CVE-2016-4470

The keyrejectandlink function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service system crash via vectors involving a crafted keyctl request2 command...

CentOS 7 : kernel (CESA-2016:1277)

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

RHEL 7 : kernel (RHSA-2016:1277)

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure.

The vulnerability of the CPDFDIBSource::CreateDecoder function located in core/fpdfapi/fpdfrender/fpdfrenderloadimage.cpp in the PDFium browser component of Google Chrome is related to improper handling of initialization errors. Exploiting this vulnerability can allow an attacker to trigger a...

ALPINE-CVE-2016-5300

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...

DEBIAN-CVE-2016-5300

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...

CVE-2016-5300

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...

Code injection

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...

CVE-2016-5300

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...

IBM Storwize SSL/TLS RC4 Stream Cipher Key Invariance (Bar Mitzvah)

According to its self-reported version number, the IBM Storwize server running on the remote host is affected by a security feature bypass vulnerability, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A...

CVE-2016-2499

AudioSource.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not initialize certain data, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 27855172...

lib32-expat: multiple issues

CVE-2012-6702 predictable random numbers It was found that when calling XMLParse ahead of rand, it causes the pseudo random generator to generate non-random predictable numbers. - CVE-2016-5300 denial of service It was found that original fix for CVE-2012-0876 used too little entropy for the hash...

CVE-2016-5300

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...

UBUNTU-CVE-2016-5300

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...

CVE-2016-1686

The CPDFDIBSource::CreateDecoder function in core/fpdfapi/fpdfrender/fpdfrenderloadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service out-of-bounds read via a crafted PDF document...

Out-of-bounds

The CPDFDIBSource::CreateDecoder function in core/fpdfapi/fpdfrender/fpdfrenderloadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service out-of-bounds read via a crafted PDF document...

UBUNTU-CVE-2016-1686

The CPDFDIBSource::CreateDecoder function in core/fpdfapi/fpdfrender/fpdfrenderloadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service out-of-bounds read via a crafted PDF document...

Xxe

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted PDF...

CVE-2016-4580

The x25negotiatefacilities function in net/x25/x25facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request...

DEBIAN-CVE-2016-4536

The client in OpenAFS before 1.6.17 does not properly initialize the 1 AFSStoreStatus, 2 AFSStoreVolumeStatus, 3 VldbListByAttributes, and 4 ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic...