Comodo - PackMan Unpacker Insufficient Parameter Validation

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=764 Packman is an obscure opensource executable packer that Comodo Antivirus attempts to unpack during scanning. The code is available online here: http://packmanpacker.sourceforge.net/ If the compression method is set to algorithm...

Debian Security Advisory DSA 3471-1 (qemu - security update)

Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware. CVE-2015-7295 Jason Wang of Red Hat Inc. discovered that the Virtual Network Device support is vulnerable to denial-of-service, that could occur when receiving large packets. CVE-2015-7504 Qinghao Tan...

Vulnerability of the Windows operating system, allowing a perpetrator to execute arbitrary code

The vulnerability of the Windows operating system arises from a loss of precision in integer arithmetic. Exploiting this vulnerability allows an attacker, working remotely, to execute arbitrary code using a specially crafted font...

FreeBSD : qemu -- denial of service vulnerability in VNC (67feba97-b1b5-11e5-9728-002590263bf5)

Prasad J Pandit, Red Hat Product Security Team, reports : Qemu emulator built with the VNC display driver support is vulnerable to an arithmetic exception flaw. It occurs on the VNC server side while processing the 'SetPixelFormat' messages from a client. A privileged remote client could use this...

SUSE SLED11 / SLES11 Security Update : libmspack (SUSE-SU-2015:2215-1)

libmspack was updated to fix several security vulnerabilities. - Fix NULL pointer dereference on a crafted CAB. bsc934524, CVE-2014-9732 - Fix denial of service while processing crafted CHM file. bsc934525, CVE-2015-4467 - Fix denial of service while processing crafted CHM file. bsc934529,...

SUSE-SU-2015:2215-1 Security update for libmspack

libmspack was updated to fix several security vulnerabilities. - Fix null pointer dereference on a crafted CAB. bsc934524, CVE-2014-9732 - Fix denial of service while processing crafted CHM file. bsc934525, CVE-2015-4467 - Fix denial of service while processing crafted CHM file. bsc934529,...

Python 2.7 strop.replace() Integer Overflow

Title: Python 2.7 strop.replace Integer Overflow Credit: John Leitch [email protected] Url1: http://autosectools.com/Page/Python-strop-replace-Integer-Overflow Url2: http://bugs.python.org/issue24708 Resolution: Fixed The Python 2.7 strop.replace method suffers from an integer overflow that c...

Python 2.7 check_multiply_size() Integer Overflow Vulnerability

Several functions within the imageop module are vulnerable to exploitable buffer overflows due to unsafe arithmetic in checkmultiplysize. The problem exists because the check to confirm that size == product / y / x does not take remainders into account. Title: Python 2.7 checkmultiplysize Integer...

Oracle: Security Advisory (ELSA-2015-0674)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the Apache HTTP Server web server allows attackers to trigger a service failure.

The vulnerability of the readrequestline function in the server/protocol.c component of the Apache HTTP Server is related to pointer arithmetic errors. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by sending a specially crafted request...

Internet Bug Bounty: Python: imageop Unsafe Arithmetic

http://bugs.python.org/issue24264 ---- Several functions within the imageop module are vulnerable to exploitable buffer overflows due to unsafe arithmetic in checkmultiplysize. The problem exists because the check to confirm that size == product / y / x does not take remainders into account. stat...

Unbreakable Enterprise kernel security and bugfix update

2.6.39-400.250.2 - crypto: aesni - fix memory usage in GCM decryption Stephan Mueller Orabug: 21077389 CVE-2015-3331 2.6.39-400.250.1 - xen/pciback: Don't disable PCICOMMAND on PCI device reset. Konrad Rzeszutek Wilk Orabug: 20807440 CVE-2015-2150 - xen-blkfront: fix accounting of reqs when...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3019)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-3019 advisory. - IB/core: Prevent integer overflow in ibumemget address arithmetic Shachar Raindel Orabug: 20799875 CVE-2014-8159 CVE-2014-8159 - xen-pciback: lim...

Libmspack CHM decompression pointer arithmetic denial of service vulnerability (CNVD-2015-00970)

Libmspack is a library of related Microsoft compression formats such as CAB, CHM, HLP, LIT, KWAJ and SZDD. A pointer arithmetic overflow denial of service vulnerability exists in Libmspack's handling of specially crafted CHM files, which can be exploited by remote attackers to crash an applicatio...

Libmspack CHM decompression pointer arithmetic denial of service vulnerability (CNVD-2015-00969)

Libmspack is a library of related Microsoft compression formats such as CAB, CHM, HLP, LIT, KWAJ and SZDD. A denial of service vulnerability exists in Libmspack's handling of CHM decompression, which can be exploited by remote attackers to crash an application...

RHEL 6 : kernel (RHSA-2013:1519)

Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.2 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, whi...

openSUSE Security Update : apache2-mod_fcgid (openSUSE-SU-2011:0884-1)

A possible stack overflow in apache2-modfcgid due to wrong pointer arithmetic has been fixed. CVE-2010-3872 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

Internet Bug Bounty: PHP Heap Overflow Vulnerability in imagecrop()

Overview: --------- PHP 5.5.0 added a function called imagecrop in PHP's gd extension. This function is implemented using the gdImageCrop function, which creates a new gd image and crops the result by directly copying pixel data. However, this function contains multiple arithmetic operations pron...

[ipset_list] ipset set listing wrapper script

Features: Calculate sum of set members and match on that count. List only members of a specified set. Choose a delimiter character for separating members. Show only sets containing a specific glob matching header. Arithmetic comparison on headers with an integer value. Match members using a...

Apache mod_fcgid Module < 2.3.9 fcgid_header_bucket_read() Function Heap-Based Buffer Overflow

According to its self-reported banner, the Apache web server listening on this port includes a version of the modfcgid module earlier than 2.3.9. That reportedly has a heap-based buffer overflow vulnerability because of an error in the pointer arithmetic used in the 'fcgidheaderbucketread'...