Important product security update: Virtuozzo 6.0 Update 12 Hotfix 49 (6.0.12-3754)

This update provides a security and a stability fix. Vulnerability id: CVE-2019-15681, PSBM-99817 libVNCServer-0.9.10 contains a memory leak in VNC server code, which may allow an attacker to read stack memory...

Debian DLA-2016-1 : ssvnc security update

Several vulnerabilities have been identified in the VNC code of ssvnc, an encryption-capable VNC client.. The vulnerabilities referenced below are issues that have originally been reported against Debian source package libvncserver which also ships the libvncclient shared library. The ssvnc sourc...

kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command

A flaw was found in the Linux kernel's implementation of the Bluetooth Human Interface Device Protocol HIDP. A local attacker with access permissions to the Bluetooth device can issue an IOCTL which will trigger the dohidpsockioctl function in net/bluetooth/hidp/sock.c.c. This function can leak...

LibVNC Memory Disclosure Vulnerability

LibVNC is a cross-platform C library that enables you to easily implement VNC server or client functionality in your security applications. A memory leak vulnerability exists in the VNC server code in versions prior to LibVNC d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. An attacker could exploit thi...

DEBIAN-CVE-2019-15681

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak CWE-655 in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. Thi...

ALPINE-CVE-2019-15681

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak CWE-655 in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. Thi...

CVE-2019-15681

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak CWE-655 in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. Thi...

CVE-2019-15681

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak CWE-655 in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. Thi...

Information disclosure

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak CWE-655 in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. Thi...

CVE-2019-15681

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak CWE-655 in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. Thi...

CVE-2019-15681

CVE-2019-15681 is a memory-leak vulnerability (CWE-655) in LibVNCServer’s VNC server component. The issue, introduced in LibVNC commit prior to d01e1bb4246..., could allow an attacker to read stack memory and cause information disclosure; when combined with another vulnerability this memory leaka...

CVE-2019-15681

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak CWE-655 in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. Thi...

Security Bulletin: A vulnerability in Linux kernel affect IBM Netezza Host Management

Summary Linux kernel is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-1000364 DESCRIPTION: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a a stack memory...

Security Bulletin: A vulnerability in OpenSource GNU Glibc affect IBM Netezza Host Management

Summary OpenSource GNU Glibc is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-1000366 DESCRIPTION: Glibc could allow a local attacker to execute arbitrary code on the system, caused by a vulnerability that...

Design/Logic Flaw

Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine issue 1 of 2...

CVE-2019-13124

CVE-2019-13124 affects Foxit Reader 9.6.0.25114 and earlier, due to two RecursiveCall bugs in the V8 JavaScript engine that cause uncontrolled recursion, exhausting stack memory in three functions. This is described as a denial of service/crash risk related to stack exhaustion. The connected docu...

Linux kernel information disclosure vulnerability (CNVD-2019-38260)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. An information disclosure vulnerability exists in Linux kernel versions prior to 4.17. An attacker can exploit this...

CVE-2019-16921

In the Linux kernel before 4.17, hnsroceallocucontext in drivers/infiniband/hw/hns/hnsrocemain.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425813...

CVE-2019-16921

In the Linux kernel before 4.17, hnsroceallocucontext in drivers/infiniband/hw/hns/hnsrocemain.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425813...

Information disclosure

In the Linux kernel before 5.2.14, rds6incinfocopy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized...