SUSE-SU-2019:2748-1 Security update for python

This update for python fixes the following issues: Security issue fixed: - CVE-2019-16056: Fixed a parser issue in the email module bsc1149955. - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py bsc1153238...

GHSA-8687-VV9J-HGPH Improper Input Validation in Automattic Mongoose

Automattic Mongoose through 5.7.4 allows attackers to bypass access control in some applications because any query object with a bsontype attribute is ignored. For example, adding "bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around...

SUSE-SU-2019:2743-1 Security update for python

This update for python fixes the following issues: Security issues fixed: - CVE-2019-9947: Fixed an insufficient validation of URL paths with embedded whitespace or control characters that could allow HTTP header injections. bsc1130840 - CVE-2019-16056: Fixed a parser issue in the email module...

Heap overflow

An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter in this case, a space or a colon but fails to account for strings that do not satisfy this...

CVE-2019-15699

An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 TLS 1.2 packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real length of t...

OPENSUSE-SU-2019:2096-1 Security update for libmirage

This update for libmirage fixes the following issues: Security issues fixed: - CVE-2019-15757: Fixed NULL pointer dereference in the NRG parser boo1148728...

CVE-2019-15903

CVE-2019-15903 is a libexpat/libxml2 (Expat) issue present in libexpat prior to 2.2.8. Crafted XML input could cause the parser to switch from DTD parsing to document parsing too early, and a subsequent call to XML_GetCurrentLineNumber/XML_GetCurrentColumnNumber could trigger a heap-based buffer ...

CVE-2019-0340

The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. This issue affects the file upload at multiple locations. An attacker can read local XXE files...

PYSEC-2019-12

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...

CVE-2018-18060

An issue was discovered in Bitdefender Engines before 7.76808. A vulnerability has been discovered in the dalvik.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Paired with other vulnerabilities, this...

OPENSUSE-SU-2019:1196-1 Security update for libarchive

This update for libarchive fixes the following issues: Security issues fixed: - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653 - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654 - CVE-2018-1000879: Fixed a NULL Pointer Dereference...

SUSE-SU-2019:0831-1 Security update for libarchive

This update for libarchive fixes the following issues: Security issues fixed: - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653 - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654 - CVE-2018-1000879: Fixed a NULL Pointer Dereference...

CVE-2018-6347

An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00...

PT-2018-13245 · Xkbcommon +4 · Xkbcommon +4

Name of the Vulnerable Software and Affected Versions: xkbcommon versions prior to 0.8.1 Description: The issue arises from unchecked NULL pointer usage in the xkbcommon parser, which can be exploited by local attackers to cause a crash due to a NULL pointer dereference. This can occur when a...

MGASA-2018-0339 Updated libtomcrypt packages fix security vulnerability

libtomcrypt has been updated to secure it against two security vulnerabilities. A problem in the ASN.1 parser could cause a stack overflow and a resulting denial of service when parsing deeply recursive ASN.1 types CVE-2018-0739. An attacker capable of triggering signatures and mounting a side...

MGASA-2017-0451 Updated lynx package fixes security vulnerability

Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring can append a chunk onto itself. CVE-2017-1000211...

CVE-2017-1000128

Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser...

Cisco TelePresence Management Suite XML External Entity Injection Vulnerability

Cisco TelePresence is a telepresence conferencing solution developed by Cisco. An external entity injection vulnerability exists in Cisco TelePresence Management Suite XML, which allows attackers to conduct denial-of-service attacks against the service by submitting a special POST request due to ...

CVE-2014-9621

The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string...

MGASA-2013-0281 Updated wireshark package fixes security vulnerabilities

The ASSA R3 dissector could go into an infinite loop CVE-2013-5719. The RTPS dissector could overflow a buffer CVE-2013-5720. The MQ dissector could crash CVE-2013-5721. The LDAP dissector could crash CVE-2013-5722. The Netmon file parser could crash wpna-sec-2013-60...