

The protobuf-c packages provide C bindings for Google's Protocol Buffers. Security Fixes: protobuf-c: unsigned integer overflow in parserequiredmember CVE-2022-48468 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, ref...

CentOS 8 : protobuf-c (CESA-2023:6944)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:6944 advisory. - protobuf-c before 1.4.1 has an unsigned integer overflow in parserequiredmember. CVE-2022-48468 Note that Nessus has not tested for this issue but has instead...

RHEL 8 : protobuf-c (RHSA-2023:6944)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6944 advisory. The protobuf-c packages provide C bindings for Google's Protocol Buffers. Security Fixes: protobuf-c: unsigned integer overflow in parserequiredmembe...

Huawei EulerOS: Security Advisory for protobuf-c (EulerOS-SA-2023-3148)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init()

In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fix integer overflow in ghesestatuspoolinit Change numghes from int to unsigned int, preventing an overflow and causing subsequent vmalloc to fail. The overflow happens in ghesestatuspoolinit when calculating len duri...

grafana: plugin signature bypass

A flaw was found in the Grafana web application, where it is possible to install plugins which are not digitally signed. An admin could install unsigned plugins, which may contain malicious code...

protobuf-c: unsigned integer overflow in parse_required_member

A vulnerability was found in protobuf-c. This security flaw leads to an unsigned integer overflow in parserequiredmember...

Moderate: Red Hat Security Advisory: protobuf-c security update

An update for protobuf-c is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

RHEL 9 : protobuf-c (RHSA-2023:6621)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6621 advisory. The protobuf-c packages provide C bindings for Google's Protocol Buffers. Security Fixes: protobuf-c: unsigned integer overflow in parserequiredmembe...

ALSA-2023:6621 Moderate: protobuf-c security update

The protobuf-c packages provide C bindings for Google's Protocol Buffers. Security Fixes: protobuf-c: unsigned integer overflow in parserequiredmember CVE-2022-48468 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, ref...

Rocky Linux 8 : gnome-software and fwupd (RLSA-2020:4436)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:4436 advisory. - A PGP signature bypass flaw was found in fwupd all versions, which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is...

CVE-2023-47249

In International Color Consortium DemoIccMAX 79ecb74, a CIccXmlArrayType:::ParseText function for unsigned short in IccUtilXml.cpp in libIccXML.a has an out-of-bounds read...

CVE-2023-47249

In International Color Consortium DemoIccMAX 79ecb74, a CIccXmlArrayType:::ParseText function for unsigned short in IccUtilXml.cpp in libIccXML.a has an out-of-bounds read...