Buffer overflow

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying ivdata from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as syst...

CVE-2020-14376

CVE-2020-14376 and related CVEs (CVE-2020-14374, CVE-2020-14375, CVE-2020-14377, CVE-2020-14378) affect dpdk prior to 18.11.10 and 19.11.5. The EulerOS/NASL/OpenVAS entries confirm multiple dpdk-related issues, including: (1) a bounds-check failure when copying iv_data from guest to host memory c...

CVE-2020-14376

A flaw was found in dpdk. A lack of bounds checking when copying ivdata from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Security Bulletin: Security vulnerability in WebSphere Liberty Server shipped with IBM Global Mailbox (CVE-2020-4329)

Summary A security vulnerability has been identified In WebSphere Liberty Server shipped with IBM Global Mailbox. Vulnerability Details CVEID: CVE-2020-4329 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated...

EulerOS Virtualization for ARM 64 3.0.6.0 : gtk-vnc (EulerOS-SA-2020-2010)

According to the versions of the gtk-vnc packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw was found in gtk-vnc. A remote malicious VNC server could use this flaw to crash VNC viewers...

Huawei EulerOS: Security Advisory for gtk-vnc (EulerOS-SA-2020-2010)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-14374

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copydata function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhostcrypto application. The highest threat from this...

Ruby through 2.4.7 2.5.x through 2.5.6 and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.

...

SUSE-SU-2020:2689-1 Security update for jasper

This update for jasper fixes the following issues: - CVE-2016-9398: Improved patch for already fixed issue bsc1010979. - CVE-2016-9399: Fix assert in calcstepsizes bsc1010980. - CVE-2017-5499: Validate component depth bit bsc1020451. - CVE-2017-5503: Check bounds in jasseq2dbindsub bsc1020456. -...

Out Of Bound Write

gpac:xenial is vulnerable to out-of-bound writes. gftextgetutf8line in mediatools/textimport.c in libgpacstatic.a allows an out-of-bounds write because of missing szLineConv bounds checking...

About the security content of tvOS 13.4.5 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

About the security content of macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

CodeMeter < 6.90 License forging Vulnerability

According to its self-reported version, the CodeMeter WebAdmin server installed on the remote host is prior to 6.90. It is affected by an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if i...

Google Android Buffer Overflow Vulnerability (CNVD-2020-54309)

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. A security vulnerability exists in the Android-11 version of AAC parser, which stems from a lack of bounds checking and can be exploited by an attacker to cause remote information disclosure...

CVE-2020-25756

A buffer overflow vulnerability exists in the mggethttpheader function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice...

Buffer overflow

A buffer overflow vulnerability exists in the mggethttpheader function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice...

CVE-2020-25756

A buffer overflow vulnerability exists in the mggethttpheader function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice...

CVE-2020-25756

A buffer overflow vulnerability exists in the mggethttpheader function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice...

CVE-2020-25756

CVE-2020-25756 affects Cesanta Mongoose 6.18, with a buffer overflow in the mg_get_http_header function caused by missing bounds checking. This can be triggered by crafting an HTTP header and, per the sources, is tied to high-severity potential (NVD CVSS v3.1: CRITICAL; v2: HIGH) with network exp...

Google Android actory reset protection privilege checking vulnerability

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. A privilege checking vulnerability exists in Android-11 version factory reset protection. The vulnerability stems from a lack of privilege checking, which allows an attacker to bypass the FRP,...