DEBIAN-CVE-2015-3195

The ASN1TFLGCOMBINE implementation in crypto/asn1/tasndec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by...

OpenSSL ASN.1 Signed Null Pointer Reference Vulnerability

OpenSSL is an open source implementation of SSL for strong encryption of network communications. OpenSSL has a security vulnerability that can be exploited by a remote attacker to send a special ASN.1 signed certificate that uses the RSA PSS algorithm but does not contain the MAST generator...

autofs security update

CentOS Errata and Security Advisory CESA-2015:2417 Updated autofs packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability...

[SECURITY] Fedora 23 Update: pcre-8.38-1.fc23

Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...

Moderate: Red Hat Security Advisory: autofs security, bug fix and enhancement update

Updated autofs packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

nss: ASN.1 decoder heap overflow when decoding constructed OCTET STRING that mixes indefinite and definite length encodings (MFSA 2015-133)

A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library...

[SECURITY] Fedora 23 Update: python-pygments-2.0.2-3.fc23

Pygments is a generic syntax highlighter for general use in all kinds of software such as forum systems, wikis or other applications that need to prettify source code. Highlights are: a wide range of common languages and markup formats is supported special attention is paid to details that increa...

Mozilla Firefox and Firefox ESR Network Security Services Heap Buffer Overflow Vulnerability

Mozilla Firefox is an open source web browser; Firefox ESR is an extended support version of Firefox.Mozilla Network Security Services NSS is a library of network security services. A buffer overflow vulnerability in the ASN.1 decoder used in Mozilla Firefox and Firefox ESR could allow an attacke...

nss: ASN.1 decoder heap overflow when decoding constructed OCTET STRING that mixes indefinite and definite length encodings (MFSA 2015-133)

A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library...

nss: use-after-poison in sec_asn1d_parse_leaf() (MFSA 2015-133)

A use-after-poison flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library...

User Friendly Interactive Shell: Fish

Fish is a smart and user-friendly command line shell for OS X, Linux, and the rest of the family. fish includes features like syntax highlighting, autosuggest-as-you-type, and fancy tab completions that just work, with no configuration required. FISH is designed to work with any other shell like...

Bash: How to open TCP/UDP sockets

How to open TCP/UDP sockets using a built-in feature in Bash ? Bash shell has a built-in feature that allows to open TCP/UDP sockets using a simple syntax. This is very useful when tools like netcat are not installed or we don’t have the permission to use it. The syntax is $ exec...

FreeBSD : ffmpeg -- multiple vulnerabilities (3d950687-b4c9-4a86-8478-c56743547af8)

NVD reports : The decodeihdrchunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR aka image header chunk in a PNG image, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact v...

[SECURITY] Fedora 21 Update: ipython-2.4.1-8.fc21

IPython provides a replacement for the interactive Python interpreter with extra functionality. Main features: Comprehensive object introspection. Input history, persistent across sessions. Caching of output results during a session with automatically generated references. Readline based name...

[SECURITY] Fedora 22 Update: ipython-2.4.1-8.fc22

IPython provides a replacement for the interactive Python interpreter with extra functionality. Main features: Comprehensive object introspection. Input history, persistent across sessions. Caching of output results during a session with automatically generated references. Readline based name...

F5 Networks BIG-IP : OpenSSL vulnerability (K17248)

The Cryptographic Message Syntax CMS implementation in crypto/cms/cmsasn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, a...

MediaWiki GeSHi Cross-Site Scripting Vulnerability

SyntaxHighlightGeSHi for MediaWiki is a component of a set of free and freely available web-based Wiki engines supporting many different programming languages and file formats, developed and maintained by the Wikimedia Foundation and MediaWiki volunteers. A cross-site scripting vulnerability in...

MediaWiki SyntaxHighlight_GeSHi and MediaWiki GeSHi Denial of Service Vulnerabilities

MediaWiki is the United States Wikimedia Wikimedia Foundation and MediaWiki volunteers to develop and maintain a set of free and free Web-based Wiki engine , it can be used to deploy internal knowledge management and content management system . SyntaxHighlightGeSHi is one of the extensions to...

UBUNTU-CVE-2015-6820

The ffsbrapply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have...

Scientific Linux Security Update : autofs on SL6.x i386/x86_64 (20150722)

It was found that program-based automounter maps that used interpreted languages such as Python would use standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system. CVE-2014-8169 Note:...