GHSA-QWWR-QC2P-6283 Out-of-bounds write in libpng

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function gettoken in pnm2png.c in pnm2png...

Out-of-bounds write in libpng

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function gettoken in pnm2png.c in pnm2png...

Buffer Overflow

zint:sid is vulnerable to buffer overflow. eanleadingzeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library code...

Security Bulletin: Vulnerability in IBM Java Runtime Environment affects installation and uninstallation of IBM Spectrum Protect for Enterprise Resource Planning on AIX and Linux (CVE-2020-27221)

Summary A vulnerability in IBM Java Runtime Environment may affect the installation and uninstallation of IBM Spectrum Protect for Enterprise Resource Planning ERP on AIX and Linux. This issue was disclosed as part of the IBM Java SDK updates in January 2021. UPDATED: 18 March 2021 - Corrected...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition may affect IBM Content Collector for SAP Applications

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM Content Collector for SAP Applications. These issues disclosed in the Oracle January 2021 Critical Patch Update. Vulnerability Details CVEID: CVE-2020-14803 DESCRIPTION: An unspecified vulnerabilit...

CVE-2021-25667

A vulnerability has been identified in RUGGEDCOM RM1224 All versions = V4.3 and = V4.3 and = V4.3 and = V2.0 and V2.1.3, SCALANCE XB-200 All versions V4.1, SCALANCE XC-200 All versions V4.1, SCALANCE XF-200BA All versions V4.1, SCALANCE XM400 All versions V6.2, SCALANCE XP-200 All versions V4.1,...

CVE-2021-25667

A vulnerability has been identified in RUGGEDCOM RM1224 All versions = V4.3 and = V4.3 and = V4.3 and = V2.0 and V2.1.3, SCALANCE XB-200 All versions V4.1, SCALANCE XC-200 All versions V4.1, SCALANCE XF-200BA All versions V4.1, SCALANCE XM400 All versions V6.2, SCALANCE XP-200 All versions V4.1,...

SAP 3D Visual Enterprise Viewer HPGL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

Updated mediainfo packages a fix security vulnerability

In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in StreamsFillPerStream in Multiple/FileMpegPs.cpp aka an off-by-one during MpegPs parsing CVE-2020-15395...

Schneider Electric IGSS CGF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

EulerOS Virtualization 2.9.0 : glibc (EulerOS-SA-2021-1643)

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The iconv function in the GNU C Library aka glibc or libc6 2.30 to 2.32, when converting UCS4 text containing an irreversible...

Adobe Bridge 10.x < 10.0.4 Multiple Vulnerabilities (APSB20-19)

The version of Adobe Bridge installed on the remote Windows host is prior to 10.0.4. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb20-19 advisory. - Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitatio...

NewStart CGSL MAIN 6.02 : glibc Multiple Vulnerabilities (NS-SA-2021-0053)

The remote NewStart CGSL host, running version MAIN 6.02, has glibc packages installed that are affected by multiple vulnerabilities: - The idnatoascii4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via 6...

NewStart CGSL MAIN 4.06 : sudo Multiple Vulnerabilities (NS-SA-2021-0001)

The remote NewStart CGSL host, running version MAIN 4.06, has sudo packages installed that are affected by multiple vulnerabilities: - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a...

EulerOS Virtualization 2.9.1 : glibc (EulerOS-SA-2021-1600)

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling memcpy on...

Adobe Bridge 10.x < 10.0.4 Multiple Vulnerabilities (APSB20-19)

The version of Adobe Bridge installed on the remote macOS or Mac OS X host is prior to 10.0.4. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb20-19 advisory. - Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Jan 2021 CPU (CVE-2020-27221)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in Jan 2021. Vulnerability Details CVEID: CVE-2020-27221 DESCRIPTION: Eclipse OpenJ9 is vulnerabl...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server January 2021 CPU that is bundled with IBM WebSphere Application Server Patterns

Summary There are multiple vulnerabilities in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates in January 2021. Vulnerability Details CVEID: CVE-2020-14803 DESCRIPTION: An unspecified vulnerability i...

RHEL 8 : java-1.8.0-ibm (RHSA-2021:0736)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0736 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

Critical: Red Hat Security Advisory: java-1.8.0-ibm security update

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...