Security update for libopenmpt (moderate)

openSUSE Security Update: Security update for libopenmpt Announcement ID: openSUSE-SU-2019:2212-1 Rating: moderate References: 1143578 1143581 1143582 1143584 Cross-References: CVE-2018-20860 CVE-2018-20861 CVE-2019-14382 CVE-2019-14383 Affected Products: openSUSE Leap 15.0 An update that fixes...

Security update for libopenmpt (moderate)

openSUSE Security Update: Security update for libopenmpt Announcement ID: openSUSE-SU-2019:2213-1 Rating: moderate References: 1143578 1143581 1143582 1143584 Cross-References: CVE-2018-20860 CVE-2018-20861 CVE-2019-14382 CVE-2019-14383 Affected Products: openSUSE Leap 15.1 An update that fixes...

SUSE SLED15 / SLES15 Security Update : libopenmpt (SUSE-SU-2019:2435-1)

This update for libopenmpt fixes the following issues : Security issues fixed : CVE-2018-20861: Fixed crash with certain malformed custom tunings in MPTM files bsc1143578. CVE-2018-20860: Fixed crash with malformed MED files bsc1143581. CVE-2019-14383: Fixed J2B that allows an assertion failure...

Insecure Randomness

Overview org.pac4j:pac4j-saml is an is PAC4J package for the SAML Protocol. Affected versions of this package are vulnerable to Insecure Randomness. A insecure source of randomness is used to generate all of its random values as it relies upon apache commons lang3 RandomStringUtils. This SAML...

The vulnerability of the SAML broker component of the Keycloak identity and access management software allows a malicious actor to gain unauthorized access to the system.

The vulnerability of the SAML broker component in the Keycloak identity and access management software is related to incorrect authentication processes. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to the system by modifying the SAML...

RHEL 8 : poppler (RHSA-2019:2713)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2713 advisory. Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: heap-based buffer...

FreeBSD : www/varnish6 -- Denial of Service (ce231189-ce56-11e9-9fa0-0050569f0b83)

The Varnish Team reports : A failure in HTTP/1 parsing can allow a remote attacker to trigger an assertion in varnish, restarting the daemon and clearing the cache. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML databa...

www/varnish6 -- Denial of Service

The Varnish Team reports: A failure in HTTP/1 parsing can allow a remote attacker to trigger an assertion in varnish, restarting the daemon and clearing the cache...

DEBIAN-CVE-2019-15758

An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js...

CVE-2019-15758

An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js...

CVE-2019-15758

CVE-2019-15758 affects Binaryen 1.38.32. The issue is caused by missing validation rules in asmjs/asmangle.cpp, leading to an Assertion Failure in wasm/wasm.cpp (wasm::asmangle). A crafted input can cause denial-of-service, as demonstrated by wasm2js. Connected reports consistently describe the s...

CVE-2019-15758

An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js...

CVE-2019-15758

An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js...

CVE-2019-6473

An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process kea-dhcp4, causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2...

CVE-2019-6472

A packet containing a malformed DUID can cause the Kea DHCPv6 server process kea-dhcp6 to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2...

UBUNTU-CVE-2019-6472

A packet containing a malformed DUID can cause the Kea DHCPv6 server process kea-dhcp6 to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2...

UBUNTU-CVE-2019-6473

An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process kea-dhcp4, causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2...

EulerOS 2.0 SP8 : exiv2 (EulerOS-SA-2019-1830)

According to the versions of the exiv2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service...

EulerOS 2.0 SP8 : bind (EulerOS-SA-2019-1822)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An assertion failure was found in the way bind implemented the 'managed keys' feature. An attacker could use this flaw to cause the named daemon t...

Cisco Adaptive Security Appliance VPN SAML Authentication Bypass Vulnerability (cisco-sa-20190501-asaftd-saml-vpn)

According to its self-reported version the Cisco Adaptive Security Appliance ASA software running on the remote device is affected by an authentication bypass vulnerability in the implementation of Security Assertion Markup Language SAML 2.0 Single Sign-On SSO for Clientless SSL VPN WebVPN and...