Capsoft Reportexpress ProPlus Remote Code Execution Vulnerability

Capsoft Reportexpress ProPlus is a Web reporting solution from Capsoft Korea that supports trying to search for information and storing multiple types of documents. A security vulnerability exists in Capsoft Reportexpress ProPlus prior to version 3.0.0.62, which stems from a lack of integrity...

ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign

Impact Jsrsasign supports ECDSA signature validation which signature value is represented by ASN.1 DER encoding. This vulnerablity may accept a wrong ASN.1 DER encoded ECDSA signature such as: - wrong multi-byte ASN.1 length of TLV ex. 0x820045 even though 0x45 is correct - prepending zeros with...

GHSA-P8C3-7RJ8-Q963 ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign

Impact Jsrsasign supports ECDSA signature validation which signature value is represented by ASN.1 DER encoding. This vulnerablity may accept a wrong ASN.1 DER encoded ECDSA signature such as: - wrong multi-byte ASN.1 length of TLV ex. 0x820045 even though 0x45 is correct - prepending zeros with...

OPENSUSE-SU-2020:0869-1 Security update for mercurial

This update for mercurial fixes the following issues: Security issue fixed: - CVE-2019-3902: Fixed incorrect patch-checking with symlinks and subrepos bsc1133035. This update was imported from the SUSE:SLE-15:Update update project...

The vulnerability of the fill-checking function in the AES-NI implementation of the OpenSSL library allows a perpetrator to gain unauthorized access to confidential data.

The vulnerability of the fill-checking function in the AES-NI implementation of the OpenSSL library is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to confidential data...

Stack overflow

Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the "Wireless" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or...

SUSE-SU-2020:1709-1 Security update for mercurial

This update for mercurial fixes the following issues: Security issue fixed: - CVE-2019-3902: Fixed incorrect patch-checking with symlinks and subrepos bsc1133035...

USN-4390-1: Linux kernel vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose...

[SECURITY] Fedora 31 Update: roundcubemail-1.4.6-1.fc31

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

Morgan Stanley Hobbes Out-of-Bounds Read/Write Vulnerability

Morgan Stanley Hobbes is an embedded language compiler and runtime program from Morgan Stanley USA. An out-of-bounds read/write vulnerability exists in Morgan Stanley Hobbes version 2020-05-21 and earlier. The vulnerability stems from a lack of boundary checking in the array implementation. An...

CVE-2020-13656

In Morgan Stanley Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an out-of-bounds OOB read/write vulnerability that leads to both local and remote code via RPC execution...

Out-of-bounds

In Morgan Stanley Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an out-of-bounds OOB read/write vulnerability that leads to both local and remote code via RPC execution...

CVE-2020-13656

In Morgan Stanley Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an out-of-bounds OOB read/write vulnerability that leads to both local and remote code via RPC execution...

CVE-2020-13656

Morgan Stanley Hobbes contains an out-of-bounds read/write vulnerability in its array implementation, reported up to 2020-05-21. The缺 bound checking flaw allows an attacker to trigger OOB access, enabling code execution via RPC. Affected version details: Hobbes 2020-05-21 and earlier (per CNVD-20...

Linux: minclass in pam_pwquality.so

The pampwquality module can be plugged into the password stack of a given service to provide some plug-in strength-checking for passwords. The code was originally based on pamcracklib module and the module is backwards compatible with its options. - minclass: The minimum number of required classe...

Phar unserialization vulnerability in phpMussel

Impact What kind of vulnerability is it? Who is impacted? Anyone using = v1.0.0 = v1.6.0 the earliest safe version will resolve the problem. However, as multiple new major versions have been released since that version, upgrading to the latest available version is recommended, in order to protect...

CVE-2020-4433

Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of root or cause server to crash. IBM X-Force I...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4388-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4388-1 advisory. It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A...

USN-4388-1: Linux kernel vulnerabilities

It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information kernel memory. CVE-2020-0067 It was discovered that memory contents...

CVE-2020-9847

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to break out of its sandbox...