libyaml: assert failure when processing wrapped strings

An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash...

iPass Open Mobile Windows Client Remote Code Execution Vulnerability

iPass Open Mobile is a quick and easy way for you to use your device to connect to over a million enabled WIFIs around the world. A security vulnerability exists in the iPass Open Mobile client that allows attackers to register arbitrary DLLs via UNC shared pathnames by sending specially crafted...

Ubuntu: Security Advisory (USN-2461-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 20 Update: cross-binutils-2.25-3.fc20

Binutils is a collection of binary utilities, including ar for creating, modifying and extracting from archives, as a family of GNU assemblers, gprof for displaying call graph profile data, ld the GNU linker, nm for listing symbols from object files, objcopy for copying and translating object...

DEBIAN-CVE-2014-9471

The parsedatetime function in GNU coreutils allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command...

Microsoft Network Policy Server RADIUS Denial of Service (MS15-007; CVE-2015-0015)

A denial of service vulnerability exists in the Network Policy Server NPS. The vulnerability is due to the way the NPS handles username strings. A remote attacker can exploit this issue by sending a specially crafted username string to the NPS...

USN-2461-2 libyaml-libyaml-perl vulnerability

Stanisław Pitucha and Jonathan Gray discovered that libyaml-libyaml-perl did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service...

USN-2461-1 libyaml vulnerability

Stanisław Pitucha and Jonathan Gray discovered that LibYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service...

USN-2461-3 pyyaml vulnerability

Stanisław Pitucha and Jonathan Gray discovered that PyYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service...

Debian DSA-3115-1 : pyyaml - security update

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in Python-YAML, a YAML parser and emitter for Python. An attacker able to load specially crafted YAML input into an application using python-yaml could cause the application to crash. %NASLMINLEVE...

Debian Security Advisory DSA 3115-1 (pyyaml - security update)

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in Python-YAML, a YAML parser and emitter for Python. An attacker able to load specially crafted YAML input into an application using python-yaml could cause the application to crash. OpenVAS...

libYAML DoS

Assertion on strings parsing...

Debian DSA-3102-1 : libyaml - security update

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. %NASLMINLEVEL...

W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery (CSRF)

The plugin does not validate the 'wpnonce' anti-CSRF token. This issue can be used to perform many actions. The most significant action with the biggest impact is the ability to redirect users to malicious websites. Functionality exists where specific user agent strings can be configured to be...

Debian: Security Advisory (DSA-3102-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after a redirect...

DEBIAN-CVE-2014-9157

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string...

UBUNTU-CVE-2014-1591

Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after a redirect...

ruby: off-by-one stack-based buffer overflow in the encodes() function

Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service segmentation fault via vectors that trigger a stack-based buffer overflow...

OracleVM 2.1 : newt (OVMSA-2009-0026)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix buffer overflow in textbox when reflowing 524618, CVE-2009-2905 - add release to -devel requires - escape macros in changelog - add support for tuples of strings in EntryWindow prompts in snack...