CVE-2015-8872

The setfat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service invalid memory read and crash by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."...

qemu -- denial of service vulnerability in Rocker switch emulation

Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmittx descriptors in 'txconsume' routine, if a descriptor was to have more than allowed ROCKERTXFRAGSMAX=16...

CVE-2015-7924

eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...

Medium: krb5

Issue Overview: A flaw was found in the OTP kdcpreauth module of MIT Kerberos. A remote attacker could use this flaw to bypass the requirespreauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line...

EUVD-2015-7703

Off-by-one error in the pharparsezipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service uninitialized pointer dereference and application crash by including the / filename in a .zip PHAR archive...

Stack overflow

Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which trigger...

SUSE SLED11 Security Update : cabextract (SUSE-SU-2015:2131-1)

This security update fixes the following issues : - Fix possible infinite loop caused DoS bsc919283, CVE-2014-9556 - Fix zero dereference bsc934524, CVE-2014-9732 - Fix off by one bsc934527, CVE-2015-4470 - Fix buffer under-read crash bsc934528, CVE-2015-4471 Note that Tenable Network Security ha...

Debian DLA-355-1 : libxml2 security update

CVE-2015-8241 Buffer overread with XML parser in xmlNextChar CVE-2015-8317 - issues in the xmlParseXMLDecl function: If we fail conversing the current input stream while processing the encoding declaration of the XMLDecl then it's safer to just abort there and not try to report further errors. - ...

[SECURITY] [DLA 355-1] libxml2 security update

Package : libxml2 Version : 2.7.8.dfsg-2+squeeze15 CVE ID : CVE-2015-8241 CVE-2015-8317 Debian Bug : 806384 CVE-2015-8241 Buffer overread with XML parser in xmlNextChar CVE-2015-8317 - issues in the xmlParseXMLDecl function: If we fail conversing the current input stream while processing the...

DLA-355-1 libxml2 - security update

Bulletin has no description...

CVE-2015-0860

Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which trigger...

wireshark: The pcapng file parser could crash (wnpa-sec-2015-08)

Off-by-one error in the pcapngread function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service out-of-bounds read and application crash via an invalid Interface Statistics Block ISB interfa...

SUSE-SU-2015:1983-1 Security update for squid

squid was updated to fix two security issues. These security issues were fixed: - CVE-2014-6270: Fixed an off by one in snmp subsystem bsc895773. - CVE-2014-9749: Fixed a nonce replay vulnerability in Digest authentication bsc949942...

F5 Networks BIG-IP : NTP vulnerability (K17566)

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted 'KOD' messages. CVE-2015-7704 Impact An off-path attacker can send a crafted Kiss of Death KoD packet to the client, which will increase the client's...

CVE-2007-1886

Integer overflow in the strreplace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off by one overflow."...

Tor Messenger

Tor Project launched its first beta version of Tor Messenger – its long-in-the-works, open source instant messenger client based on Instantbird. The Messenger is designed for both simplicity and privacy by default: It integrates the “Off-the-Record” OTR protocol to encrypt messages and routes the...

ntp: multiple issues

CVE-2015-7871 authentication bypass An error handling logic error exists within ntpd that manifests due to improper error condition handling associated with certain crypto-NAK packets. An unauthenticated, off-path attacker can force ntpd processes on targeted servers to peer with time sources of...

NAK to the Future: NTP Symmetric Association Authentication Bypass Vulnerability

Talos Vulnerability Report TALOS-2015-0069 NAK to the Future: NTP Symmetric Association Authentication Bypass Vulnerability October 21, 2015 CVE Number CVE-2015-7871 Summary Unauthenticated off-path attackers can force ntpd processes to peer with malicious time sources of the attacker’s choosing...

Amazon Linux AMI : libunwind (ALAS-2015-600)

An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory...

Amazon Linux: Security Advisory (ALAS-2015-600)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...