FreeBSD : Exiv2 -- Multiple vulnerabilities (d49f86ab-d9c7-11eb-a200-00155d01f201)

Exiv2 teams reports : Multiple vulnerabilities covering buffer overflows, out-of-bounds, read of uninitialized memory and denial of serivce. The heap overflow is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to...

MGASA-2021-0295 Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.46 and fixes at least the following security issues: In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted e.g., because of type confusion and consequently an unprivileged BPF program can read arbitrary memory...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.46 and fixes at least the following security issues: In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted e.g., because of type confusion and consequently an unprivileged BPF program can read arbitrary memory...

MGASA-2021-0296 Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.46 and fixes at least the following security issues: In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted e.g., because of type confusion and consequently an unprivileged BPF program can read arbitrary memory...

net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.

...

AZL-6567 CVE-2021-34693 affecting package kernel for versions less than 5.10.78.1-1

net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized...

UBUNTU-CVE-2021-34693

net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized...

CVE-2021-34693

net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized...

SUSE SLES11 Security Update : LibVNCServer (SUSE-SU-2020:14355-1)

The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14355-1 advisory. - LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak CWE-655 in VNC server code, which allow an attacker to...

CVE-2021-3530

A flaw was discovered in GNU libiberty within demanglepath in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash...

CVE-2021-3530

A flaw was discovered in GNU libiberty within demanglepath in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash...

CVE-2021-3530

A flaw was discovered in GNU libiberty within demanglepath in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash...

CVE-2021-3530

A flaw was discovered in GNU libiberty within demanglepath in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash...

CVE-2021-3530

A flaw was discovered in GNU libiberty within demanglepath in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash...

SUSE-SU-2021:1755-1 Security update for libu2f-host

This update for libu2f-host fixes the following issues: This update ships the u2f-host package jscECO-3687 bsc1184648 Version 1.1.10 released 2019-05-15 - Add new devices to udev rules. - Fix a potentially uninitialized buffer CVE-2019-9578, bsc1128140 Version 1.1.9 released 2019-03-06 - Fix CID...

CVE-2021-31315

Telegram Android 7.1.0 2090, Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Stack Based Overflow in the blit function of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's stack memory out-of-bounds on a victim device via a malicious animate...

Stack overflow

Telegram Android 7.1.0 2090, Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Stack Based Overflow in the blit function of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's stack memory out-of-bounds on a victim device via a malicious animate...

Exiv2 Uninitialized Memory Read Vulnerability

Exiv2 is a cross-platform C++ library and command line utility for managing image metadata. An uninitialized memory read vulnerability exists in Exiv2 0.27.3 and earlier versions. An attacker can exploit the vulnerability to leak a few bytes of stack memory via specially crafted image files...

CVE-2021-29623

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialized memory was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying...

Design/Logic Flaw

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialized memory was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying...