CVE-2018-20405

BigTree CMS 4.3 contains an information disclosure in the admin/news input path: authenticated access can trigger a syntax error that reveals the server path. This is described across multiple sources (NVD/CNVD/OSV). Root cause: path disclosure through a crafted admin/news input that triggers a s...

PT-2018-15357 · Bigtree · Bigtree

Name of the Vulnerable Software and Affected Versions: BigTree version 4.3 Description: The issue allows for full path disclosure through authenticated input in the admin/news section, which triggers a syntax error. It is noted that this issue requires full developer level access to the content...

openSUSE: Security Advisory for dpdk (openSUSE-SU-2018:4003-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for dpdk (moderate)

This update for dpdk to version 16.11.8 provides the following security fix: - CVE-2018-1059: restrict untrusted guest to misuse virtio to corrupt host application ovs-dpdk memory which could have lead all VM to lose connectivity bsc1089638 and following non-security fixes: - Enable the broadcom...

openSUSE Security Update : dpdk (openSUSE-2018-1484)

This update for dpdk to version 16.11.8 provides the following security fix : - CVE-2018-1059: restrict untrusted guest to misuse virtio to corrupt host application ovs-dpdk memory which could have lead all VM to lose connectivity bsc1089638 and following non-security fixes : - Enable the broadco...

USN-3811-3: SpamAssassin vulnerabilities

USN-3811-1 fixed a vulnerability in spamassassin. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use this issue to execute arbitrary code...

SUSE SLES12 Security Update : dpdk (SUSE-SU-2018:3923-1)

This update for dpdk to version 16.11.8 provides the following security fix : CVE-2018-1059: restrict untrusted guest to misuse virtio to corrupt host application ovs-dpdk memory which could have lead all VM to lose connectivity bsc1089638 and following non-security fixes: Enable the broadcom...

Freeware Advanced Audio Decoder 2 Buffer Overflow Vulnerability (CNVD-2019-00819)

Freeware Advanced Audio Decoder 2 FAAD2 is a free advanced audio encoder. A heap buffer overflow vulnerability exists in the 'excludedchannels' function of the libfaad/syntax.c file in FAAD2 version 2.8.1, which can be exploited by an attacker to cause a denial of service or code execution...

CVE-2018-19502

An issue was discovered in Freeware Advanced Audio Decoder 2 FAAD2 2.8.1. There was a heap-based buffer overflow in the function excludedchannels in libfaad/syntax.c...

DEBIAN-CVE-2018-19502

An issue was discovered in Freeware Advanced Audio Decoder 2 FAAD2 2.8.1. There was a heap-based buffer overflow in the function excludedchannels in libfaad/syntax.c...

CVE-2018-19502

An issue was discovered in Freeware Advanced Audio Decoder 2 FAAD2 2.8.1. There was a heap-based buffer overflow in the function excludedchannels in libfaad/syntax.c...

CVE-2018-19502

An issue was discovered in Freeware Advanced Audio Decoder 2 FAAD2 2.8.1. There was a heap-based buffer overflow in the function excludedchannels in libfaad/syntax.c...

ALPINE-CVE-2018-19502

An issue was discovered in Freeware Advanced Audio Decoder 2 FAAD2 2.8.1. There was a heap-based buffer overflow in the function excludedchannels in libfaad/syntax.c...

CVE-2018-19502

An issue was discovered in Freeware Advanced Audio Decoder 2 FAAD2 2.8.1. There was a heap-based buffer overflow in the function excludedchannels in libfaad/syntax.c...

Debian DLA-1578-1 : spamassassin security update

Multiple vulnerabilities were found in Spamassassin, which could lead to Remote Code Execution and Denial of Service attacks under certain circumstances. CVE-2016-1238 Many Perl programs do not properly remove . period characters from the end of the includes directory array, which might allow loc...

[SECURITY] [DLA 1578-1] spamassassin security update

Package : spamassassin Version : 3.4.2-0+deb8u1 CVE ID : CVE-2016-1238 CVE-2017-15705 CVE-2018-11780 CVE-2018-11781 Debian Bug : 784023 865924 883775 889501 891041 908969 908970 908971 913571 Multiple vulnerabilities were found in Spamassassin, which could lead to Remote Code Execution and Denial...

Amazon Linux 2 : spamassassin (ALAS-2018-1103)

A flaw was found in the way SpamAssassin processes HTML email containing unclosed HTML tags. A carefully crafted mail message could cause SpamAssassin to consume significant resources. If a large number of these messages are sent, a denial of service could occur potentially delaying or preventing...

[SECURITY] Fedora 28 Update: curl-7.59.0-8.fc28

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : SpamAssassin vulnerabilities (USN-3811-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3811-1 advisory. It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use thi...

The vulnerability of the syntactic analyzer in LQS files of data collection and process automation monitoring tools like LAquis SCADA allows a perpetrator to execute arbitrary code.

The vulnerability of the LQS syntax analyzer in data collection files and in LAquis SCADA, a tool for industrial automation control, is related to the use of pointers. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...