Debian: Security Advisory (DLA-1893-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1893-1] cups security update

Package : cups Version : 1.7.5-11+deb8u5 CVE ID : CVE-2019-8675 CVE-2019-8696 Two issues have been found in cups, the Common UNIX Printing Systemtm. Basically both CVEs CVE-2019-8675 and CVE-2019-8696 are about stack-buffer-overflow in two functions of libcup. One happens in asn1gettype the other...

Apache 2.4.x < 2.4.41 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.41. It is, therefore, affected by multiple vulnerabilities: - A cross-site scripting XSS vulnerability exists in modproxy when proxying is enabled and Proxy Error page is displayed. CVE-2019-10092 - An...

Oracle Linux 8 : redis:5 (ELSA-2019-2002)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2002 advisory. - fix Heap buffer overflow in HyperLogLog triggered by malicious client CVE-2019-10192 Tenable has extracted the preceding description block directly...

redis:5 security update

5.0.3-2 - fix Heap buffer overflow in HyperLogLog triggered by malicious client CVE-2019-10192 - fix Stack buffer overflow in HyperLogLog triggered by malicious client CVE-2019-10193...

Updated redis packages fix security vulnerabilities

This update fixes 2 security issues. A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure CVE-2019-10192. A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure CVE-2019-10193...

MGASA-2019-0226 Updated redis packages fix security vulnerabilities

This update fixes 2 security issues. A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure CVE-2019-10192. A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure CVE-2019-10193...

Valve: [GoldSrc] Remote Code Execution using malicious WAD list in BSP file

Summary TEXInitFromWad function calls COMFileBase to get file name from a path into a buffer on the stack. Since COMFileBase does not have boundary checks and the buffer is small, long WAD file name can trigger a Stack Buffer Overflow, leading to arbitrary code execution. Steps to reproduce...

CVE-2019-13221

A stack buffer overflow in the computecodewords function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file...

Stack overflow

A stack buffer overflow in the computecodewords function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file...

CVE-2019-13221

A stack buffer overflow in the computecodewords function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file...

freeimage:load_from_memory_fuzzer: Stack-buffer-overflow in strncpy

Detailed Report: https://oss-fuzz.com/testcase?key=5131488567230464 Project: freeimage Fuzzing Engine: libFuzzer Fuzz Target: loadfrommemoryfuzzer Job Type: libfuzzerasanfreeimage Platform Id: linux Crash Type: Stack-buffer-overflow WRITE Crash Address: 0x7f152a437530 Crash State: strncpy...

zstd:simple_decompress: Stack-buffer-overflow in ZSTD_decodeLiteralsBlock

Project: https://github.com/facebook/zstd.git Detailed Report: https://oss-fuzz.com/testcase?key=5640730759921664 Project: zstd Fuzzing Engine: libFuzzer Fuzz Target: simpledecompress Job Type: libfuzzerasanzstd Platform Id: linux Crash Type: Stack-buffer-overflow WRITE Crash Address:...

CVE-2019-13221

A stack buffer overflow in the computecodewords function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file...

CVE-2019-13221

CVE-2019-13221 affects the stb_vorbis component (stb) in the compute_codewords() path. Multiple connected advisories (e.g., openSUSE-SU-2025:0039-1 and OSV-OPENSUSE-SU-2025:0039-1) describe a stack/buffer overflow in that area and list it among the fixes for stb via updated libstb packages. The v...

CVE-2019-13221

A stack buffer overflow in the computecodewords function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file...

[SECURITY] [DLA 1884-1] linux security update

Package : linux Version : 3.16.72-1 CVE ID : CVE-2017-18509 CVE-2018-20836 CVE-2019-1125 CVE-2019-3900 CVE-2019-10207 CVE-2019-10638 CVE-2019-13631 CVE-2019-14283 CVE-2019-14284 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of...

KLA12366 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, perform cross-site scripting attack, spoof user interface. Below is a complete list of vulnerabilities: 1. Memory corruption vulnerability in modhttp2 can be...

Debian DLA-1884-1 : linux security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-18509 Denis Andzakovic reported a missing type check in the IPv4 multicast routing implementation. A user with the CAPNETADMIN capability in a...

CVE-2019-10097

In Apache HTTP Server 2.4.32-2.4.39, when modremoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted pro...