The vulnerability of the libwebp library regarding the encoding and decoding of WebP images, which involves reading beyond the buffer in memory, allows attackers to access confidential information.

The vulnerability of the libwebp library for encoding and decoding WebP images is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to gain access to confidential information by creating a specially crafted file...

The vulnerability of the libwebp library lies in its ability to encode and decode WebP images, which involves the use of an uninitialized variable. This allows attackers to execute arbitrary code.

The vulnerability of the libwebp library for encoding and decoding WebP images is related to the use of an uninitialized variable. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

The vulnerability of the libwebp library regarding the encoding and decoding of WebP images, which is related to buffer overflow in the “heap”, allows attackers to execute arbitrary code.

The vulnerability of the libwebp library for encoding and decoding WebP images is related to buffer overflow in the “bucket” mechanism. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code by creating a specially crafted file...

The vulnerability of the libwebp library regarding the encoding and decoding of WebP images, which involves reading beyond the buffer in memory, allows attackers to access confidential information.

The vulnerability of the libwebp library for encoding and decoding WebP images is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to gain access to confidential information by creating a specially crafted file...

The vulnerability of the libwebp library regarding the encoding and decoding of WebP images, which involves reading beyond the buffer in memory, allows attackers to access confidential information.

The vulnerability of the libwebp library for encoding and decoding WebP images is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to gain access to confidential information by creating a specially crafted file...

SUSE SLES15 Security Update : spice (SUSE-SU-2021:1956-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1956-1 advisory. - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before...

SUSE-SU-2021:1956-1 Security update for spice

This update for spice fixes the following issues: - CVE-2021-20201: client initiated renegotiation causing denial of service bsc1181686 - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC decoding code bsc1177158...

GHSA-GWCR-J4WH-J3CQ Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability

Requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory. For example a request to the ConcatServlet with a URI of /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the...

Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability

Requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory. For example a request to the ConcatServlet with a URI of /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the...

SUSE-SU-2021:1940-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues: - CVE-2021-25290: Fixed a negative-offset memcpy with an invalid size in TiffDecode.c bsc1183105. - CVE-2021-27922,CVE-2021-27923: Fixed improper reported size of a contained image bsc1183108,bsc1183107 - CVE-2020-35653: Fixed buffer...

SUSE-SU-2021:1928-1 Security update for spice-gtk

This update for spice-gtk fixes the following issues: - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC decoding code bsc1177158...

SUSE SLES15 Security Update : spice-gtk (SUSE-SU-2021:1911-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:1911-1 advisory. - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before...

SUSE-SU-2021:1911-1 Security update for spice-gtk

This update for spice-gtk fixes the following issues: - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC decoding code bsc1177158...

libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c

A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

SUSE: Security Advisory (SUSE-SU-2020:3359-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : spice (SUSE-SU-2021:1902-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1902-1 advisory. - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before...

SUSE: Security Advisory (SUSE-SU-2019:2891-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2014:0248-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Eclipse Jetty Information Disclosure Vulnerability (GHSA-v7ff-8wcx-gmc5) - Linux

Eclipse Jetty is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty"...

SUSE SLES15 Security Update : spice (SUSE-SU-2021:1901-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1901-1 advisory. - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before...