666 matches found
hw: cpu: speculative execution permission faults handling
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant...
RHEL 7 : kernel (RHSA-2018:0010)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0010 advisory. - hw: cpu: speculative execution bounds-check bypass CVE-2017-5753 - hw: cpu: speculative execution permission faults handling CVE-2017-5754...
hw: cpu: speculative execution permission faults handling
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant...
PT-2017-15604 · Libxls · Libxls
Name of the Vulnerable Software and Affected Versions: libxls versions 1.3.4 through 1.4.0 Description: An out-of-bounds write vulnerability exists in the xls mergedCells function of libxls, allowing a specially crafted XLS file to cause memory corruption, potentially resulting in remote code...
[SECURITY] [DLA 1045-1] graphicsmagick security update
Package : graphicsmagick Version : 1.3.16-1.1+deb7u8 CVE ID : CVE-2017-10799 CVE-2017-11102 CVE-2017-11140 CVE-2017-11403 CVE-2017-11636 CVE-2017-11637 CVE-2017-11638 CVE-2017-11641 CVE-2017-11642 CVE-2017-11643 Debian Bug : 867077 867746 870149 Multiple security vulnerabilities, NULL pointer...
Microsoft Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Graphics is one of the graphics driver components. An elevated privilege vulnerability exists in Graphics in Microsoft Windows, which stems from the Graphics component failing to properly handle objec...
libetpan -- null dereference vulnerability in MIME parsing component
rwhitworth reports: I was using American Fuzzy Lop afl-fuzz to fuzz input to the mime-parse test program. Is fixing these crashes something you're interested in? The input files can be found here: https://github.com/rwhitworth/libetpan-fuzz/. The files can be executed as ./mime-parse idfilename t...
FreeBSD : irssi -- use-after-free potential code execution (06f931c0-0be0-11e7-b4bf-5404a68ad561)
The irssi project reports : Use after free while producing list of netjoins CWE-416. This issue was found and reported to us by APic. This issue usually leads to segmentation faults. Targeted code execution should be difficult. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...
irssi -- use-after-free potential code execution
The irssi project reports: Use after free while producing list of netjoins CWE-416. This issue was found and reported to us by APic. This issue usually leads to segmentation faults. Targeted code execution should be difficult...
Debian DSA-3746-1 : graphicsmagick - security update (ImageTragick)
Several vulnerabilities have been discovered in GraphicsMagick, a collection of image processing tool, which can cause denial of service attacks, remote file deletion, and remote command execution. This security update removes the full support of PLT/Gnuplot decoder to prevent Gnuplot-shell based...
Debian Security Advisory DSA 3746-1 (graphicsmagick - security update)
Several vulnerabilities have been discovered in GraphicsMagick, a collection of image processing tool, which can cause denial of service attacks, remote file deletion, and remote command execution. This security update removes the full support of PLT/Gnuplot decoder to prevent Gnuplot-shell based...
Debian: Security Advisory (DSA-3746-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the Windows operating system, which allows a perpetrator to obtain confidential information
The vulnerability of the Windows operating system’s kernel is related to the improper handling of system call errors during page faults. Exploiting this vulnerability can allow an attacker, operating locally, to obtain confidential information through a specially created application...
Vulnerability of Adobe AIR software, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information
The vulnerability in Adobe AIR allows an attacker to execute arbitrary code or cause a service failure a memory-related error...
Vulnerability of Adobe AIR software, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information
The vulnerability in Adobe AIR allows an attacker to execute arbitrary code or cause a service failure a memory-related error...
The vulnerability of the Firefox browser, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability in the Mozilla Firefox browser engine allows malicious actors to trigger a service failure a memory error and an unexpected termination of the application or execute arbitrary code...
The vulnerability of the Mozilla SeaMonkey software package allows a malicious individual to execute arbitrary code, gain access to confidential information, or cause a service failure.
Mozilla SeaMonkey software contains a vulnerability related to errors in the implementation of the libxul.so!gfxContext::Polygon function. Exploiting this vulnerability allows malicious actors to gain access to confidential information from the dynamic memory of processes, trigger service failure...
ImageMagick DCM Parser Null Pointer Access Vulnerability
ImageMagick is the United States ImageMagick Studio company's set of open source image processing software. A security vulnerability exists in ImageMagick's DCM parser, which can be exploited by attackers to cause null pointer access and segmentation errors...
Unspecified vulnerability in ImageMagick DCM parser (CNVD-2016-04246)
ImageMagick is the United States ImageMagick Studio company's set of open source image processing software. A security vulnerability exists in ImageMagick's DCM parser, which can be exploited by attackers to cause null pointer access and segmentation errors...
Security update for the Linux Kernel (important)
The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-2847: Limit the per-user amount of pages allocated in pipes bsc970948. - CVE-2016-3136: mctu232: add sanity checking in probe bnc970955. - CVE-2016-2188: iowarrio...