Citrix XenServer QEMU ioport Array Overflow Guest-to-Host Privilege Escalation (CTX219136)

The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by a privilege escalation vulnerability in the QEMU ioport component due to an array overflow that is triggered during the handling of addresses in ioport read and write look-ups. A...

qemu ioport array overflow

ISSUE DESCRIPTION The code in qemu which implements ioport read/write looks up the specified ioport address in a dispatch table. The argument to the dispatch function is a uint32t, and is used without a range check, even though the table has entries for only 2^16 ioports. When qemu is used as a...

CVE-2016-9637 - Citrix XenServer Security Update

Description of Problem A security vulnerability has been identified in Citrix XenServer that may allow malicious privileged-mode code running within an HVM guest VM to compromise the host. This vulnerability affects all currently supported versions of Citrix XenServer up to and including Citrix...

CVE-2016-4333

The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the...

CVE-2016-2061

Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service array overflow and memory corruption via a crafted...

CVE-2016-2061

Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service array overflow and memory corruption via a crafted...

Updated xerces-j2 packages fix security vulnerability

A possible denial of service issue from overflowing an array has been fixed in the xerces-j2 package...

MGASA-2016-0205 Updated xerces-j2 packages fix security vulnerability

A possible denial of service issue from overflowing an array has been fixed in the xerces-j2 package...

SUSE SLES11 Security Update : glibc (SUSE-SU-2013:1251-1)

This collective update for the GNU C library glibc provides the following fixes and enhancements : Security issues fixed : - Fix stack overflow in getaddrinfo with many results. bnc813121, CVE-2013-1914 - Fix a different stack overflow in getaddrinfo with many results. bnc828637 - Fix array...

Adobe U3D CLODProgressiveMeshDeclaration Array Overrun

No description provided by source. $Id: adobeu3dmeshcont.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

NCSS <= 07.1.21 Array Overflow with Write2

No description provided by source. Luigi Auriemma Application: NCSS aka NCSS 2007 http://www.ncss.com/ncss.html Versions: = 07.1.21 Platforms: Windows Bug: array overflow with write2 Exploitation: file Date: 28 Sep 2011 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1...

Microsoft Reader <= 2.1.1.3143 Array Overflow

No description provided by source. Source: http://aluigi.org/adv/msreader4-adv.txt Luigi Auriemma Application: Microsoft Reader http://www.microsoft.com/reader Versions: = 2.1.1.3143 PC version = 2.6.1.7169 Origami version the non-PC versions have not been tested Platforms: Windows, Windows Mobil...

genstat <= 14.1.0.5943 - Multiple Vulnerabilities

No description provided by source. Luigi Auriemma Application: GenStat http://www.vsni.co.uk/software/genstat/ Versions: = 14.1.0.5943 Platforms: Windows Bugs: A array overflow with write2 B heap overflow Exploitation: file Date: 01 Oct 2011 Author: Luigi Auriemma e-mail: [email protected] web...

openSUSE Security Update : mupdf (openSUSE-SU-2014:0309-1)

mupdf received a security updated to fix a stack based array overflow in xpsparsecolor bnc863975, CVE-2014-2013 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2014-172. The text...

ClamAV multiple security vulnerabilities

Buffer overflow on UPX decompression, array overflow on PDF parsing...

PostgreSQL information leakage

Array index overflow...

CVE-2012-2800

CVE-2012-2800 affects FFmpeg up to 0.11 and Libav up to 0.7.x/0.8.x. The root cause is in indeo5/indeo5dec tile handling where tile size mismatches parameters can cause writes into a too-small array, exposing potential memory corruption. The cited advisories note fixing this in later FFmpeg/Libav...

CVE-2012-2864

Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow."...

DEBIAN-CVE-2012-2864

Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow."...

CVE-2012-2864

Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow."...