[SECURITY] Fedora 21 Update: suricata-2.0.6-1.fc21

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

Fedora 21 : python-pillow-2.6.1-2.fc21 (2015-0667)

This update fixes a potential denial-of-service during PNG decompression. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

DEBIAN-CVE-2014-9601

Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed...

PYSEC-2015-16

Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed...

miniunzip 'minizip.c' Directory Traversal Vulnerability

miniunzip is a decompression program. A directory traversal vulnerability exists in miniunzip 'minizip.c' when processing compressed files, allowing an attacker to exploit the vulnerability to overwrite system files...

Apache HTTP Server mod_deflate Denial of Service - Ver2 (CVE-2014-0118)

A denial of service vulnerability exists in Apache HTTP server. The vulnerability exists in the moddeflate module and is due to a resource exhaustion that is related to request body decompression configuration. A remote, unauthenticated attacker can leverage this vulnerability by sending a...

python2: multiple issues

CVE-2013-1752 denial of service Multiple unbound readline flaws in python stdlib were found, which can lead to excessive memory usage if a malicious or broken server sends excessively long lines without any line breaks. - CVE-2013-1753 denial of service The XMLRPC library is vulnerable to...

Next Generation Snort IPS: Snort3

The Snort++ project has been hard at work for a while now and we have released the third alpha of the next generation Snort IPS Intrusion Prevention System. This file will show you what Snort++ has to offer and guide you through the steps from download to demo. If you are unfamiliar with Snort yo...

USN-2420-1 linux vulnerabilities

A flaw was discovered in how the Linux kernel's KVM Kernel Virtual Machine subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service kill arbitrary processes, or system disruption by leveraging /dev/kvm access...

UBUNTU-CVE-2014-0250

Multiple integer overflows in client/X11/xfgraphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the 1 xfPointerNew or 2 xfBitmapDecompress function, which causes an incorrect amount of memory to be allocated...

WinZip Unsupported Version Detection

According to its self-reported version number, the installation of WinZip on the remote Windows host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. C Tenabl...

[SECURITY] Fedora 19 Update: lzo-2.08-1.fc19

LZO is a portable lossless data compression library written in ANSI C. It offers pretty fast compression and very fast decompression. Decompression requires no memory. In addition there are slower compression levels achieving a quite competitive compression ratio while still decompressing at this...

Amazon Linux AMI : httpd24 (ALAS-2014-389)

A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cause the httpd chi...

[SECURITY] Fedora 20 Update: suricata-2.0.4-1.fc20

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

[SECURITY] Fedora 21 Update: suricata-2.0.4-1.fc21

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

Mandriva Linux Security Advisory : dump (MDVSA-2014:181)

Updated dump packages fix security vulnerability : An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The dump package is bui...

Apache HTTP Server mod_deflate Denial of Service (CVE-2014-0118)

A denial of service vulnerability exists in Apache HTTP server. The vulnerability exists in the moddeflate module and is due to a resource exhaustion that is related to request body decompression configuration. A remote, unauthenticated attacker can leverage this vulnerability by sending a...

ZTE ZXDSL-931VII - Configuration Dump

Exploit Title: ZTE ZXDSL-931VII Unauthenticated Configuration Dump Google Dork: use your imagination Date: 09-12-2014 Exploit Author: L0ukanik0sGR Vendor Homepage: www.zte.com.cn Software Link:...

Updated dump package fix CVE-2014-4607

Updated dump packages fix security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The dump package is buil...

Mandriva Linux Security Advisory : libvncserver (MDVSA-2014:168)

An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The libvncserver library is built with a bundled copy of minilzo, which is...