[SECURITY] [DSA 4714-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4714-1 [email protected] https://www.debian.org/security/ Michael Gilbert July 01, 2020 https://www.debian.org/security/faq -...

CVE-2020-1322

An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka 'Microsoft Project Information Disclosure Vulnerability'...

Description of the security update for Project 2016: June 9, 2020

Description of the security update for Project 2016: June 9, 2020 Summary This security update resolves an information disclosure vulnerability that exists when Microsoft Project software reads out-of-bound memory. This occurs because of an uninitialized variable that could disclose the contents ...

Microsoft Project Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable. An attacker who successfully exploited the vulnerability could view out of bound memory that potentially could contain sensitive information. Exploitation of the...

wavpack security update

5.1.0-15 - fix Out-of-bounds read in WavpackVerifySingleBlock function 1663151 - CVE-2018-19841 5.1.0-14 - fix uninitialized variable in ParseCaffHeaderConfig 1741251 - CVE-2019-1010317 5.1.0-13 - fortify parsing of .dff files 1707428, 1733627 - CVE-2019-1010315 - CVE-2019-11498 5.1.0-12 - fix...

Denial Of Service (DoS)

wavpack is vulnerable to denial of service DoS. The vulnerability exists through the use of uninitialized variable in WavpackSetConfiguration64 leads to DoS...

wavpack: Use of uninitialized variable in WavpackSetConfiguration64 leads to DoS

WavpackSetConfiguration64 in packutils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service application crash via a DFF file that lacks valid sample-rate data...

wavpack: Use of uninitialized variable in ParseCaffHeaderConfig leads to DoS

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig caff.c:486. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

wavpack: Use of uninitialized variable in ParseWave64HeaderConfig leads to DoS

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig wave64.c:211. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

CVE-2019-20785

An issue was discovered on LG mobile devices with Android OS 8.0 and 8.1 software for the DTAG carrier. RILD in the radio layer uses an uninitialized variable. The LG ID is LVE-SMP-180013 January 2019...

CVE-2019-20785

An issue was discovered on LG mobile devices with Android OS 8.0 and 8.1 software for the DTAG carrier. RILD in the radio layer uses an uninitialized variable. The LG ID is LVE-SMP-180013 January 2019...

Design/Logic Flaw

An issue was discovered on LG mobile devices with Android OS 8.0 and 8.1 software for the DTAG carrier. RILD in the radio layer uses an uninitialized variable. The LG ID is LVE-SMP-180013 January 2019...

CVE-2019-20785

An issue was discovered on LG mobile devices with Android OS 8.0 and 8.1 software for the DTAG carrier. RILD in the radio layer uses an uninitialized variable. The LG ID is LVE-SMP-180013 January 2019...

CVE-2019-20785

CVE-2019-20785 affects LG mobile devices running Android 8.0/8.1 for the DTAG carrier. The issue is in RILD (radio interface layer) where an uninitialized variable is used, per the Red Hat and NVD entries. LG’s internal ID is LVE-SMP-180013 (January 2019). Public details are limited in the provid...

CRL Validation Bypass

OpenSSL is vulnerable to CRL validation bypass. An uninitialized variable use flaw was found in OpenSSL. This flaw could cause anapplication using the OpenSSL Certificate Revocation List CRL checking functionality to incorrectly accept a CRL that has a nextUpdate date in the past...

CVE-2020-6078

An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdnsrecv, the return value of the mdnsreadheader function is not checked, leading to an uninitialized variable usage that eventually results in ...

CVE-2020-6078

An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdnsrecv, the return value of the mdnsreadheader function is not checked, leading to an uninitialized variable usage that eventually results in ...

CVE-2020-6078

An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdnsrecv, the return value of the mdnsreadheader function is not checked, leading to an uninitialized variable usage that eventually results in ...

MGASA-2020-0134 Updated libgd packages fix security vulnerability

The updated packages fix a security vulnerability: When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause t...

CVE-2019-14079

Access to the uninitialized variable when the driver tries to unmap the dma buffer of a request which was never mapped in the first place leading to kernel failure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables i...