CVE-2019-16760 Cargo prior to Rust 1.26.0 may download the wrong dependency

Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the package configuration key. Usage of the package key to rename dependencies in Cargo.toml is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency,...

CVE-2019-16760

Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the package configuration key. Usage of the package key to rename dependencies in Cargo.toml is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency,...

UBUNTU-CVE-2019-16395

GnuCOBOL 2.2 has a stack-based buffer overflow in the cbname function in cobc/tree.c via crafted COBOL source code...

CVE-2019-15847

The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single...

DEBIAN-CVE-2019-15847

The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single...

ALPINE-CVE-2019-15847

The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single...

UBUNTU-CVE-2019-15847

The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single...

CVE-2019-15847

CVE-2019-15847 affects the POWER9 backend of GCC, where the compiler could coalesce multiple __builtin_darn() calls into one due to an unspecified volatile operation, reducing random-number entropy. The GCC GLSA/Advisory notes that this issue stems from flawed code generation and can cause repeat...

CVE-2019-15847

The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single...

EulerOS 2.0 SP8 : gcc (EulerOS-SA-2019-1825)

According to the versions of the gcc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The gcc package contains the GNU Compiler Collection version 4.8.You'll need this package in order to compile C code. - Security fixes: -...

Applepie - A Hypervisor For Fuzzing Built With WHVP And Bochs

Hello! Welcome to applepie! This is a tool designed for fuzzing, introspection, and finding bugs! This is a hypervisor using the Windows Hypervisor Platform API present in recent versions of Windows specifically this was developed and tested on Windows 10 17763. Bochs is used for providing deep...

CVE-2019-2130

In CompilationJob::FinalizeJob of compiler.cc, there is a possible remote code execution due to type confusion. This could lead to escalation of privilege from a malicious proxy configuration with no additional execution privileges needed. User interaction is not needed for exploitation. Product:...

Recommended update for dkgpg, libTMCG (moderate)

openSUSE Security Update: Recommended update for dkgpg, libTMCG Announcement ID: openSUSE-SU-2019:1951-1 Rating: moderate References: Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 An update that contains security fixes can now be installed. Description: This update for dkgpg, libTMCG...

Microsoft Windows jscript9 RegExp.input Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the JIT...

CVE-2019-14973

TIFFCheckMalloc and TIFFCheckRealloc in tifaux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash...

CVE-2019-14973

TIFFCheckMalloc and TIFFCheckRealloc in tifaux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash...

NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2019-0095)

The remote NewStart CGSL host, running version MAIN 4.06, has firefox packages installed that are affected by multiple vulnerabilities: - Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerabili...

NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0153)

The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities: - Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafte...

NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0062)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory...

NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2019-0090)

The remote NewStart CGSL host, running version MAIN 4.06, has firefox packages installed that are affected by multiple vulnerabilities: - A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being fre...