jasper: unrestricted stack memory use in jpc_qmfb.c (oCERT-2015-001)

An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code...

jasper security update

1.900.1-16.3 - CVE-2014-8157 - dec-numtiles off-by-one check in jpcdecprocesssot 1183671 - CVE-2014-8158 - unrestricted stack memory use in jpcqmfb.c 1183679...

Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20141014)

An out-of-bounds write flaw was found in the way the glibc's readdirr function handled file system entries longer than the NAMEMAX character constant. A remote attacker could provide a specially crafted NTFS or CIFS file system that, when processed by an application using readdirr, would cause th...

Internet Bug Bounty: Adobe Flash Player Out-of-Bound Read/Write Vulnerability

I. Summary Adobe Flash Player is prone to a vulnerability which leads to Out-of-Bound access of memory. During the compilation of a malformed regular expression, relevant operations would cause Out-of-Bound Read/Write of stack and heap memory. Successful exploits may allow an attacker to gain...

DEBIAN-CVE-2014-3508

The OBJobj2txt function in crypto/objects/objdat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process...

CVE-2014-3508

The OBJobj2txt function in crypto/objects/objdat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process...

CVE-2014-3508

The OBJobj2txt function in crypto/objects/objdat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process...

CVE-2014-3508

The OBJobj2txt function in crypto/objects/objdat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process...

Stack overflow

Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denial of service daemon hang via a crafted T-SQL statement, aka "Microsoft SQL Server Stack Overrun...

CVE-2014-4061

CVE-2014-4061 affects Microsoft SQL Server 2008 SP3, SQL Server 2008 R2 SP2, and SQL Server 2012 SP1. The root cause is improper control of stack memory when processing T-SQL batch commands, enabling remote authenticated users to cause a denial of service (daemon hang). Connected sources align on...

KLA10615 Multiple vulnerabilities in Microsoft SQL Server

Multiple serious vulnerabilities have been found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to cause denial of service or inject arbitrary code. Below is a complete list of vulnerabilities 1. Lack of stack memory restrictions can be exploited remotely via a special...

OpenSSL 1.0.0 < 1.0.0n Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.0n. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.0n advisory. - The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i...

UBUNTU-CVE-2014-3508

The OBJobj2txt function in crypto/objects/objdat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process...

IRIX 5.x/6.x MediaMail HOME Environment Variable Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7672/info A buffer overflow vulnerability has been reported for the MediaMail binary that may result in a user obtaining elevated privileges. Although unconfirmed, an attacker, using a custom crafted string, could overwri...

Lonerunner Zeroo HTTP Server 1.5 - Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6190/info Zeroo HTTP server is a freely available, open source web server. It is available for the Linux and Microsoft Windows platforms. It has been reported that Zeroo HTTP server does not sufficiently check bounds on...

Interbase 6.0 GDS_Drop Interbase Environment Variable Buffer Overflow (1)

No description provided by source. source: http://www.securityfocus.com/bid/5044/info Interbase is a database distributed and maintained by Borland. It is available for Unix and Linux operating systems. A buffer overflow has been discovered in the gdsdrop program packaged with Interbase. This...

Epic Games Unreal Engine 436 Client Unreal URL Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6774/info t has been reported that a memory corruption bug exists in games based on the Unreal Engine. Under some circumstances, when the game client connects to a server using a excessive length Unreal URL it may be...

Mandrake 7/8/9,RedHat 6.x/7 Bonobo EFSTool Commandline Argument Buffer Overflow (1)

No description provided by source. source: http://www.securityfocus.com/bid/5125/info Bonobo is a set of tools and CORBA interfaces included as part of the Gnome infrastructure. It is designed for use on the Linux and Unix operating systems. A boundry condition error has been discovered in the...

xtell 1.91.1/2.6.1 - Multiple Remote Buffer Overflow Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/4193/info xtell is a simple network messaging program. It may be used to transmit terminal messages between users and machines. xtell is available for Linux, BSD and most other Unix based operating systems. Multiple buffe...

Sun SunVTS 4.x PTExec Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2898/info SunVTS is the Sun Validation Test Suite, distributed and maintained by Sun Microsystems. The SunVTS is used to test various components of OEM Sun hardware, and can also be used to stress-test components and...