EulerOS Virtualization 2.5.3 : libssh2 (EulerOS-SA-2019-1362)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from th...

Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID

A heap corruption was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of TrueType fonts. It manifests itself in the form of the following or similar crash: --- cut --- $ bin/java -cp . DisplaySfntFont test.ttf Iteratio...

Out-of-bounds

A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error...

CVE-2019-3863

A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used by the SSH client as an index to copy memory causing...

CVE-2019-3863

In CVE-2019-3863, libssh2 (SSH client library) is vulnerable to an out-of-bounds memory write when a server sends multiple keyboard-interactive responses whose total length exceeds the unsigned char max. This is triggered during keyboard-interactive handling, using the excessive total length as a...

CVE-2019-3863

A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used by the SSH client as an index to copy memory causing...

httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values

In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset...

Ubuntu: Security Advisory (USN-3085-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Thunderbird Security Advisories (MFSA2018-20, MFSA2018-25) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Adobe Acrobat Reader DC (Continuous Track) Security Updates (APSB18-34) - Windows

Adobe Acrobat Reader DC Continuous Track is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

DEBIAN-CVE-2018-16999

Netwide Assembler NASM 2.14rc15 has an invalid memory write segmentation fault in expandsmacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file...

Adobe Acrobat Reader DC (Classic Track) Multiple Arbitrary Code Execution Vulnerabilities (APSB18-29) - Mac OS X

Adobe Acrobat Reader DC Classic Track is prone to multiple arbitrary code execution vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Adobe Acrobat DC (Classic Track) Multiple Arbitrary Code Execution Vulnerabilities (APSB18-29) - Windows

Adobe Acrobat DC Classic Track is prone to multiple arbitrary code execution vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...

Adobe Acrobat Reader DC (Continuous Track) Multiple Arbitrary Code Execution Vulnerabilities (APSB18-29) - Mac OS X

Adobe Acrobat Reader DC Continuous Track is prone to multiple arbitrary code execution vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Security Bulletin: A vulnerability in Spice affects PowerKVM

Summary PowerKVM is affected by a vulnerability in Spice. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2017-7506 DESCRIPTION: spice is vulnerable to a denial of service, caused by an out-of-bounds write error when processing message. By sending specially-crafted...

Security Bulletin: Vulnerabilities in QEMU affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in QEMU. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-5105 DESCRIPTION: QEMU, built with the MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, is vulnerable to a denial of service, caused by a stack...

Security Bulletin: Multiple vulnerabilities in qemu affect PowerKVM

Summary PowerKVM is affected by several vulnerabilities in qemu. These vulnerabilities have been addressed by IBM. Vulnerability Details CVEID: CVE-2016-5338 DESCRIPTION: Qemu, built with the ESP/NCR53C9x controller emulation support, is vulnerable to a denial of service, caused by an out of boun...

Adobe Photoshop CC Remote Code Execution Vulnerability (May 2018) - Mac OS X

Adobe Photoshop CC is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft IE And Microsoft Edge Flash Player Security Update (KB4093110)

This host is missing a critical security update according to Microsoft KB4093110. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox ESR Security Advisories (MFSA2018-08, MFSA2018-08) - Windows

Mozilla Firefox ESR is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...