2153 matches found
Integer overflow
Integer overflow in the ffiviinitplanes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service out-of-bounds heap-memory access or possibly have unspecified other impact via crafted image dimensions in...
CVE-2015-8364
Integer overflow in the ffiviinitplanes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service out-of-bounds heap-memory access or possibly have unspecified other impact via crafted image dimensions in...
CVE-2015-8364
CVE-2015-8364 is a vulnerability in FFmpeg’s libavcodec/ivi.c (ff_ivi_init_planes) where an integer overflow can occur due to crafted Indeo Video Interactive dimensions. Affected FFmpeg branches include 2.6 before 2.6.5, 2.7.x before 2.7.3, and 2.8.x before 2.8.2. The issue enables remote attacke...
CVE-2015-8364
Integer overflow in the ffiviinitplanes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service out-of-bounds heap-memory access or possibly have unspecified other impact via crafted image dimensions in...
CVE-2015-8364
Integer overflow in the ffiviinitplanes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service out-of-bounds heap-memory access or possibly have unspecified other impact via crafted image dimensions in...
openssh security, bug fix, and enhancement update
6.6.1p1-22 - Use the correct constant for glob limits 1160377 6.6.1p1-21 - Extend memory limit for remote glob in sftp acc. to stat limit 1160377 6.6.1p1-20 - Fix vulnerabilities published with openssh-7.0 1265807 - Privilege separation weakness related to PAM support - Use-after-free bug related...
RHEL 7 : openssh (RHSA-2015:2088)
Updated openssh packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...
Moderate: Red Hat Security Advisory: openssh security, bug fix, and enhancement update
Updated openssh packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...
openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices
It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks...
IBM System Networking Switch Center ZipDownload.jsp Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose information on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability. The specific flaws exist within the IBM SNSC Web Service, which listens by default on ports 40080 HT...
Twittor - A fully featured backdoor that uses Twitter as a C&C server
A stealthy Python based backdoor that uses Twitter Direct Messages as a command and control server This project has been inspired by Gcat which does the same but using a Gmail account. Setup For this to work you need: A Twitter account Use a dedicated account! Do not use your personal one! Regist...
[SECURITY] [DLA 288-2] openssh regression update
Package : openssh Version : 1:5.5p1-6+squeeze7 CVE ID : CVE-2015-5600 In Debian LTS squeeze, the fix for CVE-2015-56001 in openssh 1:5.5p1-6+squeeze7 breaks authentication mechanisms that rely on the keyboard-interactive method. Thanks to Colin Watson for making aware of that. The patch fixing...
DLA-288-2 openssh - regression update
Bulletin has no description...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
OpenSSH MaxAuthTries Bypass
The remote SSH server is affected by a security bypass vulnerability due to a flaw in the keyboard-interactive authentication mechanisms. The kbdintnextdevice function in auth2-chall.c improperly restricts the processing of keyboard-interactive devices within a single connection. A remote attacke...
User Friendly Interactive Shell: Fish
Fish is a smart and user-friendly command line shell for OS X, Linux, and the rest of the family. fish includes features like syntax highlighting, autosuggest-as-you-type, and fancy tab completions that just work, with no configuration required. FISH is designed to work with any other shell like...
Linux Memory Scanner: scanmem
Linux Memory Scanner scanmem is a debugging utility designed to isolate the address of an arbitrary variable in an executing process. scanmem simply needs to be told the pid of the process, and the value of the variable at several different times. After several scans of the process, scanmem...
[SECURITY] Fedora 22 Update: ipython-2.4.1-8.fc22
IPython provides a replacement for the interactive Python interpreter with extra functionality. Main features: Comprehensive object introspection. Input history, persistent across sessions. Caching of output results during a session with automatically generated references. Readline based name...
OpenSSH keyboard-interactive authentication brute force vulnerability
OpenSSH(OpenBSD Secure Shell)是OpenBSD计划组所维护的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现,支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 6.9及之前版本的sshd中的auth2-chall.c文件中的‘kbdintnextdevice’函数存在安全漏洞。远程攻击者利用该漏洞可借助ssh -oKbdInteractiveDevices选项中较长且重复的列表实施暴力破解攻击,或造成拒绝服务(CPU消耗)。 ---snip--- diff...
Device Inspector v1.5 iOS - Command Inject Vulnerabilities
Document Title: =============== Device Inspector v1.5 iOS - Command Inject Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1558 Release Date: ============= 2015-08-07 Vulnerability Laboratory ID VL-ID: ====================================...