cyrus-imapd -- broken "other users" behaviour

Cyrus IMAP 3.0.4 Release Notes states: Fixed Issue 2132: Broken "Other Users" behaviour...

Apache httpd -- multiple vulnerabilities

The Apache httpd project reports: important: Read after free in modhttp2 CVE-2017-9789 When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. important: Uninitialized memory reflectio...

SUSE-SU-2017:0953-1 Security update for jasper

This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-9600: Null Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder bsc1018088 - CVE-2016-10251: Use of uninitialized value in jpcpinextcprl jpct2cod.c bsc1029497 - CVE-2017-5498: left-shif...

SUSE SLES11 Security Update : jasper (SUSE-SU-2017:0946-1)

This update for jasper fixes the following issues: Security issues fixed : - CVE-2016-8654: Heap-based buffer overflow in QMFB code in JPC codec bsc1012530 - CVE-2016-9395: Missing sanity checks on the data in a SIZ marker segment bsc1010977. - CVE-2016-9398: jpcmath.c:94: int jpcfloorlog2int:...

SUSE SLED12 / SLES12 Security Update : libquicktime (SUSE-SU-2017:0610-1)

This update for libquicktime fixes the following issues : - A crafted MP4 file could have caused libquicktime to crash or lead to undefined behaviour bsc1022805, CVE-2016-2399 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory...

openSUSE Security Update : zlib (openSUSE-2016-1499)

This update for zlib fixes the following issues : - Remove incompatible declarations of 'struct internalstate' boo1003577 - Avoid out-of-bounds pointer arithmetic in inftrees.c boo1003579, CVE-2016-9840, CVE-2016-9841 - Avoid left-shift with negative number boo1003580, CVE-2016-9842 - Avoid...

Leadersec network Imperial security gateway-online behaviour(audit)device file upload vulnerability

No description provided by source...

Vulnerability in OpenSSL - Pointer arithmetic undefined behaviour

Avoid some undefined pointer arithmetic A common idiom in the codebase is to check limits in the following manner: “p + len limit” Where “p” points to some malloc’d data of SIZE bytes and limit == p + SIZE “len” here could be from some externally supplied data e.g. from a TLS message. The rules o...

MGASA-2015-0457 Updated libxml2 packages fix security vulnerabilities

Updated libxml2 packages fix security vulnerabilities: In libxml2 before 2.9.3, one case where when dealing with entities expansion, it failed to exit, leading to a denial of service CVE-2015-5312. In libxml2 before 2.9.3, it was possible to hit a negative offset in the name indexing used to...

Animated line drawing in SVG

There's a demo you're missing here because JavaScript or inline SVG isn't available. I like using diagrams as a way of showing information flow or browser behaviour, but large diagrams can be daunting at first glance. When I gave talks about the Application Cache and rendering performance I start...

Mathematica8 on Linux /tmp/MathLink vulnerability

The problem that was reported as below for Mathematica7, is present also/still in the "free trial" version of Mathematica8. Cheers, Paul Szabo [email protected] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia --- I wrote on 14 May 2010:...

Fedora 12 : ghostscript-8.71-16.fc12 (2010-14633)

This package fixes a security problem CVE-2010-2055 in ghostscript whereby gs uses the current working directory to look for certain types of system file. This has been fixed by changing the default behaviour. Additionally, several other bugs have been fixed: scripts defining GSEXECUTABLE have be...

pam_captcha information leak

Behaviour is different depending on user account existance...

Internet Explorer COM Object Instantiation Memory Corruption (CVE-2006-4495)

Microsoft Internet Explorer allows HTML documents to embed ActiveX controls for the authoring of dynamic web content. ActiveX controls are based on Component Object Model COM technology. The invocation of an ActiveX control is performed by Internet Explorer by internally instantiating an object. ...

Microsoft Word Document Stream Handling Code Execution (MS07-024; CVE-2007-0870)

Microsoft Word is a document authoring product released by the Microsoft Corporation. Microsoft Word is available packaged with the Microsoft Office suite, as well as in form of a standalone product. Its native file format is the Word Document, normally identified by the .doc file extension. A Wo...

Fedora 10 : pptp-1.7.2-5.fc10 (2009-3070)

This update corrects the behaviour of pptpsetup when its --delete option is used, retaining the permissions of /etc/ppp/chap-secrets rather than creating a new file that is likely to be world-readable. If you have previously used the --delete option of pptpsetup, you should reset the permissions ...

Norman SandBox Analyzer detection

Malware code can detect sandbox presence and change it's behaviour...

Check Point FW-1 Syslog Daemon - Unfiltered Escape Sequence

Check Point FW-1 Syslog Daemon - Unfiltered Escape Sequence source: https://www.securityfocus.com/bid/7161/info An issue has been discovered in Check Point FW-1 syslog daemon when attempting to process a malicious, remotely supplied, syslog message. Specifically, some messages containing escape...

Check Point FW-1 Syslog Daemon - Unfiltered Escape Sequence

source: https://www.securityfocus.com/bid/7161/info An issue has been discovered in Check Point FW-1 syslog daemon when attempting to process a malicious, remotely supplied, syslog message. Specifically, some messages containing escape sequences are not properly filtered out. This may result in...

netcache.snmp.public.txt

Date: Wed, 7 Apr 1999 08:43:40 +0200 From: Marco Davids To: [email protected] Subject: Netcache snmp behaviour Hi, We noticed an unexpected behaviour on our NetApps C630 Netcache's. The problem even seems to exist in the latest software- release 3.3.1. The problem concerns the SNMP default...