CVE-2020-13822

The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature...

CVE-2020-11039

In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled nearly arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0...

CVE-2020-11039

In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled nearly arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0...

NewStart CGSL CORE 5.04 / MAIN 5.04 : chrony Multiple Vulnerabilities (NS-SA-2020-0027)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has chrony packages installed that are affected by multiple vulnerabilities: - Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service crash via a crafted 1...

Heap-based Buffer Over-read

libXcursor is vulnerabl to integer overflows. It leads to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland...

Updated matio packages fix security vulnerability

Updated matio packages fix a security vulnerability: Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvarstruct.c CVE-2019-13107. The matio package has been updated to version 1.5.16 to fix this issue. Also: - The scilab package has been...

Updated fortune-mod packages fixes potential security issues

Updated fortune-mod fixes integer and buffer overflows that might have security implications...

MGASA-2020-0199 Updated fortune-mod packages fixes potential security issues

Updated fortune-mod fixes integer and buffer overflows that might have security implications...

Updated openexr packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. CVE-2020-11758 An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in...

CVE-2020-11939

In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concathashstring in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI...

CVE-2020-11939

In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concathashstring in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI...

Huawei EulerOS: Security Advisory for libpng (EulerOS-SA-2020-1496)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.2 : libpng (EulerOS-SA-2020-1496)

According to the versions of the libpng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service crash via a crafted ima...

CVE-2020-11759

An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer...

CVE-2020-11759

An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer...

CVE-2020-11759

CVE-2020-11759 affects the OpenEXR open-source image library. The issue arises from integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, allowing an attacker to write to an out-of-bounds pointer in affected builds prior to 2.4.1. The OpenEXR pro...

CVE-2020-11759

An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer...

CVE-2020-11759

An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer...

PT-2020-6216 · Ilmbase +4 · Openexr +4

Name of the Vulnerable Software and Affected Versions: OpenEXR versions prior to 2.4.1 Description: The issue is related to integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock functions, allowing an attacker to write to an out-of-bounds pointer...

Integer Overflows

WebKitGTK+ is vulnerable to integer overflows. It is due to a flaw in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari , allowing remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving Text objects...