ALPINE-CVE-2019-12217

An issue was discovered in libSDL2.a in Simple DirectMedia Layer SDL 2.0.9 when used in conjunction with libSDL2image.a in SDL2image 2.0.4. There is a NULL pointer dereference in the SDL stdioread function in file/SDLrwops.c...

NULL Pointer Dereference

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to NULL Pointer Dereference. An issue was discovered in libSDL2.a in Simple DirectMedia Layer SDL 2.0.9 when used in conjunction with libSDL2image.a in SDL2image 2.0.4. There is a NULL pointer...

Simple DirectMedia Layer Code Issue Vulnerability (CNVD-2019-15548)

Simple DirectMedia Layer SDL is a multi-platform library for accessing low-level hardware and graphics and providing support for games, software and emulators. A code issue vulnerability exists in the libSDL2.a file in SDL version 2.0.9. The vulnerability arises from an improperly designed or...

openSUSE Security Update : systemd (openSUSE-2018-216)

This update for systemd fixes the following issues : Security issue fixed : - CVE-2017-18078: tmpfiles: refuse to chown/chmod files which are hardlinked, unless protectedhardlinks sysctl is on. This could be used by local attackers to gain privileges bsc1077925 Non Security issues fixed : - core:...

SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:0546-1)

This update for systemd fixes the following issues: Security issue fixed : - CVE-2017-18078: tmpfiles: refuse to chown/chmod files which are hardlinked, unless protectedhardlinks sysctl is on. This could be used by local attackers to gain privileges bsc1077925 Non Security issues fixed : - core:...

Fedora 27 : glibc (2017-0d3fdd3d1f)

This update adds support for the IBM858 codepage RHBZ1416405. It moves the nsscompat NSS service module to the main glibc package RHBZ1400538. As a security hardening measure, stdio streams are no longer flushed on process abort/assertion failure RHBZ1498880. /var/db/Makefile is now included in t...

The vulnerability of the Mercurial version control software lies in its lack of access control mechanisms, allowing attackers to execute arbitrary code.

The vulnerability of the Mercurial version control software is related to deficiencies in access control using the command-line parameter “hg serve --stdio”. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, using a Python debugger, by replacing the...

mercurial: Python debugger accessible to authorized users

A flaw was found in the way "hg serve --stdio" command in Mercurial handled command-line options. A remote, authenticated attacker could use this flaw to execute arbitrary code on the Mercurial server by using specially crafted command-line options...

Mercurial Remote Code Execution Vulnerability

Mercurial is a software developer Matt Mackall developed a set of cross-platform distributed version control software written in the Python language . The software supports the simultaneous processing of plain text and binary files and so on. A remote code execution vulnerability exists in...

Remote Code Execution (RCE)

Mecurial is vulnerable to remote code execution RCE. The hg serve --stdio command allows a malicious user to launch the python debugger to execute arbitrary python code by using --debugger as the target repository...

FreeBSD : FreeBSD -- Buffer overflow in stdio (74ded00e-6007-11e6-a6c3-14dae9d210b8)

A programming error in the standard I/O library's sflush function could erroneously adjust the buffered stream's internal state even when no write actually occurred in the case when write2 system call returns an error. Impact : The accounting mismatch would accumulate, if the caller does not chec...

CVE-2016-3856

netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR959631...

UBUNTU-CVE-2016-3856

netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR959631...

CVE-2016-3856

CVE-2016-3856 affects Android’s netd daemon, where versions prior to 2016-08-05 mishandle tethering and stdio streams. The root cause is a handling flaw in tethering/stdio data processing, which can be exploited by a crafted application to cause a denial of service and potentially other unspecifi...

CVE-2016-3856

netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR959631...

Heap overflow

The sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via a crafted application...

GNU glibc 'stdio-common/vfscanf.c' local denial of service vulnerability

GNU glibc also known as GNU C Library, libc6 is an open-source, free C compiler released under the LGPL license. A local denial of service vulnerability exists in GNU glibc. An attacker could exploit this vulnerability to crash an application, causing a denial of service...

SUSE SLES11 Security Update : glibc (SUSE-SU-2015:0167-1)

glibc has been updated to fix a security issue and two bugs : Security issue fixed : - Copy filename argument in posixspawnfileactionsaddopen CVE-2014-4043 Bugs fixed : - don't touch user-controlled stdio locks in forked child bsc864081, GLIBC BZ 12847 - Fix infinite loop in checkpf bsc909053,...

SUSE SLES11 Security Update : glibc (SUSE-SU-2015:0164-1)

glibc has been updated to fix one security issue and several bugs : Security issue fixed : - Fix crashes on invalid input in IBM gconv modules CVE-2014-6040, CVE-2012-6656 - Fixed a stack overflow during hosts parsing CVE-2013-4357 Bugs fixed : - don't touch user-controlled stdio locks in forked...

SuSE 11.3 Security Update : glibc (SAT Patch Number 10259)

glibc has been updated to fix security issues and bugs : - Fix crashes on invalid input in IBM gconv modules. CVE-2014-6040 / CVE-2012-6656, bsc894553, bsc894556, GLIBC BZ 17325, GLIBC BZ 14134 - Avoid infinite loop in nssdns getnetbyname. CVE-2014-9402 - Don't touch user-controlled stdio locks i...