Florian Weimer of the Red Hat Product Security Team discovered a
heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser
and emitter library. A remote attacker could provide a YAML document
with a specially-crafted tag that, when parsed by an application
using libyaml, would cause the application to crash or, potentially,
execute arbitrary code with the privileges of the user running the
application (CVE-2013-6393).
Ivan Fratric of the Google Security Team discovered a heap-based buffer
overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter
library. A remote attacker could provide a specially-crafted YAML
document that, when parsed by an application using libyaml, would cause
the application to crash or, potentially, execute arbitrary code with
the privileges of the user running the application (CVE-2014-2525).
An assertion failure was found in the way the libyaml library parsed
wrapped strings. An attacker able to load specially crafted YAML input
into an application using libyaml could cause the application to crash
(CVE-2014-9130).
Version **2.3.7** (2015-03-12)
* #7255 Revert BC break against AbstractRestfulController
Version **2.3.6** (2015-03-12)
* ZF2015-03 ZendValidatorCsrf was incorrectly testing null or improperly formatted token identifiers, allowing them to pass validation. This release provides patches to correct the behavior. If you use the validator, or the corresponding ZendFormElementCsrf, we recommend upgrading immediately.
Version **2.3.7** (2015-03-12)
* #7255 Revert BC break against AbstractRestfulController
Version **2.3.6** (2015-03-12)
* ZF2015-03 ZendValidatorCsrf was incorrectly testing null or improperly formatted token identifiers, allowing them to pass validation. This release provides patches to correct the behavior. If you use the validator, or the corresponding ZendFormElementCsrf, we recommend upgrading immediately.
Version **2.3.7** (2015-03-12)
* #7255 Revert BC break against AbstractRestfulController
Version **2.3.6** (2015-03-12)
* ZF2015-03 ZendValidatorCsrf was incorrectly testing null or improperly formatted token identifiers, allowing them to pass validation. This release provides patches to correct the behavior. If you use the validator, or the corresponding ZendFormElementCsrf, we recommend upgrading immediately.
The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values.
Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and earlier for Schneider Electric Invensys SRD Control Valve Positioner devices 960 and 991 allows local users to gain privileges via a malformed DLL file.