Stack overflow

Stack-based buffer overflow in the socketconnect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket...

CVE-2011-1938

Stack-based buffer overflow in the socketconnect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket...

CVE-2011-1938

Stack-based buffer overflow in the socketconnect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket...

kernel security and bug fix update

2.6.18-238.5.1.0.1.el5 - scsi fix scsi hotplug and rescan race orabug 10260172 - fix filpclose race Joe Jin orabug 10335998 - fix missing aiocomplete in endio Joel Becker orabug 10365195 - make xenkbd.abspointer=1 by default orabug 67188919 - xen check to see if hypervisor supports memory...

[SECURITY] [DSA 2153-1] linux-2.6 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2153-1 [email protected] http://www.debian.org/security/ dann frazier January 30, 2011 http://www.debian.org/security/faq -...

CVE-2010-2792

Race condition in the SPICE aka spice-xpi plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client aka qspice-client in qspice 0.3.0, and then accessing this...

Race condition

Race condition in the SPICE aka spice-xpi plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client aka qspice-client in qspice 0.3.0, and then accessing this...

CVE-2010-2792

CVE-2010-2792 is a race-condition vulnerability in the SPICE Firefox plug‑in (spice-xpi) and its qspice-client interaction. The plug‑in and client communicate over a UNIX socket; an attacker locally could abuse this to access authentication details and perform a man‑in‑the‑middle attack on the SP...

spice-xpi/qspice-client unix socket race

Race condition in the SPICE aka spice-xpi plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client aka qspice-client in qspice 0.3.0, and then accessing this...

spice-xpi/qspice-client unix socket race

Race condition in the SPICE aka spice-xpi plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client aka qspice-client in qspice 0.3.0, and then accessing this...

kernel security and bug fix update

2.4.21-63.0.0.0.1.EL - add directio support for qla drivers herb ora 6346849 - support PT Quad card ora 5751043 - io to nfs partition hangs ora 5088963 - add entropy for bnx2 nic ora 5931647 - avoid large allocation-fragmentation in MTU zab - fix clear highpage wli 2.4.21-63.EL - fs: fix pipe nul...

MySQL COM_TABLE_DUMP Information Leakage and Arbitrary Command Execution

No description provided by source. / April 21.st 2006 myexploit.c MySql COMTABLEDUMP Memory Leak & MySql remote B0f MySql = 5.0.20 MySql COMTABLEDUMP Memory Leak MySql = 4.x.x copyright 2006 Stefano Di Paola stefano.dipaolaatwisec.it GPL 2.0 Disclaimer: In no event shall the author be liable for...

Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : linux, linux-source-2.6.15/22 vulnerabilities (USN-679-1)

It was discovered that the Xen hypervisor block driver did not correctly validate requests. A user with root privileges in a guest OS could make a malicious IO request with a large number of blocks that would crash the host OS, leading to a denial of service. This only affected Ubuntu 7.10...

Ubuntu Update for linux, linux-source-2.6.15/22 vulnerabilities USN-679-1

Ubuntu Update for Linux kernel vulnerabilities USN-679-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6791.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for linux, linux-source-2.6.15/22 vulnerabilities USN-679-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks...

RedHat Security Advisory RHSA-2009:0053

The remote host is missing kernel updates announced in advisory RHSA-2009:0053. These updated packages address the following security issues: a flaw was found in the Asynchronous Transfer Mode ATM subsystem. A local, unprivileged user could use the flaw to listen on the same socket more than once...

Debian DSA-1687-1 : linux-2.6 - denial of service/privilege escalation

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-3527 Tavis Ormandy reported a local DoS and potential privilege escalation...

DSA-1687-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities

Bulletin has no description...

Debian DSA-1681-1 : linux-2.6.24 - denial of service/privilege escalation

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-3528 Eugene Teo reported a local DoS issue in the ext2 and ext3 filesystem...

DSA-1681-1 linux-2.6.24 - several vulnerabilities

Bulletin has no description...

Linux Kernel "sendmsg()" Garbage Collector拒绝服务漏洞

A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS Denial of Service. The vulnerability is caused due "sendmsg" not correctly blocking while the UNIX garbage collector is running. This can be exploited to e.g. cause soft lockups ...