Design/Logic Flaw

There is a Cleartext Transmission of Sensitive Information Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality and availability...

Design/Logic Flaw

There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality,availability and integrity...

CVE-2021-22375

CVE-2021-22375 corresponds to a Huawei smartphone vulnerability described as a key management error. The issue could affect service confidentiality, availability and integrity. Publicly documented data show an attacker could access the device over the network with low complexity (no authenticatio...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS. Successful exploitation of this vulnerability could affect service confidentiality and availability...

Important: lasso

Issue Overview: An XML Signature Wrapping XSW vulnerability was found in Lasso. This flaw allows an attacker to modify a valid SAML response to include an unsigned SAML assertion, which may be used to impersonate another valid user recognized by the service using Lasso. The highest threat from th...

Important: dhcp

Issue Overview: A flaw was found in the Dynamic Host Configuration Protocol DHCP. There is a discrepancy between the code that handles encapsulated option information in leases transmitted "on the wire" and the code which reads and parses lease information after it has been written to disk storag...

postgresql: Buffer overrun from integer overflow in array subscripting calculations

A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabilit...

Ubuntu 16.04 ESM : libwebp vulnerabilities (USN-4971-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4971-2 advisory. USN-4971-1 fixed several vulnerabilities in libwebp. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has...

The vulnerability of the online business analytics service IBM Cognos Analytics, related to the inclusion of functions from an unreliable controlled area, allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the online business analytics service IBM Cognos Analytics lies in the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected...

Debian: Security Advisory (DLA-2677-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2677-1 : libwebp security update

Multiple security issues have been discovered in libwebp CVE-2018-25009 An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. CVE-2018-25010 An out-of-bounds read was found in...

[SECURITY] [DLA 2677-1] libwebp security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2677-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky June 05, 2021 https://wiki.debian.org/LTS -...

Debian DLA-2672-1 : libwebp security update

Multiple security issues have been discovered in libwebp CVE-2018-25009 An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. CVE-2018-25010 An out-of-bounds read was found in...

CVE-2021-28091

An XML Signature Wrapping XSW vulnerability was found in Lasso. This flaw allows an attacker to modify a valid SAML response to include an unsigned SAML assertion, which may be used to impersonate another valid user recognized by the service using Lasso. The highest threat from this vulnerability...

golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs

A flaw was found in the Go encoding/binary package. Certain invalid inputs to the ReadUvarint or the ReadVarint causes those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This flaw possibly leads to processing more input than expected. The...

Ubuntu 18.04 LTS / 20.04 LTS : libwebp vulnerabilities (USN-4971-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4971-1 advisory. It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a...

A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.

...

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.

...

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.

...

CVE-2021-28906

A flaw was found in libyang. Missing checks in several readyin functions lead to NULL pointer dereferences possibly allowing a remote attacker to crash an application that uses libyang with user-controlled YIN formats. The highest threat from this vulnerability is the service availability...