glibc security update

2.28-72.0.1 - add Ampere emag to tunable cpu list Patrick McGehearty - add optimized memset for emag - add an ASIMD variant of strlen for falkor - Orabug: 2700101. - Modify glibc-ora28849085.patch so it works with RHCK kernels. - Orabug: 28849085. - Make IOfunlockfile match funlockfile and...

CVE-2019-15943

vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call...

Code injection

vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call...

CVE-2019-15943

Summary: CVE-2019-15943 affects Counter-Strike: Global Offensive’s vphysics.dll prior to 1.37.1.1. A crafted map mishandled during a memset call can allow remote attackers to trigger code execution or a denial of service by inviting a victim to a crafted gaming server. The Red Hat/NVD entries des...

CVE-2019-15943

vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call...

CVE-2019-13106

CVE-2019-13106 affects Das U-Boot 2016.09–2019.07-rc4, where reading a crafted ext4 filesystem can cause a stack buffer overflow by memset() too much data. This supports a likely code execution impact. Affected component: U-Boot memory handling during ext4 filesystem parsing; root cause: overflow...

CVE-2018-19517

An issue was discovered in sysstat 12.1.1. The remapstruct function in sacommon.c has an out-of-bounds read during a memset call, as demonstrated by sadf...

Fedora 29 : krb5 (2019-d2cb69f11e)

Improve memset hygiene in one location. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable...

Design/Logic Flaw

An issue was discovered in sysstat 12.1.1. The remapstruct function in sacommon.c has an out-of-bounds read during a memset call, as demonstrated by sadf...

CVE-2018-19517

An issue was discovered in sysstat 12.1.1. The remapstruct function in sacommon.c has an out-of-bounds read during a memset call, as demonstrated by sadf...

DEBIAN-CVE-2018-19517

An issue was discovered in sysstat 12.1.1. The remapstruct function in sacommon.c has an out-of-bounds read during a memset call, as demonstrated by sadf...

360 Compression suffers from a denial of service vulnerability

360 Compress is a file decompression and compression tool that can compress files in rar, zip, 7z and other formats, with a built-in software security engine that detects hidden Trojans in files. A denial of service vulnerability exists in 360 Compress, which stems from the 360zipc.dll module...

CVE-2018-6852

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202298. By crafting an input buffer we can control the execution path to the point where the nt!memset function is called to ze...

Buffer overflow

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202298. By crafting an input buffer we can control the execution path to the point where the nt!memset function is called to ze...

CVE-2018-6852

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202298. By crafting an input buffer we can control the execution path to the point where the nt!memset function is called to ze...

Denial Of Service (DoS)

libsndfile.so is vulnerable to denial of service DoS attacks. The vulnerability exists in psfmemset of src/common.c due to the lack of sanity check on the value used in the memset function, allowing a stack buffer overflow to occur, causing a DoS attack...

DEBIAN-CVE-2016-8729

An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to...

ALPINE-CVE-2017-13704

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's 0xffffffffffffffff in 64 bit platforms, making dnsmasq crash...

DEBIAN-CVE-2017-13704

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's 0xffffffffffffffff in 64 bit platforms, making dnsmasq crash...

Code injection

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's 0xffffffffffffffff in 64 bit platforms, making dnsmasq crash...