SUSE SLED15 / SLES15 Security Update : vino (SUSE-SU-2020:2009-1)

This update for vino fixes the following issues : CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory bsc1155419. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable h...

SUSE-SU-2020:2009-1 Security update for vino

This update for vino fixes the following issues: - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory bsc1155419...

SUSE SLES12 Security Update : tigervnc (SUSE-SU-2020:1749-1)

This update for tigervnc fixes the following issues : CVE-2019-15691: Fixed a use-after-return due to incorrect usage of stack memory in ZRLEDecoder bsc1159856. CVE-2019-15692: Fixed a heap-based buffer overflow in CopyRectDecode bsc1160250. CVE-2019-15693: Fixed a heap-based buffer overflow in...

CVE-2020-12883

Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sncoapparseroptionsparse parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point packetdatapptr ...

Information Disclosure

janus-gateway is vulnerable to information disclosure. The leakage is possible because the function janusprocessincomingrequest in janus.c causes stack memory leak due to lack of proper handling of errorstr on SDP code...

Unspecified Vulnerability in Meetecho Janus (CNVD-2020-34718)

Meetecho Janus is a WebRTC Web Real Time Communication server from Meetecho. An unspecified vulnerability exists in Meetecho Janus. An attacker can exploit this vulnerability to obtain information about uninitialized stack memory...

CVE-2020-13899

An issue was discovered in janus-gateway aka Janus WebRTC Server through 0.10.0. janusprocessincomingrequest in janus.c discloses information from uninitialized stack memory...

CVE-2020-13899

An issue was discovered in janus-gateway aka Janus WebRTC Server through 0.10.0. janusprocessincomingrequest in janus.c discloses information from uninitialized stack memory...

CVE-2020-13899

An issue was discovered in janus-gateway aka Janus WebRTC Server through 0.10.0. janusprocessincomingrequest in janus.c discloses information from uninitialized stack memory...

Stack overflow

An issue was discovered in janus-gateway aka Janus WebRTC Server through 0.10.0. janusprocessincomingrequest in janus.c discloses information from uninitialized stack memory...

CVE-2020-13899

An issue was discovered in janus-gateway aka Janus WebRTC Server through 0.10.0. janusprocessincomingrequest in janus.c discloses information from uninitialized stack memory...

Huawei Data Communication: Resource Exhaustion Vulnerability on Several Products (huawei-sa-20171213-02-h323)

There is a resource exhaustion vulnerability on several products. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

NewStart CGSL CORE 5.04 / MAIN 5.04 : chrony Multiple Vulnerabilities (NS-SA-2020-0027)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has chrony packages installed that are affected by multiple vulnerabilities: - Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service crash via a crafted 1...

CVE-2020-0110

A flaw was found in the Pressure stall information subsystem. This flaw allows a local attacker with the ability to write to root-owned files to corrupt kernel stack memory. Mitigation As the attacker must have the ability to write to these files, a possible mitigation would be to reduce the acce...

CVE-2020-10060

In updatehubprobe, right after JSON parsing is complete, objects\1 is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an...

Design/Logic Flaw

In updatehubprobe, right after JSON parsing is complete, objects\1 is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an...

CVE-2020-10060 UpdateHub Might Dereference An Uninitialized Pointer

In updatehubprobe, right after JSON parsing is complete, objects\1 is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an...

Security Bulletin: A Security Vulnerability identified in OpenSSL affect Rational Build Forge (CVE-2018-0739)

Summary OpenSSL has security vulnerabilities that allows a remote attacker to exploit the application. Respective security vulnerabilities are discussed in detail in the subsequent sections. Vulnerability Details This section includes the vulnerability details that affects the Rational Build Forg...

tigervnc: Stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack...

Denial Of Service (DoS)

apache apr is vulnerable to denial of service. It was found that the aprfnmatch function used an unconstrained recursion when processing patterns with the '' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for...