[ASA-201904-2] gnutls: multiple issues

Arch Linux Security Advisory ASA-201904-2 ========================================= Severity: Critical Date : 2019-04-05 CVE-ID : CVE-2019-3829 CVE-2019-3836 Package : gnutls Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-945 Summary ======= The package gnutls befor...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2019-4533)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4533 advisory. - ext4: validate that metadata blocks do not overlap superblock Theodore Ts'o Orabug: 28220576 CVE-2018-1094 Tenable has extracted the preceding...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4532)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4532 advisory. - ext4: validate that metadata blocks do not overlap superblock Theodore Ts'o Orabug: 28220451 CVE-2018-1094 - ext4: always initialize the crc32c...

PHP 5.6.x < 5.6.31 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.31. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists in the PCRE library in the compilebracketmatchingpath function within file pcrejitcompile.c. An...

CVE-2018-19876

cairo 1.16.0, in cairoftapplyvariations in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free: invalid pointer" error...

CVE-2018-19876

cairo 1.16.0, in cairoftapplyvariations in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free: invalid pointer" error...

CVE-2018-19876

cairo 1.16.0, in cairoftapplyvariations in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free: invalid pointer" error...

Memory corruption

cairo 1.16.0, in cairoftapplyvariations in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free: invalid pointer" error...

RHEL 7 : kernel (RHSA-2018:3083)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3083 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: A flaw named FragmentSmack was found i...

MGASA-2018-0413 Updated busybox packages fix security vulnerability

Unziping a specially crafted zip file results in a computation of an invalid pointer and a crash reading an invalid address CVE-2015-9261...

SUSE-SU-2018:2980-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14617: Prevent NULL pointer dereference and panic in hfspluslookup when opening a file that is purportedly a hard link in an hfs+ filesystem that has...

UBUNTU-CVE-2018-17236

The function MP4Free in mp4property.cpp in libmp4v2 2.1.0 internally calls free on a invalid pointer, raising a SIGABRT signal...

CVE-2018-17236

The function MP4Free in mp4property.cpp in libmp4v2 2.1.0 internally calls free on a invalid pointer, raising a SIGABRT signal...

CVE-2018-17236

The function MP4Free in mp4property.cpp in libmp4v2 2.1.0 internally calls free on a invalid pointer, raising a SIGABRT signal...

CVE-2018-17236

Removed by vendor...

PT-2018-13961 · Videolan · Libmp4V2

Name of the Vulnerable Software and Affected Versions: libmp4v2 version 2.1.0 Description: The issue arises from the function MP4Free in mp4property.cpp, which internally calls free on an invalid pointer. This results in a SIGABRT signal being raised. Recommendations: For libmp4v2 version 2.1.0,...

CVE-2018-11904

In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, asynchronous callbacks received a pointer to a callers local variable. Should the caller return early e.g., timeout, the callback will dereference an invalid pointer...

CVE-2018-11904

CVE-2018-11904 is a null pointer dereference vulnerability in the Android WLAN stack (CAF/Linux kernel) where asynchronous callbacks may dereference a caller’s local pointer if the caller times out. This enables a local attacker to cause a denial of service. Public connected documents corroborate...

Remote Code Execution (RCE)

Microsoft.ChakraCore is vulnerable to remote code execution RCE. The library does not merge block data properly for loops, leading to an invalid pointer read that can crash the application or cause arbitrary code to be executed...

CVE-2018-14609

An issue was discovered in the btrfs filesystem code in the Linux kernel. An invalid pointer dereference in delrelocroot in fs/btrfs/relocation.c when mounting a crafted btrfs image could lead to a system crash and a denial of service...