126 matches found
[slackware-security] irssi
New irssi packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/irssi-0.8.20-i586-1slack14.2.txz: Upgraded. This update fixes two remote crash and heap corruption...
Out of Memory crash when parsing GIF format images — Mozilla
Security researcher Gustavo Grieco reported an out of memory crash when loading maliciously crafted GIF format images. Investigation of the issue determined that the root cause was an error in image parsing code during deinterlacing, leading to a potential integer overflow...
CentOS 5 / 7 : java-1.7.0-openjdk (CESA-2016:0054) (SLOTH)
Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20160120) (SLOTH)
An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox...
Mageia: Security Advisory (MGASA-2016-0013)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Coinbase: Potential for Double Spend via Sign Message Utility
Hi, There is an unlikely but theoretically exploitable vulnerability is caused by allowing users to sign messages with their addresses. So far I have not been able to exploit this, but I believe that it is exploitable. On coinbse.com, the user can see a list of their addresses here. When they cli...
FreeBSD : powerdns -- Denial of Service (56665ccb-8723-11e5-9b13-14dae9d210b8)
PowerDNS reports : A bug was found using afl-fuzz in our packet parsing code. This bug, when exploited, causes an assertion error and consequent termination of the the pdnsserver process, causing a Denial of Service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Puppet Enterprise 3.x < 3.8.1 Multiple Vulnerabilities (Logjam)
According to its self-reported version number, the Puppet Enterprise application running on the remote host is 3.x prior to 3.8.1. It is, therefore, affected by the following vulnerabilities : - An XML external entity injection XXE flaw exists in the Apache ActiveMQ component due to a faulty...
DSA-3287-1 openssl - security update
Bulletin has no description...
Apache Tomcat 8.0.x < 8.0.21 Multiple Vulnerabilities (FREAK)
According to its self-reported version number, the Apache Tomcat server listening on the remote host is 8.0.x prior to 8.0.21. It is, therefore, affected by the following vulnerabilities : - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is...
DSA-3197-1 openssl - security update
Bulletin has no description...
[SECURITY] [DLA 175-1] gnupg security update
Package : gnupg Version : 1.4.10-4+squeeze7 CVE ID : CVE-2014-3591 CVE-2015-0837 CVE-2015-1606 Debian Bug : 778652 Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by...
Debian Security Advisory DSA 3184-1 (gnupg - security update)
Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University. Ciphertext blinding was enabled to counteract it. Note that this may have a quite...
Important: Red Hat Security Advisory: java-1.6.0-openjdk security update
Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
Important: Red Hat Security Advisory: java-1.7.0-openjdk security update
Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...
Oracle Java SE GSUB FeatureCount Buffer Overflow
A heap buffer overflow vulnerability exists in Oracle Java. The vulnerability is due to the font parsing code failing to check the "FeatureCount" value of the GSUB table used in controlling heap memory allocation. A remote unauthenticated attacker can exploit this vulnerability by persuading user...
CREAR ALMail32 1.10 Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/574/info The ALMail32 POP3 client conatins unchecked buffers in the header parsing code. An abnormally long FROM: or TO: field in the header of an incoming email will overwrite the buffer and allow arbitrary code to be...
IRIX 6.5.x gr_osview Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1526/info Under certain versions of IRIX, the 'grosview' command contains a buffer overflow that local attackers can exploit to gain root privileges. The grosview command produces a graphical display of memory-management...
Windows XP Registry Editor buffer overflow vulnerability-vulnerability warning-the black bar safety net
Windows XP Registry Editor buffer overflow vulnerability 漏洞 文件 regedit.exe Version: 5.1.2600.5512 Test environment is win xp sp3 ! Resolve issues, resulting in buffer overflow vulnerabilities. the poc structure is very simple. I was thus constructed. 1 free to find a registry, 打开注册表项搜索Notepad.exe...
WellinTech KingScada AEserver.exe Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WellinTech KingScada. Authentication is not required to exploit this vulnerability. The specific flaw exists within the protocol parsing code contained in kxNetDispose.dll. The parent service is...