Yahoo! Webcam ActiveX Control 2.0 .0.107 Buffer Overrun Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8634/info A buffer overrun has been discovered in the Yahoo! Webcam ActiveX control. The problem occurs due to insufficient bounds checking when handling user-supplied Webcam parameters. As a result, an attacker may be...

Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/5033/info When processing requests coded with the 'Chunked Encoding' mechanism, Apache fails to properly calculate required buffer sizes. This is believed to be due to improper signed interpretation of an unsigned integer...

Microsoft ListBox/ComboBox Control User32.dll Function Buffer Overrun Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8827/info Microsoft has reported the existence of a local buffer overrun vulnerability in an undisclosed User32.dll library function. This function is used by applications implementing the use of ListBox or ComboBox...

Macromedia Flash 6.0.47 .0 SWRemote Heap Corruption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6196/info A buffer overrun condition has been discovered in the SWRemote parameter used in Macromedia Flash objects. By triggering the overrun it is possible for an attacker to corrupt sensitive heap memory. Exploiting th...

RedHat Linux 4.2,SGI IRIX <= 6.3,Solaris <= 2.6 mailx Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/393/info A buffer overrun exists in the /bin/mailx program. This program was originally developed as part of BSD, and is available on many Unix systems. By supplying a long, well crafted buffer as the username argument, a...

Microsoft Windows XP/2000/NT 4 Shell Long Share Name Buffer Overrun Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10213/info Microsoft Windows operating systems have been reported to be prone to a remotely exploitable buffer overrun condition. This issue is exposed when a client attempts to connect to an SMB share with an overly long...

BSD-Games 2.x Monop Player Name Local Buffer Overrun Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/8501/info Monop included in bsd-games is prone to a locally exploitable buffer overrun vulnerability. This is due to insufficient bounds checking of player names. Monop is typically installed setgid games, so it is possib...

Athttpd 0.4 b Remote GET Request Buffer Overrun Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8709/info Athttpd is said to be prone to a remote buffer overrun that could allow an attacker to execute arbitrary code. The problem occurs due to insufficient bounds checking when handling GET requests. As a result, an...

FreeBSD : mencoder -- potential buffer overrun when processing malicious lzo compressed input (17dfd984-feba-11e3-b938-5404a68ad561)

Michael Niedermayer and Luca Barbato report in upstream ffmpeg : avutil/lzo: Fix integer overflow %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2020 Jacques Vidrine and...

FreeBSD : mplayer -- potential buffer overrun when processing malicious lzo compressed input (9ab3a22c-feb8-11e3-b938-5404a68ad561)

Michael Niedermayer and Luca Barbato report in upstream ffmpeg : avutil/lzo: Fix integer overflow %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2020 Jacques Vidrine and...

20-Year Old Vulnerability Patched in Compression Algorithm

A 20-year old vulnerability in the Lempel-Ziv-Oberhumer LZO compression algorithm – used in some Android phones, the Linux kernel, and even Mars Rovers – was finally patched this week. Code stemming from the algorithm’s library function has existed in the wild for two decades, but was recycled ov...

FreeBSD : LZO -- potential buffer overrun when processing malicious input data (d1f5e12a-fd5a-11e3-a108-080027ef73ec)

Markus Franz Xaver Johannes Oberhumer reports, in the package's NEWS file : Fixed a potential integer overflow condition in the 'safe' decompressor variants which could result in a possible buffer overrun when processing maliciously crafted compressed input data. As this issue only affects 32-bit...

LZO -- potential buffer overrun when processing malicious input data

Markus Franz Xaver Johannes Oberhumer reports, in the package's NEWS file: Fixed a potential integer overflow condition in the "safe" decompressor variants which could result in a possible buffer overrun when processing maliciously crafted compressed input data. As this issue only affects 32-bit...

mencoder -- potential buffer overrun when processing malicious lzo compressed input

Michael Niedermayer and Luca Barbato report in upstream ffmpeg: avutil/lzo: Fix integer overflow...

mplayer -- potential buffer overrun when processing malicious lzo compressed input

Michael Niedermayer and Luca Barbato report in upstream ffmpeg: avutil/lzo: Fix integer overflow...

openSUSE Security Update : miniupnpc (openSUSE-SU-2014:0815-1)

miniupnpc was updated to 1.9 to fix a potential buffer overrun in miniwget.c CVE-2014-3985. Besides that the following issues were fixed : - added argument remoteHost to UPNPGetSpecificPortMappingEntry - increment APIVERSION to 10 - --help and -h arguments in upnpc.c - define MAXHOSTNAMELEN if no...

SuSE 11.3 Security Update : KVM (SAT Patch Number 9302)

Several security issues in KVM have been fixed. Some issues could have resulted in arbitrary code execution or crash of the kvm host. - virtio-net: buffer overflow in virtionethandlemac function. CVE-2014-0150 - Fixed out of bounds buffer accesses, guest triggerable via IDE SMART. CVE-2014-2894 -...

openSUSE Security Update : seamonkey (seamonkey-5210)

Mozilla SeaMonkey was updated to version 2.4, fixing various bugs and security issues. MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption...

AIX OpenSSL Advisory : openssl_advisory9.doc

The version of OpenSSL installed on the remote host is potentially affected by the following remote code execution and denial of service vulnerabilities : - OpenSSL could allow an attacker to cause a buffer overrun situation when an attacker sends invalid DTLS fragments to an OpenSSL DTLS client ...

openSUSE Security Update : Mesa (openSUSE-SU-2012:1120-1)

Mesa was updated to fix a buffer overrun in glsl shaders : - Uglsl-linker-Avoid-buffer-over-run-in-parceloutunif.p atch - Avoid buffer over-run in parceloutuniformstorage::visitfield When too may uniforms are used, the error will be caught in checkresources src/glsl/linker.cpp. CVE-2012-2864,...