Red Hat Security Advisory 2019-2553-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include CPU related, buffer overflow, and information leakage vulnerabilities.
457f28da6a8cebe9a101cf5be9a4952eFreeBSD Security Advisory - System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. A local user can use this flaw to obtain access to files, directories, sockets, etc., opened by processes owned by other users. If obtained struct file represents a directory from outside of user's jail, it can be used to access files outside of the jail. If the user in question is a jailed root they can obtain root privileges on the host system.
9cfd72e9cfbe028258e3db3b70d85035Red Hat Security Advisory 2019-2519-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow, bypass, cross site scripting, denial of service, information leakage, and null pointer vulnerabilities.
78b5fcb3a3c8f8ee710500de6377153eAdobe Acrobat Reader DC for Windows suffers from a heap-based buffer overflow vulnerability due to a malformed JP2 stream.
9e1ad5153c06fb8dc4fc0e8492622aeeRed Hat Security Advisory 2019-2508-01 - Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Issues addressed include a buffer overflow vulnerability.
9ebf7b727a1ff45a1dbf14cbf1bf0decAdobe Acrobat Reader DC for Windows suffers from a heap-based buffer overflow vulnerability in CoolType.dll.
5da6e14914985af3b4d8f0f35fab4dc1Adobe Acrobat Reader DC for Windows suffers from a heap-based buffer overflow vulnerability due to a malformed font stream.
c76e5f4221d74b1ac2a85a8d36b40926Adobe Acrobat Reader DC for Windows suffers from a static buffer overflow vulnerability due to a malformed font stream.
f9abbd638418513b43bdd4a685c66d12Adobe Acrobat Reader DC for Windows suffers from a heap-based buffer overflow vulnerability while processing malformed PDF files.
07fbd913c02bfc0914d6b60dc2f267b1Red Hat Security Advisory 2019-2507-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a buffer overflow vulnerability.
99277ea2e9859d79894114c865f9ef8fRed Hat Security Advisory 2019-2506-01 - Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Issues addressed include a buffer overflow vulnerability.
d59755f7501ed1f81d292a2af294d06aABC2MTEX version 1.6.1 suffers from a command-line stack overflow vulnerability.
ec22a224f97d59b0762417da3cf54b27Ubuntu Security Notice 4093-1 - It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
c0b6be2dc1ffa0bcd5add84b3fac57dfUbuntu Security Notice 4095-1 - Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
ff726cc76288b070879d39966cb18209Ubuntu Security Notice 4094-1 - It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. Various other issues were also addressed.
3b73671d729375d8de90582cb3d31f24Debian Linux Security Advisory 4496-1 - Benno Fuenfstueck discovered that Pango, a library for layout and rendering of text with an emphasis on internationalization, is prone to a heap-based buffer overflow flaw in the pango_log2vis_get_embedding_levels function. An attacker can take advantage of this flaw for denial of service or potentially the execution of arbitrary code.
2e627acdcf6a1822096135fb2a5e4739Red Hat Security Advisory 2019-2439-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. Integer overflow, leaked credential, and padding oracle vulnerabilities were addressed.
7b9d8dc9113ca94f46aadd80b4d5da42Red Hat Security Advisory 2019-2425-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include buffer overflow and information leakage vulnerabilities.
bcb9ad82a577245570491b675be20b9aRed Hat Security Advisory 2019-2401-01 - The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Issues addressed include a heap overflow vulnerability.
7c042fd06b67e3c6e2cfec64e0609722Red Hat Security Advisory 2019-2402-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. Stack overflow vulnerabilities have been addressed.
dd8ba4780ffe263a60830acaa87481c4Red Hat Security Advisory 2019-2400-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.
9f33236b3becfb00bd232a98d052a994Red Hat Security Advisory 2019-2002-01 - Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Issues addressed include a buffer overflow vulnerability.
b926deeef17aa1aa7c66755f37f16439FreeBSD Security Advisory - The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload ("TSO"). The e1000 device model uses an on-stack buffer to generate the modified packet header when simulating these modifications on transmitted packets. When TCP segmentation offload is requested for a transmitted packet, the e1000 device model used a guest-provided value to determine the size of the on-stack buffer without validation. The subsequent header generation could overflow an incorrectly sized buffer or indirect a pointer composed of stack garbage. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host.
26840b488f085103047559c3820eb233Red Hat Security Advisory 2019-2053-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, code execution, denial of service, and null pointer vulnerabilities.
4c0aa03c9fdb09907dd7d5a529e5b7ddRed Hat Security Advisory 2019-2101-01 - The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. Issues addressed include denial of service, heap overflow, and null pointer vulnerabilities.
b48a8fb599269fd3b4f89cae92e38d67
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed