Oracle Linux 8 : tcpdump (ELSA-2020-4760)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-4760 advisory. 14:4.9.3-1 - Resolves: 1804063 - Rebase tcpdump to 4.9.3 to fix multiple CVEs Tenable has extracted the preceding description block directly from the...

CVE-2020-26883

In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents...

CVE-2020-26883

In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents...

CVE-2020-26883

Play Framework versions 2.6.0–2.8.2 contain a vulnerability caused by unbounded recursion during JSON parsing (notably in fromJson in form.scala per Veracode). This can lead to stack depletion/DoS via crafted JSON sent over the network. Affected components: Play Framework JSON parsing pathway; ro...

EulerOS Virtualization 3.0.6.6 : libcroco (EulerOS-SA-2020-2447)

According to the version of the libcroco package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - libcroco through 0.6.13 has excessive recursion in crparserparseanycore in cr-parser.c, leading to stack consumption.CVE-2020-12825...

Huawei EulerOS: Security Advisory for libcroco (EulerOS-SA-2020-2447)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : binutils (EulerOS-SA-2020-2330)

According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in dexpression1 in...

Amazon Linux 2 : libcroco (ALAS-2020-1521)

The version of libcroco installed on the remote host is prior to 0.6.12-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1521 advisory. A stack overflow flaw was found in libcroco. A service using libcroco's CSS parser could be crashed by a local, authenticated...

Updated claw-mail packages fix a security vulnerability

In imapscantreerecursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree CVE-2020-16094...

MGASA-2020-0391 Updated claw-mail packages fix a security vulnerability

In imapscantreerecursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree CVE-2020-16094...

EulerOS Virtualization 3.0.2.2 : perl (EulerOS-SA-2020-2229)

According to the version of the perl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a deni...

Denial Of Service (DoS)

claws-mail is vulnerable to denial of service DoS. The vulnerability exists in imapscantreerecursive where a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree...

Huawei EulerOS: Security Advisory for libcroco (EulerOS-SA-2020-2105)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

...

The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

...

Denial Of Service (DoS)

binutils:bionic is vulnerable to Denial Of Service DoS. An issue was discovered in cp-demangle.c in GNU libiberty. There is a stack consumption problem caused by the cplusdemangletype function making recursive calls to itself in certain scenarios involving many 'P' characters...

Denial Of Service (DoS)

binutils is vulnerable to denial of service DoS. The vulnerability exists through a stack consumption vulnerability caused by an infinite recursion in the functions nextistypequal and cplusdemangletype in cp-demangle.c...

Denial Of Service (DoS)

binutils:bionic is vulnerable to denial of service DoS. It is a stack consumption issue in dcounttemplatesscopes in cp-demangle.c after many recursive calls...

Huawei EulerOS: Security Advisory for nmap (EulerOS-SA-2020-1979)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libcroco (EulerOS-SA-2020-1922)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...