node.js -- multiple vulnerabilities

Updates are now available for all active Node.js release lines as well as the 7.x line. These include the fix for the high severity vulnerability identified in the initial announcement, one additional lower priority Node.js vulnerability in the 4.x release line, as well as some lower priority fix...

Security update for gstreamer-plugins-bad (important)

This update for gstreamer-plugins-bad fixes the following issues: - Maliciously crafted VMnc VMware video streams typically contained in .avi files could cause code execution during decoding or information leaks due to an unitialized buffer CVE-2016-9445, CVE-2016-9446, boo1010829...

Microsoft Chakra ArrayBuffer.transfer Uninitialized Buffer Information Leak Vulnerability

This vulnerability allows remote attackers to leak sensitive information on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

Android - IOMX getConfig/getParameter Information Disclosure

Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=711 Android: Information Disclosure in IOMX getConfig/getParameter Platform: Verified on google/razor/flo:6.0.1/MMB29O/2459718:user/release-keys Class: Information Disclosure...

Google Android - IOMX getConfiggetParameter Information Disclosure

Google Android - IOMX getConfiggetParameter Information Disclosure Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=711 Android: Information Disclosure in IOMX getConfig/getParameter Platform: Verified on google/razor/flo:6.0.1/MMB29O/2459718:user/release-keys Class: Information...

(Pwn2Own) Microsoft Windows secdrv.sys Uninitialized Buffer Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the secdrv.sys...

(Pwn2Own) Apple Safari Uninitialized Buffer Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

wireshark-cli: denial of service

CVE-2014-8710 out-of-bounds read Out-of-bounds read flaw in the SigComp dissector sigcomp-udvm leads to denial of service while processing malformed packets. - CVE-2014-8711 out-of-bounds read The AMQP dissector is seeing a large value in the capture file for what it thinks should be a field...

wireshark-gtk: denial of service

CVE-2014-8710 out-of-bounds read Out-of-bounds read flaw in the SigComp dissector sigcomp-udvm leads to denial of service while processing malformed packets. - CVE-2014-8711 out-of-bounds read The AMQP dissector is seeing a large value in the capture file for what it thinks should be a field...

wireshark-qt: denial of service

CVE-2014-8710 out-of-bounds read Out-of-bounds read flaw in the SigComp dissector sigcomp-udvm leads to denial of service while processing malformed packets. - CVE-2014-8711 out-of-bounds read The AMQP dissector is seeing a large value in the capture file for what it thinks should be a field...

UBUNTU-CVE-2014-5163

The APN decode functionality in 1 epan/dissectors/packet-gtp.c and 2 epan/dissectors/packet-gsmagm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service application...

kernel: tpm infoleaks

The tpmopen function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a certain buffer, which allows local users to obtain potentially sensitive information from kernel memory via unspecified vectors...

kernel: tpm infoleaks

The tpmopen function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a certain buffer, which allows local users to obtain potentially sensitive information from kernel memory via unspecified vectors...

kernel: IB/uverbs: Handle large number of entries in poll CQ

The ibuverbspollcq function in drivers/infiniband/core/uverbscmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially fille...

kernel: IB/uverbs: Handle large number of entries in poll CQ

The ibuverbspollcq function in drivers/infiniband/core/uverbscmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially fille...

OpenSSL < 0.9.8o / 1.0.0a Multiple Vulnerabilities

Binary data 5559.prm...

OpenSSL < 0.9.8o / 1.0.0a Multiple Vulnerabilities

Binary data 801057.prm...

SuSE Update for krb5 SUSE-SA:2008:016

Check for the Version of krb5 OpenVAS Vulnerability Test $Id: gbsuse2008016.nasl 8050 2017-12-08 09:34:29Z santu $ SuSE Update for krb5 SUSE-SA:2008:016 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...

FreeBSD Security Advisory (FreeBSD-SA-06:06.kmem.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:06.kmem.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

openSUSE 10 Security Update : krb5 (krb5-5081)

This update fixes the following security bugs in krb5/krb5-server : - CVE-2008-0062: null/dangling pointer needs enabled krb4 support - CVE-2008-0063: possible operations on uninitialized buffer content/information leak needs enabled krb4 support - CVE-2008-0947/CVE-2008-0948: out-of-bound array...