IBM WebSphere MQ DoS Vulnerability (May 2015)

IBM WebSphere MQ is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2015-0189

The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service memory overwrite and daemon outage by triggering multiple transmit-queue records...

CVE-2015-0189

The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service memory overwrite and daemon outage by triggering multiple transmit-queue records...

SUSE SLED10 / SLES10 Security Update : Xen (SUSE-SU-2012:1606-1)

This update fixes the following security issues in xen : - CVE-2012-5513: XENMEMexchange may overwrite hypervisor memory XSA-29 - CVE-2012-5515: Several memory hypercall operations allow invalid extent order values XSA-31 Also the following bugs have been fixed and upstream patches have been...

CVE-2015-1473

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library aka glibc or libc6 before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service segmentation violatio...

AZL-40934 CVE-2015-1473 affecting package dietlibc for versions less than 0.34-7

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library aka glibc or libc6 before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service segmentation violatio...

Code injection

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library aka glibc or libc6 before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service segmentation violatio...

CVE-2015-1473

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library aka glibc or libc6 before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service segmentation violatio...

CVE-2015-1473

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library aka glibc or libc6 before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service segmentation violatio...

Mandriva Linux Security Advisory : libpng (MDVSA-2015:090)

Updated libpng package fixes security vulnerabilities : The pngpushreadchunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an IDAT chunk with a length of zero CVE-2014-0333...

Microsoft Windows ATMFD Font Driver Remote Code Execution (MS15-021: CVE-2015-0092)

A remote code execution vulnerability has been reported in Microsoft Windows ATMFD Font Driver. The vulnerability is due to an error in Font Driver while improperly overwriting objects in memory. A remote attacker can exploit this issue by enticing a user to open a specially crafted file...

Microsoft Windows ATMFD Font Driver Remote Code Execution (MS15-021: CVE-2015-0090)

A remote code execution vulnerability has been reported in Microsoft Windows ATMFD Font Driver. The vulnerability is due to an error in Font Driver while improperly overwriting objects in memory. A remote attacker can exploit this issue by enticing a user to open a specially crafted file...

CVE-2015-1473

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library aka glibc or libc6 before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service segmentation violatio...

UBUNTU-CVE-2015-1473

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library aka glibc or libc6 before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service segmentation violatio...

MGASA-2015-0008 Updated libpng packages fix CVE-2014-9495

Updated libpng packages fix security vulnerability: libpng versions 1.6.9 through 1.6.15 have an integer-overflow vulnerability in pngcombinerow when decoding very wide interlaced images, which can allow an attacker to overwrite an arbitrary amount of memory with arbitrary attacker-controlled dat...

Symantec Deployment Solution AClient Memory Overwrite

SUMMARY An arbitrary memory overwrite vulnerability exists in a Symantec Deployment Solution agent allowing a local and authorized malicious user to potentially elevate privileges on the local system. This vulnerability applies to Windows XP SP3 or Windows Server 2003 SP2 only. AFFECTED PRODUCTS...

Citrix NetScaler SOAP Handler Remote Code Execution Exploit

This Metasploit module exploits a memory corruption vulnerability on the Citrix NetScaler Appliance. The vulnerability exists in the SOAP handler, accessible through the web interface. A malicious SOAP requests can force the handler to connect to a malicious NetScaler config server. This maliciou...

Citrix NetScaler SOAP Handler Remote Code Execution

This module exploits a memory corruption vulnerability on the Citrix NetScaler Appliance. The vulnerability exists in the SOAP handler, accessible through the web interface. A malicious SOAP requests can force the handler to connect to a malicious NetScaler config server. This malicious config...

wireshark: DOS Sniffer file parser flaw (wnpa-sec-2014-19)

The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service application crash via a crafted file...

AIX OpenSSL Denial of Service due to double free and others

IBM SECURITY ADVISORY First Issued: The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/openssladvisory10.asc https://aix.software.ibm.com/aix/efixes/security/openssladvisory10.asc...