[SECURITY] [DLA 2010-1] bsdiff security update

Package : bsdiff Version : 4.3-15+deb8u1 CVE ID : CVE-2014-9862 An issue in bsdiff, a tool to generate/apply a patch between two binary files, has been found. Using a crafted patch file an integer signedness error in bspatch could be used for a heap based buffer overflow and possibly execution of...

DLA-2010-1 bsdiff - security update

Bulletin has no description...

WhatsApp - RTP Processing Heap Corruption Exploit

Exploit for Android platform in category dos / poc Heap corruption can occur when the WhatsApp mobile application receives a malformed RTP packet. 08-31 15:43:50.721 9428 9713 F libc : Fatal signal 11 SIGSEGV, code 1, fault addr 0x7104200000 in tid 9713 Thread-11 08-31 15:43:50.722 382 382 W :...

GHSA-C2VR-2C89-PH88 Downloads Resources over HTTP in node-bsdiff-android

Affected versions of node-bsdiff-android insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on th...

Downloads Resources over HTTP in node-bsdiff-android

Affected versions of node-bsdiff-android insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on th...

Unspecified vulnerability in node-bsdiff-android

node-bsdiff-android is a differential upgrade tool for Android applications. A security vulnerability exists in node-bsdiff-android that originates when the program downloads binary resources over the HTTP protocol. An attacker can exploit the vulnerability to modify or read the downloaded...

CVE-2016-10641

node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

Code injection

node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10641

node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10641

node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10641

CVE-2016-10641 affects the Android package node-bsdiff-android , where resources are downloaded over HTTP. The underlying vulnerability allows an attacker with network access to modify or read downloaded resources, creating potential for data exposure and, in some scenarios, remote code execution...

About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

Debian DLA-697-1 : bsdiff security update

It was discovered that there was an 'arbitrary write' vulnerability in bsdiff, a tool to patches between binary files. For Debian 7 'Wheezy', this issue has been fixed in bsdiff version 4.3-14+deb7u1. We recommend that you upgrade your bsdiff packages. NOTE: Tenable Network Security has extracted...

[SECURITY] [DLA 697-1] bsdiff security update

Package : bsdiff Version : 4.3-14+deb7u1 CVE ID : CVE-2014-9862 It was discovered that there was an "arbitrary write" vulnerability in bsdiff, a tool to patches between binary files. For Debian 7 "Wheezy", this issue has been fixed in bsdiff version 4.3-14+deb7u1. We recommend that you upgrade yo...

DLA-697-1 bsdiff - security update

Bulletin has no description...

Updated bsdiff packages fix security vulnerability

Integer signedness error in bspatch.c in bspatch in bsdiff allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via a crafted patch file CVE-2014-9862...

openSUSE Security Update : bsdiff (openSUSE-2016-946)

This update for bsdiff fixes the following issues : - CVE-2014-9862: Improper checking of input allows arbitrary write on heap boo990660 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

Apple OS X bsdiff Integer Sign Error Vulnerability

Apple OS X is a specialized operating system developed for Mac computers. An integer sign error vulnerability exists in the bspatch.c file in bsdiff used by Apple OS X, which can be exploited by a remote attacker to crash an application or execute arbitrary code by building a special patch file...

DEBIAN-CVE-2014-9862

Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via a crafted patch file...

CVE-2014-9862

Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via a crafted patch file...