1104 matches found
CVE-2016-5105
The megasasdcmdcfgread function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface MFI command...
DEBIAN-CVE-2016-5105
The megasasdcmdcfgread function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface MFI command...
CVE-2016-5105
The megasasdcmdcfgread function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface MFI command...
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3596)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3596 advisory. - KEYS: potential uninitialized variable Dan Carpenter Orabug: 24402831 CVE-2016-4470 - vfs: add vfsselectinode helper Miklos Szeredi Orabug:...
kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path
A flaw was found in the Linux kernel's keyring handling code: the keyrejectandlink function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation...
Internet Bug Bounty: Two vulnerabilities in the ssl module
I found two vulnerabilities in python's ssl module. The first is a PyXDECREF call on an object which isn't owned, leading to use-after-free and/or double free scenarios. The second vulnerability is an uninitialized variable use. I described both issues in detail in a mail to the PSRT. The mail an...
Unbreakable Enterprise kernel security update
2.6.39-400.283.2 - KEYS: potential uninitialized variable Dan Carpenter Orabug: 24393863 CVE-2016-4470...
Unbreakable Enterprise kernel security update
kernel-uek 3.8.13-118.9.2 - KEYS: potential uninitialized variable Dan Carpenter Orabug: 24393864 CVE-2016-4470...
Unbreakable Enterprise kernel security update
kernel-uek 4.1.12-37.6.2 - KEYS: potential uninitialized variable Dan Carpenter Orabug: 24393865 CVE-2016-4470 - ovl: fix permission checking for setattr Miklos Szeredi Orabug: 24393742 CVE-2015-8660...
kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path
A flaw was found in the Linux kernel's keyring handling code: the keyrejectandlink function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation...
kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path
A flaw was found in the Linux kernel's keyring handling code: the keyrejectandlink function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation...
SUSE SLES11 Security Update : Recommended update for NetworkManager-kde4 (SUSE-SU-2016:1465-1)
This NetworkManager-kde4 update fixes the following security and non security issues : - Fixed a long standing security issue. This makes knetworkmanager probe the RADIUS server for a CA certificate subject and hash if no CA certificate is specified. knetworkmanager then stores this data and send...
Scientific Linux Security Update : ntp on SL6.x i386/x86_64 (20160510)
Security Fixes : - It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntpcrypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker coul...
UBUNTU-CVE-2016-5105
The megasasdcmdcfgread function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface MFI command...
CVE-2016-5105
The megasasdcmdcfgread function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface MFI command...
ntp: crash with crafted logconfig configuration command
It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands...
Debian Security Advisory DSA 3388-1 (ntp - security update)
Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs: CVE-2015-5146 A flaw was found in the way ntpd processed certain remote configuration packets. An attacker could use a specially crafted package to cause ntpd to crash if: ntpd enabled remote...
UBUNTU-CVE-2016-4020
The patchinstruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register TPR...
Adobe Flash - Object.unwatch Use-After-Free
Adobe Flash - Object.unwatch Use-After-Free Sources: https://bugs.chromium.org/p/project-zero/issues/detail?id=716 https://googleprojectzero.blogspot.ca/2016/03/life-after-isolated-heap.html The bug is an uninitialized variable in the fix to an ActionScript 2 use-after-free bug. Roughly 80 of the...
Adobe Flash - Object.unwatch Use-After-Free Exploit
Exploit for multiple platform in category remote exploits Sources: https://bugs.chromium.org/p/project-zero/issues/detail?id=716 https://googleprojectzero.blogspot.ca/2016/03/life-after-isolated-heap.html The bug is an uninitialized variable in the fix to an ActionScript 2 use-after-free bug...