4150 matches found
Linux Kernel 3.14-rc1 3.15-rc4 (x64) - Raw Mode PTY Echo Race Condition Privilege Escalation
Linux Kernel 3.14-rc1 3.15-rc4 x64 - Raw Mode PTY Echo Race Condition Privilege Escalation / CVE-2014-0196: Linux kernel = v3.14-rc1 Matthew Daley Usage: $ gcc cve-2014-0196-md.c -lutil -lpthread $ ./a.out + Resolving symbols + Resolved commitcreds: 0xffffffff81056694 + Resolved preparekernelcred...
kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk
A flaw was found in the way the Linux kernel processed an authenticated COOKIEECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on th...
Linux Kernel 3.15-rc4 PTY Race Condition Exploit
Linux Kernel versions above 3.14-rc1 and below 3.15-rc4 raw mode PTY local echo race condition privilege escalation proof of concept exploit. This bug also affects kernel 2.6.31-rc3 and newer. / CVE-2014-0196: Linux kernel = v3.14-rc1 Matthew Daley Usage: $ gcc cve-2014-0196-md.c -lutil -lpthread...
[SECURITY] Fedora 19 Update: mumble-1.2.5-1.fc19
Mumble provides low-latency, high-quality voice communication for gamers. It includes game linking, so voice from other players comes from the direction of their characters, and has echo cancellation so that the sound from your loudspeakers won't be audible to other players...
[SECURITY] Fedora 20 Update: mumble-1.2.5-1.fc20
Mumble provides low-latency, high-quality voice communication for gamers. It includes game linking, so voice from other players comes from the direction of their characters, and has echo cancellation so that the sound from your loudspeakers won't be audible to other players...
kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk
A flaw was found in the way the Linux kernel processed an authenticated COOKIEECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on th...
kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk
A flaw was found in the way the Linux kernel processed an authenticated COOKIEECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on th...
Huawei Echo Life HG8247 HTML注入漏洞
Bugtraq ID:66594 CVE ID:CVE-2014-0337 Huawei Echo Life HG8247是一款光纤路由器。 Huawei Echo Life HG8247 optical router V1R006C00S120版本才能在一个存储型跨站脚本漏洞,允许攻击者通过提交恶意username,在"failed log-in attempts over telnet"日志中创建恶意条目,当恶意条目被查看时可获取敏感信息或劫持用户会话。 0 Huawei Echo Life HG8247 Huawei Echo Life HG8247 HG8247...
CVE-2014-0337
Cross-site scripting XSS vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML via an invalid TELNET connection attempt with a crafted username that is not properly handled during...
Cross site scripting
Cross-site scripting XSS vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML via an invalid TELNET connection attempt with a crafted username that is not properly handled during...
CVE-2014-0337
Huawei Echo Life HG8247 optical routers are affected by a stored cross-site scripting (XSS) vulnerability in the web interface. The issue occurs when a crafted username is submitted during a Telnet login attempt, creating malicious entries in the "failed log-in attempts over telnet" log view that...
CVE-2014-0337
Cross-site scripting XSS vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML via an invalid TELNET connection attempt with a crafted username that is not properly handled during...
Linux Kernel "inet_frag_intern()"竞争条件漏洞
CVE ID:CVE-2014-0100 Linux Kernel是一款开源的操作系统。 Linux Kernel在"inetfragintern"函数net/ipv4/inetfragment.c的实现上存在竞争条件漏洞,攻击者通过特制的ICMP Echo请求,利用此漏洞可造成间接引用已经释放的内存。 0 Linux kernel 3.13.x Linux kernel 3.12.x Linux kernel 3.10.x 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: http://www.kernel.org/...
Huawei Echo Life HG8247 optical router XSS vulnerability
Overview Huawei Echo Life HG8247 optical router contains a stored cross-site scripting XSS vulnerability Description It has been reported that Huawei Echo Life HG8247 optical routers running software version V1R006C00S120 or earlier contain a stored cross-site scripting XSS vulnerability. An...
kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk
A flaw was found in the way the Linux kernel processed an authenticated COOKIEECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on th...
DEBIAN-CVE-2014-0101
The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an sctpsfauthenticate call, which allows remote attackers to cause a denial of service NULL pointer dereference and system crash via an...
CVE-2014-0100
Race condition in the inetfragintern function in net/ipv4/inetfragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service use-after-free error or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system wi...
DEBIAN-CVE-2014-0100
Race condition in the inetfragintern function in net/ipv4/inetfragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service use-after-free error or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system wi...
Race condition
Race condition in the inetfragintern function in net/ipv4/inetfragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service use-after-free error or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system wi...
CVE-2014-0100
Race condition in the inetfragintern function in net/ipv4/inetfragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service use-after-free error or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system wi...