openssl: ASN.1 BIO handling of large amounts of data

A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO OpenSSL's I/O abstraction inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data...

Wireshark ASN.1 BER parser denial of service vulnerability (CNVD-2016-02775)

Wireshark formerly known as Ethereal is a suite of network packet analysis software developed by the Wireshark team. A denial of service vulnerability exists in the epan/dissectors/packet-ber.c file in the ASN.1 BER parser in Wireshark versions 1.12.x prior to 1.12.10, and versions 2.x prior to...

OpenSSL ASN.1 BIO Memory Overallocation Vulnerability

OpenSSL is a general-purpose open source cryptographic library that implements Secure Sockets Layer and Secure Transport Layer protocols and can support a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure hashing algorithms, and so on. A memory...

OpenSSL EBCDIC Out-of-Bounds Read Vulnerability

OpenSSL is a general-purpose open source cryptographic library that implements Secure Sockets Layer and Secure Transport Layer protocols and can support a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure hashing algorithms, and so on. An out-of-bounds...

Whitewidow - SQL Vulnerability Scanner

Whitewidow is an open source automated SQL vulnerability scanner, that is capable of running through a file list, or can scrape Google for potential vulnerable websites. It allows automatic file formatting, random user agents, IP addresses, server information, multiple SQL injection syntax, and a...

Gratipay: Submit a non valid syntax email

At https://gratipay.com/USER/emails/ you can submit a non valid email. To do it you only need to change type="email" in type="text" , you are using a filter, but special chars pass though, as you can see in the screenshots...

Report VT debug logs

The script reports possible issues within VTs. For best results set SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

[SECURITY] Fedora 23 Update: proftpd-1.3.5b-1.fc23

ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...

Mozilla Network Security Services Buffer Overflow Vulnerability

Mozilla Network Security Services is a library that provides cross-platform support for SSL, S/MIME and other Internet security standards. A buffer overflow vulnerability in the parsing of ASN.1 structures by Mozilla Network Security Services could be exploited by a remote attacker to construct a...

Fedora 23 : qemu-2.4.1-6.fc23 (2016-42778e8c82)

CVE-2015-8745: vmxnet3: don't assert reading registers in bar0 bz 1295442 CVE-2015-8567: net: vmxnet3: host memory leakage bz 1289818 CVE-2016-1922: i386: avoid NULL pointer dereference bz 1292766 CVE-2015-8613: buffer overflow in megasasctrlgetinfo bz 1284008 CVE-2015-8701: Buffer overflow in...

Wireshark ASN.1 BER Parser Denial of Service Vulnerability

Wireshark is the most popular network protocol parser. A denial of service vulnerability exists in the Wireshark ASN.1 BER parser, which can be exploited by an attacker to cause a denial of service out-of-bounds read and application crash...

FreeBSD : squid -- remote DoS in HTTP response processing (660ebbf5-daeb-11e5-b2bd-002590263bf5)

Squid security advisory 2016:2 reports : Due to incorrect bounds checking Squid is vulnerable to a denial of service attack when processing HTTP responses. These problems allow remote servers delivering certain unusual HTTP response syntax to trigger a denial of service for all clients accessing...

The vulnerability of the Mac OS X operating system allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the ASN.1 decoder in the Mac OS X operating system is caused by buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely or cause a service failure memory corruption using a specially crafted certificate...

The vulnerability of the Mac OS X operating system allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the ASN.1 decoder in the Mac OS X operating system is caused by buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely or cause a service failure memory corruption using a specially crafted certificate...

Debian Security Advisory DSA 3445-1 (pygments - security update)

Javantea discovered that pygments, a generic syntax highlighter, is prone to a shell injection vulnerability allowing a remote attacker to execute arbitrary code via shell metacharacters in a font name. OpenVAS Vulnerability Test $Id: deb3445.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generat...

DEBIAN-CVE-2016-1283

The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /?:F?+?:^?Ra+"99-?J?'R'?'R'?'RR'?'R'\97?J?J?'R'?'R'\99|:?|?'R'\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or...

Phan - Static Analyzer For PHP

Phan is a static analyzer for PHP. Getting it running Phan requires PHP 7+ with the php-ast extension loaded. The code you analyze can be written for any version of PHP. To get phan running; 1. Clone the repo 2. Run composer install to load dependencies 3. Run ./test to run the test suite 4. Test...

Scientific Linux Security Update : autofs on SL7.x x86_64 (20151119)

It was found that program-based automounter maps that used interpreted languages such as Python used standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system. CVE-2014-8169 Note: This...

DLA-369-1 pygments - security update

Bulletin has no description...

[SECURITY] Fedora 22 Update: pcre-8.37-7.fc22

Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...