Heap overflow

There is an issue on grub2 before version 2.06 at function readsectionasstring. It expects a font name to be at max UINT32MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a...

ALPINE-CVE-2020-16135

libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if sshbuffernew returns NULL...

SUSE-SU-2020:2077-1 Security update for grub2

This update for grub2 fixes the following issues: - CVE-2020-10713 bsc1168994 - CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 bsc1173812 - CVE-2020-15706 bsc1174463 - CVE-2020-15707 bsc1174570 - Use overflow checking primitives where the arithmetic expression for buffer allocation...

SUSE-SU-2020:2076-1 Security update for grub2

This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 bsc1168994 - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 bsc1173812 - Fix for CVE-2020-15706 bsc1174463 - Fix for CVE-2020-15707 bsc1174570 - Use overflow checking primitives where the arithmetic...

SUSE-SU-2020:2073-1 Security update for grub2

This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 bsc1168994 - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 bsc1173812 - Fix for CVE-2020-15706 bsc1174463 - Fix for CVE-2020-15707 bsc1174570 - Use overflow checking primitives where the arithmetic...

DEBIAN-CVE-2020-14938

An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes lengths of data sets read from saved game files. It copies data from a file into a fixed-size heap-allocated buffer without size verification, leading to a heap-based buffer overflow...

Nitro PRO PDF nested pages remote code execution vulnerability

Summary An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Nitro...

Arbitrary Code Execution

kernel is vulnerable to arbitrary code execution. A double free may be caused by the function allocatetracebuffer in the file kernel/trace/trace.c...

netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

Moderate: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 3.9.0 security update

An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

kernel: Null pointer dereference in the sound/usb/line6/pcm.c

A NULL pointer dereference flaw was found in the way the LINE6 drivers in the Linux kernel allocated buffers for USB packets. This flaw allows an attacker with physical access to the system to crash the system...

CVE-2020-8874

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...

CVE-2016-2338

An exploitable heap overflow vulnerability exists in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter startdocument function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array...

Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1256)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-11923

In Mcrouter prior to v0.41.0, the deprecated ASCII parser would allocate a buffer to a user-specified length with no maximum length enforced, allowing for resource exhaustion or denial of service...

CVE-2019-11923

In Mcrouter prior to v0.41.0, the deprecated ASCII parser would allocate a buffer to a user-specified length with no maximum length enforced, allowing for resource exhaustion or denial of service...

CVE-2019-17211

An integer overflow was discovered in the CoAP library in Arm Mbed OS 5.14.0. The function sncoapbuildercalcneededpacketdatasize2 is used to calculate the required memory for the CoAP message from the sncoaphdrs data structure. Both returnedbytecount and srccoapmsgptr-payloadlen are of type...

Debian: Security Advisory (DLA-1963-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Adobe Acrobat Reader DC text field value remote code execution vulnerability redux

Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC, version 2019.012.20035. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim...

CVE-2017-18595

A flaw was found in the allocatetracebuffer in kernel/trace/trace.c in the debug subsystem, when failure to allocate a dynamic percpu area, a resource cleanup is called. The pointer buf-buffer still holds the address and is not set to NULL, which can cause a use-after-free problem, leading to a...