USN-3496-3: Python vulnerability

USN-3496-1 fixed a vulnerability in Python2.7. This update provides the corresponding update for versions 3.4 and 3.5. Original advisory details: It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code...

USN-3496-1 python2.7 vulnerability

It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code...

CVE-2016-7450

The fflog216bitc function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file...

CVE-2016-4331

When decoding data out of a dataset encoded with the H5ZNBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution...

USN-2978-2 linux-lts-wily vulnerabilities

USN-2978-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. David Matlack discovered that the Kernel-based Virtual Machine KVM implementation in the Linux...

Integer Overflow Vulnerability in Multiple EMC RSA Products

EMC RSA BSAFE Micro Edition Suite MES and others are products of EMC Corporation.EMC RSA BSAFE is a security software product that supports cryptographic algorithms, certificate chain validation, and Transport Layer Security TLS encryption suites, among other things, to help users achieve a wide...

libtasn1 -- ASN.1 length decoding vulnerability

Mu Dynamics, Inc. reports: Various functions using the ASN.1 length decoding logic in Libtasn1 were incorrectly assuming that the return value from asn1getlengthder is always less than the length of the enclosing ASN.1 structure, which is only true for valid structures and not for intentionally...

qt4 security update

4.2.1-1.1 - Resolves: 737815, qt/harfbuzz buffer overflow, CVE-2011-3193 - Resolves: 234633, UTF-8 overlong sequence decoding vulnerability, CVE-2007-0242...

CVE-2009-1122

The WebDAV extension in Microsoft Internet Information Services IIS 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability...

Moderate: kdelibs security update

3.5.4-13.el5.0.1 - Remove Version branding - Maximum rpm trademark logos removed pics/crystalsvg/-mime-rpm 3.5.4-13.el5 - Resolves: 293571 CVE-2007-0537 Konqueror improper HTML comment rendering CVE-2007-1564 FTP protocol PASV design flaw affects konqueror 3.5.4-12.el5 - resolves: 293421,...

CVE-2005-0054

Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decodin...

Microsoft Internet Explorer contains URL decoding cross-domain vulnerability

Overview A URL decoding vulnerability in Microsoft Internet Explorer may allow remote attackers to bypass zone security restrictions and execute arbitrary code on affected systems. Description IE uses a cross-domain security model to maintain separation between browser frames from different...

CVE-2004-2265

UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack vectors and impact...

Oracle9i Application Server Apache PL/SQL module does not properly decode URL

Overview A vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS in which the module does not properly decode double URL encoded strings. This vulnerability could allow an intruder to read files outside the web...

Ethereal 0.8.40.8.50.8.6 tcpdump 3.43.5 alpha - DNS Decode (2)

Ethereal 0.8.40.8.50.8.6 tcpdump 3.43.5 alpha - DNS Decode 2 source: https://www.securityfocus.com/bid/1165/info A vulnerability exists in the DNS decode capabilities provided as part of the tcpdump sniffer, from LBL, as well as other sniffers, including Ethereal, by Gerald Combs. These sniffers...