UBUNTU-CVE-2017-5196

Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial of service out-of-bounds read and crash via vectors involving strings that are not UTF8...

Python's new string format vulnerability analysis-vulnerability warning-the black bar safety net

This article on Python introduced a formatted string of the new syntax of the security vulnerabilities in-depth analysis, and provide appropriate security solutions. When we are on untrusted user input using str. the format of the time, will bring security risks-for this problem, in fact I have...

Kaspersky Internet Security KLIF Driver NtUserCreateWindowEx_HANDLER Denial of Service

Summary A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can ru...

libEBML Information Disclosure Vulnerability

libEBML is a C++ library maintained by the Matroska team for parsing EBML an audio/video framework files. A security vulnerability exists in libEBML. The vulnerability can be exploited to cause a denial of service off-by-few reads or information disclosure by means of specially crafted unicode...

Out-of-bounds read in HTML parser following a failed allocation — Mozilla

Security researcher Ronald Crane reported an out-of-bounds read following a failed allocation in the HTML parser while working with unicode strings. This can also affect the parsing of XML and SVG format data. This leads to a potentially exploitable crash...

The vulnerability of the Windows Embedded Standard 2009 operating system allows a perpetrator to trigger a service failure or execute arbitrary code.

The Windows Embedded Standard 2009 operating system contains a vulnerability in the NetprPathCanonicalize function of the netapi32.dll module, which is located in the C:\Windows\System32 directory. This function uses unsafe string functions to copy Unicode strings file paths, resulting in stack...

APPLE-SA-2015-09-16-3 iTunes 12.3

APPLE-SA-2015-09-16-3 iTunes 12.3 iTunes 12.3 is now available and addresses the following: iTunes Available for: Windows 7 and later Impact: Applications that use CoreText may be vulnerable to unexpected application termination or arbitrary code execution Description: Multiple memory corruption...

Jildi FTP Client 1.5.2 b1138 Buffer Overflow

Document Title: =============== Jildi FTP Client 1.5.2 b1138 - Buffer Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1503 Release Date: ============= 2015-06-03 Vulnerability Laboratory ID VL-ID: ==================================...

WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability

Document Title: =============== WebDrive 12.2 B4172 - Buffer Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1500 Release Date: ============= 2015-06-01 Vulnerability Laboratory ID VL-ID: ==================================== 1500...

iPass Open Mobile Windows Client Remote Code Execution Vulnerability

iPass Open Mobile is a quick and easy way for you to use your device to connect to over a million enabled WIFIs around the world. A security vulnerability exists in the iPass Open Mobile client that allows attackers to register arbitrary DLLs via UNC shared pathnames by sending specially crafted...

[SECURITY] Fedora 19 Update: python-lxml-3.3.5-1.fc19

lxml provides a Python binding to the libxslt and libxml2 libraries. It follows the ElementTree API as much as possible in order to provide a more Pythonic interface to libxml2 and libxslt than the default bindings. In particular, lxml deals with Python Unicode strings rather than encoded UTF-8 a...

Fedora Update for python-lxml FEDORA-2014-5773

Check for the Version of python-lxml OpenVAS Vulnerability Test Fedora Update for python-lxml FEDORA-2014-5773 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

[Autopsy] Digital Investigation Analysis

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory...

JVN#85336306: Use-after-free vulnerability in multiple products that use International Components for Unicode (ICU)

International Components for Unicode ICU is a library for handling Unicode strings. A C version, ICU4C and a Java version, ICU4J are available. Multiple products that use ICU4C contain a use-after-free vulnerability. ICU released ICU4C version 52.1 that addresses this vulnerability on October 9,...

Mac OS X 10.8 < 10.8.5 Multiple Vulnerabilities (Security Update 2013-004)

Binary data 8008.prm...

Mac OS X 10.8.x < 10.8.5 Multiple Vulnerabilities

The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.5. The newer version contains multiple security-related fixes for the following components : - Apache - Bind - Certificate Trust Policy - CoreGraphics - ImageIO - Installer - IPSec - Kernel - Mobile Device Management -...

Amazon Linux AMI : perl (ALAS-2011-19)

A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user running the...

Oracle Linux 4 : kernel (ELSA-2009-1211)

From Red Hat Security Advisory 2009:1211 : Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain...

Scientific Linux Security Update : kernel on SL4.x i386/x86_64

CVE-2009-1439 kernel: cifs: memory overwrite when saving nativeFileSystem field during mount CVE-2009-1633 kernel: cifs: fix potential buffer overruns when converting unicode strings sent by server CVE-2009-1389 kernel: r8169: fix crash when large packets are received These updated packages fix t...

Scientific Linux Security Update : perl on SL6.x i386/x86_64

Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cau...