2414 matches found
kernel security and bug fix update
3.10.0-327.18.2.OL7 - Oracle Linux certificates Alexey Petrenko 3.10.0-327.18.2 - lib keys: Fix ASN.1 indefinite length object parsing David Howells 1308814 1308815 CVE-2016-0758 3.10.0-327.18.1 - scsi bnx2fc: Fix FCP RSP residual parsing Maurizio Lombardi 1322279 1306342 - mm madvise: fix...
USN-2969-1 linux-lts-utopic vulnerabilities
Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical access could cause a denial of service system crash. CVE-2015-7515 Ben Hawkes discovered that the Linux kernel's AIO...
PT-2016-3471 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.4.1 Description: The issue is related to an integer overflow in the fs/aio.c file of the Linux kernel. This can be exploited by local users to cause a denial of service or possibly have other unspecified impac...
DEBIAN-CVE-2016-1568
Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service instance crash or possibly execute arbitrary code via an invalid AHCI Native Command Queuing NCQ AIO command...
[SECURITY] Fedora 24 Update: nodejs-sqlite3-3.1.2-3.fc24
Asynchronous, non-blocking SQLite3 bindings for Node.js...
RedHat Update for glibc RHSA-2016:0175-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SEE - Sandboxed Execution Environment
Sandboxed Execution Environment SEE is a framework for building test automation in secured Environments. The Sandboxes, provided via libvirt, are customizable allowing high degree of flexibility. Different type of Hypervisors Qemu, VirtualBox, LXC can be employed to run the Test Environments...
Qemu: ide: ahci use-after-free vulnerability in aio port commands
A use-after-free flaw was found in the way QEMU's IDE AHCI emulator processed certain AHCI Native Command Queuing NCQ AIO commands. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU proces...
Qemu: ide: ahci use-after-free vulnerability in aio port commands
A use-after-free flaw was found in the way QEMU's IDE AHCI emulator processed certain AHCI Native Command Queuing NCQ AIO commands. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU proces...
Wireshark NLM Parser Double Release Vulnerability
Wireshark is the most popular network protocol parser. A double-release vulnerability exists in epan/dissectors/packet-nlm.c in the Wireshark NLM parser, which can be exploited by a remote attacker to cause a denial of service application crash via a constructed packet with the "Match MSG/RES...
DEBIAN-CVE-2015-8718
Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the "Match MSG/RES packets for async NLM" option is enabled, allows remote attackers to cause a denial of service application crash via a crafted packet...
Sandboxed Execution Environment: SEE
Sandboxed Execution Environment SEE is a framework for building test automation in secured Environments. The Sandboxes, provided via libvirt, are customizable allowing high degree of flexibility. Different type of Hypervisors Qemu, VirtualBox, LXC can be employed to run the Test Environments...
[SECURITY] Fedora 23 Update: libtevent-0.9.26-1.fc23
Tevent is an event system based on the talloc memory management library. Tevent has support for many event types, including timers, signals, and the classic file descriptor events. Tevent also provide helpers to deal with asynchronous code providing the teventreq Tevent Request functions...
openSUSE Security Update : MozillaFirefox (openSUSE-2015-565)
MozillaFirefox was updated to version 40.0.3 to fix two security issues and several bugs. Changes in MozillaFirefox : - update to Firefox 40.0.3 bnc943550 - Disable the asynchronous plugin initialization bmo1198590 - Fix a segmentation fault in the GStreamer support bmo1145230 - Fix a regression...
[SECURITY] Fedora 21 Update: uwsgi-2.0.11.1-1.fc21
uWSGI is a fast pure C, self-healing, developer/sysadmin-friendly application container server. Born as a WSGI-only server, over time it has evolved in a complete stack for networked/clustered web applications, implementing message/object passing, caching, RPC and process management. It uses the...
async-http-client: SSL/TLS certificate verification is disabled under certain conditions
It was found that async-http-client would disable SSL/TLS certificate verification under certain conditions, for example if HTTPS communication also used client certificates. A man-in-the-middle MITM attacker could use this flaw to spoof a valid certificate...
async-http-client: missing hostname verification for SSL certificates
It was found that async-http-client did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any...
Incident Response Malware Analysis: IRMA
Incident Response Malware Analysis: IRMA is an asynchronous and customizable analysis platform for suspicious files! IRMA intends to be an open-source platform designed to help identifying and analyzing malicious files. However, today’s defense is not only about learning about a file, but it is...
async-http-client certificate validation vulnerability
async-http-client is a client library that allows Java applications to perform HTTP requests and asynchronously process that HTTP response. async-http-client fails to properly disable SSL/TLS certificate validation, allowing an attacker to exploit the vulnerability to conduct a man-in-the-middle...
[SECURITY] Fedora 20 Update: async-http-client-1.7.22-2.fc20
Async Http Client library purpose is to allow Java applications to easily execute HTTP requests and asynchronously process the HTTP responses. The Async HTTP Client library is simple to use...