RedHat Update for jasper RHSA-2015:0074-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

jasper security update

CentOS Errata and Security Advisory CESA-2015:0074 Updated jasper packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...

jasper: unrestricted stack memory use in jpc_qmfb.c (oCERT-2015-001)

An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code...

Important: Red Hat Security Advisory: jasper security update

Updated jasper packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availabl...

jasper security update

1.900.1-16.3 - CVE-2014-8157 - dec-numtiles off-by-one check in jpcdecprocesssot 1183671 - CVE-2014-8158 - unrestricted stack memory use in jpcqmfb.c 1183679...

Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20141014)

An out-of-bounds write flaw was found in the way the glibc's readdirr function handled file system entries longer than the NAMEMAX character constant. A remote attacker could provide a specially crafted NTFS or CIFS file system that, when processed by an application using readdirr, would cause th...

Internet Bug Bounty: Adobe Flash Player Out-of-Bound Read/Write Vulnerability

I. Summary Adobe Flash Player is prone to a vulnerability which leads to Out-of-Bound access of memory. During the compilation of a malformed regular expression, relevant operations would cause Out-of-Bound Read/Write of stack and heap memory. Successful exploits may allow an attacker to gain...

DEBIAN-CVE-2014-3508

The OBJobj2txt function in crypto/objects/objdat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process...

CVE-2014-3508

The OBJobj2txt function in crypto/objects/objdat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process...

CVE-2014-3508

The OBJobj2txt function in crypto/objects/objdat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process...

CVE-2014-3508

The OBJobj2txt function in crypto/objects/objdat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process...

Stack overflow

Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denial of service daemon hang via a crafted T-SQL statement, aka "Microsoft SQL Server Stack Overrun...

CVE-2014-4061

CVE-2014-4061 affects Microsoft SQL Server 2008 SP3, SQL Server 2008 R2 SP2, and SQL Server 2012 SP1. The root cause is improper control of stack memory when processing T-SQL batch commands, enabling remote authenticated users to cause a denial of service (daemon hang). Connected sources align on...

KLA10615 Multiple vulnerabilities in Microsoft SQL Server

Multiple serious vulnerabilities have been found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to cause denial of service or inject arbitrary code. Below is a complete list of vulnerabilities 1. Lack of stack memory restrictions can be exploited remotely via a special...

OpenSSL 1.0.0 < 1.0.0n Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.0n. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.0n advisory. - The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i...

UBUNTU-CVE-2014-3508

The OBJobj2txt function in crypto/objects/objdat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process...

Vignette StoryServer 4.1 Sensitive Stack Memory Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7296/info It has been reported that Vignette StoryServer, under some circumstances may reveal stack memory content. If a specially crafted request is made for a page that accepts user-supplied data an error state may be...

Epic Games Unreal Engine 436 Client Unreal URL Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6774/info t has been reported that a memory corruption bug exists in games based on the Unreal Engine. Under some circumstances, when the game client connects to a server using a excessive length Unreal URL it may be...

Sun SunVTS 4.x PTExec Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2898/info SunVTS is the Sun Validation Test Suite, distributed and maintained by Sun Microsystems. The SunVTS is used to test various components of OEM Sun hardware, and can also be used to stress-test components and...

Lonerunner Zeroo HTTP Server 1.5 - Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6190/info Zeroo HTTP server is a freely available, open source web server. It is available for the Linux and Microsoft Windows platforms. It has been reported that Zeroo HTTP server does not sufficiently check bounds on...