bash: Remote code execution

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...

python2: Information leakage through integer overflow

It was reported that Python 2.7.8 fixes a potential wraparound in buffer with possible CWE-200 implications. This could allow an attacker to access private information through information leakage. PoC: --- overflow.py --- import sys a = bytearray'here be dragons' b = buffera, sys.maxsize,...

NSS: Signature forgery attack

Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services NSS libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is...

flashplugin: multiple issues

CVE-2015-0301 Improper file validation issue. - CVE-2015-0302 information disclosure Information disclosure vulnerability that could be exploited to capture keystrokes on the affected system. - CVE-2015-0303, CVE-2015-0306 arbitrary code execution Memory corruption vulnerabilities that could lead...