The vulnerability of the Pixman library allows a attacker to trigger a service failure (application termination) or execute arbitrary code.

The vulnerability of the createbits function in the Pixman-bits-image.c library is due to a numerical overflow condition. Exploiting this vulnerability could allow an attacker, operating remotely, to cause a service failure termination of the application or execute arbitrary code...

Python Steganography Tool: Matroschka

Python Steganography Tool Матрёшка mɐˈtrʲɵʂkə is a command-line steganography tool written in pure Python. You can use it to hide and encrypt images or text in the least significant bits of pixels in an image. Encryption The encryption uses HMAC-SHA256 to authenticate the hidden data. Therefore t...

GLSA-201606-12 : libssh and libssh2: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201606-12 libssh and libssh2: Multiple vulnerabilities libssh and libssh2 both have a bits/bytes confusion bug and generate an abnormaly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange...

Windows BITS 'Notification' Feature Used to Deliver Malware

Attackers have found a new way to exploit the Widows Background Intelligent Transfer Service BITS which is being used to infect and reinfect targeted PCs with malware even after the initial infection has been removed. According to security researchers at Dell SecureWorks, attackers are exploiting...

CVE-2015-8844

The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service TM Bad Thing exception and panic via a crafted application...

DEBIAN-CVE-2016-0787

The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...

Type confusion

libssh before 0.7.3 improperly truncates ephemeral secrets generated for the 1 diffie-hellman-group1 and 2 diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes...

UBUNTU-CVE-2016-0787

The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...

CVE-2016-3158

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOT...

CVE-2016-3158

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOT...

Design/Logic Flaw

The fpufxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits...

UBUNTU-CVE-2016-3158

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOT...

CVE-2016-3158

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOT...

CVE-2015-8553

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777...

Memory corruption

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777...

CVE-2015-8553

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777...

DEBIAN-CVE-2014-9766

Integer overflow in the createbits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via large height and stride values...

libssh2: man-in-the-middle

There is a bits/bytes confusion bug resulting in generation of a significantly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. There ar...

lib32-libssh2: man-in-the-middle

There is a bits/bytes confusion bug resulting in generation of a significantly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. There ar...

Mageia: Security Advisory (MGASA-2016-0082)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...