DEBIAN-CVE-2017-6439

Heap-based buffer overflow in the parsestringnode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service out-of-bounds write via a crafted plist file...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write. Heap-based buffer overflow in the parsestringnode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service out-of-bounds write via a crafted plist file. Remediation Ther...

DEBIAN-CVE-2017-6436

The parsestringnode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service memory allocation error via a crafted plist file...

UBUNTU-CVE-2017-6435

The parsestringnode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service memory corruption via a crafted plist file...

DEBIAN-CVE-2017-6209

Stack-based buffer overflow in the parseidentifier function in tgsitext.c in the TGSI auxiliary module in the Gallium driver in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service out-of-bounds array access and QEMU process crash via vectors related to parsing...

DEBIAN-CVE-2017-6435

The parsestringnode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service memory corruption via a crafted plist file...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write. Heap-based buffer overflow in the parseunicodenode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service out-of-bounds write and possibly code execution via a crafted...

Resource Management Errors

Overview Affected versions of this package are vulnerable to Resource Management Errors. The parsestringnode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service memory allocation error via a crafted plist file. Remediation There is no fixed versi...

CVE-2017-6440

The parsedatanode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service memory allocation error via a crafted plist file...

GNU Wget CRLF Injection Vulnerability (CNVD-2017-03817)

GNU Wget is a set of free software developed by the GNU Project for downloading over the Internet, which supports downloading over the three most common TCP/IP protocols: HTTP, HTTPS, and FTP. A CRLF injection vulnerability exists in the 'urlparse' function of the url.c file in GNU Wget 1.19.1 an...

DEBIAN-CVE-2017-6508

CRLF injection vulnerability in the urlparse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL...

UBUNTU-CVE-2017-6508

CRLF injection vulnerability in the urlparse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL...

ALPINE-CVE-2016-10244

The parsecharstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service heap-based buffer over-read or possibly have unspecified other impact via a crafted file...

UBUNTU-CVE-2016-10244

The parsecharstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service heap-based buffer over-read or possibly have unspecified other impact via a crafted file...

AZL-36954 CVE-2017-5834 affecting package libplist 2.7.0-1

The parsedictnode function in bplist.c in libplist allows attackers to cause a denial of service out-of-bounds heap read and crash via a crafted file...

AZL-7267 CVE-2017-5834 affecting package libplist 2.1.0-4

The parsedictnode function in bplist.c in libplist allows attackers to cause a denial of service out-of-bounds heap read and crash via a crafted file...

CVE-2017-5834

The parsedictnode function in bplist.c in libplist allows attackers to cause a denial of service out-of-bounds heap read and crash via a crafted file...

Rapid7 Metasploit Directory Traversal Vulnerability

Metasploit Pro is a guided penetration testing platform. A directory traversal vulnerability exists in the Meterpreter extapi Clipboard.parsedump function in versions prior to Rapid7 Metasploit 4.13.0-2017020701. An attacker can exploit the vulnerability to write arbitrary files on the Metasploit...

CVE-2017-5229

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parsedump function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console...

radare2 denial of service vulnerability (CNVD-2017-02721)

radare2 is an open source reverse engineering flat. A denial of service vulnerability in the dexparsedebugitem function in libr/bin/p/bindex.c in radare2 version 1.2.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted DEX file...