FreeBSD : wireshark -- multiple vulnerabilities (42c2c422-df55-11e5-b2bd-002590263bf5)

Wireshark development team reports : The following vulnerabilities have been fixed : - wnpa-sec-2015-31 NBAP dissector crashes. Bug 11602, Bug 11835, Bug 11841 - wnpa-sec-2015-37 NLM dissector crash. - wnpa-sec-2015-39 BER dissector crash. - wnpa-sec-2015-40 Zlib decompression crash. Bug 11548 -...

botan: multiple issues

CVE-2016-2194 denial of service The ressol function implements the Tonelli-Shanks algorithm for finding square roots could be sent into a nearly infinite loop due to a misplaced conditional check. This could occur if a composite modulus is provided, as this algorithm is only defined for primes...

PT-2018-12658

Name of the Vulnerable Software and Affected Versions libmspack versions prior to 0.7alpha Description An issue was discovered in the CHM decompression functionality of libmspack, specifically in the mspack/chmd.c file. The problem lies in an off-by-one error within the TOLOWER macro...

PowerDNS Authoritative Server 3.x < 3.4.5 Label Decompression Self-Referential Name Handling DoS

According to its self-reported version number, the version of the PowerDNS Authoritative Server listening on the remote host is version 3.x prior to 3.4.5. It is, therefore, affected by a denial of service vulnerability due to improper validation of user-supplied input when handling...

Samsung Android 5. 0 device WifiCredService remote code execution-vulnerability warning-the black bar safety net

The vulnerability is in a few months ago is Google Project Zero and the Quarkslab team found, has only recently been disclosed. The vulnerability only requires the user to browse a website or download a mail attachment or by the basic will not have any rights of a third party malicious programs c...

RHEL 7 : python (RHSA-2015:2101)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:2101 advisory. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes...

python: XMLRPC library unrestricted decompression of HTTP responses using gzip enconding

It was discovered that the Python xmlrpclib did not restrict the size of a gzip compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory...

wireshark: The WCP dissector could crash while decompressing data (wnpa-sec-2015-07)

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet that is improperly...

PowerDNS Recursor and Authoritative Server Denial of Service Vulnerabilities

PowerDNS Recursor, Authoritative Server are both products of the Dutch company PowerDNS.PowerDNS Recursor is a domain name resolution server.PowerDNS Authoritative Server is a DNS server. A security vulnerability exists in the label decompression feature of PowerDNS Recursor and Authoritative...

CVE-2015-5470

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative Auth Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service CPU consumption or crash via a request with a long name that refers to itself. NOTE...

CVE-2015-5470

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative Auth Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service CPU consumption or crash via a request with a long name that refers to itself. NOTE...

Design/Logic Flaw

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative Auth Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service CPU consumption or crash via a request with a long name that refers to itself. NOTE...

UBUNTU-CVE-2015-5470

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative Auth Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service CPU consumption or crash via a request with a long name that refers to itself. NOTE...

CVE-2015-5470

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative Auth Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service CPU consumption or crash via a request with a long name that refers to itself. NOTE...

Info-ZIP UnZip Heap Buffer Overflow Vulnerability

Info-ZIP UnZip is a set of Unix-based tools for decompressing the ".zip" file format. Info-ZIP UnZip suffers from a heap buffer overflow vulnerability that allows an attacker to construct a special decompression file containing a password that can be parsed by an application, crashing the...

Oracle: Security Advisory (ELSA-2011-1154)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-4471

Off-by-one error in the lzxddecompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service buffer under-read and application crash via a crafted CAB archive...

DEBIAN-CVE-2015-4471

Off-by-one error in the lzxddecompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service buffer under-read and application crash via a crafted CAB archive...

DEBIAN-CVE-2014-9732

The cabdextract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted CAB...

python: XMLRPC library unrestricted decompression of HTTP responses using gzip enconding

It was discovered that the Python xmlrpclib did not restrict the size of a gzip compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory...