CVE-2018-4474

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12. Unexpected interaction causes an ASSERT failure...

Memory corruption

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12. Unexpected interaction causes an ASSERT failure...

CVE-2018-4474

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12. Unexpected interaction causes an ASSERT failure...

Security update for samba (important)

openSUSE Security Update: Security update for samba Announcement ID: openSUSE-SU-2020:1526-1 Rating: important References: 1176579 Cross-References: CVE-2020-1472 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for samba fixe...

Important: Red Hat Security Advisory: dovecot security update

An update for dovecot is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2020-6097

An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger...

DEBIAN-CVE-2020-6097

An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger...

UBUNTU-CVE-2020-6097

An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger...

CVE-2020-6097

An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger...

Debian DSA-4760-1 : qemu - security update

Multiple security issues were discovered in QEMU, a fast processor emulator : - CVE-2020-12829 An integer overflow in the sm501 display device may result in denial of service. - CVE-2020-14364 An out-of-bounds write in the USB emulation code may result in guest-to-host code execution. -...

Scientific Linux Security Update : dovecot on SL7.x x86_64 (20200903)

Security Fixes : - dovecot: Resource exhaustion via deeply nested MIME parts CVE-2020-12100 - dovecot: Out of bound reads in dovecot NTLM implementation CVE-2020-12673 - dovecot: Crash due to assert in RPA implementation CVE-2020-12674 C Tenable Network Security, Inc. The descriptive text is C...

dovecot security update

1:2.2.36-6.1 - fix CVE-2020-12100 resource exhaustion via deeply nested MIME parts 1871841 - fix CVE-2020-12673 out of bound reads in dovecot NTLM implementation 1871843 - fix CVE-2020-12674 crash due to assert in RPA implementation 1871842...

RHEL 7 : dovecot (RHSA-2020:3617)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3617 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3...

atftpd daemon Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert call resulting in denial-of-service. An attacker can send a sequence of malicious packets to...

Open-Xchange: Assert failed in `edit_mail_istream_read`

To reproduce, run test suite on following input : require "vnd.dovecot.testsuite"; require "variables"; require "editheader"; testset "message" "$mege"; test "" addheader :last "der" "Her-3"; if not testresultexecute Output is with ASAN enabled stack trace testsuite: Panic: file edit-mail.c: line...

FreeBSD : mail/dovecot -- multiple vulnerabilities (87a07de1-e55e-4d51-bb64-8d117829a26a)

Aki Tuomi reports : Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory.. Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash...

SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2020:2143-1)

This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.8+10 July 2020 CPU, bsc1174157 - Security fixes : + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming +...

The vulnerability of the nxdomain-redirect DNS server function in BIND allows a attacker to cause a service failure.

The vulnerability of the nxdomain-redirect DNS server’s BIND implementation lies in the use of the assert function or similar operators. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

openSUSE: Security Advisory for nasm (openSUSE-SU-2020:0952-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for rust, rust-cbindgen (moderate)

openSUSE Security Update: Security update for rust, rust-cbindgen Announcement ID: openSUSE-SU-2020:0933-1 Rating: moderate References: 1115645 1154817 1173202 Cross-References: CVE-2020-1967 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has two fixes is now...