Security update for freetype2 (important)

openSUSE Security Update: Security update for freetype2 Announcement ID: openSUSE-SU-2020:1734-1 Rating: important References: 1177914 Cross-References: CVE-2020-15999 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...

FreeBSD-SA-20:27.ure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:27.ure Security Advisory The FreeBSD Project Topic: ure device driver susceptible to packet-in-packet attack Category: core Module: ure Announced: 2020-09-15...

FreeBSD-SA-20:30.ftpd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:30.ftpd Security Advisory The FreeBSD Project Topic: ftpd privilege escalation via ftpchroot feature Category: core Module: ftpd Announced: 2020-09-15...

Cherokee Web Server 0.4.27 <= 1.2.104 DoS Vulnerability

Cherokee Web Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

FreeBSD-SA-20:15.cryptodev

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:15.cryptodev Security Advisory The FreeBSD Project Topic: Use after free in cryptodev module Category: core Module: cryptodev Announced: 2020-05-12 Credits:...

FreeBSD-SA-20:14.sctp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:14.sctp Security Advisory The FreeBSD Project Topic: Improper checking in SCTP-AUTH shared key update Category: core Module: kernel Announced: 2020-05-12...

FreeBSD-SA-20:09.ntp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:09.ntp Security Advisory The FreeBSD Project Topic: Multiple denial of service in ntpd Category: contrib Module: ntp Announced: 2020-03-19 Credits: Philippe...

FreeBSD-SA-20:08.jail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:08.jail Security Advisory The FreeBSD Project Topic: Kernel memory disclosure with nested jails Category: core Module: kern Announced: 2020-03-19 Credits:...

FreeBSD-SA-20:03.thrmisc

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:03.thrmisc Security Advisory The FreeBSD Project Topic: kernel stack data disclosure Category: core Module: kernel Announced: 2020-01-28 Credits: Ilja Van...

CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

VLC Media Player Multiple Vulnerabilities (sb-vlc308) - Windows

VLC Media Player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:videolan:vlcmediaplayer";...

FreeBSD-SA-19:23.midi

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:23.midi Security Advisory The FreeBSD Project Topic: kernel memory disclosure from /dev/midistat Category: core Module: sound Announced: 2019-08-20 Credits:...

FreeBSD-SA-19:11.cd_ioctl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:11.cdioctl Security Advisory The FreeBSD Project Topic: Privilege escalation in cd4 driver Category: core Module: kernel Announced: 2019-07-02 Credits: Alex...

CVE-2019-12968

A vulnerability was found in the Sonic Robo Blast 2 SRB2 plugin EPVersions 9 to 11 inclusive distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally long response length from a Sonic Robo Blast 2 master server, allowing a remote attacker to...

FreeBSD-SA-19:06.pf

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:06.pf Security Advisory The FreeBSD Project Topic: ICMP/ICMP6 packet filter bypass in pf Category: contrib Module: pf Announced: 2019-05-14 Credits: Synackti...

FreeBSD-SA-19:07.mds

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:07.mds Security Advisory The FreeBSD Project Topic: Microarchitectural Data Sampling MDS Category: core Module: kernel Announced: 2019-05-14 Credits: Refer t...

Linux &lt; 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem

By following the codepath that Andrea Arcangeli pointed out in his mails regarding the last bug I reported, I noticed that it is possible for userspace on a normal distro to map virtual address 0, which on an X86 system without SMAP enables the exploitation of kernel NULL pointer dereferences. Th...

FreeBSD-SA-18:14.bhyve

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:14.bhyve Security Advisory The FreeBSD Project Topic: Insufficient bounds checking in bhyve8 device model Category: core Module: bhyve Announced: 2018-12-04...

FreeBSD-SA-18:12.elf

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:12.elf Security Advisory The FreeBSD Project Topic: Improper ELF header parsing Category: core Module: kernel Announced: 2018-09-12 Credits: Thomas Barabosch...

Security Bulletin: Vulnerability in Apache Groovy that could affect IBM Development Package for Apache Spark (CVE-2015-3253)

Summary Apache Groovy™ could allow a remote attacker to run arbitrary, untrusted code on the system. Vulnerability Details CVEID: CVE-2015-3253 DESCRIPTION: Apache Groovy could allow a remote attacker to run arbitrary, untrusted code on the system. This issue is caused by the failure to isolate...