DEBIAN-CVE-2016-1568

Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service instance crash or possibly execute arbitrary code via an invalid AHCI Native Command Queuing NCQ AIO command...

[SECURITY] Fedora 24 Update: nodejs-sqlite3-3.1.2-3.fc24

Asynchronous, non-blocking SQLite3 bindings for Node.js...

RedHat Update for glibc RHSA-2016:0175-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SEE - Sandboxed Execution Environment

Sandboxed Execution Environment SEE is a framework for building test automation in secured Environments. The Sandboxes, provided via libvirt, are customizable allowing high degree of flexibility. Different type of Hypervisors Qemu, VirtualBox, LXC can be employed to run the Test Environments...

Qemu: ide: ahci use-after-free vulnerability in aio port commands

A use-after-free flaw was found in the way QEMU's IDE AHCI emulator processed certain AHCI Native Command Queuing NCQ AIO commands. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU proces...

Qemu: ide: ahci use-after-free vulnerability in aio port commands

A use-after-free flaw was found in the way QEMU's IDE AHCI emulator processed certain AHCI Native Command Queuing NCQ AIO commands. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU proces...

Wireshark NLM Parser Double Release Vulnerability

Wireshark is the most popular network protocol parser. A double-release vulnerability exists in epan/dissectors/packet-nlm.c in the Wireshark NLM parser, which can be exploited by a remote attacker to cause a denial of service application crash via a constructed packet with the "Match MSG/RES...

DEBIAN-CVE-2015-8718

Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the "Match MSG/RES packets for async NLM" option is enabled, allows remote attackers to cause a denial of service application crash via a crafted packet...

Sandboxed Execution Environment: SEE

Sandboxed Execution Environment SEE is a framework for building test automation in secured Environments. The Sandboxes, provided via libvirt, are customizable allowing high degree of flexibility. Different type of Hypervisors Qemu, VirtualBox, LXC can be employed to run the Test Environments...

[SECURITY] Fedora 23 Update: libtevent-0.9.26-1.fc23

Tevent is an event system based on the talloc memory management library. Tevent has support for many event types, including timers, signals, and the classic file descriptor events. Tevent also provide helpers to deal with asynchronous code providing the teventreq Tevent Request functions...

openSUSE Security Update : MozillaFirefox (openSUSE-2015-565)

MozillaFirefox was updated to version 40.0.3 to fix two security issues and several bugs. Changes in MozillaFirefox : - update to Firefox 40.0.3 bnc943550 - Disable the asynchronous plugin initialization bmo1198590 - Fix a segmentation fault in the GStreamer support bmo1145230 - Fix a regression...

[SECURITY] Fedora 21 Update: uwsgi-2.0.11.1-1.fc21

uWSGI is a fast pure C, self-healing, developer/sysadmin-friendly application container server. Born as a WSGI-only server, over time it has evolved in a complete stack for networked/clustered web applications, implementing message/object passing, caching, RPC and process management. It uses the...

async-http-client: SSL/TLS certificate verification is disabled under certain conditions

It was found that async-http-client would disable SSL/TLS certificate verification under certain conditions, for example if HTTPS communication also used client certificates. A man-in-the-middle MITM attacker could use this flaw to spoof a valid certificate...

async-http-client: missing hostname verification for SSL certificates

It was found that async-http-client did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any...

Incident Response Malware Analysis: IRMA

Incident Response Malware Analysis: IRMA is an asynchronous and customizable analysis platform for suspicious files! IRMA intends to be an open-source platform designed to help identifying and analyzing malicious files. However, today’s defense is not only about learning about a file, but it is...

async-http-client certificate validation vulnerability

async-http-client is a client library that allows Java applications to perform HTTP requests and asynchronously process that HTTP response. async-http-client fails to properly disable SSL/TLS certificate validation, allowing an attacker to exploit the vulnerability to conduct a man-in-the-middle...

[SECURITY] Fedora 20 Update: async-http-client-1.7.22-2.fc20

Async Http Client library purpose is to allow Java applications to easily execute HTTP requests and asynchronously process the HTTP responses. The Async HTTP Client library is simple to use...

Web Application Security Scanner Framework: Arachni

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications. It is free, with its source code public and available for review. It is multi-platform, supporting all major operating...

Taming the wild copy: Parallel Thread Corruption

Posted by Chris Evans, Winner of the occasional race Back in 2002, a very interesting vulnerability was found and fixed in the Apache web server. Relating to a bug in chunked encoding handing, the vulnerability caused a memcpy call with a negative length with the destination on the stack. Of...

Linux kernel denial of service vulnerability (CNVD-2015-01817)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A security vulnerability exists in the file system implementation of Linux kernel 3.12.17 and prior versions, which originates from a program that uses an improper locking...