CVE-2019-7573

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMSADPCM in audio/SDLwave.c inside the wNumCoef loop...

CVE-2019-7575

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MSADPCMdecode in audio/SDLwave.c...

CVE-2019-7577

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDLLoadWAVRW in audio/SDLwave.c...

CVE-2019-7574

CVE-2019-7574 affects SDL (libsdl1.2 and libsdl2) up to SDL 1.2.15 and 2.x up to 2.0.9, caused by a heap-based buffer over-read in IMA_ADPCM_decode inside audio/SDL_wave.c. Multiple vendor advisories (Arch Linux ASA-201908-5, Debian DLA entries, AlmaLinux ALAS2-2020-1500, CentOS/CESA notes) docum...

CVE-2019-7576

SDL (libsdl1.2/SDL2) up to affected 1.2.x/2.x versions has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). Exploitation can enable arbitrary code execution via crafted media files. Upgrades to SDL2 2.0.10+ and SDL 1.2.15-13+/libsdl1.2 1.2.15-13+ are ...

CVE-2019-7578

CVE-2019-7578 (InitIMA_ADPCM in SDL_wave.c) affects SDL 1.2.15 and 2.x up to 2.0.9, causing a heap-based buffer over-read. The connected advisories indicate potential for arbitrary code execution in some contexts (notably Arch Linux and AlmaLinux descriptions). Public fixes are available via vend...

CVE-2019-7577

CVE-2019-7577 affects SDL: a buffer over-read in audio/SDL_wave.c (SDL_LoadWAV_RW) linked to SDL 1.2.15 and 2.x up to 2.0.9. Connected advisories confirm multiple SDL-related CVEs with similar memory issues (buffer over-reads/overflows) across libsdl1.2/libsdl2 and SDL components, risking arbitra...

CVE-2019-7573

CVE-2019-7573 affects SDL (1.2.15 and 2.x up to 2.0.9). The vulnerability is a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (within the wNumCoef loop). Exploitation could allow arbitrary code execution on affected hosts. Remediation is to upgrade SDL to a fixed release (SDL 1.2...

CVE-2019-7573

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMSADPCM in audio/SDLwave.c inside the wNumCoef loop...

CVE-2019-7574

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMAADPCMdecode in audio/SDLwave.c...

CVE-2019-7577

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDLLoadWAVRW in audio/SDLwave.c...

CVE-2019-7573

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMSADPCM in audio/SDLwave.c inside the wNumCoef loop...

PT-2019-5614 · Simple Directmedia Layer +6 · Sdl +6

Name of the Vulnerable Software and Affected Versions: SDL Simple DirectMedia Layer versions 1.2.15 and earlier SDL Simple DirectMedia Layer versions 2.0.9 and earlier Description: The issue is related to a heap-based buffer over-read in the InitMS ADPCM function in audio/SDL wave.c, outside the...

Best Practice: SFC(System File Checker) use in App Layering

Where to execute an sfc check? The best practice is to execute the SFC tool in the Gold Image, prior to creating your first OS Layer. This should ensure the future OS layers are free of Windows file corruption. When needed, a version can be removed and a new version created. Other options are, in...

CVE-2017-18360

In changeportsettings in drivers/usb/serial/ioti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates...

Protect Your Network From Malware

There are two types of companies: Those who have been hacked, and those who don't yet know they have been hacked1 With data breaches frequently making the news and causing panic among network administrators, the above statement by former Cisco boss John Chambers in 2015 certainly doesn't seem...

The vulnerability of the Connector/Python sub-component of MySQL Connectors, a database management system, allows attackers to gain unauthorized access to protected data.

The vulnerability of the Connector/Python component of MySQL Connectors, a database management system component, is related to errors in the code. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected data using the TLS protocol...

PT-2019-3931 · Apache +3 · Apache Http Server +3

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.37 through 2.4.38 Description: The issue is related to a flaw in the mod ssl component of the Apache HTTP Server, specifically concerning inadequate access control. This flaw can be exploited by a remote attack...

tomcat: Host name verification missing in WebSocket client

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

CVE-2019-2435

Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/Python. Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connector...