Debian Security Advisory DSA 3365-1 (iceweasel - security update)

Multiple security issues have been found in Iceweasel, Debian OpenVAS Vulnerability Test $Id: deb3365.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3365-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2015 Greenbone Networks Gm...

Debian: Security Advisory (DSA-3365-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

squid -- TLS/SSL parser denial of service vulnerability

Amos Jeffries, release manager of the Squid-3 series, reports: Vulnerable versions are 3.5.0.1 to 3.5.8 inclusive, which are built with OpenSSL and configured for "SSL-Bump" decryption. Integer overflows can lead to invalid pointer math reading from random memory on some CPU architectures. In the...

Updated pcre packages fix security vulnerabilities

Updated pcre packages fix security vulnerabilities: The pcre package has been updated to the latest CVS as of September 2, 2015, aka 8.38-RC1, which fixes several bugs, including many buffer, stack, and integer overflows...

MGASA-2015-0343 Updated pcre packages fix security vulnerabilities

Updated pcre packages fix security vulnerabilities: The pcre package has been updated to the latest CVS as of September 2, 2015, aka 8.38-RC1, which fixes several bugs, including many buffer, stack, and integer overflows...

Updated squashfs-tools packages fix security vulnerabilities

Updated squashfs-tools package fixes security vulnerabilities: The unsquashfs command from squashfs-tools is vulnerable to integer CVE-2015-4645 and stack CVE-2015-4646 overflows...

FreeBSD : gdk-pixbuf2 -- integer overflows (ed0ecad5-531d-11e5-9850-bcaec565249c)

Matthias Clasen reports : Fix several integer overflows. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and contributors Redistribution and use in sour...

Amazon Linux: Security Advisory (ALAS-2014-403)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

gdk-pixbuf2 -- integer overflows

Matthias Clasen reports: Fix several integer overflows...

Firefox browser’s vulnerabilities that allow a hacker to execute arbitrary code

Multiple vulnerabilities in the libstagefright library of the Firefox browser are related to integer overflows. Exploitation of these vulnerabilities could allow a malicious actor to execute arbitrary code remotely, using a specially crafted MPEG-4 video file header...

CVE-2015-6525

Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the 1 evbufferadd, 2 evbufferprepend, 3 evbufferexpand...

CVE-2015-6525

Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the 1 evbufferadd, 2 evbufferprepend, 3 evbufferexpand...

CVE-2015-6525

Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the 1 evbufferadd, 2 evbufferprepend, 3 evbufferexpand...

CVE-2015-6525

Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the 1 evbufferadd, 2 evbufferprepend, 3 evbufferexpand...

CVE-2014-6272

Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the 1 evbufferadd, 2...

CVE-2014-6272

Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the 1 evbufferadd, 2...

Ubuntu: Security Advisory (USN-2702-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : Firefox regression (USN-2702-3)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2702-3 advisory. USN-2702-1 fixed vulnerabilities in Firefox. After upgrading, some users in the US reported that their default search engine switched to Yahoo. This update fixes...

USN-2702-3: Firefox regression

USN-2702-1 fixed vulnerabilities in Firefox. After upgrading, some users in the US reported that their default search engine switched to Yahoo. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Gary Kwong, Christian Holler, Byron Campen, Tyson Smith,...

Mozilla Firefox Multiple Vulnerabilities (Aug 2015) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...