Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

CVE-2020-15306: openexr/CHANGES.md at main · AcademySoftwareFoundation/openexr

An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.

CVE
Open in Source
#vulnerability#ios#mac#windows#apple#google#microsoft#linux#debian#dos#git#intel#c++#perl#pdf#buffer_overflow#auth#rpm#docker#chrome#ssl
CVE-2020-14983: Missing server-side num_players validation leading to buffer overflow · Issue #1293 · chocolate-doom/chocolate-doom

The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.

CVE-2020-14150: Bison 3.5.4 released

GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison.

CVE-2020-13401: Docker Engine 23.0 release notes

An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.

CVE-2020-13757: python-rsa does not detect ciphertext modification (prepended "0" bytes) in PKCS1_v1_5 · Issue #146 · sybrenstuvel/python-rsa

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).

CVE-2020-12867: memory corruption bugs in libsane (#279) · Issues · sane-project / backends · GitLab

A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.

CVE-2020-3810: SECURITY UPDATE: Fix out of bounds read in .ar and .tar implementation (CVE-2020-3810) (dceb1e49) · Commits · APT Developers / apt

Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.

CVE-2019-2388: Ops Manager Server Changelog — MongoDB Ops Manager 6.0

In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5.

Solving Uninitialized Stack Memory on Windows

This blog post outlines the work that Microsoft is doing to eliminate uninitialized stack memory vulnerabilities from Windows and why we’re on this path. This blog post will be broken down into a few parts that folks can jump to: Uninitialized Memory Background Potential Solutions to Uninitialized Memory Vulnerabilities InitAll – Automatic Initialization Interesting Findings with InitAll Performance Optimizations Impact for Customers Forward Looking Plans None of this work would have been possible without close partnership between the Visual Studio organization, the Windows organization, and MSRC.

CVE-2020-11863: ECMA-234 Metafile Library / News: Re-Release of libEMF-1.0.12

libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2).