9532, 2591 Security Vulnerabilities

CVE-2022-2591 TEM FLEX-1085 reboot denial of service

A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file /sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be...

SUSE SLES15 Security Update : xen (SUSE-SU-2022:2591-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2591-1 advisory. Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially...

Medium: libtiff

Issue Overview: Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. (CVE-2016-9532) A flaw was found in libtiff. Due to a memory allocation failure in...

new packages: setroubleshoot

An update is available for setroubleshoot. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

Amazon Linux 2 : libtiff (ALAS-2022-1780)

The version of libtiff installed on the remote host is prior to 4.0.3-35. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1780 advisory. Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote...

Medium: libtiff

Issue Overview: Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. (CVE-2016-9532) A flaw was found in libtiff. Due to a memory allocation failure in...

Rocky Linux 8 : edk2 (RLSA-2021:2591)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:2591 advisory. A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. (CVE-2021-28211) Note that Nessus has not tested for this issue but has instead relied only on...

Mageia: Security Advisory (MGASA-2017-0028)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2016-0388)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for libldb (EulerOS-SA-2021-2591)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP3 : libldb (EulerOS-SA-2021-2591)

According to the versions of the libldb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with...

Oracle WebLogic Server Administration Console - Remote Code Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) versions 0.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0 contain an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic...

SUSE: Security Advisory (SUSE-SU-2021:2591-1)

The remote host is missing an update for...

openSUSE 15 Security Update : qemu (openSUSE-SU-2021:2591-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2591-1 advisory. QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in...

SUSE SLES15 Security Update : qemu (SUSE-SU-2021:2591-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2591-1 advisory. QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write...

openSUSE: Security Advisory for qemu (openSUSE-SU-2021:2591-1)

The remote host is missing an update for...

Security update for qemu (important)

An update that solves 9 vulnerabilities and has two fixes is now available. Description: This update for qemu fixes the following issues: Security issues fixed: CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366)...

CentOS 8 : edk2 (CESA-2021:2591)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:2591 advisory. edk2: possible heap corruption with LzmaUefiDecompressGetInfo (CVE-2021-28211) Note that Nessus has not tested for this issue but has instead relied only on...

Advisory ROSA-SA-2021-1896

Software: libtiff 4.0.3 OS: Cobalt 7.9 CVE-ID: CVE-2016-3620 CVE-Crit: HIGH CVE-DESC: The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" parameter is used, allows remote attackers to cause a denial of service (buffer overflow) via a generated...

Oracle Linux 8 : edk2 (ELSA-2021-2591)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-2591 advisory. A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. (CVE-2021-28211) Note that Nessus has not tested for this issue but has instead relied only on...

edk2 security update

[20200602gitca407c7246bf-4.el8_4.1] - edk2-MdeModulePkg-LzmaCustomDecompressLib-catch-4GB-uncom.patch [bz#1952953] - Resolves: bz#1952953 (edk2: possible heap corruption with LzmaUefiDecompressGetInfo [rhel-8]...

Moderate: edk2 security update

EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): edk2: possible heap corruption with LzmaUefiDecompressGetInfo (CVE-2021-28211) For more details about the security...

edk2 security update

An update is available for edk2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual.....

Moderate: edk2 security update

EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): edk2: possible heap corruption with LzmaUefiDecompressGetInfo (CVE-2021-28211) For more details about the security...

(RHSA-2021:2591) Moderate: edk2 security update

EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): edk2: possible heap corruption with LzmaUefiDecompressGetInfo (CVE-2021-28211) For more details about the security...

RHEL 8 : edk2 (RHSA-2021:2591)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2591 advisory. edk2: possible heap corruption with LzmaUefiDecompressGetInfo (CVE-2021-28211) Note that Nessus has not tested for this issue but has instead relied...

Debian DLA-2591-1 : golang-1.7 security update

Several vulnerabilities were discovered in the Go programming language. An attacker could trigger a denial of service (DoS), bypasss access control, and execute arbitrary code on the developer's computer. CVE-2017-15041 Go allows 'go get' remote command execution. Using custom domains, it is...

Debian: Security Advisory (DLA-2591-1)

The remote host is missing an update for the...

[SECURITY] [DLA 2591-1] golang-1.7 security update

Debian LTS Advisory DLA-2591-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler March 13, 2021 https://wiki.debian.org/LTS Package : golang-1.7 Version : 1.7.4-2+deb9u3 CVE ID ...

golang-1.7 - security update

Bulletin has no...

CentOS 8 : ghostscript (CESA-2019:2591)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:2591 advisory. ghostscript: Safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator (701445) (CVE-2019-14811) ghostscript: Safer mode bypass by .forceput...

CVE-2020-8340

A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could allow JavaScript...

XSS Vulnerability in Legacy System x IMM2 - Lenovo Support US

Lenovo Security Advisory: LEN-44717 Potential Impact: Code execution Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2020-8340 Summary Description: A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management...

XSS Vulnerability in Legacy System x IMM2 - Lenovo Support NL

Lenovo Security Advisory: LEN-44717 Potential Impact: Code execution Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2020-8340 Summary Description: A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management...

Oracle WebLogic Server - Remote Command Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Versions that are affected are 10.3.6.0.0 and...

CVE-2018-21201

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3...

CVE-2018-21201

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3...

Stack overflow

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3...

CVE-2018-21201

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3...

MS03-026: Buffer Overrun in RPC May Allow Code Execution

Technical UpdateSeptember 10, 2003: The following changes were made to this article: Updated the "Security Patch Replacement Information" sections to indicate that this patch has been replaced by 824146 (MS03-039). For more information about the 824146 security patch (MS03-039), click the...

Stack-based Buffer Overflow

The Network Time Protocol (NTP) is vulnerable to Stack-based Buffer Overflow. A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially-crafted reply to an ntpq request that could crash ntpq or, potentially, execute arbitrary code with the...

Oracle E-Business Suite Multiple Vulnerabilities (Jan 2020 CPU)

The version of Oracle E-Business installed on the remote host is missing the January 2020 Oracle Critical Patch Update (CPU). It is, as noted in the January 2020 Critical Patch Update advisory, affected by flaws in the following components : Oracle Human Resources Oracle CRM Technical Foundation...

Huawei EulerOS: Security Advisory for gpgme (EulerOS-SA-2019-2591)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for 389-ds-base (EulerOS-SA-2018-1190)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2018-1165)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2019-2466)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2019-1437)

The remote host is missing an update for the Huawei...

CVE-2020-2591

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Application Service). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle....

CVE-2020-2591

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Application Service). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle....

Design/Logic Flaw

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Application Service). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle....