CVE-2013-2888

Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device HID subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service heap memory corruption via a crafted device that provides an invalid Repor...

CVE-2013-2897

CVE-2013-2897 affects the Linux kernel HID multitouch driver (drivers/hid/hid-multitouch.c) with CONFIG_HID_MULTITOUCH enabled, up to kernel 3.11. The vulnerability allows physically proximate attackers to trigger a denial of service via crafted HID devices, causing heap memory corruption or a NU...

Amazon Linux AMI : net-snmp (ALAS-2012-97)

An array index error, leading to an out-of-bounds buffer read flaw, was found in the way the net-snmp agent looked up entries in the extension table. A remote attacker with read privileges to a Management Information Base MIB subtree handled by the 'extend' directive in '/etc/snmp/snmpd.conf' cou...

Oracle Java jre/bin/awt.dll storeImageArray()函数非法数组索引任意代码执行漏洞

Oracle Java Runtime Environment是一款为JAVA应用程序提供可靠的运行环境的解决方案 Oracle Java JRE 7 Update 24及之前版本jre/bin/awt.dll中的原生storeImageArray函数存在一个非法数组索引漏洞，允许攻击者构建恶意WEB页或恶意文件，诱使用户打开，可以用户进程上下文执行任意代码 0 Oracle Java JRE 7 Update 24及之前版本 厂商解决方案 Oracle Java JRE 7 Update 25已经修复此漏洞，建议用户下载更新： http://oracle.com/java...

Многочисленные уязвимости в Mozilla Firefox / Seamonkey multiple security vulnerabilities

Multiple memory corruptions, integer overflows, array index overflows, information leak...

CVE-2013-4932

Multiple array index errors in epan/dissectors/packet-gsmacommon.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service application crash via a crafted packet...

Code injection

Multiple array index errors in epan/dissectors/packet-gsmacommon.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service application crash via a crafted packet...

CVE-2013-4932

CVE-2013-4932 affects the GSM A Common dissector in Wireshark, where multiple array index errors in epan/dissectors/packet-gsm_a_common.c allow a remote attacker to crash the application via a crafted packet (DoS). The issue applies to Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1. Connec...

CVE-2013-4932

Multiple array index errors in epan/dissectors/packet-gsmacommon.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service application crash via a crafted packet...

CVE-2013-4932

Multiple array index errors in epan/dissectors/packet-gsmacommon.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service application crash via a crafted packet...

Oracle Linux 6 : webkitgtk (ELSA-2011-0177)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0177 advisory. 1.2.6-2 - Added fix for js regression 1.2.6-1 - Update to 1.2.6 Tenable has extracted the preceding description block directly from the Oracle Linux...

Oracle Linux 5 : tetex (ELSA-2010-0400)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0400 advisory. - unify patches for CVE-2010-0739 and CVE-2010-1440 - fix CVE-2010-1440 586819 - initialize data in arithmetic coder elsewhere CVE-2009-0146 - initiali...

Oracle Linux 6 : openoffice.org (ELSA-2011-0183)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0183 advisory. - CVE-2010-4643 heap based buffer overflow when parsing TGA files - CVE-2010-4253 heap based buffer overflow in PPT import - CVE-2010-3450 directory...

Oracle Linux 5 : net-snmp (ELSA-2013-0124)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0124 advisory. - fixed CVE-2012-2141, an array index error in the extension table 815813 Tenable has extracted the preceding description block directly from the Oracle Linux...

CVE-2013-4077

Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service application crash via a crafted packet, related to nbap.cnf and packet-nbap.c...

CVE-2013-4077

Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service application crash via a crafted packet, related to nbap.cnf and packet-nbap.c...

CVE-2013-4077

CVE-2013-4077 affects the NBAP dissector in Wireshark 1.8.x before 1.8.8. The issue is an array index error in NBAP processing (nbap.cnf and packet-nbap.c) that can cause a denial of service (application crash) via a crafted packet. Documents validate the root cause and version bound; no exploit ...

CVE-2013-1210

Cisco Nexus 1000V Nexus 1000V VEM kernel driver for VMware ESXi is affected by CVE-2013-1210 due to an out-of-bounds array access when STUN debugging is enabled. The issue can be exploited remotely by sending crafted STUN packets to the VEM, potentially crashing the ESXi hypervisor and causing a ...

Cisco Nexus 1000V ESXi Hypervisor Denial of Service Vulnerability

A vulnerability in the Cisco Nexus 1000V Virtual Ethernet Module VEM kernel driver for VMware ESXi could allow an unauthenticated, remote attacker to cause the ESXi hypervisor to crash, resulting in a purple screen of death PSOD. The vulnerability is due to insufficient validation of STUN protoco...

Scientific Linux Security Update : ccid on SL6.x i386/x86_64 (20130221)

An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon root, by default, by inserting a...