openssl: Memory corruption in the ASN.1 encoder

A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an...

openssl: ASN.1 BIO handling of large amounts of data

A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO OpenSSL's I/O abstraction inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data...

openssl: Memory corruption in the ASN.1 encoder

A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an...

openSUSE Security Update : python-Jinja2 (openSUSE-2016-1159)

This update for python-Jinja2 fixes the following issues : Update to version 2.8 : - Added target parameter to urlize function. - Added support for followsymlinks to the file system loader. - The truncate filter now counts the length. - Added equalto filter that helps with select filters. - Chang...

Internet Bug Bounty: Multiple use after frees in obj2ast_* methods

Multiple UAFs in Python AST API. link to bugtracker...

VegaDNS 0.13.2 - Remote Command Injection Exploit

Exploit for php platform in category web applications !/usr/bin/perl VegaDNS is a tinydns administration tool written in PHP to allow easy administration of DNS records through a web browser. -- http://www.vegadns.org The file axfrget.php allows unauthenticated access and fails to correctly apply...

[SECURITY] Fedora 24 Update: curl-7.47.1-8.fc24

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

The vulnerabilities of the microprogrammed software of Cisco RV130W and Cisco RV215W routers, as well as the microprogrammed software of the Cisco RV110W network interface controller, allow a hacker to execute arbitrary commands on behalf of the administrator.

The vulnerability of the command syntax analyzer in microprogramming software for Cisco RV130W and Cisco RV215W routers, as well as in the network interface controller microprogramming software for Cisco RV110W routers, exists due to the failure to take measures to neutralize the special elements...

[SECURITY] Fedora 24 Update: curl-7.47.1-6.fc24

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

[SECURITY] Fedora 23 Update: kf5-ktexteditor-5.24.0-1.fc23

KTextEditor provides a powerful text editor component that you can embed in your application, either as a KPart or using the KF5::TextEditor library if you need more control. The text editor component contains many useful features, from syntax highlighting and automatic indentation to advanced...

Phabricator: HTML in Diffusion not escaped in certain circumstances

HTML in Diffusion source code listing is not escaped Steps to reproduce: have the syntax hilight turned on the file is bigger than 256kB, thus syntax hilight is claimed in header to be turned off automatically, however, plaintext file doesn't display like with regular manual syntax highlight off,...

[SECURITY] Fedora 23 Update: nfdump-1.6.15-1.fc23

Nfdump is a set of tools to collect and process NetFlow data. It's fast and has a powerful filter pcap like syntax. It supports NetFlow versions v1, v5, v7 , v9 and IPFIX as well as a limited set of sflow. It includes support for CISCO ASA NSEL and CISCO NAT NEL devices which export event logging...

General Purpose Blocker: uBlock

General Purpose Blocker An efficient blocker for Chromium and Firefox. Fast and lean. uBlock Origin or uBlock₀ is not an ad blocker ; it’s a general-purpose blocker. uBlock₀ blocks ads through its support of the Adblock Plus filter syntax . uBlock₀ extends the syntax and is designed to work with...

openssl: Memory corruption in the ASN.1 encoder

A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an...

SOL71960814 - OpenSSH vulnerability CVE-2016-1908

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

USN-2976-1 linux-lts-utopic vulnerability

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privilege...

openSUSE Security Update : ntp (openSUSE-2016-578)

ntp was updated to version 4.2.8p6 to fix 12 security issues. Also yast2-ntp-client was updated to match some sntp syntax changes. bsc937837 These security issues were fixed : - CVE-2015-8158: Fixed potential infinite loop in ntpq bsc962966. - CVE-2015-8138: Zero Origin Timestamp Bypass bsc963002...

Security update for ntp (important)

ntp was updated to version 4.2.8p6 to fix 12 security issues. Also yast2-ntp-client was updated to match some sntp syntax changes. bsc937837 These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq bsc962966. - CVE-2015-8138: Zero Origin Timestamp Bypass bsc963002....

Oracle Linux 7 : pcre (ELSA-2016-1025)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-1025 advisory. - Fix CVE-2015-2328 infinite recursion compiling pattern with recursive reference in a group with indefinite repeat bug 1330508 - Fix CVE-2015-8385...

Crayon Syntax Highlighter < 2.8.4 - Multiple XSS

The Crayon Syntax Highlighter WordPress plugin was affected by a Multiple XSS security vulnerability...