CVE-2019-20016

CVE-2019-20016 affects libmysofa. Multiple connected sources confirm the issue arises from insufficient restriction of recursive function calls, demonstrated by stack consumption in readOHDRHeaderMessageDatatype (dataobject.c) and directblockRead (fractalhead.c). The vulnerability is addressed in...

CVE-2019-20016

libmysofa before 2019-11-24 does not properly restrict recursive function calls, as demonstrated by reports of stack consumption in readOHDRHeaderMessageDatatype in dataobject.c and directblockRead in fractalhead.c. NOTE: a download of v0.9 after 2019-12-06 should fully remediate this issue...

Security Bulletin: Multiple Vulnerabilities in GNU Binutils affects Watson Studio Local

Summary Multiple Vulnerabilities in GNU Binutils affects Watson Studio Local Vulnerability Details CVEID: CVE-2018-18701 DESCRIPTION: An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite...

EulerOS 2.0 SP3 : perl (EulerOS-SA-2019-2648)

According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - 1 cpan/Archive-Tar/bin/ptar, 2 cpan/Archive-Tar/bin/ptardiff, 3 cpan/Archive-Tar/bin/ptargrep, 4 cpan/CPAN/scripts/cpan, 5 cpan/Digest-SHA/shasum,...

EulerOS 2.0 SP2 : jansson (EulerOS-SA-2019-2396)

According to the version of the jansson package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JS...

EulerOS 2.0 SP2 : perl (EulerOS-SA-2019-2419)

According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of servic...

EulerOS 2.0 SP5 : tcpdump (EulerOS-SA-2019-2551)

According to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldptlvprint.CVE-2018-14461 - The ICMP parser in tcpdump before 4.9....

EulerOS 2.0 SP2 : librsvg2 (EulerOS-SA-2019-2493)

According to the versions of the librsvg2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The rsvgnodepolybuildpath function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service...

Security update for binutils (moderate)

openSUSE Security Update: Security update for binutils Announcement ID: openSUSE-SU-2019:2415-1 Rating: moderate References: 1109412 1109413 1109414 1111996 1112534 1112535 1113247 1113252 1113255 1116827 1118644 1118830 1118831 1120640 1121034 1121035 1121056 1133131 1133232 1141913 1142772...

tcpdump < 4.9.3 Multiple Vulnerabilities

tcpdump is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation;...

Security update for tcpdump (important)

openSUSE Security Update: Security update for tcpdump Announcement ID: openSUSE-SU-2019:2348-1 Rating: important References: 1068716 1153098 1153332 Cross-References: CVE-2017-16808 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465...

CVE-2018-17581

CiffDirectory::readDirectory at crwimageint.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service...

CVE-2018-16300

The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgpattrprint because of unlimited recursion...

CVE-2018-16300

The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgpattrprint because of unlimited recursion...

ALPINE-CVE-2018-16300

The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgpattrprint because of unlimited recursion...

Cross site request forgery (csrf)

The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgpattrprint because of unlimited recursion...

CVE-2018-16300

The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgpattrprint because of unlimited recursion...

CVE-2018-16300

The vulnerability CVE-2018-16300 affects tcpdump prior to version 4.9.3, where the BGP parser (print-bgp.c:bgp_attr_print) allows stack consumption due to unlimited recursion. Exploitation would cause a stack exhaustion condition. Remediation: upgrade tcpdump to 4.9.3 or newer (as reflected in th...

CVE-2018-16300

The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgpattrprint because of unlimited recursion...

CVE-2018-16300

The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgpattrprint because of unlimited recursion...