chromium-browser: uninitialized-value in Fonts

The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

Multi Gather RubyGems API Key

This module obtains a user's RubyGems API key from /.gem/credentials. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multi Gather RubyGems API Key', 'Description' = %q This module obtains a...

Mozilla: Miscellaneous memory safety hazards (rv:31.4) (MFSA 2015-01)

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary cod...

mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML...

jenkins: remote code execution from slaves (SECURITY-144)

Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master and slaves, which might allow remote attackers to execute arbitrary code on the master by leveraging access to the slave...

PT-2014-4852 · Hewlett Packard · Hp Operations Manager

Name of the Vulnerable Software and Affected Versions: HP Operations Manager versions 9.10 through 9.11 on UNIX Description: The issue allows remote attackers to execute arbitrary code. The exact vectors used for the attack are not specified. Recommendations: For HP Operations Manager versions 9....

openssl: information leak in pretty printing functions

It was discovered that the OBJobj2txt function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory...

Qemu: qcow1: validate L2 table size to avoid integer overflows

An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with...

JDK: Privilege escalation issue

Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager...

JDK: Java CMS keystore provider potentially allows brute-force private key recovery

IBM Java Runtime Environment JRE 7 R1 before SR1 FP1 7.1.1.1, 7 before SR7 FP1 7.0.7.1, 6 R1 before SR8 FP1 6.1.8.1, 6 before SR16 FP1 6.0.16.1, and before 5.0 SR16 FP7 5.0.16.7 allows attackers to obtain the private key from a Certificate Management System CMS keystore via a brute force attack...

httpd: mod_status heap-based buffer overflow

A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cause the httpd chi...

php: heap-based buffer overflow in DNS TXT record parsing

A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dnsgetrecord function to perform a DNS query...

JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424...

qemu: hpet: buffer overrun on invalid state load

Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers...

nss: Race-condition in certificate verification can lead to Remote code execution (MFSA 2014-63)

A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application...

OpenJDK: Incorrect generic signature attribute parsing (Hotspot, 8037076)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...

asg-sentry <= 7.0.0 - Multiple Vulnerabilities

No description provided by source. Luigi Auriemma Application: ASG-Sentry http://www.asg-sentry.com Versions: = 7.0.0 Platforms: Windows and Unix Bugs: A arbitrary files deleting B heap-overflow in FxAgent C termination of FxIAList D buffer-overflow in FxIAList Exploitation: remote Date: 10 Mar...

OpenJDK: insufficient escaping of window title string (Javadoc, 8026736)

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc...

curl: re-use of wrong HTTP NTLM connection in libcurl

cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request...

postgresql: possible buffer overflow flaws

Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063...