Fedora Update for perl-IPTables-Parse FEDORA-2015-240

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 21 Update: perl-IPTables-Parse-1.5-2.fc21

The IPTables::Parse package provides an interface to parse iptables rules on Linux systems through the direct execution of iptables commands, or from parsing a file that contains an iptables policy listing. You can get the current policy applied to a table/chain, look for a specific user-defined...

Fedora Update for perl-IPTables-Parse FEDORA-2015-30

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 22 Update: perl-IPTables-Parse-1.5-2.fc22

The IPTables::Parse package provides an interface to parse iptables rules on Linux systems through the direct execution of iptables commands, or from parsing a file that contains an iptables policy listing. You can get the current policy applied to a table/chain, look for a specific user-defined...

[SECURITY] Fedora 23 Update: perl-IPTables-Parse-1.5-2.fc23

The IPTables::Parse package provides an interface to parse iptables rules on Linux systems through the direct execution of iptables commands, or from parsing a file that contains an iptables policy listing. You can get the current policy applied to a table/chain, look for a specific user-defined...

Regular Expression Denial of Service

Overview Versions of uglify-js prior to 2.6.0 are affected by a regular expression denial of service vulnerability when malicious inputs are passed into the parse method. Proof of Concept var u = require'uglify-js'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = resu...

FreeSWITCH Heap Buffer Overflow Vulnerability

FreeSWITCH is a free, open source communications software developed by American software developer Anthony Minessale. A heap buffer overflow vulnerability exists in the 'parsestring' function in the libs/esl/src/esljson.c file in FreeSWITCH versions 1.4.21 and earlier, and version 1.6.0. A remote...

MaraDNS 'parse/ParseMaraRc.c' Denial of Service Vulnerability

MaraDNS is a secure DNS server developed by American software developer Sam Trenholme. A denial of service vulnerability exists in MaraDNS. An attacker could exploit this vulnerability to cause a denial of service...

DEBIAN-CVE-2014-9745

The parseencoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service infinite loop via a "broken number-with-base" in a Postscript stream, as demonstrated by 8garbage...

YesWiki 0.2 - 'squelette' Directory Traversal

Exploit Title: YESWIKI 0.2 - Path Traversal Date: 2015-09-02 Exploit Author: HaHwul Exploit Author Blog: http://www.codeblack.net Vendor Homepage: http://yeswiki.net Software Link: https://github.com/YesWiki/yeswiki Version: yeswiki 0.2 Tested on: Debian Wheezy CVE : none...

Mozilla: Redefinition of non-configurable JavaScript object properties (MFSA 2015-82)

Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method...

UBUNTU-CVE-2015-4493

Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to...

UBUNTU-CVE-2015-4478

Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method...

CVE-2015-3836

The Parsewave function in arm-wt-22k/libsrc/easmdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow via crafted XMF...

UBUNTU-CVE-2015-5621

The snmppduparse function in snmpapi.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmpvariablelist item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted packet...

UBUNTU-CVE-2015-5522

Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service crash via vectors involving a command character in an href...

php: memory corruption in phar_parse_tarfile caused by empty entry file name

An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened...

OpenSSL: out-of-bounds read in X509_cmp_time

An out-of-bounds read flaw was found in the X509cmptime function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL Certificate Revocation List, which when parsed by an application would cause...

php: memory corruption in phar_parse_tarfile caused by empty entry file name

An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened...

PHP phar_parse_tarfile() function integer underflow vulnerability

PHP is a general-purpose web programming language. An integer underflow vulnerability exists in the PHP pharparsetarfile function, which allows remote attackers to construct a special Phar file that can be parsed by an application to trigger an overflow and execute arbitrary code...