sensu: Password exposure in warn level log when configured for multiple rabbitMQ connections

Sensu's redaction function fails to handle the redaction of sensitive data in deeply nested data structures, resulting in sensitive data, such as passwords, being logged in clear-text...

sensu: Password exposure in warn level log when configured for multiple rabbitMQ connections

Sensu's redaction function fails to handle the redaction of sensitive data in deeply nested data structures, resulting in sensitive data, such as passwords, being logged in clear-text...

UBUNTU-CVE-2017-12933

The finishnesteddata function in ext/standard/varunserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP...

CVE-2017-9617

In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion uncontrolled recursion in the dissectdaaponetag function in epan/dissectors/packet-daap.c in the DAAP dissector...

Wireshark ASN.1 BER parser denial of service vulnerability (CNVD-2016-02775)

Wireshark formerly known as Ethereal is a suite of network packet analysis software developed by the Wireshark team. A denial of service vulnerability exists in the epan/dissectors/packet-ber.c file in the ASN.1 BER parser in Wireshark versions 1.12.x prior to 1.12.10, and versions 2.x prior to...

UBUNTU-CVE-2016-4421

epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service deep recursion, stack consumption, and application crash via a packet that specifies deeply nested data...

php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re

A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re

A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

PHP Core unserialize process nested data Use After Free - Ver2 (CVE-2014-8142)

A use-after-free vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical keys within the unserialize function. An attacker could exploit this vulnerability by sending crafted serialized data to a web applicati...

PHP Core unserialize process nested data Use After Free - ver 2 (CVE-2014-8142; CVE-2015-0231)

A code execution vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical number key names within the unserialize function. A remote attacker can exploit the vulnerability by sending crafted serialized data to ...

PHP process_nested_data function memory misreference vulnerability

PHP is a popular programming language. A memory misreference vulnerability in the processnesteddata function in PHP ext/standard/varunserializer.re allows remote attackers to execute arbitrary code using special unserialized calls...

UBUNTU-CVE-2014-8142

Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys...

security flaw

Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads...