[SECURITY] [DLA 322-1] commons-httpclient security update

Package : commons-httpclient Version : 3.1-9+deb6u2 CVE ID : CVE-2015-5262 Trevin Beattie 1 discovered an issue where one could observe hanging threads in a multi-threaded Java application. After debugging the issue, it became evident that the hanging threads were caused by the SSL initialization...

DLA-322-1 commons-httpclient - security update

Bulletin has no description...

CVE-2015-5842

XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors...

Impero Education Pro is vulnerable

Impero Education Pro is an education management solution from Impero, Inc. that integrates classroom management, desktop management, and computer monitoring software into one package. Impero Education Pro versions prior to 5105 have a security vulnerability. Since the program uses hard-coded CBC...

BSOD with Error: "STOP 0x0000007E and CVhdMp.sys Error: BNIStack failed, network stack could not be initialized"

When attempting to boot Vdisks from Target device a BSOD occurs with the following message: STOP" 0x0000007E and CVhdMp.sys Error: BNIStack failed, network stack could not be initialized...

Hardcoded credentials

Impero Education Pro before 5105 uses a hardcoded CBC key and initialization vector derived from a hash of the Imp3ro string, which makes it easier for remote attackers to obtain plaintext data by sniffing the network for ciphertext data...

Privilege escalation

The process-initialization implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does not properly constrain impersonation levels, which allows local users to gain privileges via a...

CVE-2015-2527

The process-initialization implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does not properly constrain impersonation levels, which allows local users to gain privileges via a...

DEBIAN-CVE-2015-6826

The ffrv34decodeinitthreadcopy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service invalid pointer access or possibly have unspecified other impact via crafted 1 RV30 or 2 RV40 RealVideo dat...

CVE-2015-6824

The swsinitcontext function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service segmentation violation or possibly have unspecified other impact via crafted video data...

UBUNTU-CVE-2015-6826

The ffrv34decodeinitthreadcopy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service invalid pointer access or possibly have unspecified other impact via crafted 1 RV30 or 2 RV40 RealVideo dat...

DEBIAN-CVE-2015-6563

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITORREQPAMINITCTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafte...

Apple iOS ImageIO Memory Information Disclosure Vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A memory incorrect initialization vulnerability exists in Apple iOS ImageIO's handling of PNG files, which allows remote attackers to exploit the vulnerability to construct special files that can be parse...

The vulnerability of the OpenSSL library, which allows a hacker to bypass the cryptographic security measures

The vulnerability of the ssl3clienthello function in the OpenSSL library is related to insufficient guarantees for the correct initialization of the pseudorandom number generator before the handshake process. Exploiting this vulnerability allows a malicious actor to bypass cryptographic security...

FreeBSD : net-snmp -- snmp_pdu_parse() function incomplete initialization (381183e8-3798-11e5-9970-14dae9d210b8)

Qinghao Tang reports : Incompletely initialized vulnerability exists in the function 'snmppduparse' of 'snmpapi.c', and remote attackers can cause memory leak, DOS and possible command executions by sending malicious packets. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...

Joomla! Helpdesk Pro plugin file upload vulnerability

Joomla! is a well-known content management system in foreign countries. Joomla! is a software system developed using the PHP language coupled with a MySQL database, which can be implemented on a variety of different platforms such as Linux, Windows, MacOSX and so on. A file upload vulnerability...

kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code

It was found that the Linux kernel KVM subsystem's sysenter instruction emulation was not sufficient. An unprivileged guest user could use this flaw to escalate their privileges by tricking the hypervisor to emulate a SYSENTER instruction in 16-bit mode, if the guest OS did not initialize the...

SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic...

Microsoft Windows Hyper-V Remote Code Execution Vulnerability (3072000)

This host is missing a critical security update according to Microsoft Bulletin MS15-068. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS15-068: Vulnerabilities in Windows Hyper-V Could Allow Remote Code Execution (3072000)

The remote Windows host is affected by multiple remote code execution vulnerabilities in Hyper-V : - An error exists in how Hyper-V handles packet size memory initialization in guest virtual machines. An authenticated attacker with access to a guest virtual machine can exploit this by running a...