OpenSSL ASN.1 Signed Null Pointer Reference Vulnerability

OpenSSL is an open source implementation of SSL for strong encryption of network communications. OpenSSL has a security vulnerability that can be exploited by a remote attacker to send a special ASN.1 signed certificate that uses the RSA PSS algorithm but does not contain the MAST generator...

postgresql: stack overflow DoS when parsing json or jsonb inputs

A stack overflow flaw was discovered in the way the PostgreSQL core server processed certain JSON or JSONB input. An authenticated attacker could possibly use this flaw to crash the server backend by sending specially crafted JSON or JSONB input...

postgresql: stack overflow DoS when parsing json or jsonb inputs

A stack overflow flaw was discovered in the way the PostgreSQL core server processed certain JSON or JSONB input. An authenticated attacker could possibly use this flaw to crash the server backend by sending specially crafted JSON or JSONB input...

nss: ASN.1 decoder heap overflow when decoding constructed OCTET STRING that mixes indefinite and definite length encodings (MFSA 2015-133)

A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library...

Mozilla Firefox and Firefox ESR Network Security Services Heap Buffer Overflow Vulnerability

Mozilla Firefox is an open source web browser; Firefox ESR is an extended support version of Firefox.Mozilla Network Security Services NSS is a library of network security services. A buffer overflow vulnerability in the ASN.1 decoder used in Mozilla Firefox and Firefox ESR could allow an attacke...

nss: ASN.1 decoder heap overflow when decoding constructed OCTET STRING that mixes indefinite and definite length encodings (MFSA 2015-133)

A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library...

nss: use-after-poison in sec_asn1d_parse_leaf() (MFSA 2015-133)

A use-after-poison flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library...

PostgreSQL json or jsonb Data Denial of Service Vulnerability

PostgreSQL is an object-relational database management system that supports an extended subset of SQL standards. A security vulnerability exists in PostgreSQL that can be exploited by remote attackers to submit special json or jsonb data to crash the target service...

Heartbleed Vulnerability Scanner - Network Scanner for OpenSSL Memory Leak (CVE-2014-0160)

Heartbleed Vulnerability Scanner is a multiprotocol HTTP, IMAP, SMTP, POP CVE-2014-0160 scanning and automatic exploitation tool written with python. For scanning wide ranges automatically, you can provide a network range in CIDR notation and an output file to dump the memory of vulnerable system...

IBM OpenPages GRC Platform Security Restriction Bypass Vulnerability

IBM OpenPages GRC Platform is a suite of governance, risk and compliance platforms for managing enterprise risk and compliance challenges. The IBM OpenPages GRC Platform failed to perform adequate access checks on JSON requests, allowing a remote attacker to exploit a vulnerability to change user...

Red Hat OpenShift Origin API Server Denial of Service Vulnerability

Red Hat OpenShift Origin is an open source Platform as a Service PaaS product from Red Hat, Inc. A security vulnerability in the API server of Red Hat OpenShift Origin version 1.0.5 can be exploited by a remote attacker to cause a denial of service crash of the master process with specially craft...

JSON 'ActiveSupport::JSON.encode()' function cross-site scripting vulnerability

JSON is a lightweight data exchange language , it is a subset of Javascript , and the use of completely language-independent text format . A cross-site scripting vulnerability exists in JSON, which can be exploited by a remote attacker to construct a malicious URI and trick the user into parsing...

WebAssembly — New Standard for Powerful and Faster Web Apps

Google, Apple, Microsoft, and Mozilla have joined hands to create code for use in the future web browsers that promises up to 20 times faster performance. Dubbed WebAssembly or wasm for short, a project to create a new portable bytecode for the Web that will be more efficient for both desktop as...

F5 BIG-IP Application Security Manager JSON Content Handling ASM Filter Bypass Vulnerability

F5 BIG-IP is the application switch. The F5 BIG-IP Application Security Manager ASM JSON parser fails to properly filter URL-encoded content, allowing remote attackers to exploit a vulnerability to bypass security filters...

[SECURITY] Fedora 21 Update: libtasn1-4.4-1.fc21

A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding func tions...

openssl: ASN.1 structure reuse memory corruption

An out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. A remote attacker could possibly use a specially crafted ASN.1 structure that, when parsed by an application, would cause that application to crash...

Debian Security Advisory DSA 3056-1 (libtasn1-3 - security update)

Several vulnerabilities were discovered in libtasn1-3, a library that manages ASN1 Abstract Syntax Notation One structures. An attacker could use those to cause a denial-of-service via out-of-bounds access or NULL pointer dereference. OpenVAS Vulnerability Test $Id: deb3056.nasl 6750 2017-07-18...

nss: RSA PKCS#1 signature verification forgery flaw (MFSA 2014-73)

A flaw was found in the way NSS parsed ASN.1 Abstract Syntax Notation One input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS...

ABCPP 1.3 Directive Handler Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12021/info abcpp is prone to a buffer overflow vulnerability. This issue is exposed when the program is used to handle directives in ABC music notation files. Since the ABC files may originate from an external or untruste...

BRS WebWeaver 1.0 1 MKDir Directory Traversal Weakness

No description provided by source. source: http://www.securityfocus.com/bid/6585/info WebWeaver's FTP component has a flaw which can permit a remote user to create directories outside the FTP root. By executing the mkdir command on an ftp server with dot-dot-slash ..\ directory traversal notation...