327 matches found
SUSE-SU-2019:2080-1 Security update for evince
This update for evince fixes the following issues: Security issues fixed: - CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory bsc1133037. - CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c bsc1141619...
R 3.4.4 Bufer Overflow
-------------------------------------------------------- Exploit Title: R v3.4.4 - SEH Buffer Overflow Exploit Exploit Author : ZwX Exploit Date: 2018-08-22 Vendor Homepage : https://www.r-project.org/ Tested on OS: Windows 7 Social: twitter.com/ZwX2a contact: [email protected] Website:...
CVE-2018-14779
A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function ykpivtransferdata: % highlight c % ifoutlen + recvlen - 2 maxout fprintfstderr, "Output buffer to small, wanted to write %lu, max was %lu.", outlen +...
CVE-2018-14780
An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function ykpivfetchobject: % highlight c % ifsw == SWSUCCESS sizet outlen; int offs = ykpivgetlengthdata + 1, &outlen; ifoffs == 0 return YKPIVSIZEERROR;...
SUSE-SU-2018:0863-1 Security update for clamav
This update for clamav fixes the following issues: Security issues fixed: - CVE-2012-6706: VMSFDELTA filter inside the unrar implementation allows an arbitrary memory write bsc1045315. - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CH...
SUSE-SU-2017:2872-1 Security update for MozillaFirefox, mozilla-nss
This update for MozillaFirefox and mozilla-nss fixes the following issues: Mozilla Firefox was updated to ESR 52.4 bsc1060445 MFSA 2017-22/CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handsha...
About the security content of watchOS 3.2.3 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...
SUSE-SU-2017:1635-1 Security update for openvpn
This update for openvpn fixes the following issues: - Some parts of the certificate-parsing code did not always clear all allocated memory. This would have allowed clients to leak a few bytes of memory for each connection attempt, thereby facilitating a quite inefficient DoS attack on the server...
SUSE-SU-2016:3301-1 Security update for tiff
The tiff library and tools were updated to version 4.0.7 fixing various bug and security issues. - CVE-2014-8127: out-of-bounds read with malformed TIFF image in multiple tools bnc914890 - CVE-2016-9297: tifdirread.c read outside buffer in TIFFPrintField bnc1010161 - CVE-2016-3658: Illegal read i...
MGASA-2016-0318 Updated libarchive packages fix security vulnerability
The updated packages fix several security vulnerabilities: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with...
SUSE-SU-2016:0061-1 Security update for libpng12-0
security update: This update fixes the following securit issue: CVE-2015-8126 Multiple buffer overflows in the pngsetPLTE and pnggetPLTE functions allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact bsc954980...
Amazon Linux AMI : php56 (ALAS-2015-585) (BACKRONYM)
PHP process crashes when processing an invalid file with the 'phar' extension. CVE-2015-5589 As discussed upstream, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability. CVE-2015-3152 PHP versions before 5.5.27 and 5.4.43 contain buffer...
PT-2015-4910 · Debian +3 · Yubiserver
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to buffer overflows caused by the misuse of sprintf. No additional details are provided about the estimated number of potentially...
Debian Security Advisory DSA 2959-1 (chromium-browser - security update)
Several vulnerabilities have been discovered in the chromium web browser. CVE-2014-3154 Collin Payne discovered a use-after-free issue in the filesystem API. CVE-2014-3155 James March, Daniel Sommermann, and Alan Frindell discovered several out-of-bounds read issues in the SPDY protocol...
Microsoft Internet Explorer 7 - HTML Form Value Denial of Service
Microsoft Internet Explorer 7 - HTML Form Value Denial of Service source: https://www.securityfocus.com/bid/33494/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this...
Fedora Core 9 FEDORA-2009-0371 (uw-imap)
The remote host is missing an update to uw-imap announced via advisory FEDORA-2009-0371. OpenVAS Vulnerability Test $Id: fcore20090371.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-0371 uw-imap Authors: Thomas Reinke Copyright: Copyright c 2009...
CVE-2008-0947
Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 krb5 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors...
Vavoom 1.24 - sv_main.cpp Say Command Remote Format String
source: https://www.securityfocus.com/bid/25436/info Vavoom is prone to multiple remote vulnerabilities, including a buffer-overflow issue, a format-string issue, and a denial-of-service issue. An attacker can exploit these issues to execute arbitrary code within the context of the affected...
CVE-2007-3121
Buffer overflow in the CCdecode function in contrib/ntsc-cc.c in the zvbi-ntsc-cc tool in Zapping VBI Library ZVBI before 0.2.25 allows attackers to cause a denial of service application crash and possibly execute arbitrary code via long data during a reception error. NOTE: some of these details...
DTSA-24-1 inkscape - buffer overflow
Bulletin has no description...