openthread:radio-receive-done-fuzzer: Stack-buffer-overflow in ot::NetworkData::Leader::SendCommissioningGetResponse

Project: https://github.com/openthread/openthread.git Detailed Report: https://oss-fuzz.com/testcase?key=5741928179564544 Project: openthread Fuzzing Engine: libFuzzer Fuzz Target: radio-receive-done-fuzzer Job Type: libfuzzerasanopenthread Platform Id: linux Crash Type: Stack-buffer-overflow REA...

Ubuntu 16.04 LTS / 18.04 LTS : Apache HTTP Server regression (USN-4113-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4113-2 advisory. USN-4113-1 fixed vulnerabilities in the Apache HTTP server. Unfortunately, that update introduced a regression when proxying balancer manager...

DEBIAN-CVE-2019-16395

GnuCOBOL 2.2 has a stack-based buffer overflow in the cbname function in cobc/tree.c via crafted COBOL source code...

USN-4113-2: Apache HTTP Server regression

USN-4113-1 fixed vulnerabilities in the Apache HTTP server. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Stefan Eissing discovered...

Pulse Connect Secure Stack Buffer Overflow (CVE-2019-11542)

A stack buffer overflow vulnerability exists in Pulse Connect Secure SSL VPN. Successful exploitation of this vulnerability could result in a denial of service or execution of arbitrary code into the effected system...

cryptofuzz:cryptofuzz-openssl-110: Stack-buffer-overflow in RC5_32_set_key

Project: https://github.com/guidovranken/cryptofuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5667636637073408 Project: cryptofuzz Fuzzing Engine: afl Fuzz Target: cryptofuzz-openssl-110 Job Type: aflasancryptofuzz Platform Id: linux Crash Type: Stack-buffer-overflow WRITE 4 Crash...

openthread:ip6-send-fuzzer: Stack-buffer-overflow in ot::Message::Write

Project: https://github.com/openthread/openthread.git Detailed Report: https://oss-fuzz.com/testcase?key=5691354285342720 Project: openthread Fuzzing Engine: afl Fuzz Target: ip6-send-fuzzer Job Type: aflasanopenthread Platform Id: linux Crash Type: Stack-buffer-overflow READ Crash Address:...

NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0178)

The remote NewStart CGSL host, running version MAIN 4.06, has thunderbird packages installed that are affected by multiple vulnerabilities: - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a...

libhevc:hevc_dec_fuzzer: Stack-buffer-overflow in ihevcd_ref_list

Project: https://android.googlesource.com/platform/external/libhevc Detailed Report: https://oss-fuzz.com/testcase?key=5637475766108160 Project: libhevc Fuzzing Engine: afl Fuzz Target: hevcdecfuzzer Job Type: aflasanlibhevc Platform Id: linux Crash Type: Stack-buffer-overflow WRITE 4 Crash...

Ubuntu 16.04 LTS / 18.04 LTS : Apache HTTP Server vulnerabilities (USN-4113-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4113-1 advisory. Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some...

Ubuntu: Security Advisory (USN-4113-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1899-1 : faad2 security update

Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced Audio Coder : CVE-2018-19502 Heap buffer overflow in the function excludedchannels libfaad/syntax.c. This vulnerability might allow remote attackers to cause denial of service via crafted MPEG AAC data. CVE-2018-20196...

freeimage:load_from_memory_fuzzer: Stack-buffer-overflow in strncpy

Detailed Report: https://oss-fuzz.com/testcase?key=5633780185825280 Project: freeimage Fuzzing Engine: libFuzzer Fuzz Target: loadfrommemoryfuzzer Job Type: libfuzzerasanfreeimage Platform Id: linux Crash Type: Stack-buffer-overflow WRITE Crash Address: 0x7f89f7151530 Crash State: strncpy...

Debian: Security Advisory (DLA-1893-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1893-1 : cups security update

Two issues have been found in cups, the Common UNIX Printing Systemtm. Basically both CVEs CVE-2019-8675 and CVE-2019-8696 are about stack-buffer-overflow in two functions of libcup. One happens in asn1gettype the other one in asn1getpacked. For Debian 8 'Jessie', these problems have been fixed i...

[SECURITY] [DLA 1893-1] cups security update

Package : cups Version : 1.7.5-11+deb8u5 CVE ID : CVE-2019-8675 CVE-2019-8696 Two issues have been found in cups, the Common UNIX Printing Systemtm. Basically both CVEs CVE-2019-8675 and CVE-2019-8696 are about stack-buffer-overflow in two functions of libcup. One happens in asn1gettype the other...

Apache 2.4.x < 2.4.41 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.41. It is, therefore, affected by multiple vulnerabilities: - A cross-site scripting XSS vulnerability exists in modproxy when proxying is enabled and Proxy Error page is displayed. CVE-2019-10092 - An...

Oracle Linux 8 : redis:5 (ELSA-2019-2002)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2002 advisory. - fix Heap buffer overflow in HyperLogLog triggered by malicious client CVE-2019-10192 Tenable has extracted the preceding description block directly...

redis:5 security update

5.0.3-2 - fix Heap buffer overflow in HyperLogLog triggered by malicious client CVE-2019-10192 - fix Stack buffer overflow in HyperLogLog triggered by malicious client CVE-2019-10193...

MGASA-2019-0226 Updated redis packages fix security vulnerabilities

This update fixes 2 security issues. A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure CVE-2019-10192. A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure CVE-2019-10193...