Security Bulletin: Multiple vulnerabilities in ICU libraries used in IBM DataPower Gateway

Summary IBM has addressed the following vulnerabilities in the ICU libraries used by drouter: CVE-2014-8147, CVE-2014-8146, CVE-2017-14952, CVE-2020-10531, Vulnerability Details CVEID: CVE-2014-8147 DESCRIPTION: ICU Project ICU4C library could allow a local attacker execute arbitrary code on the...

ROS-2-2247

2.2247 Multiple vulnerabilities in libwebp 1. Vulnerability Description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...

PJSIP: Multiple vulnerabilities

Background PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Description Multiple vulnerabilities have been discovered in PJSIP. Please review the CVE identifiers referenced belo...

USN-4326-1 libiberty vulnerabilities

It was discovered that libiberty incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary...

ai.ylyue:yue-library-auth-service (>=j8.2.2.0 <=j11.2.6.0), ai.ylyue:yue-library-data-redis (>=Finchley.SR4 <=Greenwich.SR2.1) +3410 more potentially affected by CVE-2018-1000613 via org.bouncycastle:bcprov-jdk15on (>=1.57 <=1.59)

org.bouncycastle:bcprov-jdk15on MAVEN version =1.57, =j8.2.2.0, =Finchley.SR4, =1.1.1.RELEASE, =1.1.1.RELEASE, =2.0.8, =2.0.8, =2.0.8, =2.4, =0.6.0, =1.0.7, =0.5.0, =0.1.0, =1.0.0, =3.0.3 and more Source cves: CVE-2018-1000613 Source advisory: OSV:GHSA-4446-656P-F54G...

There are unspecified vulnerabilities in Request

Request is an HTTP request client library . A security vulnerability exists in Request versions 2.2.6 through 2.47.0 and 2.51.0 through 2.67.0. An attacker could exploit this vulnerability to disclose local system memory...

ICU: Multiple vulnerabilities

Background ICU is a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description Multiple vulnerabilities have been discovered in ICU. Please review the referenced CVE identifiers for details. Impact A remote attacker could...

Ubuntu 14.04 LTS / 16.04 LTS : GNU C Library vulnerabilities (USN-3239-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3239-1 advisory. It was discovered that the GNU C Library incorrectly handled the strxfrm function. An attacker could use this issue to cause a denial of...

MGASA-2016-0425 Updated hdf5 packages fix security vulnerabilities

In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution CVE-2016-4330. When decoding data out of a dataset...

Apple watchOS security vulnerabilities

Information disclosure, memory corruptions, multiple vulnerabilities in different libraries...

MGASA-2015-0286 Updated icu package fixes security vulnerabilities

The ICU Project's ICU4C library, before 55.1, contains a heap-based buffer overflow in the resolveImplicitLevels function of ubidi.c CVE-2014-8146. The ICU Project's ICU4C library, before 55.1, contains an integer overflow in the resolveImplicitLevels function of ubidi.c due to the assignment of ...

Vulnerabilities of the CentOS operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the mesa-libGL-devel-9.0 package of the CentOS operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. Exploitation of these vulnerabilities can be carried out remotely...

Mandriva Linux Security Advisory : krb5 (MDVSA-2015:069)

Multiple vulnerabilities has been discovered and corrected in krb5 : The krb5gssprocesscontexttoken function in lib/gssapi/krb5/processcontexttoken.c in the libgssapikrb5 library in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain...

OpenJDK: JDBC driver manager improper toString calls (CanSecWest 2013, Libraries, 8009814)

The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James...

Important: Red Hat Security Advisory: rpm security update

Updated rpm packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6, and Red Hat Enterprise Linux 3 Extended Life Cycle Support, 5.3 Long Life, 5.6 Extended Update Support, and 6.0 Extended Update Support. The Red Hat Security Response Team has rated...

OpenOffice < 3.3 Multiple Vulnerabilities

Binary data 5745.prm...

Fedora Update for gnustep-base FEDORA-2010-8575

Check for the Version of gnustep-base OpenVAS Vulnerability Test Fedora Update for gnustep-base FEDORA-2010-8575 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

tiff: New overflows in image decoding

Background The TIFF library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Description infamous41md found a potential integer overflow in the directory entry count routines o...

USN-42-1: Xine library vulnerabilities

Several buffer overflows have been discovered in xine-lib, the video/audio codec library for Xine frontends xine-ui, totem-xine, kaffeine, and others. If an attacker tricked a user into loading a malicious RTSP stream or a stream with specially crafted AIFF audio or PNM image data, they could...

Mandrake Linux Security Advisory : XFree86 (MDKSA-2004:138)

The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. A source code review of the XPM library, done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. These bugs include integer overflows,...