CVE-2012-5144

Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service stack memory corruption or possibly have unspecified other impact via vectors related to "an off-by-one overwrit...

CVE-2012-5144

CVE-2012-5144 affects Google Chrome up to 23.0.1271.97 and Libav branches: 0.7.x before 0.7.7 and 0.8.x before 0.8.5. Root cause: an off-by-one overwrite when switching to the LTP profile from MAIN during AAC decoding. Impact: remote denial of service via stack memory corruption and potentially u...

CVE-2012-5144

Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service stack memory corruption or possibly have unspecified other impact via vectors related to "an off-by-one overwrit...

Critical Vulnerability Fixed in Chrome 23

It’s Patch Tuesday, and not just for Microsoft and Adobe. Google also patched a number of security vulnerabilities in its Chrome browser today, including one critical flaw and three high-severity ones. The most serious vulnerability that Google fixed in Chrome 23 is a crash in the browser’s histo...

kernel: nfs4_getfacl decoding kernel oops

The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service OOPS by sending an excessive number of bitmap words...

FreeBSD : mozilla -- multiple vulnerabilities (d23119df-335d-11e2-b64c-c8600054b392)

The Mozilla Project reports : MFSA 2012-91 Miscellaneous memory safety hazards rv:17.0/ rv:10.0.11 MFSA 2012-92 Buffer overflow while rendering GIF images MFSA 2012-93 evalInSanbox location context incorrectly applied MFSA 2012-94 Crash when combining SVG text on path with CSS MFSA 2012-95...

Mozilla: Improper character decoding in HZ-GB-2312 charset (MFSA 2012-101)

The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a tilde character in proximity to a chunk delimiter, which allows remote...

FreeBSD : weechat -- Crash or freeze when decoding IRC colors in strings (e02c572f-2af0-11e2-bb44-003067b2972c)

Sebastien Helleu reports : A buffer overflow is causing a crash or freeze of WeeChat when decoding IRC colors in strings. Workaround for a non-patched version : /set irc.network.colorsreceive off %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Chrome 23 Released, 14 vulnerabilities patched

Google today released Chrome version 23 to the Stable Channel. 23.0.1271.64 for Windows, Mac, Linux, and Chrome Frame. Update includes patch for 12 vulnerabilities in the Windows version and two vulnerabilities in Mac OS X version. Chrome 23 is the support of the Do Not Track DNT protocol, number...

Ubuntu Update for exim4 USN-1618-1

Ubuntu Update for Linux kernel vulnerabilities USN-1618-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN16181.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for exim4 USN-1618-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

Ubuntu: Security Advisory (USN-1618-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1618-1: Exim vulnerability

It was discovered that Exim incorrectly handled DKIM DNS decoding. This flaw could allow a remote attacker to execute arbitrary code...

CVE-2012-5238

epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of 1 PPP and 2 LCP data, which allows remote attackers to cause a denial of service assertion failure and application exit via a malformed packet...

Tech-ex 6. x - 7.06 SQL injection vulnerability-vulnerability warning-the black bar safety net

Author:my5t3ry Reprinted please specify: t00ls. The vulnerability is located in the registration page\User\Reg\RegAjax. asp 2 4 - 4 6-row and 2 5 4 -270 lines of code as follows: Code omitted.... and The above code in the Province=UnEscapeKS. S"Province" call a custom function KS. S were filtered...

Libtasn1: Denial of service

Background Libtasn1 is a library used to parse ASN.1 Abstract Syntax Notation One objects, and perform DER Distinguished Encoding Rules decoding. Description Libtasn1 does not properly handle length fields when performing DER decoding. Impact A remote attacker could entice a user to open a...

RealNetworks RealPlayer Multiple Vulnerabilities - Sep12 (Windows)

This host is installed with RealPlayer which is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbrealplayermultvulnsep12win.nasl 5940 2017-04-12 09:02:05Z teissa $ RealNetworks RealPlayer Multiple Vulnerabilities - Sep12 Windows Authors: Rachana Shetty Copyright: Copyright c...

CVE-2012-2408

The AAC SDK in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted AAC file that is not properly handled...

To bypass the wisdom to create online waf to continue injection-vulnerability warning-the black bar safety net

Wisdom web site professional-grade firewall in some web environments, can be bypassed Detail Description: with various tools, resulting in the web exploit very easy, and web programmer many not all web vulnerabilities are very understanding, and training cost also is very high, therefore, some...

CVE-2012-2772

Unspecified vulnerability in the ffrv34decodeframe function in libavcodec/rv34.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing with frame threading."...

Design/Logic Flaw

Unspecified vulnerability in the decodeframe function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an invalid "gop header" and decoding in a "half initialized context."...