2337 matches found
CVE-2013-3175
CVE-2013-3175 is a Windows elevation-of-privilege issue in the handling of asynchronous RPC requests. Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT. Root cause...
CentOS Update for libtirpc CESA-2013:0884 centos6
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Solaris 10 (sparc) : 150157-01 (deprecated)
Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: Remote Procedure Call RPC. Supported versions that are affected are 8, 9, 10 and 11.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can...
Solaris 10 (x86) : 150158-01 (deprecated)
Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: Remote Procedure Call RPC. Supported versions that are affected are 8, 9, 10 and 11.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can...
[SECURITY] Fedora 17 Update: axis-1.4-19.fc17
Apache AXIS is an implementation of the SOAP "Simple Object Access Protoco l" submission to W3C. From the draft W3C specification: SOAP is a lightweight protocol for exchange of information in a decentraliz ed, distributed environment. It is an XML based protocol that consists of three parts: an...
libvirt: use-after-free in virNetMessageFree()
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by...
Low: Red Hat Security Advisory: quota security and bug fix update
An updated quota package that fixes one security issue and multiple bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
DEBIAN-CVE-2012-4423
The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service NULL pointer dereference and segmentation fault via an RPC call with 1 an event as the RPC number or 2 an RPC number whose value is in a "gap" in the RPC dispatch table...
libvirt: null function pointer invocation in virNetServerProgramDispatchCall()
The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service NULL pointer dereference and segmentation fault via an RPC call with 1 an event as the RPC number or 2 an RPC number whose value is in a "gap" in the RPC dispatch table...
DEBIAN-CVE-2012-0845
SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an XML-RPC POST request that contains a smaller amount of data than specified...
libvirt: crash in virTypedParameterArrayClear
The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain API calls with typed parameters, which might allow remote authenticated users to cause a denial of service libvirtd crash via an RPC command with nparams set to zero, which triggers an out-of-bounds read...
Scientific Linux Security Update : kernel on SL4.x i386/x86_64
This update fixes the following security issues : - a flaw was found in the CIFSSMBWrite function in the Linux kernel Common Internet File System CIFS implementation. A remote attacker could send a specially crafted SMB response packet to a target CIFS client, resulting in a kernel panic denial o...
The zend framework xxe injection analysis-vulnerability warning-the black bar safety net
A few days ago online broke a zend framework vulnerability author: mkods Specifically described as follows: ; according to the description, the vulnerability occurs in the zend Framework xmlrpc module of an xxeXML external entity injection vulnerability this vulnerability can be read on server...
RedHat Update for samba and samba3x RHSA-2012:0533-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
USN-1423-1: Samba vulnerability
Brian Gorenc discovered that Samba incorrectly calculated array bounds when handling remote procedure calls RPC over the network. A remote, unauthenticated attacker could exploit this to execute arbitrary code as the root user. CVE-2012-1182...
Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : samba vulnerability (USN-1423-1)
Brian Gorenc discovered that Samba incorrectly calculated array bounds when handling remote procedure calls RPC over the network. A remote, unauthenticated attacker could exploit this to execute arbitrary code as the root user. CVE-2012-1182. Note that Tenable Network Security has extracted the...
DEBIAN-CVE-2012-1182
The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call...
samba: Multiple heap-based buffer overflows in memory management based on NDR marshalling code output
The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call...
glibc: svc_run() produces high cpu usage when accept() fails with EMFILE error
A denial of service flaw was found in the remote procedure call RPC implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time...
glibc: svc_run() produces high cpu usage when accept() fails with EMFILE error
A denial of service flaw was found in the remote procedure call RPC implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time...