(Pwn2Own) Microsoft Windows UMPDDrvEnablePDEV Improper Input Validation Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

PT-2025-38355

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The mpi3mr driver in the Linux kernel incorrectly calculates bitmap sizes using bytes instead of bits, leading to memory access beyond allocated bitmap sizes and resulting in a kernel BU...

Important: Red Hat Security Advisory: RHV 4.4 SP1 [ovirt-4.5.3-3] security update

Updated RHV packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: virt:av and virt-devel:av security and bug fix update

An update for the virt:av and virt-devel:av modules is now available for Red Hat Enterprise Linux Advanced Virtualization 8.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

RdpCacheStitcher - RdpCacheStitcher Is A Tool That Supports Forensic Analysts In Reconstructing Useful Images Out Of RDP Cache Bitmaps

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps. Using raw RDP cache tile bitmaps extracted by tools like e.g. ANSSI's BMC-Tools https://github.com/ANSSI-FR/bmc-tools as input, it provides a graphical user interface and several...

SUSE: Security Advisory (SUSE-SU-2019:3309-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : freetype2 (openSUSE-2020-1734)

This update for freetype2 fixes the following issues : - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps bsc1177914. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and package...

openSUSE: Security Advisory for freetype2 (openSUSE-SU-2020:1744-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : freetype2 (openSUSE-2020-1744)

This update for freetype2 fixes the following issues : - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps bsc1177914. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and package...

Debian: Security Advisory (DLA-2415-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2415-1 : freetype security update

Sergei Glazunov discovered a heap-based buffer overflow vulnerability in the handling of embedded PNG bitmaps in FreeType. Opening malformed fonts may result in denial of service or the execution of arbitrary code. For Debian 9 stretch, this problem has been fixed in version 2.6.3-3.2+deb9u2. We...

[SECURITY] [DLA 2415-1] freetype security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2415-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz October 25, 2020 https://wiki.debian.org/LTS -...

Security update for freetype2 (important)

openSUSE Security Update: Security update for freetype2 Announcement ID: openSUSE-SU-2020:1734-1 Rating: important References: 1177914 Cross-References: CVE-2020-15999 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...

Debian DSA-4777-1 : freetype - security update

Sergei Glazunov discovered a heap-based buffer overflow vulnerability in the handling of embedded PNG bitmaps in FreeType. Opening malformed fonts may result in denial of service or the execution of arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this...

FreeBSD : freetype2 -- heap buffer overlfow (458df97f-1440-11eb-aaec-e0d55e2a8bf9)

The freetype project reports : A heap buffer overflow has been found in the handling of embedded PNG bitmaps, introduced in FreeType version 2.6. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright...

GLSA-202010-07 : FreeType: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-202010-07 FreeType: Arbitrary code execution A flaw in FreeTypes handling of embedded PNG bitmaps was discovered where the image height and width was not checked to be within bounds. Impact : A remote attacker could entice a user ...

SUSE-SU-2020:2998-1 Security update for freetype2

This update for freetype2 fixes the following issues: - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps bsc1177914...

freetype2 -- heap buffer overlfow

The freetype project reports: A heap buffer overflow has been found in the handling of embedded PNG bitmaps, introduced in FreeType version 2.6...

SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2020:2143-1)

This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.8+10 July 2020 CPU, bsc1174157 - Security fixes : + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming +...

Product update: Virtuozzo Hybrid Server 7.0 Update 14 Hotfix 1 (7.0.14-257)

The Hotfix 1 for Virtuozzo Hybrid Server 7.0 Update 14 provides stability and usability bug fixes. Vulnerability id: PSBM-105022 Unable to live-migrate VMs with dirty bitmaps on Virtuozzo Storage. Vulnerability id: PSBM-104631, PSBM-104632 CS journals to be placed on SSDs are now properly handled...