DEBIAN-CVE-2017-18122

A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid...

Unspecified Vulnerability in Google Android Qualcomm Component (CNVD-2017-27868)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA in the U.S. Qualcomm is one of the Qualcomm components used in Qualcomm devices. An unspecified vulnerability exists in the Google Android Qualcomm component, where disabling...

CVE-2016-9535

tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."...

CVE-2016-9535

tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."...

CVE-2016-9535

tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."...

Out-of-bounds

Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::doubleconversion::Vector classes, which allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact via a crafted web site...

DLA-445-2 squid3 - regression update

Bulletin has no description...

PCRE Denial of Service Vulnerability (CNVD-2015-07880)

PCRE Perl Compatible Regular Expressions is a software developer Philip Hazel developed a use of C language written in open source regular expression library. A security vulnerability exists in PCRE versions prior to 8.38, which stems from the program's failure to properly handle the interaction ...

Updated python-cryptography packages fix security vulnerability

The OpenSSL backend prior to 1.0.2 made extensive use of assertions to check response codes where our tests could not trigger a failure. However, when Python is run with -O these asserts are optimized away. If a user ran Python with this flag and got an invalid response code this could result in...

AdNovum nevisAuth SAML Certificate Matching Vulnerability

AdNovum nevisAuth is a user system authentication and access management solution. AdNovum nevisAuth fails to correctly match X.509 certificates and IdP certificates, allowing remote attackers to submit specially crafted certificates to inject arbitrary SAML assertions...

CVE-2015-5372

The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider IdP, which allows remote attackers to inject arbitrary SAML...

CVE-2015-5372

The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider IdP, which allows remote attackers to inject arbitrary SAML...

Microsoft Windows win32k!xxxRealDrawMenuItem() Missing HBITMAP Bounds Checks

No description provided by source. Microsoft Windows win32k!xxxRealDrawMenuItem missing HBITMAP bounds checks ---------------------------------------------------------------------------- Microsoft produce two builds of each of thier supported operating system, a checked build and a free build. Th...

Ethereal <= 0.10.10 (dissect_ipc_state) Remote Denial of Service Exploit

No description provided by source. // / / / Ethereal = 0.10.10 dissectipcstate DoS / / Tested on 0.9.4 and 0.10.10 / / / / Bug found by the Ethereal BuildBot / / Code ripped from vade79 / / Exploit by Nicob [email protected] / / / / From the Ethereal Security Advisory 19 : / /...

openSUSE Security Update : tor (openSUSE-SU-2012:1278-1)

update to 0.2.2.39 bnc780620 Changes in version 0.2.2.39 - 2012-09-11 Tor 0.2.2.39 fixes two more opportunities for remotely triggerable assertions. o Security fixes : - Fix an assertion failure in tortimegm that could be triggered by a badly formatted directory object CVE-2012-4922. - Do not...

Mandriva Linux Security Advisory : subversion (MDVSA-2013:288)

Updated subversion package fixes security vulnerabilities : moddontdothat allows you to block update REPORT requests against certain paths in the repository. It expects the paths in the REPORT request to be absolute URLs. Serf based clients send relative URLs instead of absolute URLs in many case...

subversion -- multiple vulnerabilities

Subversion Project reports: moddontdothat does not restrict requests from serf based clients moddontdothat allows you to block update REPORT requests against certain paths in the repository. It expects the paths in the REPORT request to be absolute URLs. Serf based clients send relative URLs...

Fedora Update for nodejs-callsite FEDORA-2013-11780

Check for the Version of nodejs-callsite OpenVAS Vulnerability Test Fedora Update for nodejs-callsite FEDORA-2013-11780 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

CVE-2008-7299

IBM Tivoli Federated Identity Manager TFIM 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Issuer field...

TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities

TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities Luigi Auriemma Application: TeamSpeak 3 http://www.teamspeak.com Versions: = 3.0.0-beta23 2.x not affected Platforms: Windows, Mac OS X and Linux Bugs: A execution of various admin commands B various failed assertions C various NULL pointer...