EulerOS 2.0 SP8 : libproxy (EulerOS-SA-2020-2304)

According to the versions of the libproxy packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered...

Django: Potential memory exhaustion in django.utils.encoding.uri_to_iri()

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences...

Amazon Linux 2 : libcroco (ALAS-2020-1521)

The version of libcroco installed on the remote host is prior to 0.6.12-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1521 advisory. A stack overflow flaw was found in libcroco. A service using libcroco's CSS parser could be crashed by a local, authenticated...

Prototype Pollution

Overview chart.js is a Simple HTML5 charts using the canvas element. Affected versions of this package are vulnerable to Prototype Pollution. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options or the defaults options are deep...

The vulnerability of the XACK DNS server, caused by uncontrolled recursion, allows attackers to trigger a service failure.

The vulnerability of the XACK DNS server stems from an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures...

Huawei EulerOS: Security Advisory for libproxy (EulerOS-SA-2020-2183)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libproxy (EulerOS-SA-2020-2184)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the glibc library lies in its uncontrolled recursion during the search for matches using a regular expression, which allows an attacker to cause a service failure.

The vulnerability of the glibc library is related to uncontrolled recursion during the search for matches using a regular expression. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service interruptions...

FreeBSD : libexif -- multiple vulnerabilities (cff0b2e2-0716-11eb-9e5d-08002728f74c)

Release notes : Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others : CVE-2016-6328: fixed integer overflow when parsing maker notes CVE-2017-7544: fixed buffer overread CVE-2018-20030: Fix for recursion DoS CVE-2019-9278: replaced integer overflow checks the compiler could...

Design/Logic Flaw

When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox 8...

Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario

The Mozilla Foundation Security Advisory describes this flaw as: When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2020-2063)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libcroco (EulerOS-SA-2020-2105)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated libproxy packages fix security vulnerability

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. CVE-2020-25219...

Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario

The Mozilla Foundation Security Advisory describes this flaw as: When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow...

Denial Of Service (DoS)

gdb is vulnerable to denial of service DoS. The vulnerability exists as it was possible to trigger an infinite recursion, and a buffer overflow, through the dprintcomp function in cp-demangle.c...

Denial Of Service (DoS)

binutils:bionic is vulnerable to denial of service DoS. An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils. There is a stack consumption vulnerability resulting from infinite recursion in the functions dname, dencoding, and dlocalname in cp-demangle.c. Remot...

Denial Of Service (DoS)

binutils is vulnerable to denial of service DoS. The vulnerability exists through a stack consumption vulnerability caused by an infinite recursion in the functions nextistypequal and cplusdemangletype in cp-demangle.c...

Denial Of Service (DoS)

binutils is vulnerable to denial of service. A Stack Exhaustion in debugwritetype in debug.cdue to a DEBUGKINDINDIRECT infinite recursion allows an attacker to crash the application...

CVE-2020-25219

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion...