EUVD-2020-13199

Malware in sbrugna...

Advisory ROSA-SA-2021-1901

Software: libvorbis 1.3.3 OS: Cobalt 7.9 CVE-ID: CVE-2020-20412 CVE-Crit: MEDIUM CVE-DESC: lib / codebook.c in libvorbis before 1.3.6, which was used in StepMania 5.0.12 and other products, has insufficient array bounds checking with the created OGG file. CVE-STATUS: default CVE-REV: default...

EulerOS Virtualization 3.0.2.6 : libvorbis (EulerOS-SA-2021-1440)

According to the version of the libvorbis package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking v...

Huawei EulerOS: Security Advisory for libvorbis (EulerOS-SA-2021-1493)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.6.6 : libvorbis (EulerOS-SA-2021-1493)

According to the version of the libvorbis package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking v...

Design/Logic Flaw

lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146...

CVE-2020-20412

CVE-2018-5146 corresponds to an out-of-bounds memory write in libvorbis Vorbis audio processing. Documentation shows this affects libvorbis builds and was fixed upstream by updating in the 1.3.6 series (vuln exists in libvorbis before 1.3.6, as used by affected products). Root cause is insufficie...

CVE-2020-20412

lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146...

FreeBSD : bro -- NULL pointer dereference and Signed integer overflow (f56669f5-d799-4ff5-9174-64a6d571c451)

Jon Siwek of Corelight reports : This is a security patch release to address potential Denial of Service vulnerabilities : - NULL pointer dereference in the RPC analysis code. RPC analyzers e.g. MOUNT or NFS are not enabled in the default configuration. - Signed integer overflow in BinPAC-generat...

Ubuntu 16.04 LTS : OpenJDK 8 vulnerabilities (USN-4080-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4080-1 advisory. Keegan Ryan discovered that the ECC implementation in OpenJDK was not sufficiently resilient to side- channel attacks. An attacker could possibly use thi...

Ubuntu: Security Advisory (USN-4080-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4080-1: OpenJDK 8 vulnerabilities

Keegan Ryan discovered that the ECC implementation in OpenJDK was not sufficiently resilient to side-channel attacks. An attacker could possibly use this to expose sensitive information. CVE-2019-2745 It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing...

bro -- Null pointer dereference and Signed integer overflow

Jon Siwek of Corelight reports: This is a security patch release to address potential Denial of Service vulnerabilities: Null pointer dereference in the RPC analysis code. RPC analyzers e.g. MOUNT or NFS are not enabled in the default configuration. Signed integer overflow in BinPAC-generated...

bro -- array bounds and potential DOS issues

Corelight reports: Bro 2.5.5 primarily addresses security issues: Fix array bounds checking in BinPAC: for arrays that are fields within a record, the bounds check was based on a pointer to the start of the record rather than the start of the array field, potentially resulting in a buffer...

SeaMonkey < 2.33.1 Multiple Vulnerabilities

The version of Mozilla SeaMonkey installed on the remote host is prior to 2.33.1. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists due to an out-of-bounds error in typed array bounds checking within 'asmjs/AsmJSValidate.cpp', which relates to...

Firefox < 36.0.3 JIT Code Execution (Mac OS X)

The version of Mozilla Firefox installed on the remote Mac OS X host is prior to 36.0.3. It is, therefore, affected by a remote code execution vulnerability due to an out-of-bounds error in typed array bounds checking within 'asmjs/AsmJSValidate.cpp', which relates to just-in-time compilation for...