1405 matches found
OpenSSL Denial of Service Vulnerability
OpenSSL is an open source capable of implementing the Secure Sockets Layer SSL v2/v3 and Secure Transport Layer TLS v1 protocols developed by the OpenSSL team as a general-purpose cryptographic library that supports a wide range of cryptographic algorithms including symmetric ciphers, hash...
The vulnerability of the PHP interpreter allows attackers to trigger a service failure or execute arbitrary code.
The vulnerability of the makehttpsoaprequest function ext/soap/phphttp.c in the PHP interpreter is related to pointer arithmetic errors. Exploiting this vulnerability could allow a malicious actor to cause service failure pointer arithmetic errors, application termination, or execute arbitrary co...
Internet Bug Bounty: CVE-2016-2177 Undefined pointer arithmetic in SSL code
1.0.2 version here: https://github.com/openssl/openssl/commit/a004e72b95835136d3f1ea90517f706c24c03da7 1.0.1 version here: https://github.com/openssl/openssl/commit/6f35f6deb5ca7daebe289f86477e061ce3ee5f46 These will get listed in the next security advisory and rolled up in the next release...
Vulnerability in OpenSSL - Pointer arithmetic undefined behaviour
Avoid some undefined pointer arithmetic A common idiom in the codebase is to check limits in the following manner: “p + len limit” Where “p” points to some malloc’d data of SIZE bytes and limit == p + SIZE “len” here could be from some externally supplied data e.g. from a TLS message. The rules o...
Mental Arithmetic Math Workout - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application Mental Arithmetic Math Workout published at the 'play' market has multiple vulnerabilities...
The vulnerability of the Firefox browser, which allows a violator to trigger a service failure or cause other effects
The vulnerability of the srtpunprotect function in the Firefox WebRTC implementation arises due to a loss of precision in integer arithmetic. Exploiting this vulnerability can allow an attacker to cause a service failure or other effects such as memory corruption from a remote location...
Comodo - PackMan Unpacker Insufficient Parameter Validation
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=764 Packman is an obscure opensource executable packer that Comodo Antivirus attempts to unpack during scanning. The code is available online here: http://packmanpacker.sourceforge.net/ If the compression method is set to algorithm...
Debian Security Advisory DSA 3471-1 (qemu - security update)
Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware. CVE-2015-7295 Jason Wang of Red Hat Inc. discovered that the Virtual Network Device support is vulnerable to denial-of-service, that could occur when receiving large packets. CVE-2015-7504 Qinghao Tan...
Vulnerability of the Windows operating system, allowing a perpetrator to execute arbitrary code
The vulnerability of the Windows operating system arises from a loss of precision in integer arithmetic. Exploiting this vulnerability allows an attacker, working remotely, to execute arbitrary code using a specially crafted font...
FreeBSD : qemu -- denial of service vulnerability in VNC (67feba97-b1b5-11e5-9728-002590263bf5)
Prasad J Pandit, Red Hat Product Security Team, reports : Qemu emulator built with the VNC display driver support is vulnerable to an arithmetic exception flaw. It occurs on the VNC server side while processing the 'SetPixelFormat' messages from a client. A privileged remote client could use this...
SUSE SLED11 / SLES11 Security Update : libmspack (SUSE-SU-2015:2215-1)
libmspack was updated to fix several security vulnerabilities. - Fix NULL pointer dereference on a crafted CAB. bsc934524, CVE-2014-9732 - Fix denial of service while processing crafted CHM file. bsc934525, CVE-2015-4467 - Fix denial of service while processing crafted CHM file. bsc934529,...
SUSE-SU-2015:2215-1 Security update for libmspack
libmspack was updated to fix several security vulnerabilities. - Fix null pointer dereference on a crafted CAB. bsc934524, CVE-2014-9732 - Fix denial of service while processing crafted CHM file. bsc934525, CVE-2015-4467 - Fix denial of service while processing crafted CHM file. bsc934529,...
Python 2.7 strop.replace() Integer Overflow
Title: Python 2.7 strop.replace Integer Overflow Credit: John Leitch [email protected] Url1: http://autosectools.com/Page/Python-strop-replace-Integer-Overflow Url2: http://bugs.python.org/issue24708 Resolution: Fixed The Python 2.7 strop.replace method suffers from an integer overflow that c...
Python 2.7 check_multiply_size() Integer Overflow Vulnerability
Several functions within the imageop module are vulnerable to exploitable buffer overflows due to unsafe arithmetic in checkmultiplysize. The problem exists because the check to confirm that size == product / y / x does not take remainders into account. Title: Python 2.7 checkmultiplysize Integer...
Oracle: Security Advisory (ELSA-2015-0674)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the Apache HTTP Server web server allows attackers to trigger a service failure.
The vulnerability of the readrequestline function in the server/protocol.c component of the Apache HTTP Server is related to pointer arithmetic errors. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by sending a specially crafted request...
Internet Bug Bounty: Python: imageop Unsafe Arithmetic
http://bugs.python.org/issue24264 ---- Several functions within the imageop module are vulnerable to exploitable buffer overflows due to unsafe arithmetic in checkmultiplysize. The problem exists because the check to confirm that size == product / y / x does not take remainders into account. stat...
Unbreakable Enterprise kernel security and bugfix update
2.6.39-400.250.2 - crypto: aesni - fix memory usage in GCM decryption Stephan Mueller Orabug: 21077389 CVE-2015-3331 2.6.39-400.250.1 - xen/pciback: Don't disable PCICOMMAND on PCI device reset. Konrad Rzeszutek Wilk Orabug: 20807440 CVE-2015-2150 - xen-blkfront: fix accounting of reqs when...
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3019)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-3019 advisory. - IB/core: Prevent integer overflow in ibumemget address arithmetic Shachar Raindel Orabug: 20799875 CVE-2014-8159 CVE-2014-8159 - xen-pciback: lim...
Libmspack CHM decompression pointer arithmetic denial of service vulnerability (CNVD-2015-00970)
Libmspack is a library of related Microsoft compression formats such as CAB, CHM, HLP, LIT, KWAJ and SZDD. A pointer arithmetic overflow denial of service vulnerability exists in Libmspack's handling of specially crafted CHM files, which can be exploited by remote attackers to crash an applicatio...