EulerOS 2.0 SP5 : libarchive (EulerOS-SA-2019-1067)

According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards release v3.1.0 onwards contains a CWE-415: Double Free vulnerabili...

UltraVNC Arbitrary Code Execution Vulnerability

UltraVNC is an open source remote terminal control software for the Windows platform. A security vulnerability exists in the VNC client for the RAW decoder in UltraVNC version 1203. An attacker could exploit the vulnerability to execute code...

CVE-2019-8260

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC client RRE decoder code, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200...

CVE-2019-8261

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC code inside client CoRRE decoder, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200...

CVE-2019-8260

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC client RRE decoder code, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200...

CVE-2019-8261

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC code inside client CoRRE decoder, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200...

Out-of-bounds

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC code inside client CoRRE decoder, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200...

CVE-2019-8262

UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204...

CVE-2019-8261

CVE-2019-8261: UltraVNC revision 1199 contains an out-of-bounds read in the VNC client CoRRE decoder caused by a multiplication overflow. Exploitation is reported as feasible via network connectivity. The vulnerability has been addressed in revision 1200. Affected component: UltraVNC client VNC d...

CVE-2019-8260

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC client RRE decoder code, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200...

CVE-2019-8261

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC code inside client CoRRE decoder, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200...

openh264/decoder_fuzzer: Heap-use-after-free in WelsDec::MapColToList0

Project: https://github.com/cisco/openh264.git Detailed report: https://oss-fuzz.com/testcase?key=5730627922427904 Project: openh264 Fuzzer: libFuzzeropenh264decoderfuzzer Fuzz target binary: decoderfuzzer Job Type: libfuzzerasanopenh264 Platform Id: linux Crash Type: Heap-use-after-free READ 4...

DEBIAN-CVE-2018-20797

An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofocalloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds. An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofocalloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in...

Apache Tomcat 9.0.0.M1 < 9.0.8

The version of Tomcat installed on the remote host is prior to 9.0.8. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.8security-9 advisory. - An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop i...

PT-2019-10238 · Podofo +5 · Podofo +5

Name of the Vulnerable Software and Affected Versions: PoDoFo version 0.9.6 Description: An issue was discovered in PoDoFo where there is an attempted excessive memory allocation in PoDoFo::podofo calloc when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder. Recommendations: For PoDoF...

Linux SNMP NAT Module Out-Of-Bounds Read/Write

Linux: out-of-bounds read and write in SNMP NAT module commit cc2d58634e0f "netfilter: nfnatsnmpbasic: use asn1 decoder library", first in 4.16 changed the nfnatsnmpbasic module which, when enabled, parses and modifies the ASN.1-encoded payloads of SNMP messages so that the kernel's ASN.1...

haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash

A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. Mishandling occurs when a priority flag is set on too short HEADERS frame in the HTTP/2 decoder, allowing an out-of-bounds read and a subsequent crash to occur. A remote attacker can exploit this flaw to cause a denial of service. Tho...

Security update for haproxy (important)

openSUSE Security Update: Security update for haproxy Announcement ID: openSUSE-SU-2019:0166-1 Rating: important References: 1121283 Cross-References: CVE-2018-20615 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for haproxy...

TAU Threat Intelligence Notification: Spear Phishing Targeting Italy

Summary This campaign is targeting users in Italy with spear phishing email containing malicious attachments. Figure 1: Emails with the malicious XLS attachment The image above show one of the sample has attached in multiple email that has been sent to email address with Italy ccTLD. The attached...