RSS   Vulnerabilities for 'Linux enterprise server'   RSS

2018-11-25
 
CVE-2018-19543

CWE-119
 

 
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.

 
 
CVE-2018-19542

CWE-476
 

 
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.

 
 
CVE-2018-19541

CWE-125
 

 
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c.

 
 
CVE-2018-19540

CWE-119
 

 
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c.

 
 
CVE-2018-19539

CWE-284
 

 
An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.

 
2018-10-31
 
CVE-2018-18873

CWE-476
 

 
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.

 
2018-10-22
 
CVE-2018-18585

CWE-476
 

 
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).

 
 
CVE-2018-18584

CWE-787
 

 
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.

 
2018-10-09
 
CVE-2018-17962

CWE-119
 

 
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.

 
2018-09-05
 
CVE-2016-1000030

CWE-295
 

 
Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0.

 


Copyright 2019, cxsecurity.com

 

Back to Top