openssl: race condition in ssl_parse_serverhello_tlsext

A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execut...

Microsoft WINS Service Memory Overwrite

No description provided by source. $Id: ms04045wins.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

FreeBSD 4.4 AIO Library Cross Process Memory Write Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3661/info aio.h is a library implementing the POSIX standard for asynchronous I/O. Support for AIO may be enabled in FreeBSD by compiling the kernel with the VFSAIO option. This option is not enabled in the default kernel...

openSUSE Security Update : libxml2 (openSUSE-SU-2012:0731-1)

specially crafted xpath statements could cause an out of bounds memory write %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-320. The text description of this plugin is C SUSE LL...

PT-2014-47: Arbitrary memory write in Honeywell EPKS

The specialists of the Positive Research center have detected an Arbitrary memory write vulnerability in Honeywell EPKS. Arbitratry memory write was discovered in function readexactsilentmaster from dualonsrv.exe module which could lead to possible remote code execution or denial of service. How ...

Apple QuickTime Multiple Vulnerabilities (Mar 2014) - Windows

Apple QuickTime player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:quicktime";...

VulnCheck KEV: CVE-2013-3918

Microsoft Windows contains an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote...

CVE-2013-3077

Multiple integer overflows in the IPMSFILTER and IPV6MSFILTER features in 1 sys/netinet/inmcast.c and 2 sys/netinet6/in6mcast.c in the multicast implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE allow local users to bypass intended restrictions on kernel-memory read and write...

Another Java zero-day vulnerability being exploited in the wild

Do you still have Java installed? There is a bad news for you ! FireEye has detected yet another Java zero-day vulnerability being exploited in attacks in the wild. The vulnerability targets browsers that have the latest version of the Java plugin installed Java v1.6 Update 41 and Java v1.7 Updat...

SumatraPDF 2.1.1/MuPDF 1.0 - Integer Overflow

Sumatra 2.1.1/MuPDF 1.0 Integer Overflow ======================================= There is an integer overflow on the MuPDF in the lexnumber function which can be triggered using a corrupt PDF file with ObjStm. I'm attaching a file that reproduces the problem with the original unmodified file. The...

CVE-2012-3495

The physdevgetfreepirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the getfreepirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service invali...

CVE-2012-3495

The physdevgetfreepirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the getfreepirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service invali...

Design/Logic Flaw

The physdevgetfreepirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the getfreepirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service invali...

CVE-2012-3495

The physdevgetfreepirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the getfreepirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service invali...

CVE-2012-3495

The physdevgetfreepirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the getfreepirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service invali...

DEBIAN-CVE-2012-4225

NVIDIA UNIX graphics driver before 295.71 and before 304.32 allows local users to write to arbitrary physical memory locations and gain privileges by modifying the VGA window using /dev/nvidia0...

CVE-2012-4225

NVIDIA UNIX graphics driver before 295.71 and before 304.32 allows local users to write to arbitrary physical memory locations and gain privileges by modifying the VGA window using /dev/nvidia0...

Slackware: Security Advisory (SSA:2010-180-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

t1lib: Use-after-free via crafted Type 1 font

Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service application crash via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different...

Scientific Linux Security Update : thunderbird on SL4.x,SL5.x i386/x86_64

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. CVE-2011-0080...