Arbitrary Code Execution

cups is vulnerable to arbitrary code execution. The vulnerability exists as a buffer overflow flaw was discovered in the GIF decoding routines used by CUPS image converting filters "imagetops" and "imagetoraster". An attacker could create a malicious GIF file that could possibly execute arbitrary...

Streaming issues that are related to Microsoft Media Foundation in Windows 7

Streaming issues that are related to Microsoft Media Foundation in Windows 7 Symptoms A hotfix is available for Microsoft Media Foundation in Windows 7. This hotfix resolves the following streaming issues that relate to Media Foundation: Issue 1 You cannot stream some audio files to multiple...

CVE-2019-12529

An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checki...

Windows Photo Viewer prints white lines when you use an XPS driver to print photos in Windows

Windows Photo Viewer prints white lines when you use an XPS driver to print photos in Windows Symptoms Consider the following scenario: You install update 2670838 on a computer that is running Windows 7 or Windows Server 2008 R2. Or, you are using a computer that is running Windows RT, Windows 8,...

perl-Convert-ASN1 Denial of Service Vulnerability

Perl is a general-purpose, interpreted, dynamic cross-platform programming language from the Perl community. A security vulnerability exists in perl-Convert-ASN1 0.27 and earlier versions, which stems from the program's unsafe decoding of user input. A remote attacker can exploit the vulnerabilit...

DEBIAN-CVE-2020-11612

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder...

Git-Hound v1.1 - GitHound Pinpoints Exposed API Keys On GitHub Using Pattern Matching, Commit History Searching, And A Unique Result Scoring System

A batch-catching, pattern-matching, patch-attacking secret snatcher. GitHound pinpoints exposed API keys and other sensitive information on GitHub using pattern matching, commit history searching, and a unique result scoring system. GitHound has earned me over $7500 applied to Bug Bounty research...

mailman security and bug fix update

3:2.1.15-30 - Resolves: 1599692 - Sanitize input on listinfo page CVE-2018-0618 3:2.1.15-29 - Resolves: 1611689 - Trim long text in 'no such list' messages 3:2.1.15-28 - Resolves: 1718180 - Try to decode member name first 3:2.1.15-27 - Related : 1545973 - Bump release to override rhel-7.4.z versi...

RHEL 7 : libreoffice (RHSA-2020:1151)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1151 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor...

libreoffice: Insufficient URL decoding flaw in categorizing macro location

LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in...

httpd: mod_session_cookie does not respect expiry time

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

Stack overflow

A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request issue 3 of 3...

CVE-2020-10825

A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request issue 3 of 3...

Local file inclusion vulnerability in http4s

Impact This vulnerability applies to all users of: org.http4s.server.staticcontent.FileService org.http4s.server.staticcontent.ResourceService org.http4s.server.staticcontent.WebjarService Path escaping URI normalization is applied incorrectly. Requests whose path info contain ../ or // can expos...

GHSA-66Q9-F7FF-MMX6 Local file inclusion vulnerability in http4s

Impact This vulnerability applies to all users of: org.http4s.server.staticcontent.FileService org.http4s.server.staticcontent.ResourceService org.http4s.server.staticcontent.WebjarService Path escaping URI normalization is applied incorrectly. Requests whose path info contain ../ or // can expos...

DEBIAN-CVE-2020-6079

An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker...

UBUNTU-CVE-2020-6079

An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker...

Buffer overflow

An issue was discovered on Samsung mobile devices with any before February 2020 for Exynos modem chipsets software. There is a buffer overflow in baseband CP message decoding. The Samsung IDs are SVE-2019-15816 and SVE-2019-15817 February 2020...

CVE-2020-10835

CVE-2020-10835 affects Samsung mobile devices via a buffer overflow in baseband CP message decoding. Root cause: buffer overflow in the baseband CP message decoding path. Affected scope: Samsung devices with any software (noting Exynos modem chipsets before Feb 2020). Impact as per public records...

CVE-2020-10835

An issue was discovered on Samsung mobile devices with any before February 2020 for Exynos modem chipsets software. There is a buffer overflow in baseband CP message decoding. The Samsung IDs are SVE-2019-15816 and SVE-2019-15817 February 2020...