Memory Corruption Vulnerability in Multiple Symantec and Norton Products (CNVD-2016-04439)

Symantec Advanced Threat Protection ATP, Symantec Embedded Security:Critical System Protection SES:CSP, and Symantec Data Center Security: Server Advanced SDCS:SA are security products from Symantec Corporation. Advanced SDCS:SA are security products from Symantec, Inc. ATP is a suite of software...

libarchive Rar decompression function stack buffer overflow vulnerability

libarchive is a multi-format archive and compression library. A stack buffer overflow vulnerability exists in the Rar decompression feature of libarchive. An attacker can exploit this vulnerability to cause a denial of service memory corruption or execute arbitrary code via a specially crafted Ra...

Libarchive Rar RestartModel Code Execution Vulnerability

SUMMARY An exploitable heap overflow vulnerability exists in the Rar decompression functionality of libarchive. A specially crafted Rar file can cause a heap corruption eventually leading to code execution. An attacker can send a malformed file to trigger this vulnerability. TESTED VERSIONS...

libxml2: DoS caused by incorrect error detection during XZ decompression

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash...

OurPHP backend has an arbitrary file upload vulnerability

OurPHP 傲派建站系统 is a website content management system developed using PHP language, the developer is Harbin Weicheng Technology Co. The upload file management module under the "Global/Interface" module in the administration background of OurPHP has the function of uploading hidden files. Since the...

Debian Security Advisory DSA 3565-1 (botan1.10 - security update)

Several security vulnerabilities were found in botan1.10, a C++ library which provides support for many common cryptographic operations, including encryption, authentication, X.509v3 certificates and CRLs. CVE-2015-5726 The BER decoder would crash due to reading from offset 0 of an empty vector i...

[SECURITY] [DLA 449-1] botan1.10 security update

Package : botan1.10 Version : 1.10.5-1+deb7u1 CVE ID : CVE-2014-9742 CVE-2015-5726 CVE-2015-5727 CVE-2015-7827 CVE-2016-2194 CVE-2016-2195 CVE-2016-2849 Several security vulnerabilities were found in botan1.10, a C++ library which provides support for many common cryptographic operations, includi...

New Heap-Spray Exploit Tied To LZH Archive Decompression

Researchers found a vulnerability in the classic compression standard Lhasa, once a mainstay for game developers in the mid-’90s and still in use today. Researchers at Cisco’s security research arm, Cisco Talos, identified the vulnerability calling it as a classic heap-spray exploit. In a report...

Comodo - LZMA Decoder Heap Overflow via Insufficient Parameter Checks

Comodo - LZMA Decoder Heap Overflow via Insufficient Parameter Checks Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=763 The LZMA specification says the following about the memory usage of decompression: "The size of the probability model counter arrays is calculated with the...

Comodo AntiVirus - Heap Overflow in LZX Decompression

Comodo AntiVirus - Heap Overflow in LZX Decompression Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=737 LzxDecoder::init initializes the vector LzxDecoder-window to a fixed size of 2^method bytes, which is then used during LzxDecoder::Extract. It's possible for LZX compressed...

Comodo AntiVirus - Heap Overflow in LZX Decompression

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=737 LzxDecoder::init initializes the vector LzxDecoder-window to a fixed size of 2^method bytes, which is then used during LzxDecoder::Extract. It's possible for LZX compressed...

Comodo AntiVirus - Heap Overflow in LZX Decompression

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=737 LzxDecoder::init initializes the vector LzxDecoder-window to a fixed size of 2^method bytes, which is then used during LzxDecoder::Extract. It's possible for LZX compressed streams to exceed this size. Writes to the window buff...

SUSE-SU-2016:0807-1 Security update for clamsap

This update fixes the following security issues: CVE-2015-2278: The LZH decompression implementation allows context-dependent attackers to cause a denial of service out-of-bounds read via unspecified vectors, related to look-ups of non-simple codes. CVE-2015-2282: Stack-based buffer overflow in t...

Buffer overflow in Brotli decompression — Mozilla

Security researcher Luke Li reported a pointer underflow bug in the Brotli library's decompression that leads to a buffer overflow. This results in a potentially exploitable crash when triggered...

FreeBSD : wireshark -- multiple vulnerabilities (42c2c422-df55-11e5-b2bd-002590263bf5)

Wireshark development team reports : The following vulnerabilities have been fixed : - wnpa-sec-2015-31 NBAP dissector crashes. Bug 11602, Bug 11835, Bug 11841 - wnpa-sec-2015-37 NLM dissector crash. - wnpa-sec-2015-39 BER dissector crash. - wnpa-sec-2015-40 Zlib decompression crash. Bug 11548 -...

botan: multiple issues

CVE-2016-2194 denial of service The ressol function implements the Tonelli-Shanks algorithm for finding square roots could be sent into a nearly infinite loop due to a misplaced conditional check. This could occur if a composite modulus is provided, as this algorithm is only defined for primes...

PT-2018-12658

Name of the Vulnerable Software and Affected Versions libmspack versions prior to 0.7alpha Description An issue was discovered in the CHM decompression functionality of libmspack, specifically in the mspack/chmd.c file. The problem lies in an off-by-one error within the TOLOWER macro...

PowerDNS Authoritative Server 3.x < 3.4.5 Label Decompression Self-Referential Name Handling DoS

According to its self-reported version number, the version of the PowerDNS Authoritative Server listening on the remote host is version 3.x prior to 3.4.5. It is, therefore, affected by a denial of service vulnerability due to improper validation of user-supplied input when handling...

Samsung Android 5. 0 device WifiCredService remote code execution-vulnerability warning-the black bar safety net

The vulnerability is in a few months ago is Google Project Zero and the Quarkslab team found, has only recently been disclosed. The vulnerability only requires the user to browse a website or download a mail attachment or by the basic will not have any rights of a third party malicious programs c...

RHEL 7 : python (RHSA-2015:2101)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:2101 advisory. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes...