XML decoding attack vector through external entities

More info at https://symfony.com/blog/security-release-symfony-2-0-11-released...

XML decoding attack vector through external entities

More info at https://symfony.com/blog/security-release-symfony-2-0-11-released...

DEBIAN-CVE-2012-0823

VP8 Codec SDK libvpx before 1.0.0 "Duclair" allows remote attackers to cause a denial of service application crash via 1 unspecified "corrupt input" or 2 by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks"...

RealNetworks RealPlayer Atrac Sample Decoding Remote Code Execution Vulnerability - Mac OS X

RealPlayer is prone to a remote code execution vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RealNetworks RealPlayer Atrac Sample Decoding Remote Code Execution Vulnerability (Mac OS X)

This host is installed with RealPlayer which is prone to remote code execution vulnerability. OpenVAS Vulnerability Test $Id: gbrealplayeratracsamplecodeexecvulnmacosx.nasl 9122 2018-03-17 14:01:04Z cfischer $ RealNetworks RealPlayer Atrac Sample Decoding Remote Code Execution Vulnerability Mac O...

UBUNTU-CVE-2011-3025

Google Chrome before 17.0.963.56 does not properly parse H.264 data, which allows remote attackers to cause a denial of service out-of-bounds read via unspecified vectors...

Debian Security Advisory DSA 2368-1 (lighttpd)

The remote host is missing an update to lighttpd announced via advisory DSA 2368-1. OpenVAS Vulnerability Test $Id: deb23681.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2368-1 lighttpd Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Debian: Security Advisory (DSA-2368-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2011-3960

Google Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service out-of-bounds read via unspecified vectors...

CVE-2011-3960

Google Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service out-of-bounds read via unspecified vectors...

CVE-2011-3960

Removed by vendor...

CVE-2011-3960

Google Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service out-of-bounds read via unspecified vectors...

USN-1350-1: Thunderbird vulnerabilities

Jesse Ruderman and Bob Clary discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user...

Real Networks RealPlayer < 15.0.2.72 Multiple Vulnerabilities

Binary data 6311.prm...

Potential Memory Corruption When Decoding Ogg Vorbis files — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative the possibility of memory corruption during the decoding of Ogg Vorbis files. This can cause a crash during decoding and has the potential for remote code execution...

Debian DSA-2368-1 : lighttpd - multiple vulnerabilities (BEAST)

Several vulnerabilities have been discovered in lighttpd, a small and fast webserver with minimal memory footprint. - CVE-2011-4362 Xi Wang discovered that the base64 decoding routine which is used to decode user input during an HTTP authentication, suffers of a signedness issue when processing...

jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409)

A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer such as Nautilus to crash or, potentially, execute arbitrary cod...

Google Chrome Multiple Vulnerabilities - November11 (Mac OS X)

The host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulnnov11macosx.nasl 7044 2017-09-01 11:50:59Z teissa $ Google Chrome Multiple Vulnerabilities - November11 Mac OS X Authors: Rachana Shetty Copyright: Copyright c...

Google Chrome Multiple Vulnerabilities (Nov 2011) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Chrome Multiple Vulnerabilities (Nov 2011) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...