USN-2791-1 nss vulnerabilities

Tyson Smith and David Keeler discovered that NSS incorrectly handled decoding certain ASN.1 data. An remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code...

Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash

Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash Source: https://code.google.com/p/google-security-research/issues/detail?id=497 Loading the bitmap bmpmemset.bmp can cause a crash due to a memset writing out of bounds. I/DEBUG 2961: pid: 12383, tid: 12549, name: thread-pool-1...

Samsung - libQjpeg Image Decoding Memory Corruption

Samsung - libQjpeg Image Decoding Memory Corruption Source: https://code.google.com/p/google-security-research/issues/detail?id=495 The attached JPEG file causes memory corruption the DCMProvider service when the file is processed by the media scanner, leading to the following crash: quaramip.jpg...

Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash

Source: https://code.google.com/p/google-security-research/issues/detail?id=497 Loading the bitmap bmpmemset.bmp can cause a crash due to a memset writing out of bounds. I/DEBUG 2961: pid: 12383, tid: 12549, name: thread-pool-1 com.sec.android.gallery3d I/DEBUG 2961: signal 11 SIGSEGV, code 2...

Samsung - libQjpeg Image Decoding Memory Corruption

Source: https://code.google.com/p/google-security-research/issues/detail?id=495 The attached JPEG file causes memory corruption the DCMProvider service when the file is processed by the media scanner, leading to the following crash: quaramip.jpg: I/DEBUG 2962: pid: 19350, tid: 19468, name: HEAVY0...

Updated ntp package fixes security vulnerabilities

Yves Younan discovered that NTP incorrectly handled logfile and keyfile directives. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to enter a loop, resulting in a denial of service CVE-2015-7850. Yves Younan discovered that NTP incorrect...

Samsung - m2m1shot Kernel Driver Buffer Overflow

Samsung - m2m1shot Kernel Driver Buffer Overflow Source: https://code.google.com/p/google-security-research/issues/detail?id=493 The Samsung m2m1shot driver framework is used to provide hardware acceleration for certain media functions, such as JPEG decoding and scaling images. The driver endpoin...

Oracle: Security Advisory (ELSA-2009-1159)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2754-1 thunderbird vulnerabilities

Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, and Cameron McCormack discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a...

Mozilla: Buffer overflow while decoding WebM video (MFSA 2015-105)

Heap-based buffer overflow in the nesteggtrackcodecdata function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video...

Kaspersky AntiVirus - UPX Parsing Memory Corruption

Kaspersky AntiVirus - UPX Parsing Memory Corruption Source: https://code.google.com/p/google-security-research/issues/detail?id=527 While fuzzing UPX packed files, this crash was discovered resulting in an arbitrary stack-relative write. This vulnerability is obviously remotely exploitable for...

openldap: denial of service

By sending a crafted packet, an attacker can cause the OpenLDAP daemon to crash with a SIGABRT. This is due to an assert call within the bergetnext method io.c line 682 that is hit when decoding tampered BER data. The following proof of concept exploit can be used to trigger the condition: echo...

SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2015:1518-1)

gnutls was updated to fix several security vulnerabilities. - fix double free in certificate DN decoding GNUTLS-SA-2015-3bsc941794,CVE-2015-6251 - fix invalid read in octet string in bundled libtasn1 bsc929414,CVE-2015-3622 - fix ServerKeyExchange signature issue GNUTLS-SA-2015-2bsc929690 Note th...

openSUSE Security Update : gnutls (openSUSE-2015-567)

Gnutls was updated to fix one security issue. The following vulnerability was fixed : - CVE-2015-6251: Decoding specific certificates with very long DistinguishedName DN entries could have caused a double free, which may have resulted in a Denial of Service GNUTLS-SA-2015-3 %NASLMINLEVEL 70300 C...

Mainframe/System Z Bind Shell

Mainframe/System Z Bind Shell. Shellcode exploit for systemz platform TITLE 'sbshellcode.s x Author: Bigendian Smalls' ACONTROL AFPR SBSHELL CSECT SBSHELL AMODE 31 SBSHELL RMODE ANY SYSSTATE ARCHLVL=2 ENTRY MAIN MAIN DS 0F Begin setup and stack management STM 6,4,1213 store all the registers in o...

Multiple EMC RSA Products ESA-2015-081 Multiple Security Vulnerabilities

受影响的产品： RSA BSAFE Micro Edition Suite MES all 4.1.x versions prior to 4.1.3 RSA BSAFE Micro Edition Suite MES all 4.0.x versions prior to 4.0.8 RSA BSAFE Crypto-C Micro Edition Crypto-C ME 4.1 RSA BSAFE Crypto-C Micro Edition Crypto-C ME all versions prior to 4.0.4 RSA BSAFE Crypto-J all versions...

MGASA-2015-0322 Updated gnutls packages fix security vulnerabilities

It was reported that GnuTLS does not check whether the two signature algorithms match on certificate import CVE-2015-0294. Kurt Roeckx discovered that decoding a specific certificate with very long DistinguishedName DN entries leads to double free. A remote attacker can take advantage of this fla...

httpd: HTTP request smuggling attack against chunked request parser

Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP...

SUSE-SU-2015:1518-1 Security update for gnutls

gnutls was updated to fix several security vulnerabilities. - fix double free in certificate DN decoding GNUTLS-SA-2015-3bsc941794,CVE-2015-6251 - fix invalid read in octet string in bundled libtasn1 bsc929414,CVE-2015-3622 - fix ServerKeyExchange signature issue GNUTLS-SA-2015-2bsc929690...

CVE-2015-0537

Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition Crypto-C ME before 4.0.4 and 4.1, and RSA BSAFE SSL-C 2.8.9 and earlier allows remote attackers to cause a denial of service...