CVE-2015-7054

zlib in the Compression component in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not initialize memory for an unspecified data structure, which allows remote attackers to execute arbitrary code via a crafted web site...

Mac OS X Multiple Vulnerabilities (Security Updates 2015-005 / 2015-008)

The remote host is running a version of Mac OS X 10.9.5 or 10.10.5 that is missing Security Update 2015-005 or 2015-008. It is, therefore, affected by multiple vulnerabilities in the following components : - apachemodphp - AppSandbox - Bluetooth - CFNetwork HTTPProtocol - Compression -...

Apple iOS < 9.2 Multiple Vulnerabilities

Binary data appleios92check.nbin...

Mac OS X 10.11.x < 10.11.2 Multiple Vulnerabilities

The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.2. It is, therefore, affected by multiple vulnerabilities in the following components : - apachemodphp - AppSandbox - Bluetooth - CFNetwork HTTPProtocol - Compression - Configuration Profiles - CoreGraphics - CoreMedi...

CVE-2015-6778

The CJBig2SymbolDict class in fxcodec/jbig2/JBig2SymbolDict.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service out-of-bounds memory access or possibly have unspecified other impact via a PDF document containing crafted data with JBIG2...

Out-of-bounds

The CJBig2SymbolDict class in fxcodec/jbig2/JBig2SymbolDict.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service out-of-bounds memory access or possibly have unspecified other impact via a PDF document containing crafted data with JBIG2...

CVE-2015-6778

CVE-2015-6778 affects PDFium in Chrome before 47.0.2526.73. The vulnerability is an out-of-bounds read in CJBig2_SymbolDict.cpp (JBIG2 data in PDFs) that could allow a remote attacker to cause a denial of service or other impact via crafted JBIG2 data. Public references corroborate the flaw in PD...

CVE-2015-6778

The CJBig2SymbolDict class in fxcodec/jbig2/JBig2SymbolDict.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service out-of-bounds memory access or possibly have unspecified other impact via a PDF document containing crafted data with JBIG2...

CVE-2015-6778

Removed by vendor...

FreeBSD : libxml2 -- multiple vulnerabilities (e5423caf-8fb8-11e5-918c-bcaec565249c)

reports : CVE-2015-5312 Another entity expansion issue David Drysdale. CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey David Drysdale. CVE-2015-7498 Avoid processing entities after encoding conversion failures Daniel Veillard. CVE-2015-7499 1 Add xmlHaltParser to stop the...

DEBIAN-CVE-2015-8035

The xzdecomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service process hang via crafted XML data...

CVE-2015-8035

The xzdecomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service process hang via crafted XML data...

Design/Logic Flaw

The xzdecomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service process hang via crafted XML data...

CVE-2015-8035

The xzdecomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service process hang via crafted XML data...

CVE-2015-8035

The xzdecomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service process hang via crafted XML data...

DEBIAN-CVE-2015-8218

The decodeuncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted CCITT FAX data...

SSL and TLS protocol test suite and fuzzer: tlsfuzzer

tlsfuzzer is a combination of TLS test framework, ready-to-use tests and hopefully in the future a fuzzer for TLS protocol. The aim is to have ability to test TLS implementation everywhere a fairly recent version of Python can run 2.6, 3.2 or later. Current implementation efforts focus on testing...

UBUNTU-CVE-2015-8035

The xzdecomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service process hang via crafted XML data...

Oracle: Security Advisory (ELSA-2013-0587)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Bosch Security Systems Dinion NBN-498 XML Injection

Exploit Title: Bosch Security Systems - XML Injection - Dinion NBN-498 Web Interface Date: 01/09/2015 Exploit Author: neom22 Vendor Homepage: http://us.boschsecurity.com Data Sheet: http://resource.boschsecurity.us/documents/DatasheetenUS9007201286798987.pdf Version: Hardware Firmware 4.54.0026 -...