Critical: Red Hat Security Advisory: nss-util security update

An update for nss-util is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise Linux 6.6...

Critical: Red Hat Security Advisory: nss security update

An update for nss is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

nss: Write beyond bounds caused by bugs in Base64 de/encoding in nssb64d.c and nssb64e.c (MFSA 2017-10)

An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an...

Critical: Red Hat Security Advisory: nss security update

An update for nss is now available for Red Hat Enterprise Linux 5.9 Long Life. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

UBUNTU-CVE-2017-5443

An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

RHEL 5 : nss (RHSA-2017:1103)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:1103 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...

[ASA-201704-4] nss: arbitrary code execution

Arch Linux Security Advisory ASA-201704-4 ========================================= Severity: Critical Date : 2017-04-20 CVE-ID : CVE-2017-5461 Package : nss Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-247 Summary ======= The package nss before version...

Exploit for Use of a Broken or Risky Cryptographic Algorithm in Cyberark Credential_Provider

C-Ark Credential Decoder Exploit tool for CVE-2021-31796...

UBUNTU-CVE-2017-7976

Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2imagecompose function in jbig2image.c during operations on a crafted .jb2 file, leading to a denial of service application crash or disclosure of sensitive information from process memory...

UBUNTU-CVE-2017-7865

FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideodecodeblockopcode0xA function in libavcodec/interplayvideo.c and the avcodecaligndimensions2 function in libavcodec/utils.c...

DEBIAN-CVE-2017-7866

FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decodezbuf function in libavcodec/pngdec.c...

XSS Vulnerability in jira.issueviews:searchrequest-xml

The endpoint /sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml/|https://jira.uberinternal.com/sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml/-- is vulnerable to an XSS injection in certain cases. Normally, the browser will urlencode its requests, but some proxy servers and...

NSS -- multiple vulnerabilities

Mozilla Foundation reports: An out-of-bounds write during Base64 decoding operation in the Network Security Services NSS library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address...

Libbpg library integer overflow vulnerability

Libbpg library is a new image format library. An integer overflow vulnerability exists in the BPG image decoding process in Libbpg library versions 0.9.4 and 0.9.7. An attacker can exploit this vulnerability to execute code with specially crafted BPG images...

PT-2017-9653 · Iceni · Iceni Argus

Name of the Vulnerable Software and Affected Versions: Iceni Argus affected versions not specified Description: An exploitable heap-based buffer overflow exists when the software attempts to convert a malformed PDF with an object encoded with multiple encoding types terminating with an LZW encode...

Adobe Flash: Heap Overflow in YUVPlane decoding (CVE-2017-2986)

The attached FLV file causes a heap overflow in YUVPlane decoding. To reproduce, put LoadMP4. swf and yuvplane. flv on a server, and visit 127.0.0.1/LoadMP4. swf? file=yvplane. flv. Attachment: yuvplane. flv LoadMP4. swf...

Adobe Flash - YUVPlane Decoding Heap Overflow Exploit

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1008 The attached FLV file causes a heap overflow in YUVPlane decoding. To reproduce, put LoadMP4.swf and yuvplane.flv on a server, and visit 127.0.0.1/LoadMP4.swf?file=yvplane.fl...

openSUSE Security Update : chromium (openSUSE-2017-273)

Google chromium was updated to 56.0.2924.87 : - Various small fixes - Disabled option to enable/disable plugins in the chrome://plugins - Changed the build requirement of libavformat to library version 57.41.100, as included in ffmpeg 3.1.1, as only this version properly supports the public...

Adobe Flash - YUVPlane Decoding Heap Overflow

Adobe Flash - YUVPlane Decoding Heap Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1008 The attached FLV file causes a heap overflow in YUVPlane decoding. To reproduce, put LoadMP4.swf and yuvplane.flv on a server, and visit 127.0.0.1/LoadMP4.swf?file=yvplane.flv. Pro...

Adobe Flash - YUVPlane Decoding Heap Overflow

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1008 The attached FLV file causes a heap overflow in YUVPlane decoding. To reproduce, put LoadMP4.swf and yuvplane.flv on a server, and visit 127.0.0.1/LoadMP4.swf?file=yvplane.flv. Proof of Concept:...