2575 matches found
CVE-2016-5242
The p2mteardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service NULL pointer dereference and host OS crash by creating concurrent domains and holding references to them, related to VMID exhaustion...
The vulnerability of the Junos operating system, which allows a hacker to increase their privileges
The vulnerability of the Junos operating system exists due to insufficient checks on the status of resources when they can be used concurrently. Exploiting this vulnerability allows a malicious actor to enhance their privileges using the URL parameter...
Scientific Linux Security Update : mariadb on SL7.x x86_64 (20160404)
Security Fixes : - It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a...
ISC DHCP Denial of Service Vulnerability (CNVD-2016-01603)
ISC DHCP is the United States ISC Internet Systems Consortium company's set of open source Dynamic Host Configuration Protocol server software. A security vulnerability exists in ISC DHCP that stems from the program's failure to limit the number of concurrent TCP sessions. A remote attacker could...
The vulnerability of Lexmark’s microprogramming software allows a hacker to bypass the authentication process.
The vulnerability of Lexmark’s microprogramming software exists due to insufficient checking of resource status when resources can be used concurrently. Exploiting this vulnerability allows a malicious actor to bypass authentication procedures by using incorrect detection of resource status...
Linux kernel contention condition denial of service vulnerability (CNVD-2016-01040)
The Linux kernel is an open source, free operating system kernel originally done by Linus Torvalds. A contention condition vulnerability exists in the 'ttyioctl' function in the drivers/tty/ttyio.c file in Linux kernel 4.4.1 and earlier versions. A local attacker can exploit this vulnerability to...
The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure or cause other effects.
The vulnerability of the Google Chrome browser exists due to insufficient checking of the status of resources when they can be used concurrently. Exploiting this vulnerability could allow a malicious actor to cause service failures or potentially other unspecified effects due to the use of an...
[SECURITY] Fedora 23 Update: subversion-1.9.3-1.fc23
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...
Oracle: Security Advisory (ELSA-2009-1243)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD TCP Reorganization Memory Consumption Vulnerability
FreeBSD is a BSD-based operating system. FreeBSD has a security vulnerability that allows remote attackers to establish multiple concurrent TCP connections through multiple VNETs, which can consume a large amount of the target system's available mbufs resources, rendering the network communicatio...
[SECURITY] Fedora 21 Update: subversion-1.8.13-7.fc21
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...
Mandriva Linux Security Advisory : postgresql (MDVSA-2015:110)
Updated postgresql packages fix multiple security vulnerabilities : Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a...
CentOS Update for mod_dav_svn CESA-2015:0166 centos7
Check the version of moddavsvn SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882116";...
openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1638-1)
This openjdk update fixes the following security and non security issues : - Upgrade to 2.4.8 bnc887530 - Changed back from gzipped tarball to xz - Changed the keyring file to add Andrew John Hughes that signed the icedtea package - Change ZERO to AARCH64 tarball - Removed patches : -...
CVE-2014-3174
modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service read of...
CVE-2014-3332
Cisco Unified Communications Manager (CM) 8.6(.2) and earlier contains an incorrect CLI restrictions setting that may allow an authenticated, remote attacker to establish undetected concurrent logins. The issue stems from improper sanitization of authenticated users, per Cisco’s advisory for CVE-...
CVE-2014-3332
Cisco Unified Communications Manager CM 8.6.2 and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029...
[SECURITY] Fedora 20 Update: speech-dispatcher-0.8-9.fc20
Common interface to different TTS engines Handling concurrent synthesis requests =E2=80=93 requests may come asynchronously from multiple sources within an application and/or from more different applications. Subsequent serialization, resolution of conflicts and priorities of incoming requests...
Oracle E-Business (July 2014 CPU)
The version of Oracle E-Business installed on the remote host is missing the July 2014 Critical Patch Update CPU. It is, therefore, affected by vulnerabilities in the following components : - Oracle Applications Technology Stack - Oracle Concurrent Processing - Oracle Applications Manager - Oracl...
HackerOne: No option to logout concurrent sessions
Description When I login to Hackerone using two different computers I can easily browse the session concurrently . This means that if an attacker somehow knows password of user by any means he can login using that info and the main user will not get notified. FIX If someone else login to a accoun...