355 matches found
USN-3983-1 linux vulnerabilities
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered...
USN-3522-1 linux, linux-aws, linux-euclid, linux-kvm vulnerability
Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory...
[ASA-201706-1] vlc: multiple issues
Arch Linux Security Advisory ASA-201706-1 ========================================= Severity: High Date : 2017-06-01 CVE-ID : CVE-2017-8310 CVE-2017-8311 CVE-2017-8312 Package : vlc Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-283 Summary ======= The package vlc...
MQAC.sys Arbitrary Write Privilege Escalation
A vulnerability within the MQAC.sys module allows an attacker to overwrite an arbitrary location in kernel memory. This module will elevate itself to SYSTEM, then inject the payload into another SYSTEM process. This module requires Metasploit: https://metasploit.com/download Current source:...
[ MDVSA-2008:246 ] kernel
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2008:246 http://www.mandriva.com/security/ Package : kernel Date : December 29, 2008 Affected: 2009.0 Problem Description: Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The chipcomma...
Mandrake Linux Security Advisory : squid (MDKSA-2005:014)
'infamous41md' discovered two vulnerabilities in the squid proxy cache server. The first is a buffer overflow in the Gopher response parser which leads to memory corruption and would usually crash squid CVE-2005-0094. The second is an integer overflow in the receiver of WCCP Web Cache Communicati...
Mandrake Linux Security Advisory : mpg123 (MDKSA-2005:009)
A vulnerability in mpg123's ability to parse frame headers in input streams could allow a malicious file to exploit a buffer overflow and execute arbitrary code with the permissions of the user running mpg123. The updated packages have been patched to prevent these problems. %NASLMINLEVEL 70300 C...
Mandrake Linux Security Advisory : apache (MDKSA-2004:134)
A possible buffer overflow exists in the gettag function of modinclude, and if SSI Server Side Includes are enabled, a local attacker may be able to run arbitrary code with the rights of an httpd child process. This could be done with a special HTML document using malformed SSI. The updated...
Mandrake Linux Security Advisory : apache2 (MDKSA-2004:135)
A vulnerability in apache 2.0.35-2.0.52 was discovered by Chintan Trivedi; he found that by sending a large amount of specially- crafted HTTP GET requests, a remote attacker could cause a Denial of Service on the httpd server. This vulnerability is due to improper enforcement of the field length...
Mandrake Linux Security Advisory : imlib (MDKSA-2002:029)
Previous versions of imlib, prior to 1.9.13, would fall back to the NetPBM library which is not suitable for loading untrusted images due to various problem in it's code. The new imlib also fixes some problems with arguments passed to malloc. These problems could allow attackers to construct imag...
Mandrake Linux Security Advisory : lftp (MDKSA-2003:116)
A buffer overflow vulnerability was discovered by Ulf Harnhammar in the lftp FTP client when connecting to a web server using HTTP or HTTPS and using the 'ls' or 'rels' command on specially prepared directory. This vulnerability exists in lftp versions 2.3.0 through 2.6.9 and is corrected upstrea...
Mandrake Linux Security Advisory : squid (MDKSA-2001:066)
The Squid proxy server has a serious security flaw in versions 2.3.STABLE2 through 2.3.STABLE4. This problem surfaces when Squid is used in httpdaccel mode. If you configure httpaccelwithproxy off then any request to Squid is allowed. Malicious users may use your proxy to portscan remote systems,...
Mandrake Linux Security Advisory : xloadimage (MDKSA-2001:073-1)
A buffer overflow exists in xli due to missing boundary checks. This could be triggered by an external attacker to execute commands on the victim's machine. An exploit is publically available. xli is an image viewer that is used by Netscape's plugger to display TIFF, PNG, and Sun-Raster images...
Mandrake Linux Security Advisory : sharutils (MDKSA-2002:052)
The uudecode utility creates output files without checking to see if it is about to write to a symlink or pipe. This could be exploited by a local attacker to overwrite files or lead to privilege escalation if users decode data into share directories, such as /tmp. This update fixes this...
Mandrake Linux Security Advisory : tripwire (MDKSA-2001:064)
Jarno Juuskonen reported that a temporary file vulnerability exists in versions of Tripwire prior to 2.3.1-2. Because Tripwire opens/creates temporary files in /tmp without the OEXCL flag during filesystem scanning and database updating, a malicious user could execute a symlink attack against the...