7015 matches found
Design/Logic Flaw
A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c...
CVE-2018-20551
A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c...
Poppler Object::getString reachable assertion vulnerability
Poppler is based on xpdf-3.0 code base PDF rendering library. Poppler 0.72.0 exists Object::getString there is a reachable assertion vulnerability , the vulnerability stems from the Annot.c in the AnnotRichMedia class to build invalid rich media annotated assets , an attacker can use the...
EulerOS 2.0 SP2 : jasper (EulerOS-SA-2018-1417)
According to the versions of the jasper package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - jasper: reachable assertion in JPCNOMINALGAIN CVE-2016-9396 - jasper: NULL pointer exception in jp2encode CVE-2017-1000050 Note that Tenable...
CVE-2018-20551
A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c...
Debian DLA-1619-1 : graphicsmagick security update
Multiple vulnerabilities have been found in GraphicsMagick, the image processing system. CVE-2018-20184 The WriteTGAImage function tga.c is affected by a heap-based buffer overflow. Remote attackers might leverage this vulnerability to cause a denial of service via a crafted image file...
EulerOS Virtualization 2.5.2 : krb5 (EulerOS-SA-2018-1408)
According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client...
[SECURITY] [DLA 1619-1] graphicsmagick security update
Package : graphicsmagick Version : 1.3.20-3+deb8u5 CVE ID : CVE-2018-20184 CVE-2018-20185 CVE-2018-20189 Debian Bug : 916752 916719 916721 Multiple vulnerabilities have been found in GraphicsMagick, the image processing system. CVE-2018-20184 The WriteTGAImage function tga.c is affected by a...
CVE-2018-20217
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 aka krb5 before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type single-DES, triple-DES, or RC4, the attacker can crash the KDC by making an S4U2Self request...
CVE-2018-20217
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 aka krb5 before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type single-DES, triple-DES, or RC4, the attacker can crash the KDC by making an S4U2Self request...
Design/Logic Flaw
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 aka krb5 before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type single-DES, triple-DES, or RC4, the attacker can crash the KDC by making an S4U2Self request...
CVE-2018-20217
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 aka krb5 before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type single-DES, triple-DES, or RC4, the attacker can crash the KDC by making an S4U2Self request...
CVE-2018-20217
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 aka krb5 before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type single-DES, triple-DES, or RC4, the attacker can crash the KDC by making an S4U2Self request...
CVE-2018-20217
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 aka krb5 before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type single-DES, triple-DES, or RC4, the attacker can crash the KDC by making an S4U2Self request...
CVE-2018-20217
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 aka krb5 before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type single-DES, triple-DES, or RC4, the attacker can crash the KDC by making an S4U2Self request...
SUSE SLED12 / SLES12 Security Update : soundtouch (SUSE-SU-2018:3606-2)
This update for soundtouch fixes the following issues : CVE-2018-17098: The WavFileBase class allowed remote attackers to cause a denial of service heap corruption from size inconsistency or possibly have unspecified other impact, as demonstrated by SoundStretch. bsc1108632 CVE-2018-17097: The...
EulerOS 2.0 SP3 : jasper (EulerOS-SA-2018-1389)
According to the versions of the jasper package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - jasper: reachable assertion in JPCNOMINALGAIN CVE-2016-9396 - jasper: NULL pointer exception in jp2encode CVE-2017-1000050 Note that Tenable...
openvswitch: Mishandle of group mods in lib/ofp-util.c:parse_group_prop_ntr_selection_method() allows for assertion failure
An issue was discovered in Open vSwitch OvS, 2.4.x through 2.4.1, 2.5.x through 2.5.5, 2.6.x through 2.6.3, 2.7.x through 2.7.6, 2.8.x through 2.8.4, and2.9.x through 2.9.2, affecting the parsegrouppropntrselectionmethod in lib/ofp-util.c. On controllers with the OpenFlow 1.5 decoder enabled, a...
The vulnerability affects the implementation of Security Assertion Markup Language, a mechanism for authentication in software-based secure mobile access solutions from Cisco. This vulnerability allows attackers to bypass the authentication process.
The vulnerability of the Security Assertion Markup Language SAML authentication mechanism for Single Sign-On SSO in Cisco AnyConnect Secure Mobility Client, Cisco Adaptive Security Appliance ASA, and Cisco Firepower Threat Defense FTD is related to improper session management. Exploiting this...
Updated soundtouch packages fix security vulnerabilities
Assertion failure in BPMDetect class in BPMDetect.cpp CVE-2018-17096. Out-of-bounds heap write in WavOutFile::write CVE-2018-17097. Heap corruption in WavFileBase class in WavFile.cpp CVE-2018-17098...