CVE-2019-14966

An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection...

Oracle Linux 8 : zziplib (ELSA-2024-3127)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3127 advisory. - Fix CVE-2020-18770 Previous patch contained segfault bug Resolves: RHEL-14966 Tenable has extracted the preceding description block directly from the Oracle...

zziplib security update

0.13.68-13 - Fix CVE-2020-18770 Previous patch contained segfault bug Resolves: RHEL-14966 0.13.68-12 - Add the gating tests from the 8.8.0 branch Resolves: RHEL-24429 0.13.68-11 - Use /usr/libexec/platform-python macro during the config phase used for doc generation Resolves: RHEL-22880 0.13.68-...

CVE-2020-14966

creationtimestamp| type| source ---|---|--- 2024-01-19 10:23:20+00:00| seen| https://t.me/arpsyndicate/2919...

K000132744: Node.js vulnerability CVE-2020-14966

Security Advisory Description An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verifie...

@10yun/cv-mobile-ui (=0.3.20), @agneta/cli (>=0.14.7 <=0.14.15) +447 more potentially affected by CVE-2020-14966 via jsrsasign (>=4.8.2 <=8.0.18)

jsrsasign NPM version =4.8.2, =0.14.7, =2.0.1-alpha.0, =1.0.0, =1.0.0, =2.0.1-alpha.0, =1.0.0, =1.0.0, =1.0.17-beta.7, =1.0.0-beta.0, =1.0.0, =0.4.1, =1.0.1, =1.0.7 and more Source cves: CVE-2020-14966 Source advisory: OSV:GHSA-P8C3-7RJ8-Q963...

ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign

Impact Jsrsasign supports ECDSA signature validation which signature value is represented by ASN.1 DER encoding. This vulnerablity may accept a wrong ASN.1 DER encoded ECDSA signature such as: - wrong multi-byte ASN.1 length of TLV ex. 0x820045 even though 0x45 is correct - prepending zeros with...

CVE-2020-14966

An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a...

CVE-2020-14966

The CVE-2020-14966 issue affects the jsrsasign package up to version 8.0.18 in Node.js. Root cause: malleability in ECDSA signatures from insufficient checks of ASN.1/DER encoding, specifically overflow in sequence length and prepended/appended zeroes to integers, allowing altered signatures to v...

Stack overflow

An issue was discovered on Samsung mobile devices with P9.0 Exynos chipsets software. The Wi-Fi kernel drivers have a stack overflow. The Samsung IDs are SVE-2019-14965, SVE-2019-14966, SVE-2019-14968, SVE-2019-14969, SVE-2019-14970, SVE-2019-14980, SVE-2019-14981, SVE-2019-14982, SVE-2019-14983,...

CVE-2019-20541

The CVE-2019-20541 entry concerns Samsung mobile devices running Android P (9.0) on Exynos chipsets, where the Wi-Fi kernel drivers are affected by a stack overflow. Affected Samsung IDs include SVE-2019-14965, 14966, 14968–14970, 14980–14984, 15122–15123 (November 2019). The issue originates in ...

CVE-2019-14966

An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection...

CVE-2019-14966

An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection...

CVE-2019-14966

CVE-2019-14966 affects Frappe Framework versions 10 through 12 prior to 12.0.4, introducing an authenticated SQL injection vulnerability. The issue is addressed in 12.0.4 (and later); upgrade to 12.0.4+ to mitigate. The available connected documents confirm the vulnerability and the fixed release...

IKARUS anti.virus Multiple Arbitrary/Out of Bounds Write Vulnerabilities

IKARUS anti.virus is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-14966

The IKARUS anti.virus ntguard.sys driver contains an Arbitrary Write vulnerability in all 2.x releases before 2.16.18, caused by failure to validate input values from IOCTL 0x830000c0. This allows a local attacker with access to trigger arbitrary writes, potentially compromising kernel memory. Af...

CVE-2017-14966

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c0...