cURL and libcurl smb_request_state function information disclosure vulnerability

cURL/libcURL is a command line file transfer tool that supports FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. A security vulnerability in the cURL and libcurl smbrequeststate functions allows remote attackers to conduct denial-of-service attacks by submitting requests of a speciall...

DEBIAN-CVE-2015-3237

The smbrequeststate function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service out-of-bounds read and crash via crafted length and offset values...

Out-of-bounds

The smbrequeststate function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service out-of-bounds read and crash via crafted length and offset values...

CVE-2015-3237

The smbrequeststate function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service out-of-bounds read and crash via crafted length and offset values...

CVE-2015-3237

The smbrequeststate function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service out-of-bounds read and crash via crafted length and offset values...

python: buffer() integer overflow leading to out of bounds read

An integer overflow flaw was found in the way the buffer function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash...

DEBIAN-CVE-2015-3809

The dissectlbmrpser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service infinite loop via a crafted packet...

UBUNTU-CVE-2015-3809

The dissectlbmrpser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service infinite loop via a crafted packet...

Out-of-bounds

The osiprintcksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service out-of-bounds read and crash via a crafted 1 length, 2 offset, or 3 base pointer checksum value...

Debian Security Advisory DSA 3170-1 (linux - security update)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation. CVE-2013-7421 / CVE-2014-9644 It was discovered that the Crypto API allowed unprivileged users to load arbitrary kernel modules. A local user can use...

DEBIAN-CVE-2014-9668

The woffopenfont function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service integer overflow and heap-based buffer overflow or possibly have unspecified other impact via ...

DEBIAN-CVE-2014-9667

sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service integer overflow and out-of-bounds read or possibly have unspecified other impact via a crafted SFNT table...

DEBIAN-CVE-2014-9496

The sd2parsersrcfork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a 1 map offset or 2 rsrc marker, which triggers an out-of-bounds read...

Out-of-bounds

The sd2parsersrcfork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a 1 map offset or 2 rsrc marker, which triggers an out-of-bounds read...

UBUNTU-CVE-2014-4322

drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or...

Scientific Linux Security Update : glibc on SL7.x x86_64 (20141218)

It was found that the wordexp function would perform command substitution even when the WRDENOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp function, and not sanitizing the input correctly, could potentially use this flaw to execut...

Adobe Shockwave Player <= 11.5.7.609 (APSB10-20) (Mac OS X)

The remote Mac OS X host contains a version of Adobe Shockwave Player that is 11.5.7.609 or earlier. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist that allow arbitrary code execution. CVE-2010-2863, CVE-2010-2864, CVE-2010-2866, CVE-2010-2869,...

DEBIAN-CVE-2014-8135

The storageVolUpload function in storage/storagedriver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service NULL pointer dereference and daemon crash via a crafted offset value in a "virsh vol-upload" command...

CVE-2014-7840

The hostfromstreamoffset function in archinit.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted 1 offset or 2 length value in savevm data...

xorg-x11-server: out of bounds access due to not validating length or offset values in XC-MISC extension

Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server...