Cross site scripting

Cross-site scripting XSS vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to archives/...

CVE-2014-100037

CVE-2014-100037 : Storytlr 1.3.dev and earlier is vulnerable to cross-site scripting (XSS) via PATH_INFO to archives/, allowing remote attackers to inject arbitrary web script or HTML. The connected records corroborate an XSS issue in Storytlr with the same vector. No remediation details (patch/v...

CVE-2014-100037

Cross-site scripting XSS vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to archives/...

OracleVM 3.3 : bind (OVMSA-2014-0084)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2014-8500 1171973 - Use /dev/urandom when generating rndc.key file 951255 - Remove bogus file from /usr/share/doc, introduced by fix for bug 1092035 - Add support for TLSA resource records...

Design/Logic Flaw

Password Generator aka Pwgen before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers...

CVE-2013-4442

Password Generator aka Pwgen before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers...

CVE-2013-4442

Pwgen (Password Generator) prior to version 2.07 was vulnerable because it used weak pseudo-random numbers when /dev/urandom was unavailable, allowing context-dependent attackers to potentially guess generated passwords. Public advisories and OSV/NVD records describe fixes in pwgen-2.07 and later...

Internet Bug Bounty: out of bounds read crashes php-cgi

I found and disclosed CVE-2014-9427 to the PHP dev team on 17 December 2014 https://bugs.php.net/bug.php?id=68618 and a patch was committed on 30 December 2014 http://git.php.net/?p=php-src.git;a=commit;h=f9ad3086693fce680fbe246e4a45aa92edd2ac35 and the flaw is now fixed. Details of the flaw:...

DEBIAN-CVE-2014-7843

The clearuser function in arch/arm64/lib/clearuser.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service system crash by reading one byte beyond a /dev/zero page boundary...

UBUNTU-CVE-2014-7843

The clearuser function in arch/arm64/lib/clearuser.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service system crash by reading one byte beyond a /dev/zero page boundary...

Ubuntu 14.10 : linux vulnerabilities (USN-2421-1)

A flaw was discovered in how the Linux kernel's KVM Kernel Virtual Machine subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service kill arbitrary processes, or system disruption by leveraging /dev/kvm access...

Ubuntu 12.04 LTS : linux vulnerabilities (USN-2417-1)

Nadav Amit reported that the KVM Kernel Virtual Machine mishandles noncanonical addresses when emulating instructions that change the rip Instruction Pointer. A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service system crash of the guest. CVE-2014-3647 A flaw...

PT-2014-8309 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.17.4 Description: The issue allows local users to cause a denial of service, resulting in a system crash, by reading one byte beyond a /dev/zero page boundary. This is due to a problem in the clear user...

CVE-2014-7878

The Application Lifecycle Service ALS in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers' installations, which allows remote attackers to execute arbitrary code by leveraging these keys fo...

CVE-2014-3690

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service system disruption by...

Design/Logic Flaw

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service system disruption by...

CVE-2014-3690

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service system disruption by...

CVE-2014-3690

CVE-2014-3690 affects arch/x86/kvm/vmx.c in the Linux kernel’s KVM subsystem on Intel, where the CR4 control register value may not be preserved across VM entries. The vendor-provided details in connected Nessus advisories describe a local attacker with access to /dev/kvm who can kill arbitrary p...

CVE-2014-3690

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service system disruption by...

PT-2019-4108 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.3 Description: The issue is related to an out-of-bounds access problem in the Linux kernel's KVM hypervisor, specifically in the Coalesced MMIO write operation. This operation uses an MMIO ring buffer 'struct k...