Amazon Linux: Security Advisory (ALAS-2014-440)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Information disclosure

ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image...

CVE-2015-2729

The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator rendering range, which allows remote attackers to obtain sensitive information from process memory or caus...

CVE-2015-2729

The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator rendering range, which allows remote attackers to obtain sensitive information from process memory or caus...

DLA-225-1 dnsmasq - security update

Bulletin has no description...

CVE-2015-3058

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors...

Design/Logic Flaw

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a crafted OpenType font on a web site, aka "OpenType Font Parsing Vulnerability."...

CVE-2015-3294

The tcprequest function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setupreply function, which allows remote attackers to read process memory and cause a denial of service out-of-bounds read and crash via a malformed DNS request...

CVE-2015-3294

The tcprequest function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setupreply function, which allows remote attackers to read process memory and cause a denial of service out-of-bounds read and crash via a malformed DNS request...

CVE-2015-3294

The tcprequest function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setupreply function, which allows remote attackers to read process memory and cause a denial of service out-of-bounds read and crash via a malformed DNS request...

Mandriva Linux Security Advisory : python3 (MDVSA-2015:076)

Updated python3 packages fix security vulnerabilities : ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips CVE-2013-7338. A vulnerability was reported in Python's socket module, due to a boundary error within the sockrecvfrominto function, which could be exploited ...

PuTTY Local Information Disclosure Vulnerability

PuTTY is a free Telnet, Rlogin and SSH client software developed by software developer Simon Tatham. The software is mainly used for remote administration of Linux systems. PuTTY suffers from a local information disclosure vulnerability that can be exploited by attackers to access process memory...

CVE-2015-0825

Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memory allocation during playback...

CVE-2015-0825

Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memory allocation during playback...

CVE-2015-0255

X.Org Server aka xserver and xorg-server before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service crash via a crafted string length value in a XkbSetGeometry request...

CVE-2015-0255

X.Org Server aka xserver and xorg-server before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service crash via a crafted string length value in a XkbSetGeometry request...

CVE-2015-1548

minihttpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read...

CVE-2015-1548

minihttpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read...

Out-of-bounds

minihttpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read...

CVE-2015-1548

The CVE-2015-1548 issue affects the mini_httpd web server (version 1.21 and earlier). A crafted HTTP request with a very long protocol string can trigger an incorrect response size calculation and an out-of-bounds read in memory, enabling information disclosure from the server process. Descriptio...