FreeBSD : hostapd and wpa_supplicant -- multiple vulnerabilities (976567f6-05c5-11e6-94fa-002590263bf5)

Jouni Malinen reports : wpasupplicant unauthorized WNM Sleep Mode GTK control. 2015-6 - CVE-2015-5310 EAP-pwd missing last fragment length validation. 2015-7 - CVE-2015-5315 EAP-pwd peer error path failure on unexpected Confirm message. 2015-8 - CVE-2015-5316 %NASLMINLEVEL 70300 C Tenable Network...

kernel: Possible use-after-free vulnerability in keyring facility

A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the joinsessionkeyring function. A local, unprivileged user could use this flaw to escalate their privileges on the system...

hostapd and wpa_supplicant -- multiple vulnerabilities

Jouni Malinen reports: wpasupplicant unauthorized WNM Sleep Mode GTK control. 2015-6 - CVE-2015-5310 EAP-pwd missing last fragment length validation. 2015-7 - CVE-2015-5315 EAP-pwd peer error path failure on unexpected Confirm message. 2015-8 - CVE-2015-5316...

Oracle: Security Advisory (ELSA-2015-0674)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3014)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-3014 advisory. - kvm: fix excessive pages un-pinning in kvmiommumap error path. Quentin Casasnovas Orabug: 20687314 CVE-2014-3601 CVE-2014-8369 CVE-2014-3601 -...

Mail.ru: [connect.mail.ru] Memory Disclosure / IE XSS

Memory Disclosure ---- При обращении к сценариям https://connect.mail.ru/sharefriends https://connect.mail.ru/sharecount https://connect.mail.ru/sharebutton следующим образом: GET /xxx/%2e%2e/sharefriends HTTP/1.1 Host: connect.mail.ru выводится ошибка о некорректном пути invalid request path:...

Qemu: qcow2: NULL dereference in qcow2_open() error path

The qcow2open function in the block/qcow2.c in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service NULL pointer dereference via a crafted image which causes an error, related to the initialization of the snapshotoffset and nbsnapshots fields...

Qemu: qcow2: NULL dereference in qcow2_open() error path

The qcow2open function in the block/qcow2.c in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service NULL pointer dereference via a crafted image which causes an error, related to the initialization of the snapshotoffset and nbsnapshots fields...

DEBIAN-CVE-2012-4561

The 1 publickeymakedss, 2 publickeymakersa, 3 signaturefromstring, 4 sshdosign, and 5 sshsignsessionid functions in keys.c in libssh before 0.5.3 free "an invalid pointer on an error path," which might allow remote attackers to cause a denial of service crash via unspecified vectors...

DEBIAN-CVE-2012-6030

The dotmemop function in the Transcendent Memory TMEM in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service host crash and possibly have other unspecified impacts via unspecified vectors related to "broken locking checks" in an "error path." NOTE: this issue was...

CVE-2012-6030

The dotmemop function in the Transcendent Memory TMEM in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service host crash and possibly have other unspecified impacts via unspecified vectors related to "broken locking checks" in an "error path." NOTE: this issue was...

DEBIAN-CVE-2012-6031

The dotmemget function in the Transcendent Memory TMEM in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service CPU hang and host crash via unspecified vectors related to a spinlock being held in the "badcopy error path." NOTE: this issue was originally published as part o...

Design/Logic Flaw

The dotmemop function in the Transcendent Memory TMEM in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service host crash and possibly have other unspecified impacts via unspecified vectors related to "broken locking checks" in an "error path." NOTE: this issue was...

CVE-2012-6031

The dotmemget function in the Transcendent Memory TMEM in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service CPU hang and host crash via unspecified vectors related to a spinlock being held in the "badcopy error path." NOTE: this issue was originally published as part o...

ClamAV < 0.97 Multiple Vulnerabilities

According to its version, the clamd antivirus daemon on the remote host is earlier than 0.97. Such versions reportedly are affected by multiple vulnerabilities : - As-yet unspecified double-free issues involving an error path exist in 'libclamav/vbaextract.c' and 'shared/cdiff.c'. Bug 2486 and...

ClamAV < 0.94 Multiple Vulnerabilities

According to its version, the clamd antivirus daemon on the remote host is earlier than 0.94. Such versions are affected by one or more of the following issues : - A segmentation fault can occur when processing corrupted LZH files. Bug 1052 - Invalid memory access errors in 'libclamav/chmunpack.c...

DEBIAN-CVE-2008-3914

Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in 1 libclamav/others.c and 2 libclamav/sis.c...

CVE-2008-3914

Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in 1 libclamav/others.c and 2 libclamav/sis.c...

kernel security and bug fix update

2.6.18-92.1.10.0.1.el5 - NET Add entropy support to e1000 and bnx2 John Sobecki orabug 6045759 - splice Fix bad unlockpage in error case Jens Axboe orabug 6263574 - dio fix error-path crashes Linus Torvalds orabug 6242289 - NET fix netpoll race Tina Yang orabugz 5791 2.6.18-92.1.10.el5 - ia64...

kernel security and bug fix update

2.6.18-92.1.6.0.2.el5 - NET Add entropy support to e1000 and bnx2 John Sobecki orabug 6045759 - splice Fix bad unlockpage in error case Jens Axboe orabug 6263574 - dio fix error-path crashes Linus Torvalds orabug 6242289 - NET fix netpoll race Tina Yang orabugz 5791 2.6.18-92.1.6.el5 - x86 sanity...