SECURITY

No Image

USN-5453-1: FreeType vulnerability

2022-05-30 KENNETH 0

USN-5453-1: FreeType vulnerability It was discovered that FreeType incorrectly handled certain font files. An attacker could possibly use this issue to cause a denial of service. Source: USN-5453-1: FreeType vulnerability

No Image

USN-5452-1: NTFS-3G vulnerability

2022-05-30 KENNETH 0

USN-5452-1: NTFS-3G vulnerability It was discovered that NTFS-3G was incorrectly validating NTFS metadata in its ntfsck tool by not performing boundary checks. A local attacker could possibly use this issue to cause a denial of service or to execute arbitrary code. Source: USN-5452-1: NTFS-3G vulnerability

No Image

USN-5431-1: GnuPG vulnerability

2022-05-30 KENNETH 0

USN-5431-1: GnuPG vulnerability It was discovered that GnuPG was not properly processing keys with large amounts of signatures. An attacker could possibly use this issue to cause a denial of service. Source: USN-5431-1: GnuPG vulnerability

No Image

USN-5450-1: Subversion vulnerabilities

2022-05-27 KENNETH 0

USN-5450-1: Subversion vulnerabilities Evgeny Kotkov discovered that subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially use this issue to retrieve information about private paths. (CVE-2021-28544) Thomas Weißschuh discovered that subversion servers did not properly handle memory in certain configurations. A remote attacker could potentially use this issue to cause a denial of service or other unspecified impact. (CVE-2022-24070) Source: USN-5450-1: Subversion vulnerabilities

No Image

USN-5448-1: ncurses vulnerabilities

2022-05-27 KENNETH 0

USN-5448-1: ncurses vulnerabilities It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-of-bounds write. An attacker could possibly use this issue to execute arbitrary code. (CVE-2017-10684) It was discovered that ncurses was not properly checking user input, which could result in it being treated as a format argument. An attacker could possibly use this issue to expose sensitive information or to execute arbitrary code. (CVE-2017-10685) It was discovered that ncurses was incorrectly performing memory management operations and was not blocking access attempts to illegal memory locations. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-11112, CVE-2017-13729, CVE-2017-13730, CVE-2017-13731, CVE-2017-13732, CVE-2017-13733, CVE-2017-13734) It was discovered that ncurses was not properly performing checks on pointer values before attempting to access the related memory locations, which [ more… ]