9053 matches found
CVE-2015-7762
rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement ACK packet, which allows remote attackers to obtain sensitive information by 1 conducting a replay attack or 2 sniffing the network...
DEBIAN-CVE-2015-7762
rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement ACK packet, which allows remote attackers to obtain sensitive information by 1 conducting a replay attack or 2 sniffing the network...
CVE-2015-7762
rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement ACK packet, which allows remote attackers to obtain sensitive information by 1 conducting a replay attack or 2 sniffing the network...
CVE-2015-7763
rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement ACK packet, which allows remote attackers to obtain sensitive information by 1 conducting a replay attack or 2 sniffing the network...
Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-2797-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2797-1 advisory. It was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route...
MGASA-2015-0424 Updated openafs packages fix security vulnerabilities
Updated openafs packages fix security vulnerabilities: When constructing an Rx acknowledgment ACK packet, Andrew-derived Rx implementations do not initialize three octets of data that are padding in the C language structure and were inadvertently included in the wire protocol CVE-2015-7762...
The vulnerabilities of PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, as well as PDF viewing programs like Adobe Reader and Adobe Reader Document Cloud, allow attackers to circumvent JavaScript restrictions.
The vulnerability of the CBBBRInit method in PDF editing programs from Adobe Acrobat and Adobe Acrobat Document Cloud, as well as in PDF viewing programs from Adobe Reader and Adobe Reader Document Cloud, is related to deficiencies in access control for certain functions. Exploiting this...
OpenJDK: missing checks for proper initialization in ObjectStreamClass (Serialization, 8103671)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization...
Linux kernel buffer overflow vulnerability (CNVD-2015-06888)
The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A security vulnerability in the 'sctpinit' function in the net/sctp/protocol.c file in Linux kernel versions 4.2.2 and earlier stems from the presence of a failure to correctl...
OpenJDK: missing checks for proper initialization in ObjectStreamClass (Serialization, 8103671)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization...
DEBIAN-CVE-2015-7799
The slhcinit function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service NULL pointer dereference and system crash via a crafted PPPIOCSMAXCID ioctl call...
CVE-2015-5283
The sctpinit function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service panic or memory corruption by creating SCTP sockets before all of the steps have finished...
DEBIAN-CVE-2015-5283
The sctpinit function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service panic or memory corruption by creating SCTP sockets before all of the steps have finished...
UBUNTU-CVE-2015-5283
The sctpinit function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service panic or memory corruption by creating SCTP sockets before all of the steps have finished...
SUSE: Security Advisory for Xen (SUSE-SU-2015:0927-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle: Security Advisory (ELSA-2009-1243)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-2765-1 linux-lts-vivid vulnerability
Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service system crash...
USN-2761-1 linux vulnerability
Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service system crash...
PT-2015-6831 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.2.3 Description: The issue is related to an incorrect sequence of protocol-initialization steps in the sctp init function, which can cause a denial of service, resulting in a panic or memory corruption. This c...
Debian DLA-322-1 : commons-httpclient security update
Trevin Beattie 1 discovered an issue where one could observe hanging threads in a multi-threaded Java application. After debugging the issue, it became evident that the hanging threads were caused by the SSL initialization code in commons-httpclient. This upload fixes this issue by respecting the...