66 matches found
Oracle Linux 6 / 7 : libtiff (ELSA-2017-0225)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-0225 advisory. - Fix patch for CVE-2016-5652 - CVE-2016-9533 CVE-2016-9534 CVE-2016-9535 - CVE-2016-9536 CVE-2016-9537 CVE-2016-9540 - CVE-2016-5652 Tenable has...
CentOS 6 / 7 : libtiff (CESA-2017:0225)
An update for libtiff is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
OracleVM 3.3 : libtiff (OVMSA-2017-0037)
The remote OracleVM system is missing necessary patches to address critical security updates : - Fix patch for CVE-2016-5652 - Related: 1412078 - Fix CWE-476 defect found by covscan - Related: 1412078 - Add patches for CVEs : - CVE-2016-9533 CVE-2016-9534 CVE-2016-9535 - CVE-2016-9536 CVE-2016-95...
libtiff security update
3.9.4-21 - Fix patch for CVE-2016-5652 - Related: 1412078 3.9.4-20 - Fix CWE-476 defect found by covscan - Related: 1412078 3.9.4-19 - Add patches for CVEs: - CVE-2016-9533 CVE-2016-9534 CVE-2016-9535 - CVE-2016-9536 CVE-2016-9537 CVE-2016-9540 - CVE-2016-5652 - Resolves: 1412078...
[SECURITY] [DSA 3762-1] tiff security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3762-1 [email protected] https://www.debian.org/security/ Laszlo Boszormenyi GCS January 13, 2017 https://www.debian.org/security/faq -...
CVE-2016-5652
An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means...
CVE-2016-5652
CVE-2016-5652 affects LibTIFF (TIFF2PDF tool). A crafted TIFF can trigger an exploitable heap-based buffer overflow in handling JPEG Compression Tables, potentially leading to remote code execution or crash via a saved TIFF file. Vulnerable components include LibTIFF and tools like tiff2pdf. Reme...
CVE-2016-5652
An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means...
SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2016:3301-1)
The tiff library and tools were updated to version 4.0.7 fixing various bug and security issues. - CVE-2014-8127: out-of-bounds read with malformed TIFF image in multiple tools bnc914890 - CVE-2016-9297: tifdirread.c read outside buffer in TIFFPrintField bnc1010161 - CVE-2016-3658: Illegal read i...
[SECURITY] [DLA 693-1] tiff security update
Package : tiff Version : 4.0.2-6+deb7u7 CVE ID : CVE-2014-8128 CVE-2015-7554 CVE-2015-8668 CVE-2016-3186 CVE-2016-3619 CVE-2016-3620 CVE-2016-3621 CVE-2016-3631 CVE-2016-3632 CVE-2016-3633 CVE-2016-3634 CVE-2016-5102 CVE-2016-5318 CVE-2016-5319 CVE-2016-5652 CVE-2016-6223 CVE-2016-8331 Debian Bug...
CVE-2015-5652
Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really ...
CVE-2014-5652
The CVE-2014-5652 entry concerns the Android app Kicksend Photo Prints (com.kicksend.android.print) version 1.0.7. The vulnerability is an SSL verification flaw where the app does not verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and access sens...
[SECURITY] [DSA 2776-1] drupal6 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2776-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 11, 2013 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2776-1] drupal6 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2776-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 11, 2013 http://www.debian.org/security/faq -...
Fedora Update for drupal6 FEDORA-2012-20766
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for drupal7 FEDORA-2012-20794
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CVE-2012-5652
CVE-2012-5652 affects Drupal 6.x prior to 6.27, allowing remote attackers to disclose sensitive information about uploaded files via RSS feeds or search results. Root cause involves information disclosure in output for file-related data; no exploitation details are provided in the sources. The vu...
Drupal 6.x < 6.27 / 7.x < 7.18 Multiple Vulnerabilities
The remote web server is running a version of Drupal that is 6.x prior to 6.27 or 7.x prior to 7.18. It is, therefore, potentially affected by multiple vulnerabilities : - An access bypass vulnerability exists that allows search results to improperly display information about blocked users...
SA-CORE-2012-004 - Drupal core - Multiple vulnerabilities
Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Access bypass User module search - Drupal 6 and 7 A vulnerability was identified that allows blocked users to appear in user search results, even when the search results are viewed by unprivileged users. This...
Wireshark: memory corruption when reading a malformed pcap file (upstream bug #5652)
Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a malformed file...