p11-kit -- Multiple vulnerabilities

The p11-glue project reports: CVE-2020-29363: Out-of-bounds write in p11rpcbuffergetbytearrayvalue functionA heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in...

CVE-2020-27350

APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0...

CVE-2020-27350

APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0...

CVE-2020-27350

Public technical details (affected package internals, exploit vectors, and fixes) for CVE-2020-27350 are not provided in the connected documents. The materials reference advisories but do not disclose root cause or remediation specifics; monitor for updates.

CVE-2020-27350

APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0...

NewStart CGSL CORE 5.05 / MAIN 5.05 : chrony Multiple Vulnerabilities (NS-SA-2020-0112)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has chrony packages installed that are affected by multiple vulnerabilities: - Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service crash via a crafted 1...

PT-2020-6226 · Canonical +1 · Apt +2

Name of the Vulnerable Software and Affected Versions: apt versions 1.2.32ubuntu0 through 1.2.32ubuntu0.1 apt versions 1.6.12ubuntu0 through 1.6.12ubuntu0.1 apt versions 2.0.2ubuntu0 through 2.0.2ubuntu0.1 apt versions 2.1.10ubuntu0 through 2.1.10ubuntu0.0 Description: The issue is related to...

CVE-2020-25676

In CatromWeights, MeshInterpolate, InterpolatePixelChannel, InterpolatePixelChannels, and InterpolatePixelInfo, which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor function. These calculations produced...

CVE-2020-25676

In CatromWeights, MeshInterpolate, InterpolatePixelChannel, InterpolatePixelChannels, and InterpolatePixelInfo, which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor function. These calculations produced...

CVE-2020-27906

Multiple integer overflows were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. A remote attacker may be able to cause unexpected application termination or heap corruption...

CVE-2020-27906

Multiple integer overflows were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. A remote attacker may be able to cause unexpected application termination or heap corruption...

CVE-2020-27906

CVE-2020-27906 is an Apple issue affecting macOS Bluetooth-related components, with multiple integer overflows due to input validation weaknesses that could lead to heap corruption and, per advisories, remote code execution risk or unexpected termination. The fixes are included in macOS Big Sur 1...

CVE-2020-25676

In CatromWeights, MeshInterpolate, InterpolatePixelChannel, InterpolatePixelChannels, and InterpolatePixelInfo, which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor function. These calculations produced...

Undefined Behavior

ImageMagick is vulnerable to undefined behavior in the form of out-of-range and integer overflows. An attacker may trigger the vulnerability by supplying a crafted input file to be processed by ImageMagick...

[ASA-202012-2] cimg: arbitrary code execution

Arch Linux Security Advisory ASA-202012-2 ========================================= Severity: Medium Date : 2020-12-05 CVE-ID : CVE-2020-25693 Package : cimg Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-1318 Summary ======= The package cimg before version...

CVE-2020-25693

A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in loadpnm can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity...

CVE-2020-25693

A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in loadpnm can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity...

CVE-2020-25693

A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in loadpnm can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity...

UBUNTU-CVE-2020-25693

A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in loadpnm can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity...

CVE-2020-25693

A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in loadpnm can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity...