653 matches found
CVE-2015-2674
Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrapsocket function in Python with the default CERTNONE value for the certreqs argument...
DEBIAN-CVE-2016-7969
The wraplinessmart function in assrender.c in libass before 0.13.4 allows remote attackers to cause a denial of service out-of-bounds read via unspecified vectors, related to "0/3 line wrapping equalization."...
ALPINE-CVE-2016-7969
The wraplinessmart function in assrender.c in libass before 0.13.4 allows remote attackers to cause a denial of service out-of-bounds read via unspecified vectors, related to "0/3 line wrapping equalization."...
UBUNTU-CVE-2016-7969
The wraplinessmart function in assrender.c in libass before 0.13.4 allows remote attackers to cause a denial of service out-of-bounds read via unspecified vectors, related to "0/3 line wrapping equalization."...
CVE-2016-2123
A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndrpulldnspname contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndrpulldnspname parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute ov...
On the Android Crypto Weakness, FDE Bypass, Hummingbad, and More
Mike Mimoso, Tom Spring and Chris Brook discuss the news of the week, including all things Android: the crypto weakness, the full disk encryption bypass, and new malware, Hummingbad, which impacts the mobile operating system. The three also discuss the TP-Link router fiasco. Download:...
Luxury Photo Wrap - Insta Pro - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application Luxury Photo Wrap - Insta Pro published at the 'play' market has multiple vulnerabilities...
RSA Validation Manager 'displayMode' and 'wrapPreDisplayMode' Cross-Site Scripting Vulnerabilities
RSA Validation Manager is a validation program for RSA. The RSA Validation Manager user interface fails to properly handle the 'displayMode' and 'wrapPreDisplayMode' parameters, allowing remote attackers to exploit vulnerabilities by injecting malicious script or HTML code that can be used to gai...
chromium-browser: Sandbox escape in Chrome.
common/partialcircularbuffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service out-of-bounds write via vectors that trigger a write operation with a large amount of data,...
Mandriva Linux Security Advisory : perl (MDVSA-2015:136)
Updated perl package fixes security vulnerability : The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service stack consumption and crash via an Array-Reference with many nested Array-References, which...
USN-2345-1: Oxide vulnerabilities
Multiple use-after-free issues were discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process...
USN-2345-1 oxide-qt vulnerabilities
Multiple use-after-free issues were discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process...
Updated perl packages fix CVE-2014-4330
Updated perl package fixes security vulnerability: The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service stack consumption and crash via an Array-Reference with many nested Array-References, which trigge...
MGASA-2014-0406 Updated perl packages fix CVE-2014-4330
Updated perl package fixes security vulnerability: The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service stack consumption and crash via an Array-Reference with many nested Array-References, which trigge...
unbreakable enterprise kernel security update
2.6.39-400.215.7 - sctp: Fix skackbacklog wrap-around problem Xufeng Zhang Orabug: 19404245 CVE-2014-4667...
SGI IRIX 6.2 cgi-bin wrap Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/373/info A vulnerability exists in the cgi-bin program 'wrap', as included with Irix 6.2 from SGI. A failure to validate input results in a vulnerability that allows any remote attacker to view the contents of any world...
Apache Win32 Chunked Encoding
No description provided by source. $Id: apachechunked.rb 9719 2010-07-07 17:38:59Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...
[oss-security] CVE request -- Linux kernel: sctp: sk_ack_backlog wrap-around problem
Description of the problem: For a TCP-style socket, while processing the COOKIEECHO chunk in sctpsfdo51Dce, after it has passed a series of sanity check, a new association would be created in sctpunpackcookie, but afterwards, some processing maybe failed, and sctpassociationfree will be called to...
HIMSS Privacy & Security Forum – West 2014 Wrap-Up
The first HIMSS Privacy & Security Forum in the western U.S. proved to be a success and was attended by over 300 people including attendees CEs and BAs, speakers, exhibitors, and partners. We reconnected with several clients and met new friends at our booth, which was located right in the middle ...
Google Android Vold Volume Manager Integer Wrap Root Exploit Privilege Escalation - Ver2 (CVE-2011-1823)
A privilege escalation vulnerability has been reported in Google Android Operating System. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...