391 matches found
CVE-2013-7263
The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2 recvmmsg, or 3 recvmsg system call, related to net/ipv4/ping.c,...
MGASA-2013-0372 Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update provides an update to the 3.10 longterm branch, currently 3.10.24 and fixes the following security issues: The ipv6createtempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.10 does not properly handle problems with the generation of IPv6 temporary...
CVE-2013-1739
Mozilla Network Security Services NSS before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure...
Design/Logic Flaw
Mozilla Network Security Services NSS before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure...
Juniper Steel-Belted Radius Multiple OpenSSL Vulnerabilities
The version of Juniper Steel-Belted Radius software installed on the remote RedHat or CentOS host is affected by multiple OpenSSL vulnerabilities : - The SSL 3.0 implementation in OpenSSL does not properly initialize data structures for block cipher padding, which could allow remote attackers to...
Code injection
The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network...
Design/Logic Flaw
The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the 1 msgctl API or 2 segctl API...
CVE-2013-5142
The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the 1 msgctl API or 2 segctl API...
Oracle Linux 5 : apr / and / apr-util (ELSA-2009-1204)
The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2009-1204 advisory. - add security fix for CVE-2009-2412 515709 apr-util: Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. No...
Mozilla Thunderbird ESR Multiple Vulnerabilities -01 May13 (Mac OS X)
This host is installed with Mozilla Thunderbird ESR and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillathunderbirdesrmultvuln01may13macosx.nasl 6079 2017-05-08 09:03:33Z teissa $ Mozilla Thunderbird ESR Multiple Vulnerabilities -01 May13 Mac OS X Authors: Arun...
Design/Logic Flaw
Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain...
CVE-2013-1675
Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain...
Design/Logic Flaw
epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of 1 PPP and 2 LCP data, which allows remote attackers to cause a denial of service assertion failure and application exit via a malformed packet...
CentOS Update for apr CESA-2011:0844 centos4 x86_64
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : tiff vulnerabilities (USN-1416-1)
Alexander Gavrun discovered that the TIFF library incorrectly allocated space for a tile. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of...
[SECURITY] Fedora 15 Update: apr-1.4.6-1.fc15
The mission of the Apache Portable Runtime APR is to provide a free library of C data structures and routines, forming a system portability layer to as many operating systems as possible, including Unices, MS Win32, BeOS and OS/2...
[SECURITY] Fedora 16 Update: apr-1.4.6-1.fc16
The mission of the Apache Portable Runtime APR is to provide a free library of C data structures and routines, forming a system portability layer to as many operating systems as possible, including Unices, MS Win32, BeOS and OS/2...
DSA-2406-1 icedove - several
Bulletin has no description...
PT-2012-1579 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.39.3 Description: The issue allows local users to obtain potentially sensitive information via a crafted application due to improper restriction of user-space access to certain packet data structures...
CVE-2010-4655
net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAPNETADMIN capability for an ethtool ioctl call...