660 matches found
openSUSE Security Update : clementine (openSUSE-2019-1780)
This update for clementine fixes the following issues : - CVE-2018-14332: Fixed a NULL ptr dereference crash in the moodbar pipeline boo1103041 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2019-1780...
Security update for clementine (moderate)
openSUSE Security Update: Security update for clementine Announcement ID: openSUSE-SU-2019:1780-1 Rating: moderate References: 1103041 Cross-References: CVE-2018-14332 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 openSUSE Backports SLE-15 An update that fixes one vulnerability is now...
EulerOS Virtualization 2.5.4 : gd (EulerOS-SA-2019-1250)
According to the version of the gd package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The GD Graphics Library aka LibGD 2.2.5 has a double free in the gdImagePtr functions in gdgifout.c, gdjpeg.c, and gdwbmp.c. NOTE: PHP is...
SUSE SLED15 / SLES15 Security Update : gd (SUSE-SU-2019:0771-1)
This update for gd fixes the following issues : Security issues fixed : CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function bsc1123361. CVE-2019-6978: Fixed a double free in the gdImagePtr functions bsc1123522. Note that Tenable Network...
Updated libwmf packages fix security vulnerability
The GD Graphics Library aka LibGD 2.2.5 has a double free in the gdImagePtr functions in gdgifout.c, gdjpeg.c, and gdwbmp.c. NOTE: PHP is unaffected. CVE-2019-6978...
ALPINE-CVE-2019-6978
The GD Graphics Library aka LibGD 2.2.5 has a double free in the gdImagePtr functions in gdgifout.c, gdjpeg.c, and gdwbmp.c. NOTE: PHP is unaffected...
CVE-2019-6978
CVE-2019-6978 concerns the GD Graphics Library (LibGD) 2.2.5, which has a double free vulnerability in the gdImage*Ptr() paths (gd_gif_out.c, gd_jpeg.c, gd_wbmp.c). The description notes that PHP is unaffected. The connected advisories confirm this CVE and tie it to libwmf-related updates in mult...
CVE-2019-6978
The GD Graphics Library aka LibGD 2.2.5 has a double free in the gdImagePtr functions in gdgifout.c, gdjpeg.c, and gdwbmp.c. NOTE: PHP is unaffected...
Qemu: exec: oob access during dma operation
Quick Emulator QEMU, compiled with qemumapramptr to access guests' RAM block area, is vulnerable to an OOB r/w access issue. The crash can occur if a privileged user inside a guest conducts certain DMA operations, resulting in a DoS...
CVE-2017-12803
The NodeValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to cause a denial of service assert fault via a crafted mkv file...
High Performance DNS Stub Resolver: MassDNS
A high performance DNS stub resolver in C MassDNS is a simple high-performance DNS stub resolver targetting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration, MassDNS is capable of resolving over 100,000,000 domains...
kernel security, bug fix, and enhancement update
3.10.0-514.16.1.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey bug 24817676 3.10.0-514.16.1 - tty nhdlc: get rid of racy nhdlc.tbuf 'Herton R. Krzesinski' 1429919...
CVE-2017-7261
In was found that in the Linux kernel, in vmwsurfacedefineioctl function in 'drivers/gpu/drm/vmwgfx/vmwgfxsurface.c' file, a 'numsizes' parameter is assigned a user-controlled value which is not checked if it is zero. This is used in a call to kmalloc and later leads to dereferencing ZEROSIZEPTR,...
shopify-scripts: mrb_vm_exec - null ptr dereference
Linux Ubuntu Xenial x64 commit ffdf7be7235717fb1cd30e54c24c5383f705f110 Author: Yukihiro "Matz" Matsumoto Date: Thu Mar 2 20:38:16 2017 +0900 Probably related with https://github.com/mruby/mruby/issues/3389 Old PoC 0.instanceeval super New PoC p.instanceeval super 1 ++1 output...
openSUSE Security Update : tiff (openSUSE-2017-53)
The tiff library and tools were updated to version 4.0.7 fixing various bug and security issues. - CVE-2014-8127: out-of-bounds read with malformed TIFF image in multiple tools bnc914890 - CVE-2016-9297: tifdirread.c read outside buffer in TIFFPrintField bnc1010161 - CVE-2016-3658: Illegal read i...
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3648)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3648 advisory. - mpi: Fix NULL ptr dereference in mpipowm ver 3 Andrey Ryabinin Orabug: 25154096 CVE-2016-8650 CVE-2016-8650 - sctp: validate chunk len before...
Unbreakable Enterprise kernel security update
kernel-uek 4.1.12-61.1.22 - ocfs2: fix trans extend while free cached blocks Junxiao Bi Orabug: 25136991 - ocfs2: fix trans extend while flush truncate log Junxiao Bi Orabug: 25136991 - ocfs2: extend enough credits for freeing one truncate record while replaying truncate records Xue jiufei Orabug...
CVE-2016-9804
In BlueZ 5.42, a buffer overflow was observed in "commandsdump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm-ptr" parameter. This issue can be...
CVE-2015-8702
The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service netsplit via an invalid character in a PTR response, as demonstrated by a "\032" whitespace character in a hostname...
UBUNTU-CVE-2015-8702
The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service netsplit via an invalid character in a PTR response, as demonstrated by a "\032" whitespace character in a hostname...