Monthly Archive: June 2019

ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function in coders/pango.c. Date published : 2019-06-26 http://www.securityfocus.com/bid/108913 https://www.debian.org/security/2020/dsa-4712

ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the WriteJP2Image function in coders/jp2.c. Date published : 2019-06-26 http://www.securityfocus.com/bid/108913 https://www.debian.org/security/2020/dsa-4712

ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. Date published : 2019-06-26 http://www.securityfocus.com/bid/108913 https://www.debian.org/security/2020/dsa-4712

ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c. Date published : 2019-06-26 http://www.securityfocus.com/bid/108913 https://www.debian.org/security/2020/dsa-4712

A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image. Date published...

In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar...

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles...

A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive) distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally...

FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as demonstrated by the {"a":(function(){confirm(1)})()} input. Date published : 2019-06-26 https://github.com/zxlie/FeHelper/issues/63

The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name". Date published :...

Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has...

PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user’s own password to a purpose-crafted...

A flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restricted to the current user’s conversations. Date published : 2019-06-26 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10154 https://moodle.org/mod/forum/discuss.php?d=386521

A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The size of users’ private file uploads via email were not correctly checked, so their quota allowance could be exceeded. Date...