ABC2PS/JCABC2PS 1.2 Voice Field Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12024/info abc2ps and jcabc2ps are prone to a buffer overflow vulnerability. This issue is exposed when the program is used to process the voice field in ABC music notation files. Since the ABC files may originate from an...

CentOS Update for libtasn1 CESA-2014:0596 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 20 Update: libtasn1-3.6-1.fc20

A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding func tions...

UBUNTU-CVE-2013-6401

Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted JSON document...

rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013- 0155)

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...

[SECURITY] Fedora 18 Update: php-symfony2-PropertyAccess-2.2.10-1.fc18

The PropertyAccess component provides function to read and write from/to an object or array using a simple string notation...

CVE-2013-3861

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service application crash or hang via crafted character sequences in JSON data, aka "JSON Parsing Vulnerability."...

UBUNTU-CVE-2013-5018

The isasn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1length function, which allows remote attackers to cause a denial of service segmentation fault via a 1 XAuth username, 2 EAP identity, or 3 PEM encoded file that starts with a 0x04, 0x30,...

Fedora Update for nodejs-asn1 FEDORA-2013-11780

Check for the Version of nodejs-asn1 OpenVAS Vulnerability Test Fedora Update for nodejs-asn1 FEDORA-2013-11780 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Ruby on Rails Patches DoS, Remote Execution Flaws

Web app framework Ruby on Rails patched two security flaws this week in the open source framework that could have led to denial of service attacks and remote execution vulnerabilities. With builds 3.2.12, 3.1.11 and 2.3.17, the framework fixed a serialized attributes YAML vulnerability...

Moderate: Red Hat Security Advisory: nss and nspr security, bug fix, and enhancement update

Updated nss and nspr packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...

DEBIAN-CVE-2012-0441

The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services NSS before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a...

libtasn1: DER decoding buffer overflow (GNUTLS-SA-2012-3, MU-201202-02)

The asn1getlengthder function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service heap memory corruption and application crash or possibly ha...

targets-asn NSE Script

Produces a list of IP prefixes for a given routing AS number ASN. This script uses a whois server database operated by the Shadowserver Foundation. We thank them for granting us permission to use this in Nmap. Output is in CIDR notation. Script Arguments targets-asn.whoisport The whois port to us...

SOL12650 - PHP vulnerability CVE-2010-4645

The strtod.c function may allow context-dependent attackers to cause a denial-of-service via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers. Information about this advisory is available at the following location: Note: The previous link...

php: hang on numeric value 2.2250738585072011e-308 with x87 fpu

strtod.c, as used in the zendstrtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service infinite loop via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU...

Design/Logic Flaw

strtod.c, as used in the zendstrtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service infinite loop via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU...

CVE-2010-4645

strtod.c, as used in the zendstrtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service infinite loop via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU...

DCE-RPC Big Endian Evasion Technique

DCE/RPC stands for "Distributed Computing Environment / Remote Procedure Calls". It is a Remote Procedure Call system that allows software to work across multiple computers, as if it were all working on the same computer. This system allows programmers to write distributed software without having...

Spoofing

Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data using JavaScript Object Notation JSON without a mechanism for validating requests, which allows remote attackers to obtain sensitive information via vectors involving 1 admin/products.json, 2 admin/users.json, or 3...