qemu-dm buffer overrun in MSI-X handling

ISSUE DESCRIPTION "qemu-xen-traditional" aka qemu-dm tracks state for each MSI-X table entry of a passed through device. This is used/updated on intercepted accesses to the pages containing the MSI-X table. There may be space on the final page not covered by any MSI-X table entry, but memory for...

Integer overflow in MP4 playback in 64-bit versions — Mozilla

Security researcher Ronald Crane reported a vulnerability found through code inspection. This issue is an integer overflow while processing an MP4 format video file when an a erroneously-small buffer is allocated and then overrun, resulting in a potentially exploitable crash...

Schneider Electric ProClima F1BookView ActiveX Control Attach Method Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Schneider Electric ProClima F1BookView ActiveX Control SetValidationRule Method Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Schneider Electric ProClima F1BookView ActiveX Control ODBCPrepareEx Method Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Oracle Linux 7 : grep (ELSA-2015-2111)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2015-2111 advisory. - Fixed buffer overrun for grep -F Resolves: CVE-2015-1345 Tenable has extracted the preceding description block directly from the Oracle Linux security advisor...

grep security and bug fix update

2.20-2 - Fixed invalid UTF-8 byte sequence error in PCRE mode by pcre-backported-fixes patch Resolves: rhbz1217080 - Fixed buffer overrun for grep -F Resolves: CVE-2015-1345 - Fixed \w and \W behaviour in multibyte locales Resolves: rhbz1159012 - Documented --fixed-regexp option Resolves:...

The vulnerability of the microprogramming software of Schneider Electric’s Modicon M340 programmable logic controller allows a remote intruder to trigger a service failure.

The vulnerability of the embedded software of Schneider Electric’s programmable logic controller Modicon M340 arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to cause malfunctions by sending specially crafted FTP or...

SUSE: Security Advisory for krb5 (SUSE-SU-2014:1028-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle: Security Advisory (ELSA-2009-1159)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 201502-14

Gentoo Linux Local Security Checks GLSA 201502-14 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Oracle Linux 6 : grep (ELSA-2015-1447)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2015-1447 advisory. - Fixed buffer overrun for grep -F Resolves: CVE-2015-1345 Tenable has extracted the preceding description block directly from the Oracle Linux securit...

grep security, bug fix, and enhancement update

2.20-3 - Updated pcre buildrequires to require pcre-devel = 7.8-7 Related: rhbz1193030 2.20-2 - Fixed invalid UTF-8 byte sequence error in PCRE mode by pcre-backported-fixes patch Resolves: rhbz1193030 - Fixed buffer overrun for grep -F Resolves: CVE-2015-1345 - Fixed bogus date in the changelog...

xl command line config handling stack overflow

ISSUE DESCRIPTION The xl command line utility mishandles long configuration values when passed as command line arguments, with a buffer overrun. VULNERABLE SYSTEMS Systems built on top of xl which pass laundered or checked but otherwise untrusted configuration values onto xl's command line, witho...

xen-tools -- xl command line config handling stack overflow

The Xen Project reports: The xl command line utility mishandles long configuration values when passed as command line arguments, with a buffer overrun. A semi-trusted guest administrator or controller, who is intended to be able to partially control the configuration settings for a domain, can...

FreeBSD : chicken -- buffer overrun in substring-index[-ci] (e7b7f2b5-177a-11e5-ad33-f8d111029e6a)

chicken developer Moritz Heidkamp reports : The substring-index-ci procedures of the data-structures unit are vulnerable to a buffer overrun attack when passed an integer greater than zero as the optional START argument. As a work-around you can switch to SRFI 13's string-contains procedure which...

FreeBSD : chicken -- Potential buffer overrun in string-translate* (0da404ad-1891-11e5-a1cf-002590263bf5)

chicken developer Peter Bex reports : Using gcc's Address Sanitizer, it was discovered that the string-translate procedure from the data-structures unit can scan beyond the input string's length up to the length of the source strings in the map that's passed to string-translate. This issue was...

chicken -- Potential buffer overrun in string-translate*

chicken developer Peter Bex reports: Using gcc's Address Sanitizer, it was discovered that the string-translate procedure from the data-structures unit can scan beyond the input string's length up to the length of the source strings in the map that's passed to string-translate. This issue was fix...

Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI

A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a...

SUSE SLES11 Security Update : glibc (SUSE-SU-2014:1122-1)

This glibc update fixes a critical privilege escalation vulnerability and the following security and non-security issues : - bnc892073: An off-by-one error leading to a heap-based buffer overflow was found in gconvtranslitfind. An exploit that targets the problem is publicly available...