3256 matches found
[SECURITY] Fedora 21 Update: suricata-2.0.7-1.fc21
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
CVE-2015-2188
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet that is improperly...
DEBIAN-CVE-2015-2188
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet that is improperly...
CVE-2015-2188
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet that is improperly...
UBUNTU-CVE-2015-2188
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet that is improperly...
CVE-2015-2188
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet that is improperly...
UnAce buffer overflow vulnerability
UnAce is a decompression application. A security vulnerability exists in UnAce's handling of special files, allowing an attacker to exploit the vulnerability to crash the application...
Fedora 20 : pigz-2.3.3-1.fc20 (2015-1510)
Update to 2.3.3, fixes CVE-2015-1191 : - Return zero exit code when only warnings are issued - Increase speed of unlzw Unix compress decompression - Update zopfli to current google state - Allow larger maximum blocksize -b, now 512 MiB - Do not require that -d precede -N, -n, -T options - Strip a...
Fedora 21 : pigz-2.3.3-1.fc21 (2015-1488)
Update to 2.3.3, fixes CVE-2015-1191 : - Return zero exit code when only warnings are issued - Increase speed of unlzw Unix compress decompression - Update zopfli to current google state - Allow larger maximum blocksize -b, now 512 MiB - Do not require that -d precede -N, -n, -T options - Strip a...
Mandriva Linux Security Advisory : cabextract (MDVSA-2015:041)
Updated cabextract packages fix security vulnerability : Libmspack, a library to provide compression and decompression of some file formats used by Microsoft, is embedded in cabextract. A specially crafted cab file can cause cabextract to hang forever. If cabextract is exposed to any...
Libmspack CHM Decompression Divide by Zero Denial of Service Vulnerability
Libmspack is a library of related Microsoft compression formats such as CAB, CHM, HLP, LIT, KWAJ and SZDD. Libmspack's handling of specially crafted CHM files suffers from a divide-by-zero denial-of-service vulnerability, which can be exploited by remote attackers to crash an application...
Libmspack CHM Decompression Denial of Service Vulnerability
Libmspack is a library of related Microsoft compression formats such as CAB, CHM, HLP, LIT, KWAJ and SZDD. A denial-of-service vulnerability exists in Libmspack CHM Decompression, which can be exploited by an attacker to crash an affected application and deny service to legitimate users...
Updated cabextract packages fix CVE-2014-9556
Updated cabextract packages fix security vulnerability: Libmspack, a library to provide compression and decompression of some file formats used by Microsoft, is embedded in cabextract. A specially crafted cab file can cause cabextract to hang forever. If cabextract is exposed to any...
[SECURITY] Fedora 20 Update: suricata-2.0.6-1.fc20
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
[SECURITY] Fedora 21 Update: suricata-2.0.6-1.fc21
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
Fedora 21 : python-pillow-2.6.1-2.fc21 (2015-0667)
This update fixes a potential denial-of-service during PNG decompression. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
DEBIAN-CVE-2014-9601
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed...
PYSEC-2015-16
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed...
miniunzip 'minizip.c' Directory Traversal Vulnerability
miniunzip is a decompression program. A directory traversal vulnerability exists in miniunzip 'minizip.c' when processing compressed files, allowing an attacker to exploit the vulnerability to overwrite system files...
Apache HTTP Server mod_deflate Denial of Service - Ver2 (CVE-2014-0118)
A denial of service vulnerability exists in Apache HTTP server. The vulnerability exists in the moddeflate module and is due to a resource exhaustion that is related to request body decompression configuration. A remote, unauthenticated attacker can leverage this vulnerability by sending a...