840 matches found
FFmpeg ff_sbr_apply Denial of Service Vulnerability
FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability in the 'ffsbrapply' function in the libavcodec/aacsbr.c file in versions of FFmpeg prior to 2.7.2 stems from the failure of the program to check for matching Spectr...
UBUNTU-CVE-2015-6820
The ffsbrapply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have...
Meet Linux's New Fastest File-System – Bcachefs
First announced over five years ago, ex-Google engineer Kent Overstreet is pleasured in announcing the general availability of a new open-source file-system for Linux, called the Bcache File System or Bcachefs. Bcachefs is a Linux kernel block layer cache that aims at offering a speedier and more...
Updated apache package fixes security vulnerabilities
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension...
CVE-2015-3183
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension...
CVE-2015-3183
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension...
Design/Logic Flaw
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension...
CVE-2015-3183
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension...
CVE-2015-3183
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension...
CVE-2015-3183
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension...
Mandriva Linux Security Advisory : tomcat (MDVSA-2015:084)
Updated tomcat package fixes security vulnerabilities : It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition CVE-2014-0050. Apache Tomcat 7.x...
Design/Logic Flaw
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks...
CVE-2014-0227
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks...
UBUNTU-CVE-2014-0227
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks...
Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_tomcat)
The remote Solaris system is missing necessary patches to address security updates : - Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data...
DEBIAN-CVE-2014-9319
The ffhevcdecodenalsps function in libavcodec/hevcps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service out-of-bounds access via a crafted .bit file...
Amazon Linux AMI : mod_security (ALAS-2014-335)
apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...
Amazon Linux AMI : httpd (ALAS-2014-414)
The modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass 'RequestHeader unset' directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states 'this is not a security issue in httpd as such.' C Tenable Networ...
Amazon Linux AMI : mod24_security (ALAS-2014-334)
apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...
F5 Networks BIG-IP : Apache Tomcat vulnerability (SOL15426)
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service resource consumption via a malformed chunk size in chunke...