6908 matches found
PHP Memory Corruption Vulnerability
PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A security vulnerability exists in the 'pharparsepharfile' function in the ext/phar/phar.c file in PHP versions prior to 5.6.30 and 7.x versions...
UBUNTU-CVE-2017-11147
In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the pharparsepharfile function in ext/phar/phar.c...
UBUNTU-CVE-2017-11145
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelibmeridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parsedate.c out-of-bounds reads affecting the...
ncurses null pointer dereference vulnerability
ncurses is a character terminal processing library , it can provide a series of functions for the user to call and generate text-based user interface . A security vulnerability exists in the 'the ncparseentry' function in the tinfo/parseentry.c file in ncurses version 6.0. A remote attacker can...
UBUNTU-CVE-2016-10397
In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:[email protected]/ and evil.example.com:[email protected]/ inputs to the parseurl...
UBUNTU-CVE-2017-11112
In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the appendacs function of tinfo/parseentry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data...
UBUNTU-CVE-2017-11113
In ncurses 6.0, there is a NULL Pointer Dereference in the ncparseentry function of tinfo/parseentry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data...
DEBIAN-CVE-2017-11113
In ncurses 6.0, there is a NULL Pointer Dereference in the ncparseentry function of tinfo/parseentry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data...
DEBIAN-CVE-2017-1000082
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit e.g. "0day", running the service in question with root privileges rather than the user intended...
DEBIAN-CVE-2017-1000381
The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way...
UBUNTU-CVE-2017-9222
The mp4ffparsetag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 FAAD2 2.7 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted mp4 file...
DEBIAN-CVE-2017-9222
The mp4ffparsetag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 FAAD2 2.7 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted mp4 file...
PT-2017-3905 · Faad2 +1 · Faad2 +1
Name of the Vulnerable Software and Affected Versions: FAAD2 version 2.7 Description: The issue is related to the mp4ff parse tag function, which can lead to a denial of service due to an infinite loop and CPU consumption when processing a crafted mp4 file. This allows remote attackers to exploit...
DEBIAN-CVE-2016-7837
Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parseline function used in some userland utilities...
UBUNTU-CVE-2016-7837
Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parseline function used in some userland utilities...
EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2017-1098)
According to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to...
DEBIAN-CVE-2015-8326
The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user...
UBUNTU-CVE-2015-8326
The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user...
CVE-2015-8326
The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user...
CVE-2015-8326
The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user...