1297 matches found
[SECURITY] [DLA 2045-1] tightvnc security update
Package : tightvnc Version : 1.3.9-6.5+deb8u1 CVE ID : CVE-2014-6053 CVE-2018-7225 CVE-2019-8287 CVE-2018-20021 CVE-2018-20022 CVE-2019-15678 CVE-2019-15679 CVE-2019-15680 CVE-2019-15681 Debian Bug : 945364 Several vulnerabilities have recently been discovered in TightVNC 1.x, an X11 based VNC...
CVE-2019-10600
Use of local variable as argument to netlink CB callback goes out of it scope when callback triggered lead to invalid stack memory in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon...
Code injection
Use of local variable as argument to netlink CB callback goes out of it scope when callback triggered lead to invalid stack memory in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon...
CVE-2019-10600
Use of local variable as argument to netlink CB callback goes out of it scope when callback triggered lead to invalid stack memory in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon...
CVE-2019-10600
CVE-2019-10600 describes a use-after-scope issue where a local variable is passed as an argument to a netlink callback, causing invalid stack memory when the callback fires. Affected are Snapdragon families across many devices and SoCs (e.g., Snapdragon Auto/Consumer IOT/Industrial IOT, IoT, Mobi...
Important product security update: Virtuozzo 6.0 Update 12 Hotfix 49 (6.0.12-3754)
This update provides a security and a stability fix. Vulnerability id: CVE-2019-15681, PSBM-99817 libVNCServer-0.9.10 contains a memory leak in VNC server code, which may allow an attacker to read stack memory...
Debian DLA-2016-1 : ssvnc security update
Several vulnerabilities have been identified in the VNC code of ssvnc, an encryption-capable VNC client.. The vulnerabilities referenced below are issues that have originally been reported against Debian source package libvncserver which also ships the libvncclient shared library. The ssvnc sourc...
kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command
A flaw was found in the Linux kernel's implementation of the Bluetooth Human Interface Device Protocol HIDP. A local attacker with access permissions to the Bluetooth device can issue an IOCTL which will trigger the dohidpsockioctl function in net/bluetooth/hidp/sock.c.c. This function can leak...
LibVNC Memory Disclosure Vulnerability
LibVNC is a cross-platform C library that enables you to easily implement VNC server or client functionality in your security applications. A memory leak vulnerability exists in the VNC server code in versions prior to LibVNC d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. An attacker could exploit thi...
CVE-2019-15681
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak CWE-655 in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. Thi...
DEBIAN-CVE-2019-15681
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak CWE-655 in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. Thi...
ALPINE-CVE-2019-15681
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak CWE-655 in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. Thi...
CVE-2019-15681
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak CWE-655 in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. Thi...
Information disclosure
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak CWE-655 in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. Thi...
CVE-2019-15681
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak CWE-655 in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. Thi...
CVE-2019-15681
CVE-2019-15681 is a memory-leak vulnerability (CWE-655) in LibVNCServer’s VNC server component. The issue, introduced in LibVNC commit prior to d01e1bb4246..., could allow an attacker to read stack memory and cause information disclosure; when combined with another vulnerability this memory leaka...
CVE-2019-15681
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak CWE-655 in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. Thi...
Security Bulletin: A vulnerability in Linux kernel affect IBM Netezza Host Management
Summary Linux kernel is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-1000364 DESCRIPTION: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a a stack memory...
Security Bulletin: A vulnerability in OpenSource GNU Glibc affect IBM Netezza Host Management
Summary OpenSource GNU Glibc is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-1000366 DESCRIPTION: Glibc could allow a local attacker to execute arbitrary code on the system, caused by a vulnerability that...
Design/Logic Flaw
Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine issue 1 of 2...