dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...

Updated clamav packages fix security vulnerabilities

Updated clamav packages fix security vulnerabilities: Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.2 that could cause a denial-of-service condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. Special thanks to...

DEBIAN-CVE-2020-10723

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...

clamav -- multiple vulnerabilities

Micah Snyder reports: CVE-2020-3327: Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.2 that could cause a denial-of-service condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. Special thanks to Daehui Chang and...

Denial Of Service (DoS)

memcached is vulnerable to denial of service DoS. The vulnerability exists as the tryreadcommand function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service segmentation fault via a request to add/set a key, which makes a comparison between signed and...

The vulnerabilities of the functions Version.fetch_binary() and Version.fetch_source() in the python-apt package installation module allow a attacker to compromise data integrity.

The vulnerability of the Version.fetchbinary and Version.fetchsource functions in the python-apt package installation module is related to an error in downloading files from repositories that do not have a signature. Exploiting this vulnerability could allow a remote attacker to compromise data...

Cisco Firepower Threat Defense Data Forgery Issue Vulnerability

Cisco Firepower Threat Defense FTD is a suite of unified software from the U.S. company Cisco Cisco that provides next-generation firewall services. Cisco Firepower Threat Defense is vulnerable to a data forgery issue that stems from incorrect electronic signature verification. An attacker could...

CVE-2020-3308

A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper...

CVE-2020-3308 Cisco Firepower Threat Defense Software Signature Verification Bypass Vulnerability

A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper...

PT-2020-2238 · Cisco · Firepower Threat Defense +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: The issue is related to the improper...

Ubuntu 16.04 LTS / 18.04 LTS : EDK II vulnerabilities (USN-4349-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4349-1 advisory. A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of...

binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service

GNU binutils gold gold v1.11-v1.16 GNU binutils v2.21-v2.31.1 is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcppfile.h:644. The attack vector is: An ELF file with an...

qt:qtbase_gui_painting_qcolorspace_fromiccprofile: Heap-buffer-overflow in QSpecialInteger<QBigEndianStorageType<unsigned int> >::operator unsigned int

Project: git://code.qt.io/qt/qt5.git Detailed Report: https://oss-fuzz.com/testcase?key=5699424467812352 Project: qt Fuzzing Engine: libFuzzer Fuzz Target: qtbaseguipaintingqcolorspacefromiccprofile Job Type: libfuzzerasani386qt Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash...

Open-Xchange: Recursor accepts unsigned, empty NXDOMAINs in secure zones

Hi! This is a slightly edited version of the email I sent to the project's security contacts on 2020-04-21. Open-Xchange confirmed it and asked me to resubmit it here. --- Subject: Recursor may be accepting unsigned, empty NXDOMAINs in secure zones I can easily reproduce this against Cloudflare's...

Microsoft Windows Remote Desktop for Mac Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Microsoft Windows Server is a server operating system. Remote Desktop Services is one of t...

CVE-2020-1019

An elevation of privilege vulnerability exists in RMS Sharing App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft RMS Sharing App for Mac Elevation of Privilege Vulnerability'...

CVE-2020-0919

An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability'...

Privilege escalation

An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability'...

CVE-2020-1019

An elevation of privilege vulnerability exists in RMS Sharing App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft RMS Sharing App for Mac Elevation of Privilege Vulnerability'...

CVE-2020-0919

An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability'...