CVE-2016-5357

wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service application crash via a crafted file...

DEBIAN-CVE-2016-5357

wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service application crash via a crafted file...

CVE-2016-5356

wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service application crash via a crafted file...

DEBIAN-CVE-2016-5356

wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service application crash via a crafted file...

CVE-2016-5356

wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service application crash via a crafted file...

UBUNTU-CVE-2016-5355

wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service application crash via a crafted file...

UBUNTU-CVE-2016-5357

wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service application crash via a crafted file...

CVE-2016-5356

wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service application crash via a crafted file...

libtiff: out-of-bounds read/write with malformed TIFF image in tiff2pdf

LibTIFF 4.0.3 allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tifnext.c to verify that the BitsPerSample value is 2, and the t2psamplelabsignedtounsigned function in tiff2pdf...

libtiff: out-of-bounds read/write with malformed TIFF image in tiff2pdf

LibTIFF 4.0.3 allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tifnext.c to verify that the BitsPerSample value is 2, and the t2psamplelabsignedtounsigned function in tiff2pdf...

CVE-2016-5844

Undefined behavior signed integer overflow was discovered in libarchive, in the ISO parser. A crafted file could potentially cause denial of service...

Attackers with physical access to Lenovo RackSwitches may be able to upload unsigned firmware

Lenovo Security Advisory: LEN-7805 Potential Impact: Attackers with physical access may be able to upload unsigned firmware Severity: Medium Scope of Impact: Lenovo Summary Description: During internal testing, Lenovo identified a vulnerability in some Lenovo RackSwitch Ethernet switches where an...

Attackers with physical access to Lenovo RackSwitches may be able to upload unsigned firmware - Lenovo Support US

No description provided...

CVE-2016-5356

wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service application crash via a crafted file...

Microsoft Internet Explorer Security Feature Bypass Vulnerability

Microsoft Internet Explorer IE is a Web browser developed by the American company Microsoft and is the default browser that comes with the Windows operating system. A security feature bypass vulnerability exists in the User Mode Code Integrity UMCI component of Device Guard in Microsof IE version...

icedtea-web: unexpected permanent authorization of unsigned applets

It was discovered that IcedTea-Web did not properly sanitize applet URLs when storing applet trust settings. A malicious web page could use this flaw to inject trust-settings configuration, and cause applets to be executed without user approval...

FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow

Exploit for freebsd platform in category dos / poc / 1. Advisory Information Title: FreeBSD Kernel amd64setldt Heap Overflow Advisory ID: CORE-2016-0005 Advisory URL: http://www.coresecurity.com/content/freebsd-kernel-amd64setldt-heap-overflow Date published: 2016-03-16 Date of last update:...

FreeBSD 10.2 (x64) - amd64_set_ldt Heap Overflow

FreeBSD 10.2 x64 - amd64setldt Heap Overflow / 1. Advisory Information Title: FreeBSD Kernel amd64setldt Heap Overflow Advisory ID: CORE-2016-0005 Advisory URL: http://www.coresecurity.com/content/freebsd-kernel-amd64setldt-heap-overflow Date published: 2016-03-16 Date of last update: 2016-03-14...

Lessons from Operation RussianDoll

As defensive security controls raise the bar to attack, attackers will employ increasingly sophisticated techniques to complete their mission. Understanding the mechanics and impact of these threats is essential to systematically discover and deflect the coming wave of advanced attacks. Mandiant...

CIFS/SMB optimization displays “Secure Dialect Negotiation not support for unsigned connections

QUESTION: CIFS/SMB optimization displays “Secure Dialect Negotiation not support for unsigned connections ANSWER: This is known limitation. We do not support unsigned SMB2 connection with windows 10 as it uses secure dialect negotiation. However performance should be better compare to w/o CB as w...