1165 matches found
[SECURITY] Fedora 26 Update: mupdf-1.10a-5.fc26
MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...
Notes on Windows Uniscribe Fuzzing
Posted by Mateusz Jurczyk of Google Project Zero Among the total of 119 vulnerabilities with CVEs fixed by Microsoft in the March Patch Tuesday a few weeks ago, there were 29 bugs reported by us in the font-handling code of the Uniscribe library. Admittedly the subject of font-related security ha...
[SECURITY] Fedora 26 Update: mupdf-1.10a-4.fc26
MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...
Kernel security update: new kernel 2.6.32-042stab123.1, Virtuozzo 6.0 Update 12 Hotfix 7 (6.0.12-)
This update provides a new Virtuozzo 6.0 kernel 2.6.32-042stab123.1 as well as internal stability bug fixes. The new kernel is based on the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.el6 and provides security fixes. Vulnerability id: CVE-2017-6214 A flaw was found in the Linux kernel's handli...
UBUNTU-CVE-2015-4556
The string-translate procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service crash...
CVE-2015-4556
The string-translate procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service crash...
DEBIAN-CVE-2015-4556
The string-translate procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service crash...
CVE-2015-4556
The string-translate procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service crash...
CVE-2015-4556
CVE-2015-4556 affects the CHICKEN Scheme implementation. The vulnerability lies in the string-translate* procedure in the data-structures unit and is exploitable in CHICKEN builds before version 4.10.0, allowing remote attackers to cause a denial of service (crash). Several sources (NVD, Debian s...
CVE-2017-7277
The TCP stack in the Linux kernel through 4.10.6 mishandles the SCMTIMESTAMPINGOPTSTATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service out-of-bounds read via crafted system calls, related to...
kernel, perf, python security update
CentOS Errata and Security Advisory CESA-2017:0817 An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
kernel: race condition in the TLB flush logic
A flaw was discovered in the way the Linux kernel dealt with paging structures. When the kernel invalidated a paging structure that was not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question. A local user coul...
Agora-Project 3.2.2 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: XSS Vulnerability on Agora-Project 3.2.2 Google Dork: no Date: 23-02-2017 Exploit Author: @runggareksya, @AdyWikradinata, @yokoacc Vendor Homepage: https://www.agora-project.net Software Link:...
Agora-Project 3.2.2 Cross Site Scripting
Exploit Title: XSS Vulnerability on Agora-Project 3.2.2 Google Dork: no Date: 23-02-2017 Exploit Author: @runggareksya, @AdyWikradinata, @yokoacc Vendor Homepage: https://www.agora-project.net Software Link: https://www.agora-project.net/?ctrl=offline&action=download Software Link Mirror:...
Fedora 25 : python-cjson (2017-7803508155)
This update prevents python-cjson from crashing when attempting to parse heavily nested JSON structures which could be exploited for denial of service purposes, against any application that uses python-cjson to parse arbitrary input. Note that Tenable Network Security has extracted the preceding...
Torvalds Downplays SHA-1 Threat to Git
When researchers demonstrated the first practical collision attack for the cryptographic hash function SHA-1 last week, they also identified related vulnerabilities impacted by the now-compromised algorithm. According to the SHAttered research post, co-authored by Google and a host of cryptograph...
CVE-2016-5417
Memory leak in the resvinit function in the IPv6 name server management code in libresolv in GNU C Library aka glibc or libc6 before 2.24 allows remote attackers to cause a denial of service memory consumption by leveraging partial initialization of internal resolver data structures...
The vulnerability of the shared memory manager of the sshd daemon used in OpenSSH encryption protection allows a hacker to increase their privileges.
The vulnerability of the manager of shared memory in the sshd daemon of the OpenSSH cryptographic protection mechanism arises from the execution of an operation beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor, operating locally, to enhance their privileges by...
Denial Of Service (DoS) Through An Infinite Loop
OpenSSL is vulnerable to denial of service DoS attacks. These attacks are possible because it does not correctly handle ECParameter structures where the curve is over a malformed binary polynomial field. These attacks can be triggered through a session that uses an Elliptic Curve algorithm...
CVE-2014-9914
Race condition in the ip4datagramreleasecb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service use-after-free by leveraging incorrect expectations about locking during multithreaded access to internal data structures...