wget HTTP integer overflow(CVE-2017-13089)

That’s an interesting vulnerability in GNU wget. According to the wget project, this was reported by Antti Levomäki, Christian Jalio, Joonas Pihlaja of Forcepoint as well as Juhani Eronen of the Finnish National Cyber Security Centre. The vulnerability is in src/http.c source code file and more...

Heap overflow

LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service stack-based buffer overflow or heap-based buffer overflow or possibly have unspecified other impact via a crafted file, as demonstrated by...

CVE-2017-7602

LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...

DEBIAN-CVE-2017-7602

LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...

CVE-2017-7603

auchannel.h in HE-AAC+ Codec aka libaacplus 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted audio file...

CVE-2017-7602

LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...

CVE-2017-7603

auchannel.h in HE-AAC+ Codec aka libaacplus 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted audio file...

CVE-2017-7602

LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...

UBUNTU-CVE-2017-7602

LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...

Fedora 25 : gd (2017-bab5698540)

Version 2.2.4 - 2017-01-18 Security - gdImageCreate doesn't check for oversized images and as such is prone to DoS vulnerabilities. CVE-2016-9317 - double-free in gdImageWebPtr CVE-2016-6912 - potential unsigned underflow in gdinterpolation.c - DOS vulnerability in gdImageCreateFromGd2Ctx Fixed -...

Ubuntu 16.04 LTS : Linux kernel (Raspberry Pi 2) vulnerabilities (USN-3169-3)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3169-3 advisory. Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture ALSA subsystem of the Linux kernel...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3168-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3168-1 advisory. Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment CS in certain error cases. A local...

Ubuntu 16.04 LTS : Linux kernel (Qualcomm Snapdragon) vulnerabilities (USN-3169-4)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3169-4 advisory. Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture ALSA subsystem of the Linux kernel...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3169-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3169-1 advisory. Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment CS in certain error cases. A local...

Ubuntu: Security Advisory (USN-3169-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.10 : linux vulnerabilities (USN-3170-1)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment CS in certain error cases. A local attacker could use this to expose sensitive information kernel memory. CVE-2016-9756 Andrey Konovalov discovered that signed integer overflows...

USN-3170-2: Linux kernel (Raspberry Pi 2) vulnerabilities

Andrey Konovalov discovered that the ipv6 icmp implementation in the Linux kernel did not properly check data structures on send. A remote attacker could use this to cause a denial of service system crash. CVE-2016-9919 Andrey Konovalov discovered that signed integer overflows existed in the...

USN-3169-4: Linux kernel (Qualcomm Snapdragon) vulnerabilities

Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture ALSA subsystem of the Linux kernel. A local attacker could use this to cause a denial of service system crash. CVE-2016-9794 Andrey Konovalov discovered that signed integer...

USN-3169-3: Linux kernel (Raspberry Pi 2) vulnerabilities

Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture ALSA subsystem of the Linux kernel. A local attacker could use this to cause a denial of service system crash. CVE-2016-9794 Andrey Konovalov discovered that signed integer...

USN-3169-1 linux vulnerabilities

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment CS in certain error cases. A local attacker could use this to expose sensitive information kernel memory. CVE-2016-9756 Andrey Konovalov discovered that signed integer overflows...