php: Integer underflow causing arbitrary null write in fread/gzread

Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument...

Amazon Linux: Security Advisory (ALAS-2016-707)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2016-706)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : wpa_supplicant (openSUSE-2016-1104)

This update for wpasupplicant fixes the following issues : - CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding. bnc930077 - CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing. bnc930078 - CVE-2015-4143: EAP-pwd missing payload length validation...

SUSE SLED12 / SLES12 Security Update : wpa_supplicant (SUSE-SU-2016:2305-1)

This update for wpasupplicant fixes the following issues : - CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding. bnc930077 - CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing. bnc930078 - CVE-2015-4143: EAP-pwd missing payload length validation...

CVE-2014-9873

Integer underflow in drivers/char/diag/diagdci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 2013 devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR55686...

CVE-2014-9873

Integer underflow in drivers/char/diag/diagdci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 2013 devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR55686...

CVE-2014-9863

Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 2013 devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470...

CVE-2014-9873

CVE-2014-9873 describes an integer underflow in Qualcomm components, specifically in drivers/char/diag/diag_dci.c, affecting Android on Nexus 5 and Nexus 7 (2013) devices prior to 2016-08-05. The flaw allows a crafted application to gain privileges or access sensitive information via the affected...

CVE-2014-9863

The CVE-2014-9863 issue is a local privilege escalation in Android due to an integer underflow in the Qualcomm diag driver used on Nexus 5 and Nexus 7 (2013). A crafted app could exploit this to gain privileges or access sensitive data. Affected software is Android on Nexus devices prior to the 2...

CVE-2014-9873

Integer underflow in drivers/char/diag/diagdci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 2013 devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR55686...

CVE-2014-9863

Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 2013 devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470...

CVE-2014-9863

Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 2013 devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470...

CVE-2014-9873

Integer underflow in drivers/char/diag/diagdci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 2013 devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR55686...

CVE-2014-9863

Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 2013 devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470...

libpng: underflow read in png_check_keyword()

Integer underflow in the pngcheckkeyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG...

Cisco IOS XE libsrtp DoS (CSCux04317)

The remote Cisco IOS XE device is missing vendor-supplied security patches, and it is configured to use the Cisco Unified Border Element CUBE or Session Border Controller SBC features. It is, therefore, affected by an integer underflow condition in the Secure Real-Time Transport Protocol SRTP...

Cisco ASA libsrtp DoS (CSCux00686)

The remote Cisco Adaptive Security Appliance ASA is missing vendor-supplied security patches, and it is configured to use the Phone Proxy feature. It is, therefore, affected by an integer underflow condition in the Secure Real-Time Transport Protocol SRTP library due to improper validation of...

Amazon Linux AMI : php55 (ALAS-2016-707)

The following security-related issues were resolved : Out-of-bounds read in imagescale CVE-2013-7456 Integer underflow causing arbitrary null write in fread/gzread CVE-2016-5096 The pharmakedirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size...

MGASA-2016-0213 Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: In php-intl, geticuvalueinternal out-of-bounds read CVE-2016-5093. Integer Overflow in phphtmlentities CVE-2016-5094. Integer underflow / arbitrary null write in fread/gzread CVE-2016-5096. The php package has been updated to version 5.6.22, whic...