66 matches found
PT-2022-36057 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.9 Description: The issue is related to a wrong reg type conversion in the release reference function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...
CVE-2022-29851
documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document...
USN-5472-1 ffmpeg vulnerabilities
It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Coding LPC or AAC codecs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. CVE-2020-20445, CVE-2020-20446...
MGASA-2021-0511 Updated python-django-filter packages fix security vulnerability
In django-filter before version 2.4.0, automatically generated 'NumberFilter' instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents...
Integer overflow due to conversion to unsigned
Impact The implementation of tf.rawops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. python import tensorflow as tf tf.rawops.QuantizeAndDequantizeV4Grad...
CVE-2020-21681
A global buffer overflow in the setcolor component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into ge format...
Type confusion
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack Crash, Exit, or Restart...
CVE-2021-25175
CVE-2021-25175 affects the Open Design Alliance Drawings SDK prior to 2021.11. It is a UNTRUSTED POINTER DEREFERENCE vulnerability that occurs while parsing DXF/DWG files, potentially allowing remote code execution in the context of the affected process. Public advisories (ZDI) describe remote co...
SUSE-SU-2019:3184-2 Security update for ffmpeg
This update for ffmpeg fixes the following issues: Security issues fixed: - CVE-2019-17542: Fixed a heap-buffer overflow in vqadecodechunk due to an out-of-array access bsc1154064. - CVE-2019-12730: Fixed an uninitialized use of variables due to an improper check bsc1137526. - CVE-2019-9718: Fixe...
SUSE-SU-2020:0411-1 Security update for ImageMagick
This update for ImageMagick fixes the following issues: Security issue fixed: - CVE-2019-19948: Fixed a heap-based buffer overflow in WriteSGIImage bsc1159861. - CVE-2019-19949: Fixed a heap-based buffer over-read in WritePNGImage bsc1160369. Non-security issue fixed: - Fixed an issue where...
OPENSUSE-SU-2020:0170-1 Security update for ImageMagick
This update for ImageMagick fixes the following issues: Security issue fixed: - CVE-2019-19948: Fixed a heap-based buffer overflow in WriteSGIImage bsc1159861. - CVE-2019-19949: Fixed a heap-based buffer over-read in WritePNGImage bsc1160369. Non-security issue fixed: - Fixed an issue where...
OPENSUSE-SU-2019:2613-1 Security update for libidn2
This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels bsc1154884. - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings bsc1154887. This update was import...
CVE-2017-6145
CVE-2017-6145 affects F5 BIG-IP products with iControl REST. The issue arises in the service that converts BIGIPAuthCookie cookies to X-F5-Auth-Token tokens, failing to re-validate cookies during conversion. This allows an expired, previously valid cookie to be converted into a valid token, enabl...
MGASA-2016-0353 Updated openjpeg packages fix security vulnerability
The openjpeg library was vulnerable to a crash when converting images due to a NULL pointer dereference in readpnmheader CVE-2016-7445...
APPLE-SA-2015-10-21-7 Xcode 7.1
APPLE-SA-2015-10-21-7 Xcode 7.1 Xcode 7.1 is now available and addresses the following: Swift Available for: OS X Yosemite v10.10.5 or later Impact: Swift programs performing certain type conversions may receive unexpected values Description: A type conversion issue existed that could lead to...
Oracle Linux 6 : stunnel (ELSA-2013-0714)
The remote Oracle Linux 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2013-0714 advisory. 4.29-3 Resolves: CVE-2013-1762 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...
RHEL 6 : kernel (RHSA-2013:0841)
Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detail...
Important: Red Hat Security Advisory: kernel security update
Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 6.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detail...
CVE-2013-0233
Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass...
Fedora 13 : maniadrive-1.2-26.fc13.1 / maniadrive-data-1.2-5.fc13 / php-5.3.5-1.fc13 / etc (2011-0321)
This release resolves a critical issue, reported as PHP bug 53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers. Note that Tenable Network Security has extracted the preceding description block directly from t...