Debian DSA-3646-1 : postgresql-9.4 - security update

Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. - CVE-2016-5423 Karthikeyan Jambu Rajaraman discovered that nested CASE-WHEN expressions are not properly evaluated, potentially leading to a crash or allowing to disclose portions of server memory. - CVE-2016-5424...

[SECURITY] [DSA 3646-1] postgresql-9.4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3646-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 11, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3646-1 (postgresql-9.4 - security update)

Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2016-5423 Karthikeyan Jambu Rajaraman discovered that nested CASE-WHEN expressions are not properly evaluated, potentially leading to a crash or allowing to disclose portions of server memory. CVE-2016-5424 Nath...

DSA-3646-1 postgresql-9.4 - security update

Bulletin has no description...

Vulnerability in core server (CVE-2016-5423)

Certain nested CASE/WHEN expressions can crash server...

PostgreSQL -- Denial-of-Service and Code Injection Vulnerabilities

PostgreSQL project reports: Security Fixes nested CASE expressions + database and role names with embedded special characters CVE-2016-5423: certain nested CASE expressions can cause the server to crash. CVE-2016-5424: database and role names with embedded special characters can allow code...

DEBIAN-CVE-2016-5259

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop...

Mozilla: Use-after-free in service workers with nested sync events (MFSA 2016-73)

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop...

UBUNTU-CVE-2016-5259

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop...

Cross-Site Scripting

Overview Affected versions of swagger-ui contain a cross-site scripting vulnerability in the key names of a specific nested object in the JSON document. Proof of Concept The vulnerable object structure is: "definitions": "arbitraryVal": "properties": "": "LoremIpsum" Malicious JSON documents can ...

CVE-2016-4463

Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD...

DEBIAN-CVE-2016-4463

Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD...

CVE-2016-4463

Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD...

Stack overflow

Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD...

UBUNTU-CVE-2016-4463

Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD...

CVE-2016-4463

Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD...

The vulnerability of the PHP interpreter, which allows a remote attacker to execute arbitrary code

The vulnerability of the PHP interpreter in the processnesteddata function ext/standard/varunserializer.re lies in the use of memory after it is freed. As a result of exploiting this vulnerability, a malicious actor who operates remotely can execute arbitrary code through a specially crafted...

xerces-c: denial of service

The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker...

Apache xerces-c stack buffer overflow vulnerability

Apache Xerces is an XML syntax parser from the Apache Software Foundation in the U.S. Apache Xerces-C is its language version. A stack buffer overflow vulnerability exists in xerces-c because the program fails to properly parse deeply nested DTDs, which can be exploited by a remote attacker to...

Medium: kernel

Issue Overview: A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitary kernel memory when unloading a kernel module. This action is usually restricted to root-priveledged users but can also be leveraged if the kernel...