UBUNTU-CVE-2014-7934

Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of document data structures...

CHICKEN 'data-structures-tests.scm' Remote Buffer Overflow Vulnerability

Chicken is a programming language compiler that produces portable, efficient C that supports almost all current program language standards. CHICKEN 'data-structures-tests.scm' has a remote buffer overflow vulnerability. A remote attacker can exploit the vulnerability to crash the application or...

chicken -- buffer overrun in substring-index[-ci]

chicken developer Moritz Heidkamp reports: The substring-index-ci procedures of the data-structures unit are vulnerable to a buffer overrun attack when passed an integer greater than zero as the optional START argument. As a work-around you can switch to SRFI 13's string-contains procedure which...

[SECURITY] [DLA 77-1] libtasn1-3 security update

Package : libtasn1-3 Version : 2.7-1+squeeze+2 CVE ID : CVE-2014-3467 CVE-2014-3468 CVE-2014-3469 Several vulnerabilities were discovered in libtasn1-3, a library that manages ASN1 Abstract Syntax Notation One structures. An attacker could use those to cause a denial-of-service via out-of-bounds...

DSA-3056-1 libtasn1-3 - security update

Bulletin has no description...

DLA-77-1 libtasn1-3 - security update

Bulletin has no description...

Sandworm APT Team Found Using Windows Zero Day Vulnerability

UPDATE–A cyberespionage team, possibly based in Russia, has been using a Windows zero day vulnerability to target a variety of organizations in several countries, including the United States, Poland, Ukraine and western Europe. The vulnerability, which will be patched today by Microsoft, is...

Fedora 19 : perl-Data-Dumper-2.154-1.fc19 (2014-11428)

This release fixes CVE-2014-4330 limit recursion when dumping deep data structures and othe small glitches. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as mu...

CVE-2012-5505

atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name...

Cross site request forgery (csrf)

atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name...

CVE-2012-5505

atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name...

Mozilla Thunderbird 24.x < 24.7 Multiple Vulnerabilities (Mac OS X)

The version of Thunderbird 24.x installed on the remote host is a version prior to 24.7. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs...

DEBIAN-CVE-2014-4943

The PPPoL2TP feature in net/l2tp/l2tpppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket...

SuSE 11.3 Security Update : lzo (SAT Patch Number 9506)

lzo was updated to fix a potential denial of service issue or possible remote code execution by allowing an attacker, if the LZO decompression algorithm is used in a threaded or kernel context, to corrupt memory structures that control the flow of execution in other contexts. CVE-2014-4607...

CVE-2014-3515

The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, relate...

tinyproxy tinyproxy 1.3.2/1.3.3 Heap Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2217/info Versions 1.3.2 and 1.3.3 of tinyproxy, a small HTTP proxy, exhibit a vulnerability to heap overflow attacks. A failure to properly validate user-supplied input which arguments a call to sprintf can allow...

Linux Kernel 2.6.34+ - CAP_SYS_ADMIN x86 & x64 Local Privilege Escalation Exploit (2)

No description provided by source. / Linux Kernel CAPSYSADMIN to Root Exploit 2 32 and 64-bit by Joe Sylve @jtsylve on twitter Released: Jan 7, 2011 Based on the bug found by Dan Rosenberg @djrbliss only loosly based on his exploit http://www.exploit-db.com/exploits/15916/ Usage: gcc -w...

[oss-security] LMS-2014-06-16-5: Linux Kernel LZ4

Hello All, A vulnerability has been identified in the Linux kernel LZ4 implementation. Please find the bug report attached inline. Best, Don A. Bailey Founder / CEO Lab Mouse Security https://www.securitymouse.com/ Lab Mouse Security Report LMS-2014-06-16-5 Report ID: LMS-2014-06-16-5 CVE ID:...

Internet Bug Bounty: LZ4 Core

Lab Mouse Security Report LMS-2014-06-16-6 Report ID: LMS-2014-06-16-6 CVE ID: CVE-2014-4611 Researcher Name: Don A. Bailey Researcher Organization: Lab Mouse Security Researcher Email: donb at securitymouse.com Researcher Website: www.securitymouse.com Vulnerability Status: Reported / No respons...

[Onapsis Security Advisories] Multiple Hard-coded Usernames in SAP Components

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisories:Multiple Hard-coded Usernames CWE-798 have been found and patched in a variety of SAP components. Summaries of the advisories with links to full versions follow: 1. ONAPSIS-2014-011-SAP Project System Structures and...