kernel: bfa driver sysfs crash

drivers/scsi/bfa/bfacore.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service system crash via read operations on an fchost statistics file...

RealNetworks RealPlayer Media Properties Header Parsing Remote Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing a RealMed...

kernel: sctp: do not reset the packet during sctp_packet_config

The sctppacketconfig function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializations of packet data structures, which allows remote attackers to cause a denial of service panic via a certain sequence of SCTP traffic...

Apple Quicktime rec Chunk Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code...

kernel security update

CentOS Errata and Security Advisory CESA-2010:0779 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring...

RedHat Update for kernel RHSA-2010:0779-01

Check for the Version of kernel OpenVAS Vulnerability Test RedHat Update for kernel RHSA-2010:0779-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Microsoft Excel - Malformed FEATHEADER Record (MS09-067) (Metasploit)

$Id: ms09067excelfeatheader.rb 10477 2010-09-25 11:59:02Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

RealNetworks RealPlayer Malformed IVR Object Index Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing a RealMed...

CVE-2010-0309

The pitioportread function in the Programmable Interval Timer PIT emulation in i8254.c in KVM 83 does not properly use the pitstate data structure, which allows guest OS users to cause a denial of service host OS crash or hang by attempting to read the /dev/port file...

Privilege escalation

The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly...

CVE-2010-0232

The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly...

CVE-2009-0945

Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute...

CVE-2009-0227

Stack-based buffer overflow in the PowerPoint 4.2 conversion filter PP4X32.DLL in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format,...

Null pointer dereference

The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service NULL pointer...

FreeBSD Security Advisory (FreeBSD-SA-08:04.ipsec.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-08:04.ipsec.asc ADV FreeBSD-SA-08:04.ipsec.asc OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft...

Microsoft SQL Server磁盘数据结构整数溢出漏洞（MS08-040）

BUGTRAQ ID: 30119 CVECAN ID: CVE-2008-0107 Microsoft SQL Server是一款流行的SQL数据库系统。 SQL Server负责解析存储备份数据的代码存在漏洞，该段代码从文件获得了代表记录大小的32位整数值用于计算所要读取到堆缓冲区的字节数。这个计算可能下溢，导致分配不充分的内存，之后的操作会触发溢出。 如果要利用这个漏洞，攻击者必须能够诱骗服务器加载特制的备份文件，可通过提交到远程文件的路径或使用SMB/WebDAV来实现。 Microsoft SQL Server 7.0 SP4 Microsoft SQL Server 2005...

[SECURITY] Fedora 8 Update: glib2-2.14.6-2.fc8

GLib is the low-level core library that forms the basis for projects such as GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system. This package provides versi...

CVE-2008-2826

Integer overflow in the sctpgetsockoptlocaladdrsold function in net/sctp/socket.c in the Stream Control Transmission Protocol sctp functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service resource consumption and system outage via vectors involving a large...

Microsoft Windows WINS service local elevation of privilege vulnerability-vulnerability warning-the black bar safety net

Source: IT Lab Microsoft Windows is Microsoft released the very popularoperating system. In Windows, the WINS service does not adequately validate specially crafted WINS network packets within the data structure, may allow a local attacker to use elevated permissions to run the code. Release date...

CVE-2008-2363

The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted .nzb file that triggers a heap-based buffer overflow...