FreeBSD : mozilla -- multiple vulnerabilities (81f866ad-41a4-11e3-a4af-0025905a4771)

The Mozilla Project reports : MFSA 2013-93 Miscellaneous memory safety hazards rv:25.0 / rv:24.1 / rv:17.0.10 MFSA 2013-94 Spoofing addressbar though SELECT element MFSA 2013-95 Access violation with XSLT and uninitialized data MFSA 2013-96 Improperly initialized memory and overflows in some...

Writing to cycle collected object during image decoding — Mozilla

Mozilla community member Ezra Pool reported a potentially exploitable crash on extremely large pages. This was caused when a cycle collected image object was released on the wrong thread during decoding, creating a race condition...

When using Threat Emulation to scan mail content, some files encoded in MIME may be incorrectly decoded causing a 'False-Negative' result of the emulated file

...

USN-1978-1: libKDcraw vulnerabilities

It was discovered that libKDcraw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, applications linked against libKDcraw could be made to crash, resulting in a denial of service. CVE-2013-1438, CVE-2013-1439...

CVE-2013-2132

bson/cbsonmodule.c in the mongo-python-driver aka. pymongo before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service NULL pointer dereference and crash via vectors related to decoding of an "invalid DBRef."...

CVE-2013-2132

bson/cbsonmodule.c in the mongo-python-driver aka. pymongo before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service NULL pointer dereference and crash via vectors related to decoding of an "invalid DBRef."...

CentOS Update for nspr CESA-2013:1135 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 18 Update: nodejs-asn1-0.1.11-3.fc18

nodejs-asn1 is a library for encoding and decoding Abstract Syntax Notation One ASN.1 datatypes in pure JavaScript. ASN.1 is is a standard and notation that describes rules and structures for representing, encoding, transmitting, and decoding data in telecommunications and computer networking...

SuSE 11.3 Security Update : curl (SAT Patch Number 7932)

This update of curl fixes a security issue in libcurl URL buffer decoding. bnc824517 / CVE-2013-2174 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novell,...

Oracle Linux 5 : libtiff (ELSA-2009-1159)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-1159 advisory. - Fix buffer overrun risks caused by unchecked integer overflow CVE-2009-2347 Resolves: 507725 - Fix some more LZW decoding vulnerabilities CVE-2009-22...

Oracle Linux 3 : cups (ELSA-2009-0428)

From Red Hat Security Advisory 2009:0428 : Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIXr Printing System CUPS provides a...

Oracle Linux 4 : pidgin (ELSA-2010-0788)

From Red Hat Security Advisory 2010:0788 : Updated pidgin packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...

CVE-2013-3272

EMC Replication Manager RM before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive information by reading a file and conducting an unspecified decoding attack...

[USN-1885-1] libKDcraw vulnerability

========================================================================== Ubuntu Security Notice USN-1885-1 June 18, 2013 libkdcraw vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

MGASA-2013-0188 Updated curl packages fix CVE-2013-2174

libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curleasyunescape decodes URL encoded strings to raw binary data. URL encoded octets are represented with %HH combinations where HH is a two-digit hexadecimal number. The decoded strin...

FreeBSD : cURL library -- heap corruption in curl_easy_unescape (01cf67b3-dc3b-11e2-a6cd-c48508086173)

cURL developers report : libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curleasyunescape decodes URL-encoded strings to raw binary data. URL-encoded octets are represented with %HH combinations where HH is a two-digit hexadecimal...

USN-1885-1: libKDcraw vulnerability

It was discovered that libKDcraw incorrectly handled broken full-color images. If a user or automated system were tricked into processing a specially crafted raw image, applications linked against libKDcraw could be made to crash, resulting in a denial of service, or possibly execute arbitrary co...

gnutls DoS

Out-of-bounds read on packet decoding...

Mozilla Thunderbird < 12.0 Multiple Vulnerabilities

Binary data 6792.prm...

Microsoft Exchange Server MIME Base64 Decoding Code Execution (MS07-026; CVE-2007-0213) - Improved Performance

A vulnerability exists in the way Microsoft Exchange servers process certain MIME-encoded attachments. An attacker can exploit this vulnerability for code execution in SYSTEM security context...