UBUNTU-CVE-2021-1404

A vulnerability in the PDF parsing module in Clam AntiVirus ClamAV Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a hea...

OESA-2021-1127 python-pillow security update

Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and Contributors. As of 2019, Pillow development is supported by Tidelift. Security Fixes: In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SG...

The vulnerability in the implementation of the Control and Provisioning of Wireless Access Points (CAPWAP) protocol for Cisco IOS XE allows a attacker to trigger a device reboot or cause a service failure.

The vulnerability of the Control and Provisioning of Wireless Access Points CAPWAP protocol implemented by Cisco IOS XE lies in the reading of data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to trigger a device reboot or cause service failure...

The vulnerability of the Samba networking communication package lies in the reading of data beyond the allowed buffer size, allowing an attacker to cause a service failure.

The vulnerability of the Samba networking communication package is related to an error where “log level = 3” is displayed when the character conversion fails. This error results in a string from the user being printed. Exploiting this vulnerability can allow a remote attacker to cause service...

The vulnerability of Google Chrome’s browser, which arises from reading data beyond the specified buffer, allows attackers to compromise the rendering process and expose the protected information.

The vulnerability of Google Chrome exists because it reads data beyond the specified buffer. Exploiting this vulnerability allows a remote attacker to compromise the rendering process and expose the protected information through a specially crafted HTML page...

The vulnerability of the Cscape software, related to reading beyond the buffer in memory, allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Cscape software lies in reading data beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the is_hdr_criteria_matches function in the BIG-IP Advanced Web Application Firewall (AWAF) virtual server allows a attacker to cause a service failure or execute arbitrary code.

The vulnerability of the ishdrcriteriamatches function in the BIG-IP Advanced Web Application Firewall AWAF virtual server lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures or execute arbitrary cod...

CVE-2021-27244

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...

The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are related to reading beyond the buffer in memory. This allows attackers to exploit these vulnerabilities to gain higher privileges.

The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat and Document Cloud, are related to the ability to read data beyond the buffer in memory, which operates remotely. These vulnerabilities can be exploited to increa...

The vulnerability of the tif_getimage.c file in the LibTIFF library allows a hacker to execute arbitrary code.

The vulnerability of the tifgetimage.c file in the LibTIFF library is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created TIFF file...

The vulnerability of the image conversion module from TIFF to RGBA format in the LibTIFF library allows a hacker to induce a service failure.

The vulnerability of the TIFF-to-RGBA tiff2rgba conversion module in the LibTIFF library is related to the execution of operations outside of the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by using a specially created TI...

The vulnerability of the libdw library, a set of utilities for processing ELF objects, arises from reading data beyond the permissible buffer size. This allows an attacker to cause a service failure.

The vulnerability of the libdw library, which contains utilities for processing ELF objects, is related to incorrect checks for the end of the attribute list in dwarfgetabbrev.c and dwarfhasattr.c. Exploiting this vulnerability could allow an attacker to cause service failures remotely...

The vulnerability of the dwarf_getaranges function in the dwarf_getaranges.c file of the ELF object processing utility Elfutils, related to reading beyond the allowable buffer data size, allows a attacker to cause a service failure.

The vulnerability in the dwarfgetaranges.c function of the ELF object processing utility Elfutils relates to reading data beyond the permissible buffer size. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

The vulnerability of the HPACK decoder in HAProxy server software allows for exploitation by reading data beyond the allowed buffer limits, enabling attackers to cause service failures.

The vulnerability of the HPACK decoder in HAProxy server software relates to reading data from buffer fields beyond their allowable limits. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability in the receive_xattr function of the xattrs.c utility for file transfer and synchronization in Rsync, related to reading beyond the buffer data limit, allows an attacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability in the receivexattr function of the xattrs.c utility for transferring and synchronizing files in Rsync relates to the lack of checking for the presence of a trailing dot in the file name. Exploiting this vulnerability could allow an attacker to gain access to confidential data,...

USN-4860-1: Monit vulnerabilities

Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting XSS attacks. CVE-2019-11454 Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs. An attacker could exploit this to...

USN-4860-1 monit vulnerabilities

Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting XSS attacks. CVE-2019-11454 Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs. An attacker could exploit this to...

The vulnerability of the uIP TCP/IP Stack component of the Contiki OS allows a hacker to trigger a service failure.

The vulnerability of the upperlayerchksum function in the net/ipv4 /uip.c part of the uIP TCP/IP Stack of the Contiki OS framework is related to the reading of data beyond the specified buffer. Exploiting this vulnerability could allow a malicious actor to cause service failure remotely...

The vulnerability of the Splash::blitTransparent function in the Poppler PDF rendering library allows a attacker to access confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the Splash::blitTransparent function splash/Splash.cc in the Poppler PDF rendering library is related to reading data beyond the allowed buffer limits. Exploiting this vulnerability could allow an attacker to access confidential data, compromise its integrity, and cause servi...

The vulnerability of the PRIMARY_DRAWING_ORDER_FIELD_BYTES function in the FreeRDP remote desktop protocol implementation, related to reading data beyond the buffer’s acceptable limits, allows attackers to access confidential data and cause service interruptions.

The vulnerability of the PRIMARYDRAWINGORDERFIELDBYTES function in the FreeRDP remote desktop protocol implementation is related to reading data beyond the allowable buffer size. Exploiting this vulnerability can allow an attacker to access confidential data and also cause service interruptions...