DEBIAN-CVE-2017-12595

The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service stack consumption and segmentation fault or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash ...

UBUNTU-CVE-2017-12595

The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service stack consumption and segmentation fault or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash ...

The vulnerability of the i_zval_ptr_dtor function in the PHP interpreter allows a attacker to cause a service failure or exert other effects.

The vulnerability of the izvalptrdtor function in the PHP interpreter is related to an uncontrolled resource consumption. Exploiting this vulnerability may allow a malicious actor to cause service failures or other effects such as memory consumption or termination of the application by using...

DEBIAN-CVE-2017-10911

The makeresponse function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS or other guest OS kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structure...

[SECURITY] Fedora 25 Update: libtasn1-4.12-1.fc25

A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding func tions...

PHP 7.0.x < 7.0.19 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.19. It is, therefore, affected by the following vulnerabilities : - A memory allocation issue exists in the zendstringextend function in file Zend/zendstring.h when concatenating strings due to a...

Debian Security Advisory DSA 3861-1 (libtasn1-6 - security update)

Jakub Jirasek of Secunia Research discovered that libtasn1, a library used to handle Abstract Syntax Notation One structures, did not properly validate its input. This would allow an attacker to cause a crash by denial-of-service, or potentially execute arbitrary code, by tricking a user into...

Design/Logic Flaw

The izvalptrdtor function in Zend/zendvariables.h in PHP 7.1.5 allows attackers to cause a denial of service memory consumption and application crash or possibly have unspecified other impact by triggering crafted operations on array data structures...

UBUNTU-CVE-2017-9119

The izvalptrdtor function in Zend/zendvariables.h in PHP 7.1.5 allows attackers to cause a denial of service memory consumption and application crash or possibly have unspecified other impact by triggering crafted operations on array data structures...

CVE-2017-9119

The izvalptrdtor function in Zend/zendvariables.h in PHP 7.1.5 allows attackers to cause a denial of service memory consumption and application crash or possibly have unspecified other impact by triggering crafted operations on array data structures...

CVE-2017-9119

The izvalptrdtor function in Zend/zendvariables.h in PHP 7.1.5 allows attackers to cause a denial of service memory consumption and application crash or possibly have unspecified other impact by triggering crafted operations on array data structures...

CVE-2017-9119

The izvalptrdtor function in Zend/zendvariables.h in PHP 7.1.5 allows attackers to cause a denial of service memory consumption and application crash or possibly have unspecified other impact by triggering crafted operations on array data structures...

CVE-2017-9119

Removed by vendor...

CVE-2017-9119

The izvalptrdtor function in Zend/zendvariables.h in PHP 7.1.5 allows attackers to cause a denial of service memory consumption and application crash or possibly have unspecified other impact by triggering crafted operations on array data structures...

CVE-2016-7053

In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to...

CVE-2016-7053

In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to...

CVE-2016-7053

In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to...

CVE-2016-7053

In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to...

BSA-2017-246

Security Advisory ID : BSA-2017-246 Component : FOS Revision : 2.0: Final Thehashbufferfunction inschnorr.cinOpenSSHthrough 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of servic...

CVE-2007-6761

drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobufmapping data structures, which allows local users to trigger an incorrect count value and videobuf leak via unspecified vectors, a different vulnerability than CVE-2010-5321...