The ShortComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks when the "numDataElements" field is 0. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

Microsoft Silverlight 5 suffers from invalid typecast and memory disclosure vulnerabilities that, when leveraged together, allow for arbitrary code execution. A memory disclosure vulnerability exists in the public WriteableBitmap class from System.Windows.dll. This class allows reading of image pixels from the user-defined data stream via the public SetSource() method. BitmapSource.ReadStream() allocates and returns byte array and a count of array items as out parameters. These returned values are taken from the input stream and they can be fully controlled by the untrusted code. When returned "count" is greater than "array.Length", then data outside the "array" are used as input stream data by the native BitmapSource_SetSource() from agcore.dll. Later all data can be viewed via the public WriteableBitmap.Pixels[] property. Exploitation details related to these findings were purchased through the Packet Storm Bug Bounty program.

The release of this advisory provides exploitation details in relation a weakness in the Linux ASLR implementation. The problem appears when the executable is PIE compiled and it has an address leak belonging to the executable. These details were obtained through the Packet Storm Bug Bounty program and are being released to the community.

Red Hat Security Advisory 2020-1449-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. A local file overwrite vulnerability was addressed.

Asterisk Project Security Advisory - The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number these desired ones are still stored internally. When an RTP packet was received this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example the payload number resulted in a video codec but the stream carried audio) a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of the type would always exist.

Red Hat Security Advisory 2019-2766-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains updated container images for multus-cni, operator-lifecycle-manager, and operator-registry in Red Hat OpenShift Container Platform 4.1.15. Each of these container images includes gRPC, which has been updated with the fixes for unbounded memory growth issues.

Red Hat Security Advisory 2020-1635-01 - The GNU Debugger allows users to debug programs written in various programming languages including C, C++, and Fortran. Issues addressed include buffer overflow and code execution vulnerabilities.

Red Hat Security Advisory 2020-1716-01 - The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Issues addressed include a code execution vulnerability.

Secunia Security Advisory - A vulnerability has been reported in NetBSD, which can be exploited by malicious, local users to gain escalated privileges.

Secunia Security Advisory - A vulnerability has been reported in NetBSD, which can be exploited by malicious, local users to gain escalated privileges.

Secunia Security Advisory - NetBSD has issued an update for BIND. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Secunia Security Advisory - NetBSD has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.

Secunia Security Advisory - NetBSD has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) of the application using the library.

Secunia Security Advisory - A vulnerability has been reported in NetBSD, which can be exploited by malicious, local users to gain escalated privileges.

Secunia Security Advisory - NetBSD has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Mandriva Linux Security Advisory 2013-271 - The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and earlier, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to bsd.lib.mk and bsd.prog.mk.

Debian Linux Security Advisory 4606-1 - Several vulnerabilities have been discovered in the chromium web browser.

Debian Linux Security Advisory 4608-1 - Multiple integer overflows have been discovered in the libtiff library and the included tools.

Debian Linux Security Advisory 4609-1 - Two security issues were found in the Python interface to the apt package manager; package downloads from unsigned repositories were incorrectly rejected and the hash validation relied on MD5.

Debian Linux Security Advisory 4611-1 - Qualys discovered that the OpenSMTPD SMTP server performed insufficient validation of email addresses which could result in the execution of arbitrary commands as root. In addition this update fixes a denial of service by triggering an opportunistic TLS downgrade.

Debian Linux Security Advisory 4610-1 - Multiple code execution vulnerabilities have been addressed in the webkit2gtk web engine.

Debian Linux Security Advisory 4612-1 - It was discovered that the LDAP authentication modules for the Prosody Jabber/XMPP server incorrectly validated the XMPP address when checking whether a user has admin access.

Debian Linux Security Advisory 4613-1 - A heap-based buffer overflow vulnerability was discovered in the idn2_to_ascii_4i() function in libidn2, the GNU library for Internationalized Domain Names (IDNs), which could result in denial of service, or the execution of arbitrary code when processing a long domain string.

Debian Linux Security Advisory 4614-1 - Joe Vennix discovered a stack-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users, triggerable when configured with the "pwfeedback" option enabled. An unprivileged user can take advantage of this flaw to obtain full root privileges.

Debian Linux Security Advisory 4615-1 - Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. Malicious rule or configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios.

Debian Linux Security Advisory 4616-1 - Two security issues have been found in the SLiRP networking implementation of QEMU, a fast processor emulator, which could result in the execution of arbitrary code or denial of service.

Debian Linux Security Advisory 4617-1 - Two security issues were found in the Qt library, which could result in plugins and libraries being loaded from the current working directory, resulting in potential code execution.

Debian Linux Security Advisory 4619-1 - Guillaume Teissier reported that the XMLRPC client in libxmlrpc3-java, an XML-RPC implementation in Java, does perform deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious XMLRPC server can take advantage of this flaw to execute arbitrary code with the privileges of an application using the Apache XMLRPC client library.

Debian Linux Security Advisory 4618-1 - An out-of-bounds write vulnerability due to an integer overflow was reported in libexif, a library to parse EXIF files, which could result in denial of service, or potentially the execution of arbitrary code if specially crafted image files are processed.

Debian Linux Security Advisory 4622-1 - Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks.

Debian Linux Security Advisory 4623-1 - Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks.

Debian Linux Security Advisory 4620-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

Debian Linux Security Advisory 4621-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.

Debian Linux Security Advisory 4624-1 - Several vulnerabilities were discovered in evince, a simple multi-page document viewer.

Debian Linux Security Advisory 4625-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.

Debian Linux Security Advisory 4627-1 - Cross site scripting, denial of service, and various other vulnerabilities have been discovered in the webkit2gtk web engine.

Debian Linux Security Advisory 4629-1 - Simon Charette discovered that Django, a high-level Python web development framework, did not properly handle input in its PostgreSQL module. A remote attacker could leverage this to perform SQL injection attacks.

Debian Linux Security Advisory 4633-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.

Debian Linux Security Advisory 4604-1 - Multiple issues have been found in cacti, a server monitoring system, potentially resulting in SQL code execution or information disclosure by authenticated users.

Debian Linux Security Advisory 4626-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.

Debian Linux Security Advisory 4628-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.

Debian Linux Security Advisory 4535-1 - Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of arbitrary code.

Debian Linux Security Advisory 4607-1 - Lukas Kupczyk reported a vulnerability in the handling of chunked HTTP in openconnect, an open client for Cisco AnyConnect, Pulse and GlobalProtect VPN. A malicious HTTP server (after having accepted its identity certificate), can provide bogus chunk lengths for chunked HTTP encoding and cause a heap-based buffer overflow.

Red Hat Security Advisory 2017-1262-01 - The rpcbind utility is a server that converts Remote Procedure Call program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.

Red Hat Security Advisory 2017-1267-01 - The rpcbind utility is a server that converts Remote Procedure Call program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.

Red Hat Security Advisory 2017-1268-01 - The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.

Red Hat Security Advisory 2017-1395-01 - This package contains a new implementation of the original libtirpc, transport-independent RPC library for NFS-Ganesha. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.

Asterisk Project Security Advisory - A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed.

Qualys has discovered a memory leak and a buffer overflow in the dynamic loader (ld.so) of the GNU C Library (glibc).

Debian Linux Security Advisory 4367-2 - The Qualys Research Labs reported that the backported security fixes shipped in DSA 4367-1 contained a memory leak in systemd-journald. This and an unrelated bug in systemd-coredump are corrected in this update.