UBUNTU-CVE-2015-7804

Off-by-one error in the pharparsezipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service uninitialized pointer dereference and application crash by including the / filename in a .zip PHAR archive...

CVE-2015-7804

Off-by-one error in the pharparsezipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service uninitialized pointer dereference and application crash by including the / filename in a .zip PHAR archive...

Low: libunwind

Issue Overview: An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Affected Packages: libunwind Issue Correction: Run yum update libunwind or yum update --advisory ALAS-2015-600 to update your...

libunwind: denial of service

CVE-2015-3239 Unspecified Impact: Off-by-one error in the dwarftounwregnum function in include/dwarfi.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes...

CVE-2015-3829

CVE-2015-3829 is an Android Stagefright vulnerability caused by an off-by-one error in MPEG4Extractor::parseChunk (libstagefright) that can allow remote code execution or memory corruption via crafted MPEG-4 covr atoms with size SIZE_MAX. Affected software: Android versions prior to 5.1.1 LMY48I....

cURL / libcURL 7.x < 7.42.0 Multiple Vulnerabilities

Binary data 8863.prm...

libunwind: off-by-one in dwarf_to_unw_regnum()

An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usa...

libunwind: off-by-one in dwarf_to_unw_regnum()

An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usa...

Low: Red Hat Security Advisory: libunwind security update

Updated libunwind packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which...

Amazon Linux: Security Advisory (ALAS-2015-466)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-3239

Off-by-one error in the dwarftounwregnum function in include/dwarfi.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes...

UBUNTU-CVE-2015-3239

Off-by-one error in the dwarftounwregnum function in include/dwarfi.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes...

Code injection

Off-by-one error in the dwarftounwregnum function in include/dwarfi.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes...

CVE-2015-3239

CVE-2015-3239 affects libunwind 1.1 through multiple advisories, caused by an off-by-one error in dwarf_to_unw_regnum (include/dwarf_i.h). The issue can allow a local attacker to cause a denial of service or execute arbitrary code via invalid dwarf opcodes; IBM’s bulletin notes a heap-based overf...

74cms 20150817 设计缺陷导致8处不同文件注入(gpc=off)

简要描述： 直接出数据。 详细说明： http://download.74cms.com/download/74cmsv3.6beta20150817.zip 下载地址。 74cms的全局文件是include/common.inc.php 其中里面有 if !empty$GET $GET = help::addslashesdeep$GET; if !empty$POST $POST = help::addslashesdeep$POST; $COOKIE = help::addslashesdeep$COOKIE; $REQUEST =...

Low: Red Hat Security Advisory: libunwind security update

Updated libunwind packages that fix a security flaw are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

libunwind: off-by-one in dwarf_to_unw_regnum()

An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usa...

MySQL 5.5.x < 5.5.45 / 5.6.x < 5.6.26 Multiple Vulnerabilities

The version of MySQL running on the remote host is 5.5.x prior to 5.5.45 or 5.6.x prior to 5.6.26. It is, therefore, potentially affected by the following vulnerabilities : - A buffer overflow condition exists in mysqlslap due to improper validation of user-supplied input when parsing options. An...

DEBIAN-CVE-2015-5352

The x11openhelper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time...

Kernel: HID: off by one error in various _report_fixup routines

Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled HID reports with an invalid...