CVE-2020-11144

Buffer over-read while UE process invalid DL ROHC packet for decompression due to lack of check of size of compresses packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &...

Buffer overflow

Buffer over-read while UE process invalid DL ROHC packet for decompression due to lack of check of size of compresses packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &...

Security update for privoxy (moderate)

openSUSE Security Update: Security update for privoxy Announcement ID: openSUSE-SU-2021:0017-1 Rating: moderate References: 1157449 Affected Products: openSUSE Backports SLE-15-SP2 An update that contains security fixes can now be installed. Description: This update for privoxy fixes the followin...

Security update for privoxy (moderate)

openSUSE Security Update: Security update for privoxy Announcement ID: openSUSE-SU-2021:0016-1 Rating: moderate References: 1157449 Affected Products: openSUSE Backports SLE-15-SP1 An update that contains security fixes can now be installed. Description: This update for privoxy fixes the followin...

Security update for privoxy (moderate)

openSUSE Security Update: Security update for privoxy Announcement ID: openSUSE-SU-2021:0006-1 Rating: moderate References: 1157449 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1 An update that contains security fixes can now be installed. Description: This update for privoxy fixes the...

The vulnerability in the implementation of the ProcessNextState method (netwerk\streamconv\converters\nsBinHexDecoder.cpp) in browsers Firefox, Firefox ESR, and the email client Thunderbird allows a hacker to trigger a service failure.

The vulnerability of the ProcessNextState method netwerk\streamconv\converters\nsBinHexDecoder.cpp in browsers such as Firefox, Firefox ESR, and the email client Thunderbird is related to the use of memory after decompression improperly formatted BinHex archives. Exploiting this vulnerability can...

netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

Huawei EulerOS: Security Advisory for brotli (EulerOS-SA-2020-2508)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-24339

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The DNS domain name record decompression functionality in picodnsdecompressname in picodnscommon.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing...

CVE-2020-24338

An issue was discovered in picoTCP through 1.7.0. The DNS domain name record decompression functionality in picodnsdecompressname in picodnscommon.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds writ...

CVE-2020-24338

An issue was discovered in picoTCP through 1.7.0. The DNS domain name record decompression functionality in picodnsdecompressname in picodnscommon.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds writ...

Out-of-bounds

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The DNS domain name record decompression functionality in picodnsdecompressname in picodnscommon.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing...

CVE-2020-24339

The CVE concerns picoTCP/picoTCP-NG up to version 1.7.0 where DNS domain name decompression (pico_dns_decompress_name in pico_dns_common.c) does not validate compression pointer offsets against the DNS packet data, causing out-of-bounds reads and Denial-of-Service. The issue affects picoTCP and p...

CVE-2020-24338

Summary of CVE-2020-24338 (AMNESIA:33) from provided sources : It affects picoTCP (and picoTCP-NG) up to version 1.7.0, where DNS domain name record decompression in pico_dns_decompress_name() fails to validate compression pointer offsets against DNS response data. This can cause out-of-bounds wr...

CVE-2020-24338

An issue was discovered in picoTCP through 1.7.0. The DNS domain name record decompression functionality in picodnsdecompressname in picodnscommon.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds writ...

OSV-2020-2250 Heap-buffer-overflow in grk::t1_part1::T1Part1::decompress

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28415 Crash type: Heap-buffer-overflow READ 12 Crash state: grk::t1part1::T1Part1::decompress grk::DecompressBlockExec::open grk::T1DecompressScheduler::decompressBlock...

NewStart CGSL CORE 5.04 / MAIN 5.04 : libxml2 Multiple Vulnerabilities (NS-SA-2020-0060)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libxml2 packages installed that are affected by multiple vulnerabilities: - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of...

NewStart CGSL CORE 5.04 / MAIN 5.04 : wireshark Multiple Vulnerabilities (NS-SA-2020-0064)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has wireshark packages installed that are affected by multiple vulnerabilities: - In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by...

CVE-2020-25630

A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported...

Heap overflow

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an...