Security Advisory - Stack Buffer Overflow Vulnerability in Several Products

There is a stack buffer overflow vulnerability in several products. The program copies an input buffer to an output buffer without verification. An attacker in the adjacent network could send a crafted message, successful exploit could lead to stack buffer overflow which may cause malicious code...

mruby:mruby_fuzzer: Stack-buffer-overflow in fmt_setup

Project: https://github.com/mruby/mruby.git Detailed Report: https://oss-fuzz.com/testcase?key=5085564041953280 Project: mruby Fuzzing Engine: honggfuzz Fuzz Target: mrubyfuzzer Job Type: honggfuzzasanmruby Platform Id: linux Crash Type: Stack-buffer-overflow WRITE 1 Crash Address: 0x7ffe4fea3241...

CentOS 7 : squid (RHSA-2020:2040)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2040 advisory. - An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function...

opensc:fuzz_pkcs15_reader: Stack-buffer-overflow in coolkey_rsa_op

Project: https://github.com/OpenSC/OpenSC.git Detailed Report: https://oss-fuzz.com/testcase?key=5769032858075136 Project: opensc Fuzzing Engine: honggfuzz Fuzz Target: fuzzpkcs15reader Job Type: honggfuzzasanopensc Platform Id: linux Crash Type: Stack-buffer-overflow READ Crash Address:...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4364-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4364-1 advisory. It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker...

Ubuntu: Security Advisory (USN-4364-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

freeimage:load_from_memory_fuzzer: Stack-buffer-overflow in __libcpp_strchr

Detailed Report: https://oss-fuzz.com/testcase?key=5736051093274624 Project: freeimage Fuzzing Engine: libFuzzer Fuzz Target: loadfrommemoryfuzzer Job Type: libfuzzerasanfreeimage Platform Id: linux Crash Type: Stack-buffer-overflow READ Crash Address: 0x7ffd87930840 Crash State: libcppstrchr...

USN-4345-1: Linux kernel vulnerabilities | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial...

CVE-2020-3341

A vulnerability in the PDF archive parsing module in Clam AntiVirus ClamAV Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could...

CVE-2020-3341

A vulnerability in the PDF archive parsing module in Clam AntiVirus ClamAV Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could...

CVE-2020-3341

A vulnerability in the PDF archive parsing module in Clam AntiVirus ClamAV Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could...

KLA11781 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. Type confusion vulnerability in Blink component can be exploited to potentially cause denial of service. 2. Stack buffer...

imagemagick:encoder_heic_fuzzer: Stack-buffer-overflow in void put_epel_hv_fallback<unsigned short>

Detailed Report: https://oss-fuzz.com/testcase?key=5667577838960640 Project: imagemagick Fuzzing Engine: libFuzzer Fuzz Target: encoderheicfuzzer Job Type: libfuzzerasanimagemagick Platform Id: linux Crash Type: Stack-buffer-overflow READ 2 Crash Address: 0x7ffcea77d4cf Crash State: void...

openSUSE: Security Advisory for chromium (openSUSE-SU-2020:0620-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:0648-1 Security update for chromium

This update for chromium fixes the following issues: Update to 81.0.4044.138 boo1171247: - CVE-2020-6831: Stack buffer overflow in SCTP - CVE-2020-6464: Type Confusion in Blink This update was imported from the openSUSE:Leap:15.1:Update update project...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2020:0648-1 Rating: important References: 1171247 Cross-References: CVE-2020-6464 CVE-2020-6831 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes two vulnerabilities is now available...

OPENSUSE-SU-2020:0620-1 Security update for chromium

This update for chromium fixes the following issues: Update to 81.0.4044.138 boo1171247: - CVE-2020-6831: Stack buffer overflow in SCTP - CVE-2020-6464: Type Confusion in Blink...

Oracle Linux 7 : squid (ELSA-2020-2040)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-2040 advisory. - Resolves: 1828359 - CVE-2020-11945 squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution -...

Denial Of Service (DoS)

Squid is vulnerable to denial of service DoS. Due to an improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow...

Important: Red Hat Security Advisory: squid:4 security update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...