1330 matches found
SUSE-SU-2015:0870-1 Security update for kvm
kvm has been updated to fix issues in the embedded qemu: CVE-2014-0223: An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could have used this flaw to corrupt QEMU process memory on the host...
Information disclosure
Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated...
CVE-2014-1564
Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated...
CVE-2014-1565
The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process...
RHEL 6 : qemu-kvm (RHSA-2014:1075)
Updated qemu-kvm packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...
Moderate: Red Hat Security Advisory: qemu-kvm security and bug fix update
Updated qemu-kvm packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...
RedHat Update for qemu-kvm RHSA-2014:0927-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[DLA-0018-1] php5 security update
Package : php5 Version : 5.3.3-7+squeeze20 CVE ID : CVE-2014-3515 CVE-2014-0207 CVE-2014-3480 CVE-2014-4721 CVE-2014-3515: fix unserialize SPL ArrayObject / SPLObjectStorage Type Confusion CVE-2014-0207: fileinfo: cdfreadshortsector insufficient boundary check CVE-2014-3480: fileinfo: cdfcountcha...
Debian DSA-2974-1 : php5 - security update
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-0207 Francisco Alonso of the Red Hat Security Response Team reported an...
CVE-2014-4721
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHPAUTHPW, PHPAUTHTYPE, PHPAUTHUSER, and PHPSELF variables, which might allow context-dependent attackers to obtain sensitive information from process...
Type confusion
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHPAUTHPW, PHPAUTHTYPE, PHPAUTHUSER, and PHPSELF variables, which might allow context-dependent attackers to obtain sensitive information from process...
UBUNTU-CVE-2014-4721
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHPAUTHPW, PHPAUTHTYPE, PHPAUTHUSER, and PHPSELF variables, which might allow context-dependent attackers to obtain sensitive information from process...
RedHat Update for qemu-kvm RHSA-2014:0704-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Code injection
Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DT...
Sambar Server 6.0 Results.STM Post Request Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9607/info A buffer overflow vulnerability has been reported in the Sambar web server. The issue is due to a boundary condition error in the POST data processing of the affected software. Immediate consequences of an attac...
GNU Screen 3.9.x Braille Module Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4578/info Screen is a freely available, open source terminal management software package. It is distributed and maintained by the Free Software Foundation. It is available for the Unix and Linux platforms. Under some...
PHP 4.x/5.0 Shared Memory Module Offset Memory Corruption Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12045/info PHP shared memory module shmop is reported prone to an integer handling vulnerability. The issue exists in the PHPFUNCTIONshmopwrite function and is as a result of a lack of sufficient sanitization performed on...
Man 1.5.1 Catalog File Format String Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7812/info A vulnerability has been reported in the man utility. The problem is said to occur due to a format string bug when handling a catalog file. As a result, an attacker may be capable of writing arbitrary values to...
Linux kernel 2.2/2.4 procfs Stream Redirection to Process Memory Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2937/info The Linux /proc filesystem is a virtual filesystem provided by the Linux Kernel as an interface to some process and system information and parameters. Under certain circumstances, an access validation error may...
PHP 4.x/5.0.1 PHP_Variables Remote Memory Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11334/info A vulnerability is reported to present itself in the array parsing functions of the 'phpvariables.c' PHP source file. The vulnerability occurs when a PHP script is being used to print URI parameters or data, th...