275 matches found
Debian DLA-883-1 : curl security update
It was discovered that there was a buffer read overrun vulnerability in curl, a tool for downloading files from the internet, etc. If a '%' ended the --write-out parameter, the string's trailing NUL would be skipped and memory past the end of the buffer could be accessed and potentially displayed...
Win CE Schannel cert name out of buffer read
curl's TLS server certificate checks are flawed on Windows CE. This vulnerability occurs in the verify certificate function when comparing a wildcard certificate name as returned by the Windows API function CertGetNameString to the hostname used to make the connection to the server. The pattern...
SUSE SLES11 Security Update : xorg-x11-libs (SUSE-SU-2016:3189-1)
This update for xorg-x11-libs fixes the following issues : - insufficient validation of data from the X server can cause a one byte buffer read underrun bsc1003023, CVE-2016-7953 - insufficient validation of data from the X server can cause out of boundary memory access or endless loops Denial of...
SUSE-SU-2016:3189-1 Security update for xorg-x11-libs
This update for xorg-x11-libs fixes the following issues: - insufficient validation of data from the X server can cause a one byte buffer read underrun bsc1003023, CVE-2016-7953 - insufficient validation of data from the X server can cause out of boundary memory access or endless loops Denial of...
openSUSE Security Update : libXvMC (openSUSE-2016-1424)
This update for libXvMC fixes the following security issue : - insufficient validation of data from the X server could cause a one byte buffer read underrun boo1003023, CVE-2016-7953 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
UBUNTU-CVE-2016-9539
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer. Reported as MSVR 35092...
SUSE SLED12 / SLES12 Security Update : X Window System client libraries (SUSE-SU-2016:2828-1)
This update for the X Window System client libraries fixes a class of privilege escalation issues. A malicious X Server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission...
[slackware-security] x11
New x11 packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/libX11-1.6.4-i586-1slack14.2.txz: Upgraded. Insufficient validation of data from the X server can cause o...
openSUSE Security Update : X Window System client libraries (openSUSE-2016-1214)
This update for the X Window System client libraries fixes a class of privilege escalation issues. A malicious X Server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission...
SUSE SLES11 Security Update : bsdtar (SUSE-SU-2016:1939-1)
bsdtar was updated to fix seven security issues. These security issues were fixed : - CVE-2015-8929: Memory leak in tar parser bsc985669. - CVE-2016-4809: Memory allocate error with symbolic links in cpio archives bsc984990. - CVE-2015-8920: Stack out of bounds read in ar parser bsc985675. -...
Adobe Reader DC FlateDecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Oracle Linux 6 : php (ELSA-2015-1218)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1218 advisory. - fix patch for CVE-2015-4024 - core: fix multipart/form-data request can use excessive amount of CPU usage CVE-2015-4024 - fix various functions accep...
SuSE 11.3 Security Update : gd (SAT Patch Number 10530)
The graphics drawing library gd has been updated to fix one security issue : - possible buffer read overflow CVE-2014-9709 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is...
openSUSE Security Update : gd (openSUSE-2015-280)
The graphics drawing library gd was updated to fix one security issue. The following vulnerability was fixed : - possible buffer read overflow CVE-2014-9709 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...
SUSE-SU-2015:0835-1 Security update for gd
The graphics drawing library gd has been updated to fix one security issue: possible buffer read overflow CVE-2014-9709 Security Issues: CVE-2014-9709...
SUSE-SU-2015:0866-1 Security update for gd
The graphics drawing library gd was updated to fix one security issue. The following vulnerability was fixed: possible buffer read overflow CVE-2014-9709...
SuSE 11.3 Security Update : libsndfile (SAT Patch Number 10221)
This update for libsndfile fixes two buffer read overflows in sd2parsersrcfork. CVE-2014-9496, bsc911796 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novel...
How to prevent the next heartbleed-vulnerability warning-the black bar safety net
I. Introduction Based on the OpenSSL heart bleed vulnerability was considered to be the CVE-2 0 1 4-0 1 6 0 serious problem, OpenSSL is widely used in SSL and TLS plug-in. As used herein, the heart bleed vulnerability explanation this vulnerability is what is the use. This article studies the...
Amazon Linux AMI : postgresql8 (ALAS-2013-244)
An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially crafted SQL query that, when processed by the server component of the...
CentOS Update for postgresql84 CESA-2013:1475 centos5
Check for the Version of postgresql84 OpenVAS Vulnerability Test CentOS Update for postgresql84 CESA-2013:1475 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...