Pillow -- multiple vulnerabilities

Pillow reports: Pillow prior to 3.3.2 may experience integer overflow errors in map.c when reading specially crafted image files. This may lead to memory disclosure or corruption. Pillow prior to 3.3.2 and PIL 1.1.7 at least do not check for negative image sizes in ImagingNew in Storage.c. A...

HP Integrated Lights-Out Information Disclosure Vulnerability (CNVD-2016-07089)

HP Integrated Lights-Out is used for remote management of servers. An information disclosure vulnerability exists in HP Integrated Lights-Out. A remote attacker could exploit this vulnerability to cause information disclosure via TLS CBC Padding and MAC errors...

The vulnerability of Kaspersky Internet Security’s antivirus protection allows a hacker to trigger a service failure.

The vulnerability of the KLIF driver in Kaspersky Internet Security’s antivirus protection system exists due to errors in the filtering of system calls. Exploiting this vulnerability could allow a malicious actor, operating locally, to cause a service failure by sending the API call...

Vulnerability of the Windows operating system, allowing a perpetrator to execute arbitrary code

The vulnerability of the Windows operating system’s print queue dispatcher is related to security configuration errors. Exploiting this vulnerability allows a perpetrator performing a “man-in-the-middle” attack to execute arbitrary code using a specially crafted print driver during printer...

The vulnerability of the Windows operating system, which allows a perpetrator to obtain confidential information

The vulnerability of the Windows operating system’s kernel is related to the improper handling of system call errors during page faults. Exploiting this vulnerability can allow an attacker, operating locally, to obtain confidential information through a specially created application...

DSA-3647-1 icedove - security update

Bulletin has no description...

CVE-2016-3827

codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service device hang or reboot via a crafted media file, aka internal bug 28816956...

CVE-2016-3827

codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service device hang or reboot via a crafted media file, aka internal bug 28816956...

Design/Logic Flaw

codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service device hang or reboot via a crafted media file, aka internal bug 28816956...

UBUNTU-CVE-2016-3827

codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service device hang or reboot via a crafted media file, aka internal bug 28816956...

CVE-2016-3827

codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service device hang or reboot via a crafted media file, aka internal bug 28816956...

CVE-2016-3827

codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service device hang or reboot via a crafted media file, aka internal bug 28816956...

CVE-2016-6145

The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailederroronconnect option is not supported or is configured as "False," which allows remote attackers to enumerat...

[SECURITY] [DSA 3640-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3640-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 03, 2016 https://www.debian.org/security/faq -...

CURL-CVE-2016-5420 Reusing connections with wrong client cert

libcurl did not consider client certificates when reusing TLS connections. libcurl supports reuse of established connections for subsequent requests. It does this by keeping a few previous connections "alive" in a connection pool so that a subsequent request that can use one of them instead of...

The vulnerability of the Android operating system allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the decoder/ih264dapi.c file in the Android operating system’s media server is related to initialization errors in the data structures. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure memory corruption by using a...

Debian Security Advisory DSA 3640-1 (firefox-esr - security update)

Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code, cross-site scriping, information disclosure and bypass of the same-origin policy. OpenVAS...

DSA-3640-1 firefox-esr - security update

Bulletin has no description...

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the libpng library in the Android operating system is related to errors in the code. Exploiting this vulnerability can allow a malicious actor, operating remotely, to increase their privileges through a specially created application...

DLA-572-1 icedove - security update

Bulletin has no description...