Open-Xchange: Incomplete fix for CVE-2020-12673 : Specially crafted NTML message leads to buffer over read

The vulnerability CVE-2020-12673 got fixed by https://github.com/dovecot/core/commit/fb246611e62ad8c5a95b0ca180a63f17aa34b0d8 adding this check if length datasize error = "buffer length out of bounds"; return FALSE; But this fix seems incomplete with regards to ntlmssptstri The fix should also ad...

MGASA-2020-0334 Updated libx11 packages fix security vulnerability

The X Input Method XIM client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead to heap corruption when handling malformed messages from an input method CVE-2020-14344. The libx11 package has been updated to version 1.6.10 which fixes this...

Updated libx11 packages fix security vulnerability

The X Input Method XIM client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead to heap corruption when handling malformed messages from an input method CVE-2020-14344. The libx11 package has been updated to version 1.6.10 which fixes this...

SUSE SLES12 Security Update : LibVNCServer (SUSE-SU-2020:2167-1)

This update for LibVNCServer fixes the following issues : security update fix CVE-2018-21247 bsc1173874, uninitialized memory contents are vulnerable to Information leak fix CVE-2019-20839 bsc1173875, buffer overflow in ConnectClientToUnixSock fix CVE-2019-20840 bsc1173876, unaligned accesses in...

Denial Of Service (DoS)

libmicrodns is vulnerable to denial of service. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send a malicious mDNS message to exploit the vulnerability...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : GRUB2 regression (USN-4432-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4432-2 advisory. USN-4432-1 fixed vulnerabilities in GRUB2 affecting Secure Boot environments. Unfortunately, the update introduced regressions for some BI...

CVE-2016-5344

Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to...

FreeBSD : libX11 -- Heap corruption in the X input method client in libX11 (6faa7feb-d3fa-11ea-9aba-0c9d925bbbc0)

The X.org project reports : The X Input Method XIM client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead to heap corruption when handling malformed messages from an input method. C Tenable Network Security, Inc. The descriptive text and...

libX11 -- Heap corruption in the X input method client in libX11

The X.org project reports: The X Input Method XIM client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead to heap corruption when handling malformed messages from an input method...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : GRUB 2 vulnerabilities (USN-4432-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4432-1 advisory. Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were...

Signature Malleability

Overview The Elliptic package before version 6.5.3 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature. Recommendation...

Signature Malleabillity in elliptic

The Elliptic package before version 6.5.3 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature...

GHSA-VH7M-P724-62C2 Signature Malleabillity in elliptic

The Elliptic package before version 6.5.3 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature...

USN-4432-1: GRUB 2 vulnerabilities

Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. CVE-2020-10713 Chris...

CVE-2020-15707

Integer overflows were discovered in the functions grubcmdinitrd and grubinitrdinit in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu the functionality is not included in GRUB2 upstream, leading to a heap-based buffer overflow. These could be triggered by an extremely...

CVE-2020-15707

Integer overflows were discovered in the functions grubcmdinitrd and grubinitrdinit in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu the functionality is not included in GRUB2 upstream, leading to a heap-based buffer overflow. These could be triggered by an extremely...

CVE-2020-15707

Integer overflows were discovered in the functions grubcmdinitrd and grubinitrdinit in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu the functionality is not included in GRUB2 upstream, leading to a heap-based buffer overflow. These could be triggered by an extremely...

CVE-2020-15707

Integer overflows were discovered in the functions grubcmdinitrd and grubinitrdinit in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu the functionality is not included in GRUB2 upstream, leading to a heap-based buffer overflow. These could be triggered by an extremely...

CVE-2020-15707

Integer overflows were discovered in the functions grubcmdinitrd and grubinitrdinit in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu the functionality is not included in GRUB2 upstream, leading to a heap-based buffer overflow. These could be triggered by an extremely...

openSUSE: Security Advisory for LibVNCServer (openSUSE-SU-2020:1056-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...