SUSE-SU-2018:3808-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2017-14997: ImageMagick allowed remote attackers to cause a denial of service excessive memory allocation because of an integer underflow in ReadPICTImage in coders/pict.c. bsc1112399 - CVE-2018-16644: A regression in the security fix...

[SECURITY] [DLA 1572-1] nginx security update

Package : nginx Version : 1.6.2-5+deb8u6 CVE ID : CVE-2018-16845 Debian Bug : 913090 It was discovered that there was a denial of service DoS vulnerability in the nginx web/proxy server. As there was no validation for the size of a 64-bit atom in an MP4 file, this could have led to a CPU hog when...

Debian: Security Advisory (DLA-1572-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

binutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library

An integer wraparound has been discovered in the Binary File Descriptor BFD library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information...

openSUSE Security Update : GraphicsMagick (openSUSE-2018-1291)

This update for GraphicsMagick fixes the following issues : Security issues fixed : - CVE-2017-10794: When GraphicsMagick processed an RGB TIFF picture with metadata indicating a single sample per pixel in coders/tiff.c, a buffer overflow occured, related to QuantumTransferMode. boo1112392 -...

Security update for ImageMagick (moderate)

This update for ImageMagick fixes the following issues: - CVE-2017-14997: GraphicsMagick allowed remote attackers to cause a denial of service excessive memory allocation because of an integer underflow in ReadPICTImage in coders/pict.c. bsc1112399 - CVE-2018-16644: An regression in the security...

Security update for GraphicsMagick (moderate)

This update for GraphicsMagick fixes the following issues: Security issues fixed: - CVE-2017-10794: When GraphicsMagick processed an RGB TIFF picture with metadata indicating a single sample per pixel in coders/tiff.c, a buffer overflow occured, related to QuantumTransferMode. boo1112392 -...

SUSE-SU-2018:3465-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2017-14997: GraphicsMagick allowed remote attackers to cause a denial of service excessive memory allocation because of an integer underflow in ReadPICTImage in coders/pict.c. bsc1112399 - CVE-2018-16644: An regression in the security...

Cisco WebEx Network Recording Player PROVIDER ARF File Integer Underflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Cisco WebEx Network Recording Player PROVIDER ARF File Integer Underflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Debian DSA-4309-1 : strongswan - security update

Google's OSS-Fuzz revealed an exploitable bug in the gmp plugin caused by the patch that fixes CVE-2018-16151 and CVE-2018-16152 DSA-4305-1. An attacker could trigger it using crafted certificates with RSA keys with very small moduli. Verifying signatures with such keys would cause an integer...

[SECURITY] [DSA 4309-1] strongswan security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4309-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 01, 2018 https://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-4309-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : dnsmasq (EulerOS-SA-2018-1285)

According to the versions of the dnsmasq packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory...

CVE-2018-14817

Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution...

CVE-2018-14817

Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution...

CVE-2018-14817

Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution...

CVE-2018-14817

Fuji Electric V-Server is affected: versions 4.0.3.0 and earlier contain an integer underflow vulnerability that may allow remote code execution. The issue affects the data collection/server component (V-Server) and is reported as CVE-2018-14817 with high/critical impact in CVSS terms (network ac...

EulerOS Virtualization 2.5.1 : ruby (EulerOS-SA-2018-1275)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that the tmpdir and tempfile modules did not sanitize their file name argument. An attacker with control over the name...

Fuji Electric V-Server VPR File Parsing Integer Underflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...