EUVD-2014-7694

Malware in sbrugna...

SUSE CVE-2008-2927

Multiple integer overflows in the msnslplinkprocessmsg functions in the MSN protocol handler in 1 libpurple/protocols/msn/slplink.c and 2 libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message wi...

SUSE CVE-2014-8135

The storageVolUpload function in storage/storagedriver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service NULL pointer dereference and daemon crash via a crafted offset value in a "virsh vol-upload" command...

SUSE CVE-2016-4998

The IPTSOSETREPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service out-of-bounds read or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted...

AZL-44814 CVE-2020-27823 affecting package openjpeg2 for versions less than 2.3.1-12

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

ALPINE-CVE-2016-9104

Multiple integer overflows in the 1 v9fsxattrread and 2 v9fsxattrwrite functions in hw/9pfs/9p.c in QEMU aka Quick Emulator allow local guest OS administrators to cause a denial of service QEMU process crash via a crafted offset, which triggers an out-of-bounds access...

UBUNTU-CVE-2016-9104

Multiple integer overflows in the 1 v9fsxattrread and 2 v9fsxattrwrite functions in hw/9pfs/9p.c in QEMU aka Quick Emulator allow local guest OS administrators to cause a denial of service QEMU process crash via a crafted offset, which triggers an out-of-bounds access...

CVE-2014-9779

arch/arm/mach-msm/qdsp6v2/msmaudioion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to obtain sensitive information from kernel memory via a crafted offset, aka Android internal bug 28598347 and Qualcomm internal bug CR548679...

CVE-2016-4997

The compat IPTSOSETREPLACE and IP6TSOSETREPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service memory corruption by leveraging in-container root access to provide a crafted offset value that...

CVE-2016-4998

The IPTSOSETREPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service out-of-bounds read or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted...

CVE-2016-4997

The compat IPTSOSETREPLACE and IP6TSOSETREPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service memory corruption by leveraging in-container root access to provide a crafted offset value that...

CVE-2015-3237

The smbrequeststate function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service out-of-bounds read and crash via crafted length and offset values...

Out-of-bounds

The osiprintcksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service out-of-bounds read and crash via a crafted 1 length, 2 offset, or 3 base pointer checksum value...

DEBIAN-CVE-2014-8135

The storageVolUpload function in storage/storagedriver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service NULL pointer dereference and daemon crash via a crafted offset value in a "virsh vol-upload" command...

UBUNTU-CVE-2014-7840

The hostfromstreamoffset function in archinit.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted 1 offset or 2 length value in savevm data...

Double free

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service infinite recursion, CPU consumption, and crash via a crafted indirect offset value in the magic of a file...

CVE-2012-0247

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image...

CVE-2012-0247

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image...

CVE-2012-1185

Multiple integer overflows in 1 magick/profile.c or 2 magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE:...

Mandriva Linux Security Advisory : pidgin (MDVSA-2009:147)

Security vulnerabilities has been identified and fixed in pidgin : Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin formerly Gaim before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these detail...