ALPINE-CVE-2019-20446

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially...

Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WAS vulnerability.

Summary Rational Asset Analyzer RAA has addressed the following vulnerability in WAS. Vulnerability Details CVEID: CVE-2014-3603 DESCRIPTION: The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and OpenSAML Java 2.6.2 do not verify that...

[SECURITY] Fedora 31 Update: python-reportlab-3.5.34-2.fc31

This is the ReportLab PDF Toolkit. It allows rapid creation of rich PDF documents, and also creation of charts in a variety of bitmap and vector formats...

Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to Intel escalation of privilege vulnerability.

Summary IBM has released the Unified Extensible Firmware Interface UEFI fixes for System x, Flex and BladeCenter systems in response to the following Intel escalation of privilege vulnerability. Vulnerability Details CVEID: CVE-2019-0151 DESCRIPTION: Insufficient memory protection in IntelR TXT f...

The vulnerability of Intel processors lies in a leak in the store buffer for results of read operations from vector registers, which allows an attacker to disclose protected information.

The vulnerability of Intel processors is related to a buffer overflow issue in the store buffer, which handles results of read operations from vector registers. Exploiting this vulnerability can allow an attacker to disclose protected information...

New ‘CacheOut’ Attack Targets Intel CPUs

Researchers have identified a new speculative execution type attack, dubbed CacheOut, that could allow attackers to trigger data leaks from most Intel CPUs. The more serious of the two bugs, revealed Monday, is rated medium severity by Intel, who said fixes for both flaws are on the way. The more...

Intel Processors Side Channel Data Leakage Vulnerabilities - Lenovo Support US

No description provided...

CVE-2020-0548

A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read...

Fedora: Security Advisory for xfig (FEDORA-2020-5d0f0593ae)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for xfig (FEDORA-2020-6a2824178e)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 31 Update: xfig-3.2.7b-1.fc31

Xfig is an X Window System tool for creating basic vector graphics, including bezier curves, lines, rulers and more. The resulting graphics can be saved, printed on PostScript printers or converted to a variety of other formats e.g., X11 bitmaps, Encapsulated PostScript, LaTeX. You should install...

DEBIAN-CVE-2015-9541

Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564...

[SECURITY] Fedora 30 Update: xfig-3.2.7b-1.fc30

Xfig is an X Window System tool for creating basic vector graphics, including bezier curves, lines, rulers and more. The resulting graphics can be saved, printed on PostScript printers or converted to a variety of other formats e.g., X11 bitmaps, Encapsulated PostScript, LaTeX. You should install...

Hardcoded Initialization Vector

Overview All versions of parsel have a default hardcoded initialization vector. In cases where the IV is not provided, the package defaults to a hardcoded IV which renders the cipher vulnerable to chosen plaintext attacks. Recommendation The package is deprecated and will not be updated. Consider...

Security Bulletin: IBM MQ Appliance is affected by an MIT Kerberos 5 vulnerability (CVE-2017-11462)

Summary IBM MQ Appliance has addressed the following MIT Kerberos 5 aka krb5 vulnerability. Vulnerability Details CVEID: CVE-2017-11462 DESCRIPTION: Double free vulnerability in MIT Kerberos 5 aka krb5 allows attackers to have unspecified impact via vectors involving automatic deletion of securit...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1474)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1483)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libreoffice (EulerOS-SA-2019-2082)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2019-2061)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2019-1731)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...