Multiple EMC RSA Products ESA-2015-081 Multiple Security Vulnerabilities

受影响的产品： RSA BSAFE Micro Edition Suite MES all 4.1.x versions prior to 4.1.3 RSA BSAFE Micro Edition Suite MES all 4.0.x versions prior to 4.0.8 RSA BSAFE Crypto-C Micro Edition Crypto-C ME 4.1 RSA BSAFE Crypto-C Micro Edition Crypto-C ME all versions prior to 4.0.4 RSA BSAFE Crypto-J all versions...

The vulnerability of the iOS operating system, which allows a hacker to trigger a service failure

The vulnerability of the MSVDX driver of the iOS operating system exists due to insufficient checking of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by using a specially crafted video stream...

MGASA-2015-0322 Updated gnutls packages fix security vulnerabilities

It was reported that GnuTLS does not check whether the two signature algorithms match on certificate import CVE-2015-0294. Kurt Roeckx discovered that decoding a specific certificate with very long DistinguishedName DN entries leads to double free. A remote attacker can take advantage of this fla...

httpd: HTTP request smuggling attack against chunked request parser

Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP...

SUSE-SU-2015:1518-1 Security update for gnutls

gnutls was updated to fix several security vulnerabilities. - fix double free in certificate DN decoding GNUTLS-SA-2015-3bsc941794,CVE-2015-6251 - fix invalid read in octet string in bundled libtasn1 bsc929414,CVE-2015-3622 - fix ServerKeyExchange signature issue GNUTLS-SA-2015-2bsc929690...

CVE-2015-0537

Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition Crypto-C ME before 4.0.4 and 4.1, and RSA BSAFE SSL-C 2.8.9 and earlier allows remote attackers to cause a denial of service...

Integer overflow

Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition Crypto-C ME before 4.0.4 and 4.1, and RSA BSAFE SSL-C 2.8.9 and earlier allows remote attackers to cause a denial of service...

CVE-2015-0537

Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition Crypto-C ME before 4.0.4 and 4.1, and RSA BSAFE SSL-C 2.8.9 and earlier allows remote attackers to cause a denial of service...

Integer Overflow Vulnerability in Multiple EMC RSA Products

EMC RSA BSAFE Micro Edition Suite MES and others are products of EMC Corporation.EMC RSA BSAFE is a security software product that supports cryptographic algorithms, certificate chain validation, and Transport Layer Security TLS encryption suites, among other things, to help users achieve a wide...

SUSE SLED12 / SLES12 Security Update : libqt5-qtbase (SUSE-SU-2015:1383-1)

This security update fixes the following issues : - Add libqt5-Fix-a-division-by-zero-processing-malformed-BMP.p atch - QTBUG-44547, bsc921999 CVE-2015-0295 - Add libqt5-Fixes-crash-in-bmp-and-ico-image-decoding.patch - bsc927806 CVE-2015-1858, bsc927807 CVE-2015-1859 - Add...

Mozilla: Buffer overflows on Libvpx when decoding WebM video (MFSA 2015-89)

Heap-based buffer overflow in the resizecontextbuffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data...

Mozilla: Buffer overflows on Libvpx when decoding WebM video (MFSA 2015-89)

The decreaserefcount function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service out-of-bounds read via malformed WebM video data...

wireshark security, bug fix, and enhancement update

1.8.10-17.0.2 - Fix ocfs2 dissector John Haxby orabug 21505640 1.8.10-17.0.1.el6 - Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect 1.8.10-17 - security patches - Resolves: CVE-2015-2189 CVE-2015-2191 1.8.10-16 - security patches - Resolves: CVE-2014-8710 CVE-2014-8711...

UBUNTU-CVE-2015-1872

The ffmjpegdecodesof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted...

gnutls -- double free in certificate DN decoding

gnutls.org reports: Kurt Roeckx reported that decoding a specific certificate with very long DistinguishedName DN entries leads to double free, which may result to a denial of service. Since the DN decoding occurs in almost all applications using certificates it is recommended to upgrade the late...

Fedora 22 : libwmf-0.2.8.4-45.fc22 (2015-10627)

CVE-2015-0848 heap overflow when decoding BMP images CVE-2015-4588 RLE decoding doesn't check that the 'count' fits into the image CVE-2015-4695 metapencreate heap buffer overflow CVE-2015-4696 wmf2gd/wmf2eps use after free Note that Tenable Network Security has extracted the preceding descriptio...

OvisLink AirLive IP Cameras WL-2000CAM and Airlive IP Cameras POE-200CAM Operating System Command Injection Vulnerability

OvisLink Airlive IP Cameras WL-2000CAM and Airlive IP Cameras POE-200CAM are both network camera products from OvisLink. An operating system command injection vulnerability exists in the /cgi-bin/mft/wirelessmft.cgi binary file in the OvisLink AirLive IP Cameras WL-2000CAM and Airlive IP Cameras...

Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow', 'Description' = %q This module exploits a buffer overflow on Ado...

Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow', 'Description' = %q This module exploits a buffer overflow on Adobe...

Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow

This module exploits a buffer overflow on Adobe Flash Player when handling nellymoser encoded audio inside a FLV video, as exploited in the wild on June 2015. This module has been tested successfully on: Windows 7 SP1 32-bit, IE11 and Adobe Flash 18.0.0.160, Windows 7 SP1 32-bit, Firefox 38.0.5 a...