4973 matches found
kernel security update
CentOS Errata and Security Advisory CESA-2014:1959 Updated kernel packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS bas...
RHEL 6 : kernel (RHSA-2014:1843)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1843 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition flaw was found in the way the Linux...
Important: Red Hat Security Advisory: kernel security and bug fix update
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
DEBIAN-CVE-2014-8543
libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service out-of-bounds access or possibly have unspecified other impact via crafted MM video data...
CVE-2014-8543
libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service out-of-bounds access or possibly have unspecified other impact via crafted MM video data...
UBUNTU-CVE-2014-8543
libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service out-of-bounds access or possibly have unspecified other impact via crafted MM video data...
CVE-2014-8577
Multiple cross-site scripting XSS vulnerabilities in Croogo before 2.1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 dataContacttitle parameter to admin/contacts/contacts/add page; 2 dataBlocktitle or 3 dataBlockalias parameter to admin/blocks/blocks/edit page; 4...
Forward Incremental – Animation of Method and Retention
Purpose This article is intended to document how Forward Incremental works, and how its retention is enforced. Solution There are two distinct methods of Forward Incremental: Forever Forward Incremental Forward Incremental with Periodic Fulls Forever Forward Incremental For more information...
Kernel: USB serial: memory corruption flaw
A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the...
kernel: udf: Avoid infinite loop when processing indirect ICBs
A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's Universal Disk Format UDF file system implementation processed indirect Information Control Blocks ICBs. An attacker with physical access to the system could use a specially crafted UDF image to crash the...
Fedora 21 : xen-4.4.1-2.fc21 (2014-10531)
Mishandling of uninitialised FIFO-based event channel control blocks XSA-107, CVE-2014-6268 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
Mishandling of uninitialised FIFO-based event channel control blocks
ISSUE DESCRIPTION When using the FIFO-based event channels, there are no checks for the existence of a control block when binding an event or moving it to a different VCPU. This is because events may be bound when the ABI is in 2-level mode e.g., by the toolstack before the domain is started. The...
kernel security and bug fix update
kernel 2.6.18-371.12.1.0.1 - ocfs2: dlm: fix recovery hung Junxiao Bi orabug 13956772 - i386: fix MTRR code Zhenzhong Duan orabug 15862649 - oprofile x86, mm: Add getuserpagesfast orabug 14277030 - oprofile export getuserpagesfast function orabug 14277030 - oprofile oprofile, x86: Fix nmi-unsafe...
DEBIAN-CVE-2013-5855
Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a 1 tag or 2 EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting XSS attacks via application-specific vectors...
Geeklog <= 1.5.2 - savepreferences()/*blocks[] SQL Injection Exploit
No description provided by source. ?php / Geeklog = 1.5.2 savepreferences/blocks remote sql injection exploit by Nine:Situations:Group::bookoo our site: http://retrogod.altervista.org/ software site: http://www.geeklog.net/ PHP and MySQL version independent vulnerability, see usersettings.php nea...
WordPress Global Content Blocks plugin <= 1.2 - SQL Injection Vulnerability
No description provided by source. Exploit Title: WordPress Global Content Blocks plugin = 1.2 SQL Injection Vulnerability Date: 2011-08-18 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/global-content-blocks.1.2.zip Version: 1....
PostNuke 0.75/0.76 Blocks Module Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13636/info PostNuke Blocks module is affected by a directory traversal vulnerability. The problem presents itself when an attacker passes a name for a target file, along with directory traversal sequences, to the affected...
UBUNTU-CVE-2014-3471
Use-after-free vulnerability in hw/pci/pcie.c in QEMU aka Quick Emulator allows local guest OS users to cause a denial of service QEMU instance crash via hotplug and hotunplug operations of Virtio block devices...
CVE-2013-4431
Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request...
Cross site request forgery (csrf)
Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request...