Security update for privoxy (moderate)

openSUSE Security Update: Security update for privoxy Announcement ID: openSUSE-SU-2021:0017-1 Rating: moderate References: 1157449 Affected Products: openSUSE Backports SLE-15-SP2 An update that contains security fixes can now be installed. Description: This update for privoxy fixes the followin...

Security update for privoxy (moderate)

openSUSE Security Update: Security update for privoxy Announcement ID: openSUSE-SU-2021:0016-1 Rating: moderate References: 1157449 Affected Products: openSUSE Backports SLE-15-SP1 An update that contains security fixes can now be installed. Description: This update for privoxy fixes the followin...

Security update for privoxy (moderate)

openSUSE Security Update: Security update for privoxy Announcement ID: openSUSE-SU-2021:0006-1 Rating: moderate References: 1157449 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1 An update that contains security fixes can now be installed. Description: This update for privoxy fixes the...

The vulnerability in the implementation of the ProcessNextState method (netwerk\streamconv\converters\nsBinHexDecoder.cpp) in browsers Firefox, Firefox ESR, and the email client Thunderbird allows a hacker to trigger a service failure.

The vulnerability of the ProcessNextState method netwerk\streamconv\converters\nsBinHexDecoder.cpp in browsers such as Firefox, Firefox ESR, and the email client Thunderbird is related to the use of memory after decompression improperly formatted BinHex archives. Exploiting this vulnerability can...

netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

Huawei EulerOS: Security Advisory for brotli (EulerOS-SA-2020-2508)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-24339

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The DNS domain name record decompression functionality in picodnsdecompressname in picodnscommon.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing...

CVE-2020-24338

An issue was discovered in picoTCP through 1.7.0. The DNS domain name record decompression functionality in picodnsdecompressname in picodnscommon.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds writ...

CVE-2020-24338

An issue was discovered in picoTCP through 1.7.0. The DNS domain name record decompression functionality in picodnsdecompressname in picodnscommon.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds writ...

Out-of-bounds

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The DNS domain name record decompression functionality in picodnsdecompressname in picodnscommon.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing...

CVE-2020-24339

The CVE concerns picoTCP/picoTCP-NG up to version 1.7.0 where DNS domain name decompression (pico_dns_decompress_name in pico_dns_common.c) does not validate compression pointer offsets against the DNS packet data, causing out-of-bounds reads and Denial-of-Service. The issue affects picoTCP and p...

CVE-2020-24338

Summary of CVE-2020-24338 (AMNESIA:33) from provided sources : It affects picoTCP (and picoTCP-NG) up to version 1.7.0, where DNS domain name record decompression in pico_dns_decompress_name() fails to validate compression pointer offsets against DNS response data. This can cause out-of-bounds wr...

CVE-2020-24338

An issue was discovered in picoTCP through 1.7.0. The DNS domain name record decompression functionality in picodnsdecompressname in picodnscommon.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds writ...

OSV-2020-2250 Heap-buffer-overflow in grk::t1_part1::T1Part1::decompress

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28415 Crash type: Heap-buffer-overflow READ 12 Crash state: grk::t1part1::T1Part1::decompress grk::DecompressBlockExec::open grk::T1DecompressScheduler::decompressBlock...

NewStart CGSL CORE 5.04 / MAIN 5.04 : wireshark Multiple Vulnerabilities (NS-SA-2020-0064)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has wireshark packages installed that are affected by multiple vulnerabilities: - In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by...

NewStart CGSL CORE 5.04 / MAIN 5.04 : libxml2 Multiple Vulnerabilities (NS-SA-2020-0060)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libxml2 packages installed that are affected by multiple vulnerabilities: - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of...

CVE-2020-25630

A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported...

Heap overflow

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an...

CVE-2020-13493

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an...

The vulnerability of the software’s zip-file decompression mechanism in Cisco AsyncOS affects Cisco Email Security Appliance security systems. This vulnerability allows attackers to bypass the configured content filters on the device.

The vulnerability of the software’s zip-file decompression mechanism for Cisco Email Security Appliance devices is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to bypass the configured content filters on the device...