Medium: php56

Issue Overview: A vulnerability was found in gd. Integer underflow in a calculation in dynamicGetbuf was incorrectly handled, leading in some circumstances to an out of bounds write through a very large argument to memcpy. An attacker could create a crafted image that would lead to a crash or,...

CVE-2016-9933

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library aka libgd before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service segmentation violation via a crafted imagefilltoborder call that...

F5 Networks BIG-IP : libxml2 vulnerabilities (K54225343)

CVE-2016-3627 The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service infinite recursion, stack consumption, and application crash via a crafted XML document CVE-2016-3705 The 1...

php: Stack consumption vulnerability in Zend/zend_exceptions.c

Stack consumption vulnerability in Zend/zendexceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service segmentation fault via recursive method calls...

Amazon Linux AMI : kernel (ALAS-2016-762)

The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service stack consumption and panic or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a...

Important: kernel

Issue Overview: The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service stack consumption and panic or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers an...

openSUSE Security Update : the Linux Kernel (openSUSE-2016-1212) (Dirty COW)

The openSUSE Leap 42.1 kernel was updated to 4.1.34, fixing bugs and security issues. The following security bugs were fixed : - CVE-2016-5195: A local privilege escalation using MAPPRIVATE was fixed, which is reportedly exploited in the wild bsc1004418. - CVE-2016-8658: Stack-based buffer overfl...

openSUSE: Security Advisory for kernel (openSUSE-SU-2016:2584-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-8666

The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service stack consumption and panic or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a...

F5 BIG-IP - PHP vulnerability CVE-2015-8873

Stack consumption vulnerability in Zend/zendexceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service segmentation fault via recursive method calls. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be...

F5 Networks BIG-IP : PHP vulnerability (K91084571)

Stack consumption vulnerability in Zend/zendexceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service segmentation fault via recursive method calls. CVE-2015-8873 C Tenable Network Security, Inc. The descriptive text and...

Medium: php55, php56

Issue Overview: A stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. CVE-2015-8874 An integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2 function of PHP's gd extension. ...

openSUSE Security Update : libxml2 (openSUSE-2016-734)

This update brings libxml2 to version 2.9.4. These security issues were fixed : - CVE-2016-3627: The xmlStringGetNodeList function in tree.c, when used in recovery mode, allowed context-dependent attackers to cause a denial of service infinite recursion, stack consumption, and application crash v...

CVE-2016-3075

Stack-based buffer overflow in the nssdns implementation of the getnetbyname function in GNU C Library aka glibc before 2.24 allows context-dependent attackers to cause a denial of service stack consumption and application crash via a long name...

CVE-2016-3075

Stack-based buffer overflow in the nssdns implementation of the getnetbyname function in GNU C Library aka glibc before 2.24 allows context-dependent attackers to cause a denial of service stack consumption and application crash via a long name...

MGASA-2016-0203 Updated libgd packages fix CVE-2015-8874

Updated libgd packages fix security vulnerability: It was discovered that there was a stack consumption vulnerability in the libgd2 graphics library which allowed remote attackers to cause a denial of service via a crafted imagefilltoborder call CVE-2015-8874...

DEBIAN-CVE-2015-7558

librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service infinite loop, stack consumption, and application crash via cyclic references in an SVG document...

Code injection

The rsvgcssnormalizefontsize function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service stack consumption and application crash via circular definitions in an SVG document...

Code injection

librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service infinite loop, stack consumption, and application crash via cyclic references in an SVG document...

CVE-2016-4348

The rsvgcssnormalizefontsize function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service stack consumption and application crash via circular definitions in an SVG document...