Pillow before 6.2.3 and 7.x before 7.0.1 has multiple out-of-bounds reads in libImaging/FliDecode.c.
Published at: June 25, 2020 at 03:15PM
View on website
Etiqueta: government
New vulnerability on the NVD: CVE-2020-10378
In libImaging/PcxDecode.c in Pillow before 6.2.3 and 7.x before 7.0.1, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
Published at: June 25, 2020 at 03:15PM
View on website
New vulnerability on the NVD: CVE-2020-10379
In Pillow before 6.2.3 and 7.x before 7.0.1, there are two Buffer Overflows in libImaging/TiffDecode.c.
Published at: June 25, 2020 at 03:15PM
View on website
New vulnerability on the NVD: CVE-2018-21268
The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character.
Published at: June 25, 2020 at 01:15PM
View on website
New vulnerability on the NVD: CVE-2019-20892
net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release.
Published at: June 25, 2020 at 06:15AM
View on website
Educ Arte Económico 