Mageia: Security Advisory (MGASA-2021-0527)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-FH56-85CW-5PQ6 UltraJSON vulnerable to Out-of-bounds Write

UltraJSON aka ujson 1.34 through 5.1.0 has a stack-based buffer overflow in BufferAppendIndentUnchecked called from encode...

UltraJSON vulnerable to Out-of-bounds Write

UltraJSON aka ujson 1.34 through 5.1.0 has a stack-based buffer overflow in BufferAppendIndentUnchecked called from encode...

Out-of-bounds read in Exiv2::Internal::CrwMap::encode

...

Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header

...

CVE-2021-45958

UltraJSON aka ujson through 5.1.0 has a stack-based buffer overflow in BufferAppendIndentUnchecked called from encode. Exploitation can, for example, use a large amount of indentation...

CVE-2021-45958

UltraJSON aka ujson through 5.1.0 has a stack-based buffer overflow in BufferAppendIndentUnchecked called from encode. Exploitation can, for example, use a large amount of indentation...

PYSEC-2022-25

UltraJSON aka ujson through 5.1.0 has a stack-based buffer overflow in BufferAppendIndentUnchecked called from encode. Exploitation can, for example, use a large amount of indentation...

Stack overflow

UltraJSON aka ujson through 5.1.0 has a stack-based buffer overflow in BufferAppendIndentUnchecked called from encode. Exploitation can, for example, use a large amount of indentation...

CVE-2021-45958

UltraJSON aka ujson through 5.1.0 has a stack-based buffer overflow in BufferAppendIndentUnchecked called from encode. Exploitation can, for example, use a large amount of indentation...

CVE-2021-45958

UltraJSON aka ujson through 5.1.0 has a stack-based buffer overflow in BufferAppendIndentUnchecked called from encode. Exploitation can, for example, use a large amount of indentation...

CVE-2021-44543

An XSS vulnerability was found in Privoxy which was fixed in cgierrornotemplate by encode the template name when Privoxy is configured to servce the user-manual itself...

Cross site scripting

An XSS vulnerability was found in Privoxy which was fixed in cgierrornotemplate by encode the template name when Privoxy is configured to servce the user-manual itself...

CVE-2021-44543

An XSS vulnerability was found in Privoxy which was fixed in cgierrornotemplate by encode the template name when Privoxy is configured to servce the user-manual itself...

CVE-2021-44543

An XSS vulnerability was found in Privoxy which was fixed in cgierrornotemplate by encode the template name when Privoxy is configured to servce the user-manual itself...

CVE-2021-44543

Impactful detail: Privoxy contains an XSS vulnerability in cgi_error_no_template() related to encoding the template name when Privoxy is configured to serve the user-manual. The root cause is insufficient encoding of the template name, enabling potential cross-site scripting. The issue is address...

Updated perl/perl-Encode packages fix security vulnerability

Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in the current working directory that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm 3.05...

exiv2: Out-of-bounds read in Exiv2::Internal::CrwMap::encode

There is a flaw in exiv2. An attacker who is able to submit a crafted file to be processed by an application linked with exiv2 could trigger an out-of-bounds read. The greatest risk of this flaw is to application availability and data confidentiality...

exiv2: Integer overflow in CrwMap:encode0x1810 leading to heap-based buffer overflow and DoS

A flaw was found in exiv2. A integer wraparound in the CrwMap:encode0x1810 function leads to memcpy call with a very large size allowing an attacker, who can provide a malicious image, to crash an application which uses the exiv2 library. The highest threat from this vulnerability is to service...

openjpeg: out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c

A flaw was found in OpenJPEG. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability...