MGASA-2020-0265 Updated mbedtls packages fix security vulnerability

Updated mbedtls packages fix security vulnerability Fix side channel in ECC code that allowed an adversary with access to precise enough timing and memory access information typically an untrusted operating system attacking a secure enclave to fully recover an ECDSA private key. CVE-2020-10932 Fi...

Updated mbedtls packages fix security vulnerability

Updated mbedtls packages fix security vulnerability Fix side channel in ECC code that allowed an adversary with access to precise enough timing and memory access information typically an untrusted operating system attacking a secure enclave to fully recover an ECDSA private key. CVE-2020-10932 Fi...

UBUNTU-CVE-2019-20838

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454...

Security update for libexif (moderate)

openSUSE Security Update: Security update for libexif Announcement ID: openSUSE-SU-2020:0793-1 Rating: moderate References: 1055857 1059893 1120943 1160770 1171475 1171847 1172105 1172116 1172121 Cross-References: CVE-2016-6328 CVE-2017-7544 CVE-2018-20030 CVE-2019-9278 CVE-2020-0093 CVE-2020-127...

libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS

A heap-buffer out-of-bounds read flaw was found in libexif's MakerNote tag parser. This flaw allows an unauthenticated attacker or authenticated attacker with low privileges to exploit the flaw remotely in an application that uses libexif to process EXIF data from media files if the file upload i...

DEBIAN-CVE-2020-13902

ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding...

SUSE-SU-2020:1534-1 Security update for libexif

This update for libexif fixes the following issues: Security issues fixed: - CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file bsc1055857. - CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exifdatasavedataentry function in libexif/exif-data.c...

The vulnerability of the FreeRDP remote desktop protocol lies in its ability to read data beyond the specified buffer, allowing a malicious actor to cause a service failure.

The vulnerability of the FreeRDP remote desktop protocol exists due to the reading of data beyond the specified buffer. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the FreeRDP remote desktop protocol lies in its ability to read data beyond the specified buffer, allowing a malicious actor to cause a service failure.

The vulnerability of the FreeRDP remote desktop protocol exists due to the reading of data beyond the specified buffer. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the `clear_decompress_subcode_rlex` function in the FreeRDP remote desktop protocol allows a intruder to trigger a service failure.

The vulnerability of the cleardecompresssubcoderlex function in the FreeRDP remote desktop protocol is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

VulnCheck KEV: CVE-2018-4893

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of...

The vulnerability of the GDI component of the Windows operating system, which allows a hacker to gain unauthorized access to protected information

The vulnerability of the Graphics Device Interface GDI component in the Windows operating system is related to reading data beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through a specially created applicatio...

The vulnerability of the `exif_read_data()` function implementation in the PHP programming language allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the exifreaddata function in the PHP programming language lies in the reading of data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information or cause service failure...

libexif -- multiple vulnerabilities

Release notes: Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others: CVE-2016-6328: fixed integer overflow when parsing maker notes CVE-2017-7544: fixed buffer overread CVE-2018-20030: Fix for recursion DoS CVE-2019-9278: replaced integer overflow checks the compiler could...

The vulnerability of the microDNS library in the VideoLAN VLC media player software allows a hacker to induce a service failure or execute arbitrary code.

The vulnerability of the microDNS library in the VideoLAN VLC media player software relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures or execute arbitrary code through a specially crafted request...

The vulnerability of the microDNS library in the VideoLAN VLC media player software allows a hacker to induce a service failure or execute arbitrary code.

The vulnerability of the microDNS library in the VideoLAN VLC media player lies in the reading of data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures or execute arbitrary code through a specially crafted request...

The vulnerability of the microDNS library in the VideoLAN VLC media player software allows a hacker to induce a service failure or execute arbitrary code.

The vulnerability of the microDNS library in the VideoLAN VLC media player lies in the reading of data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures or execute arbitrary code through a specially crafted request...

libreswan: DoS attack via malicious IKEv1 informational exchange message

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. An unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash...

libreswan: DoS attack via malicious IKEv1 informational exchange message

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. An unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash...

UBUNTU-CVE-2020-12740

tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a getc operation. The issue is being triggered in the function getipv6next at common/get.c...