(Vulnerability) The vulnerability of the iSCSI subsystem in Linux operating systems, which allows a perpetrator to compromise the confidentiality, integrity, and accessibility of data.

The vulnerability of the iSCSI subsystem in Linux operating systems relates to the writing of data beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of data through specially created Netlink messages...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to trigger a service failure.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to data writing beyond the buffer. Exploiting this vulnerability could allow a malicious actor to cause a service failure through a specially crafted HTML page...

OPENSUSE-SU-2021:0482-1 Security update for evolution-data-server

This update for evolution-data-server fixes the following issues: - CVE-2020-16117: Fix crash on malformed server response with minimal capabilities bsc1174712. - CVE-2020-14928: Response injection via STARTTLS in SMTP and POP3 bsc1173910. - Fix buffer overrun when parsing base64 data bsc1182882...

Security update for evolution-data-server (moderate)

openSUSE Security Update: Security update for evolution-data-server Announcement ID: openSUSE-SU-2021:0482-1 Rating: moderate References: 1173910 1174712 1182882 Cross-References: CVE-2020-14928 CVE-2020-16117 CVSS scores: CVE-2020-14928 NVD : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N...

USN-3685-2 ruby2.0 regression

USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced a regression in Ruby. This update fixes the problem. Original advisory details: Some of these CVE were already addressed in previous USN: 3439-1, 3553-1, 3528-1. Here we address for the remain releases. It was discover...

[ASA-202103-23] dotnet-sdk-3.1: arbitrary code execution

Arch Linux Security Advisory ASA-202103-23 ========================================== Severity: High Date : 2021-03-25 CVE-ID : CVE-2021-26701 Package : dotnet-sdk-3.1 Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1701 Summary ======= The package...

[ASA-202103-20] dotnet-runtime: arbitrary code execution

Arch Linux Security Advisory ASA-202103-20 ========================================== Severity: High Date : 2021-03-25 CVE-ID : CVE-2021-26701 Package : dotnet-runtime Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1698 Summary ======= The package...

[ASA-202103-22] dotnet-runtime-3.1: arbitrary code execution

Arch Linux Security Advisory ASA-202103-22 ========================================== Severity: High Date : 2021-03-25 CVE-ID : CVE-2021-26701 Package : dotnet-runtime-3.1 Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1701 Summary ======= The package...

[ASA-202103-21] dotnet-sdk: arbitrary code execution

Arch Linux Security Advisory ASA-202103-21 ========================================== Severity: High Date : 2021-03-25 CVE-ID : CVE-2021-26701 Package : dotnet-sdk Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1698 Summary ======= The package dotnet-sdk...

The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are related to the issue of operations occurring outside of the buffer in memory. This allows attackers to trigger service failures.

The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat and Document Cloud, are related to the issue of operations going beyond the buffer in memory. Exploiting these vulnerabilities can allow attackers to cause servic...

SUSE-SU-2021:0949-1 Security update for evolution-data-server

This update for evolution-data-server fixes the following issues: - CVE-2020-16117: Fix crash on malformed server response with minimal capabilities bsc1174712. - CVE-2020-14928: Response injection via STARTTLS in SMTP and POP3 bsc1173910. - Fix buffer overrun when parsing base64 data bsc1182882...

The vulnerability of the ASN.1 BER analyzer of the computer network traffic analysis tool Wireshark allows a hacker to cause a service failure.

The vulnerability of the ASN.1 BER analyzer in Wireshark for analyzing computer network traffic involves an operation that goes beyond the acceptable limits of the data buffer. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

The vulnerability of Google Chrome’s Skia graphics library allows attackers to gain access to confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of Google Chrome’s Skia graphics library is related to the execution of operations that go beyond the allowed data buffer limits. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service interruptions...

Vulnerability of the utils.c:checkmailpath command in the UNIX shell Zsh: This vulnerability involves allowing an operation to exceed the permissible data buffer size. This allows a malicious actor to access confidential data, compromise its integrity, and cause service failures.

The vulnerability in the utils.c:checkmailpath command of the UNIX shell Zsh involves allowing the execution of commands beyond the data buffer’s allowed limits. Exploiting this vulnerability could allow an attacker to access confidential data, compromise its integrity, and cause service failures...

The vulnerability of the Skia component in Google Chrome browsers allows attackers to access confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the Skia component in Google Chrome’s browser is related to the execution of operations that exceed the permissible buffer data limits. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service...

SUSE-SU-2021:0891-1 Security update for evolution-data-server

This update for evolution-data-server fixes the following issues: - Fix buffer overrun when parsing base64 data bsc1182882. - CVE-2020-16117: Fix crash on malformed server response with minimal capabilities bsc1174712. - CVE-2020-14928: Response injection via STARTTLS in SMTP and POP3 bsc1173910...

SUSE-SU-2021:0885-1 Security update for evolution-data-server

This update for evolution-data-server fixes the following issues: - Fix buffer overrun when parsing base64 data bsc1182882. - CVE-2020-16117: Fix crash on malformed server response with minimal capabilities bsc1174712. - CVE-2020-14928: Response injection via STARTTLS in SMTP and POP3 bsc1173910...

The vulnerability of the track_header() function in the libavformat library of the Ffmpeg multimedia environment allows a attacker to cause a service failure.

The vulnerability of the trackheader function in the libavformat library of the Ffmpeg multimedia environment is related to the writing of data beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failure...

The vulnerability of the Schneider Electric EcoStruxure Control Expert programming tool, related to the execution of operations beyond the buffer boundaries, allows a intruder to trigger a maintenance failure or execute arbitrary code.

The vulnerability of the Schneider Electric EcoStruxure Control Expert programming tool relates to the execution of operations beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to trigger a maintenance failure or execute arbitrary code by opening a specially...

The vulnerability of the flb_gzip_compress() function implementation in the Fluent Bit data collector allows a hacker to trigger a service failure.

The vulnerability of the flbgzipcompress function implementation in Fluent Bit data collectors is related to the writing of data beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...