26.08.2019 22:45 libX11: Crash on invalid reply in XListExtensions in ListExt.c * libX11: Off-by-one error in XListExtensions in ListExt.c * libX11: Out of Bounds write in XListExtensions in ListExt.c * libxkbcommon: Invalid free in ExprAppendMultiKeysymList resulting in a crash * libxkbcommon: Endless recursion in xkbcomp/expr.c resulting
26.08.2019 22:45 poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc * poppler: heap-based buffer overflow in function ImageStream::getLine in Stream.cc * poppler: infinite recursion in Parser::getObj function in Parser.cc * poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc * poppler: reachable abort in
26.08.2019 21:01 spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows SL7 x86_64 libgovirt-0.3.4-3.el7.i686.rpm spice-gtk3-0.35-4.el7.i686.rpm spice-glib-0.35-4.el7.x86_64.rpm virt-viewer-5.0-15.el7.x86_64.rpm spice-vdagent-0.14.0-18.el7.x86_64.rpm libgovirt-0.3.4-3.el7.x86_64.rpm spice-gtk3-0.35-4.el7.x86_64.rpm spic
26.08.2019 21:01 python: Missing salt initialization in _elementtree.c module * python: NULL pointer dereference using a specially crafted X509 certificate * python: CRLF injection via the query part of the url passed to urlopen * python: CRLF injection via the path part of the url passed to urlopen * python: Undocumented local_file proto
26.08.2019 21:01 libsolv: NULL pointer dereference in function testcase_read * libsolv: NULL pointer dereference in function testcase_str2dep_complex * libsolv: illegal address access in pool_whatprovides in src/pool.h SL7 x86_64 libsolv-0.6.34-4.el7.x86_64.rpm libsolv-0.6.34-4.el7.i686.rpm libsolv-devel-0.6.34-4.el7.i686.rpm libsolv-tools
26.08.2019 21:01 elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges via crafted file * elfutils: Double-free due to double decompression of sections in crafted ELF causes crash * elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash * elfutils: invalid memory address derefer
26.08.2019 21:01 rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled SL7 x86_64 rsyslog-relp-8.24.0-38.el7.x86_64.rpm rsyslog-mysql-8.24.0-38.el7.x86_64.rpm rsyslog-gnutls-8.24.0-38.el7.x86_64.rpm rsyslog-gssapi-8.24.0-38.el7.x86_64.rpm rsyslog-8.24.0-38.el7.x86_64.rpm rsyslog-pgsql-8.24.0-38.el7.x86_64.rpm rsyslog-kafka-8.24.0-38.el7.x86_
26.08.2019 21:01 glibc: getaddrinfo should reject IP addresses with trailing characters SL7 x86_64 glibc-2.17-292.el7.x86_64.rpm glibc-devel-2.17-292.el7.i686.rpm glibc-2.17-292.el7.i686.rpm glibc-common-2.17-292.el7.x86_64.rpm glibc-headers-2.17-292.el7.x86_64.rpm nscd-2.17-292.el7.x86_64.rpm glibc-utils-2.17-292.el7.x86_64.rpm glibc-devel-2.17-292.el7.x86_6
26.08.2019 21:01 bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies SL7 x86_64 bind-libs-lite-9.11.4-9.P2.el7.i686.rpm bind-9.11.4-9.P2.el7.x86_64.rpm bind-export-libs-9.11.4-9.P2.el7.i686.rpm bind-pkcs11-utils-9.11.4-9.P2.el7.x86_64.rpm bind-chroot-9.11.4-9.P2.el7.x86_64.rpm bind-license-9.11.4-9.P2.el7.noarch.rpm bind-pkcs11-9.11.4-
26.08.2019 21:01 freerdp: out of bounds read in drdynvc_process_capability_request SL7 x86_64 vinagre-3.22.0-12.el7.i686.rpm freerdp-libs-2.0.0-1.rc4.el7.x86_64.rpm libwinpr-2.0.0-1.rc4.el7.x86_64.rpm vinagre-3.22.0-12.el7.x86_64.rpm freerdp-2.0.0-1.rc4.el7.x86_64.rpm libwinpr-2.0.0-1.rc4.el7.i686.rpm freerdp-libs-2.0.0-1.rc4.el7.i686.rpm libwinpr-devel-2.0
26.08.2019 21:01 libjpeg: null pointer dereference in cjpeg * libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service * libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c * libjpeg: Segmentation fault in get_text_gray_row function in rdppm.c * libjpeg: Segmentat
26.08.2019 21:01 qt5-qtbase: Double free in QXmlStreamReader * qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service * qt5-qtbase: QImage allocation failure in qgifhandler * qt5-qtimageformats: QTgaFile CPU exhaustion * qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file SL7
26.08.2019 21:01 ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries * nss: Cache side-channel variant of the Bleichenbacher attack SL7 x86_64 nss-softokn-3.44.0-5.el7.x86_64.rpm nss-devel-3.44.0-4.el7.i686.rpm nss-softokn-freebl-3.44.0-5.el7.i686.rpm nspr-devel-4.21.0-1.el7.i686.rpm nss-devel-3.44.0-4.el7.x86_64.rpm nss-tools-3.44.0-4.el
26.08.2019 21:01 exempi: Infinite Loop in Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp * exempi: Use after free via a PDF file containing JPEG data * exempi: Infinite loop in ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp * exempi: Infinite loop in TradQT_Manager::ParseCachedBoxes function in XMPFiles/source
26.08.2019 16:04 Multiple vulnerabilities have been found in xymon, the network monitoring application. Remote attackers might leverage these vulnerabilities in the CGI parsing code to cause denial of service, or any other unspecified impact.
