Updated python-lshell package fixes security vulnerabilities

Shell outbreak due to bad syntax parse CVE-2016-6902. Shell outbreak with multiline commands CVE-2016-6903...

Remote Code Execution

mongo-parse is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...

ALPINE-CVE-2017-8105

FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1decoderparsecharstrings function in psaux/t1decode.c...

OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)

It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory...

OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)

It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory...

OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)

It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory...

OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)

It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory...

libevent: Stack-buffer overflow in the name_parse() function

A vulnerability was found in libevent with the parsing of DNS requests and replies. An attacker could send a forged DNS response to an application using libevent which could lead to reading data out of bounds on the heap, potentially disclosing a small amount of application memory...

OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)

It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory...

Design/Logic Flaw

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php...

DEBIAN-CVE-2016-6335

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php...

CVE-2016-6331

ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php...

Google gRPC heap buffer overflow vulnerability (CNVD-2017-06015)

gRPC is an open source RPC framework . A heap buffer overflow vulnerability exists in the parseunix function within Google gRPC core/ext/clientchannel/parseaddress.c, which allows remote attackers to exploit the vulnerability to submit a special request to execute arbitrary code...

PT-2017-18028 · Gnome +2 · Libcroco +2

Name of the Vulnerable Software and Affected Versions: libcroco versions 0.6.11 through 0.6.12 Description: The issue is related to an "outside the range of representable values of type long" undefined behavior in the cr tknzr parse rgb function, which could potentially allow remote attackers to...

UBUNTU-CVE-2017-7860

Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parseunix function in core/ext/clientchannel/parseaddress.c...

DEBIAN-CVE-2017-7860

Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parseunix function in core/ext/clientchannel/parseaddress.c...

PT-2017-17955 · Gnu +2 · Gnu Osip +2

Name of the Vulnerable Software and Affected Versions: GNU oSIP versions 4.1.0 through 5.0.0 Description: A malformed SIP message can cause a heap buffer overflow in the msg osip body parse function, leading to a remote denial of service. This issue is related to the osip message parse.c file in...

The vulnerability of the FreeType library, which allows a perpetrator to trigger a service failure or cause other effects

The vulnerability of the parsecharstrings function in the type1/t1load.c file of the FreeType library does not guarantee that the font contains the glyph’s name. This vulnerability arises from reading beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to cau...

dlplibs: Stack-buffer-overflow in StarWriterStruct::DatabaseName::read

Detailed report: https://oss-fuzz.com/testcase?key=5177092629069824 Project: dlplibs Fuzzer: libFuzzerdlplibssdwfuzzer Fuzz target binary: sdwfuzzer Job Type: libfuzzerasandlplibs Platform Id: linux Crash Type: Stack-buffer-overflow WRITE 4 Crash Address: 0x7f3a03d7f378 Crash State:...

libplist 'parse_string_node()' function local denial of service vulnerability

libplist is a small portable C library that handles Apple Property List files in binary or XML. A denial of service vulnerability exists in libimobiledevice libplist version 1.12 in the parsestringnode function in bplist.c, which can cause a denial of service memory allocation error by a local us...