CVE-2019-10097

In Apache HTTP Server 2.4.32-2.4.39, when modremoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted pro...

KLA12366 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, perform cross-site scripting attack, spoof user interface. Below is a complete list of vulnerabilities: 1. Memory corruption vulnerability in modhttp2 can be...

Debian DLA-1884-1 : linux security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-18509 Denis Andzakovic reported a missing type check in the IPv4 multicast routing implementation. A user with the CAPNETADMIN capability in a...

ovmf security and enhancement update

20180508-6.gitee3198e672e2.el7 - ovmf-MdeModulePkg-HiiDatabase-Fix-potential-integer-overf.patch bz1691479 - ovmf-MdeModulePkg-HiiImage-Fix-stack-overflow-when-corrup.patch bz1691479 - ovmf-MdeModulePkg-PartitionDxe-Add-check-for-underlying-d.patch bz1691647 -...

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Vulnerability (NS-SA-2019-0058)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by a vulnerability: - A security flaw was found in the chapservercomputemd5 function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISC...

NewStart CGSL MAIN 5.04 : 389-ds-base Multiple Vulnerabilities (NS-SA-2019-0009)

The remote NewStart CGSL host, running version MAIN 5.04, has 389-ds-base packages installed that are affected by multiple vulnerabilities: - An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentiall...

NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0163)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parsergetnextchar when processing certain email messages,...

NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0160)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parsergetnextchar when processing certain email messages,...

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Vulnerability (NS-SA-2019-0057)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by a vulnerability: - A security flaw was found in the chapservercomputemd5 function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI...

[SECURITY] [DSA 4495-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4495-1 [email protected] https://www.debian.org/security/ Ben Hutchings August 10, 2019 https://www.debian.org/security/faq -...

freeimage:load_from_memory_fuzzer: Stack-buffer-overflow in strncpy

Detailed report: https://oss-fuzz.com/testcase?key=5161928611069952 Project: freeimage Fuzzing engine: libFuzzer Fuzz target: loadfrommemoryfuzzer Job Type: libfuzzerasanfreeimage Platform Id: linux Crash Type: Stack-buffer-overflow WRITE Crash Address: 0x7f6e95821530 Crash State: strncpy...

redis:5 security update

An update is available for redis. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Redis is an advanced key-value store. It is often referred to as a data-structu...

CVE-2019-13106

Das U-Boot versions 2016.09 through 2019.07-rc4 can memset too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution...

CVE-2019-13106

CVE-2019-13106 affects Das U-Boot 2016.09–2019.07-rc4, where reading a crafted ext4 filesystem can cause a stack buffer overflow by memset() too much data. This supports a likely code execution impact. Affected component: U-Boot memory handling during ext4 filesystem parsing; root cause: overflow...

CVE-2019-13106

Das U-Boot versions 2016.09 through 2019.07-rc4 can memset too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution...

CVE-2019-13106

Das U-Boot versions 2016.09 through 2019.07-rc4 can memset too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution...

PT-2019-13130 · Denx Software Engineering +2 · Das U-Boot +2

Name of the Vulnerable Software and Affected Versions: Das U-Boot versions 2016.09 through 2019.07-rc4 Description: The issue arises when Das U-Boot attempts to read a crafted ext4 filesystem, leading to a stack buffer overflow due to excessive data being memset. This overflow could potentially...

libvips/pngsave_buffer_fuzzer: Stack-buffer-overflow in write_png_comment

Project: https://github.com/libvips/libvips.git Detailed report: https://oss-fuzz.com/testcase?key=5078454764044288 Project: libvips Fuzzer: libFuzzerlibvipspngsavebufferfuzzer Fuzz target binary: pngsavebufferfuzzer Job Type: libfuzzerasanlibvips Platform Id: linux Crash Type:...

aspell/aspell_fuzzer: Dynamic-stack-buffer-overflow in acommon::unescape

Project: https://github.com/gnuaspell/aspell.git Detailed report: https://oss-fuzz.com/testcase?key=5678055552450560 Project: aspell Fuzzer: aflaspellfuzzer Fuzz target binary: aspellfuzzer Job Type: aflasanaspell Platform Id: linux Crash Type: Dynamic-stack-buffer-overflow READ 1 Crash Address:...

Amazon Linux 2 : dnsmasq (ALAS-2019-1251)

A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the...