CVE-2020-36328

A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

UBUNTU-CVE-2020-36328

A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

UBUNTU-CVE-2020-36329

A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2020-35728

A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions are needed for an exploit, w...

Updated openjpeg2 packages fix security vulnerabilities

There's a flaw in openjpeg in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability CVE-2020-27841. There's a flaw in openjpeg's t2...

CVE-2020-35492

A flaw was found in cairo's image-compositor.c. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input to cause a stack buffer...

CVE-2020-35269

A flaw was found in the Nagios Core application, where it is vulnerable to Site-Wide Cross-Site Request Forgery CSRF in many functions, such as adding – deleting for hosts or servers. The vulnerability is due to insufficient CSRF protections for the web UI on an affected version. This flaw allows...

Oracle Linux 8 : ELSA-2020-5567-1: / postgresql:10 (ELSA-2020-55671)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-55671 advisory. 10.15-1 - Rebase to upstream release 10.15 Resolves: rhbz1898213 Resolves: rhbz1898341 Resolves: rhbz1901567 Tenable has extracted the preceding...

kernel: out of bounds write in i2c driver leads to local escalation of privilege

An out-of-bounds write flaw was found in the i2c driver in the Linux kernel. This flaw allows an attacker to escalate privileges with system execution privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

postgresql: Multiple features escape "security restricted operation" sandbox

A flaw was found in postgresql. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs

A flaw was found in the Go encoding/binary package. Certain invalid inputs to the ReadUvarint or the ReadVarint causes those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This flaw possibly leads to processing more input than expected. The...

CVE-2020-27846

A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

CVE-2020-27846

A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

Design/Logic Flaw

A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

CVE-2020-27846

A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

CVE-2020-27846

CVE-2020-27846 is a signature verification vulnerability in crewjam/saml that can allow bypass of SAML authentication. The issue affects Grafana deployments including affected Grafana versions referenced in multiple advisories (e.g., Red Hat RHSA-2021:1859) and is scored with a high/critical impa...

openssl: EDIPARTYNAME NULL pointer de-reference

A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERALNAMEcmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to system availability...

Updated openjpeg2 packages fix security vulnerabilities

A heap-buffer overwrites error was discovered in lib/openjp2/mqc.c in OpenJPEG 2.3.1. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution CVE-2020-27814. A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker ...

MGASA-2020-0464 Updated openjpeg2 packages fix security vulnerabilities

A heap-buffer overwrites error was discovered in lib/openjp2/mqc.c in OpenJPEG 2.3.1. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution CVE-2020-27814. A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker ...

Amazon Linux AMI : xorg-x11-server-Xdmx (ALAS-2020-1469) (deprecated)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1469 advisory. - A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames...