SUSE SLES15 Security Update : spice-gtk (SUSE-SU-2021:1911-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:1911-1 advisory. - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before...

SUSE-SU-2021:1911-1 Security update for spice-gtk

This update for spice-gtk fixes the following issues: - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC decoding code bsc1177158...

libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c

A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

SUSE: Security Advisory (SUSE-SU-2020:3359-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : spice (SUSE-SU-2021:1902-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1902-1 advisory. - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before...

SUSE: Security Advisory (SUSE-SU-2019:2891-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Eclipse Jetty Information Disclosure Vulnerability (GHSA-v7ff-8wcx-gmc5) - Linux

Eclipse Jetty is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty"...

SUSE: Security Advisory (SUSE-SU-2014:0248-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : spice (SUSE-SU-2021:1901-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1901-1 advisory. - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before...

Eclipse Jetty Information Disclosure Vulnerability (GHSA-v7ff-8wcx-gmc5) - Windows

Eclipse Jetty is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty"...

SUSE-SU-2021:1905-1 Security update for spice-gtk

This update for spice-gtk fixes the following issues: - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC decoding code bsc1177158...

SUSE-SU-2021:1902-1 Security update for spice

This update for spice fixes the following issues: - CVE-2021-20201: client initiated renegotiation causing denial of service bsc1181686 - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC decoding code bsc1177158...

SUSE-SU-2021:1901-1 Security update for spice

This update for spice fixes the following issues: - CVE-2021-20201: client initiated renegotiation causing denial of service bsc1181686 - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC decoding code bsc1177158...

PT-2021-18253 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions 1.18.2 and earlier Description: Envoy does not decode escaped slash sequences %2F and %5C in HTTP URL paths. A remote attacker may craft a path with escaped slashes, e.g. /something%2F..%2Fadmin, to bypass access control, e.g. ...

Informatica: F5 BIG-IP Cookie potentially reveal BigIP pool name, backend's IP address and port, routed domain.

Hi Team, I hope everything is well. I am Kabeer Saxena a Security Researcher and I have found a bug Issue: ---------- F5 BIG-IP Cookie Remote Information Disclosure Vulnerable IP: ---------------- ██████:443 Certificate Information: ==X509v3 Subject Alternative Name:== ==DNS:████████== Summary:...

ytnef 路径遍历漏洞

ytnef is a TNEF Transport Neutral Encapsulation Format stream reader for winmail.dat files. YTNEF suffers from a security vulnerability that stems from. An attacker could use a crafted email to cause these applications to write data to an arbitrary location on the file system, crash, or execute...

PT-2021-6775 · Unknown · Gpac Project On Advanced Content Library

Name of the Vulnerable Software and Affected Versions: GPAC Project on Advanced Content library version 1.0.1 Description: An exploitable integer truncation issue exists within the MPEG-4 decoding functionality. A specially crafted MPEG-4 input can cause improper memory allocation, resulting in a...

spice security update

0.14.3-4 - Disable client-side renegotiation to prevent potential DoS Resolves: rhbz1904459 0.14.3-3 - Fix some static analyzer issues - Removed Obsoletes line for spice-client Related: rhbz1840240 0.14.3-2 - Fix multiple buffer overflows in QUIC decoding code Resolves: rhbz1829946 0.14.3-1 -...

OPENSUSE-SU-2021:0765-1 Security update for Botan

This update for Botan fixes the following issues: - CVE-2021-24115 In Botan before 2.17.3, or this backport, constant-time computations are not used for certain decoding and encoding operations boo1182670...

httpd: mod_session_cookie does not respect expiry time

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...