Moderate: Red Hat Security Advisory: qemu-kvm security update

Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fr...

qemu: vnc: insufficient resource limiting in VNC websockets decoder

It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory...

Apache HTTP Server 2.4.x < 2.4.16 Multiple Vulnerabilities

Binary data 8970.prm...

IRCCloud: Inadequate input validation on API endpoint leading to self denial of service and increased system load.

Summary A security researcher discovered an API payload that would send invalid data to their own user process, which would repeatedly fail to be handled correctly. This error handling loop prevented further access to their user account. Details The payload was a JSON object containing an empty...

SUSE-SU-2015:1666-1 Security update for Cloud Compute 12

This collective update for the Cloud Compute 12 Module provides several fixes and enhancements. openstack-suse: - Do not copy upstream Python requirements to the package. bsc920573 openstack-nova: - Fix metadata not returning just instance private IP. bsc934523 - Enable tenant/user specific...

Moderate: Red Hat Security Advisory: httpd24-httpd security update

Updated httpd24-httpd packages that fix multiple security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

httpd: Possible mod_lua crash due to websocket bug

A denial of service flaw was found in the way the modlua httpd module processed certain WebSocket Ping requests. A remote attacker could send a specially crafted WebSocket Ping packet that would cause the httpd child process to crash...

Amazon Linux AMI : httpd24 (ALAS-2015-579)

It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. CVE-2015-3185...

Medium: httpd24

Issue Overview: It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied...

The vulnerability of the Apache HTTP Server web server allows attackers to trigger a service failure.

The vulnerability of the luawebsocketread function in the luarequest.c component of the Apache HTTP Server exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failure by sending a specially crafted WebSocket Ping reques...

Apache 2.4.x < 2.4.16 Multiple Vulnerabilities

According to its banner, the version of Apache 2.4.x installed on the remote host is prior to 2.4.16. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the luawebsocketread function in the 'modlua' module due to incorrect handling of WebSocket PING frames. A remote...

apache: multiple issues

CVE-2015-0228 denial of service: modlua: A maliciously crafted websockets PING after a script calls r:wsupgrade can cause a child process crash. - CVE-2015-0253 denial of service: Fix a crash with ErrorDocument 400 pointing to a local URL-path with the INCLUDES filter active, introduced in...

Multiple Vulnerabilities in Apple OS X Keychain/WebSocket/Sandbox ACLs

Apple Mac OS X is an operating system for Apple devices. Multiple vulnerabilities exist in the Apple OS X Keychain/WebSocket/Sandbox ACL. 1 A remote user can create an application that, when installed by the target user, can access the target application's keychain entries, delete the keychain...

Google Chrome < 42.0.2311.90 Multiple Vulnerabilities

Binary data 8778.pasl...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2015:0974-1)

Apache2 updated to fix four security issues and one non-security bug. The following vulnerabilities have been fixed : - modheaders rules could be bypassed via chunked requests. Adds 'MergeTrailers' directive to restore legacy behavior. bsc871310, CVE-2013-5704 - An empty value in Content-Type cou...

Wireshark Multiple Denial-of-Service Vulnerabilities-01 (Jun 2015) - Mac OS X

Wireshark is prone to multiple denial of service vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

FreeBSD : wireshark -- multiple vulnerabilities (a13500d0-0570-11e5-aab1-d050996490d0)

Wireshark development team reports : The following vulnerabilities have been fixed. - wnpa-sec-2015-12 The LBMR dissector could go into an infinite loop. Bug 11036 CVE-2015-3808, CVE-2015-3809 - wnpa-sec-2015-13 The WebSocket dissector could recurse excessively. Bug 10989 CVE-2015-3810 -...

CVE-2015-3810

epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service CPU consumption via a crafted packet...

CVE-2015-3810

epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service CPU consumption via a crafted packet...

DEBIAN-CVE-2015-3810

epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service CPU consumption via a crafted packet...