Apple QuickTime ID3 Tag Heap Buffer Overflow Remote Code Execution Vulnerability

QuickTime is a multimedia architecture developed by Apple Computer that can handle many types of digital video, media clips, sound effects, text, animation, music formats, and interactive panoramic images. Apple QuickTime has a security vulnerability in the ID3 version tag parsing of MP3 files. T...

FreeBSD : qemu -- denial of service vulnerability in virtio-net support (42cbd1e8-b152-11e5-9728-002590263bf5)

Prasad J Pandit, Red Hat Product Security Team, reports : Qemu emulator built with the Virtual Network Devicevirtio-net support is vulnerable to a DoS issue. It could occur while receiving large packets over the tuntap/macvtap interfaces and when guest's virtio-net driver did not support...

Mozilla Firefox Denial of Service Vulnerability (CNVD-2015-08320)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in the HTTP/2 implementation of Mozilla Firefox 43.0 and earlier. A remote attacker can exploit this vulnerability to cause a denial of service integer overflow,...

DEBIAN-CVE-2015-7295

hw/virtio/virtio.c in the Virtual Network Device virtio-net support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service guest network consumption via a flood of jumbo frames on the 1 tuntap or 2 macvtap interface...

CVE-2015-7295

hw/virtio/virtio.c in the Virtual Network Device virtio-net support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service guest network consumption via a flood of jumbo frames on the 1 tuntap or 2 macvtap interface...

Design/Logic Flaw

hw/virtio/virtio.c in the Virtual Network Device virtio-net support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service guest network consumption via a flood of jumbo frames on the 1 tuntap or 2 macvtap interface...

UBUNTU-CVE-2015-7295

hw/virtio/virtio.c in the Virtual Network Device virtio-net support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service guest network consumption via a flood of jumbo frames on the 1 tuntap or 2 macvtap interface...

CVE-2015-7295

hw/virtio/virtio.c in the Virtual Network Device virtio-net support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service guest network consumption via a flood of jumbo frames on the 1 tuntap or 2 macvtap interface...

CVE-2009-2844

cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service crash via a sequence of beacon frames in which one frame omits an SSID Information Element IE and the subsequent frame contains an SSID IE, whic...

Siemens RUGGEDCOM ROS Information Disclosure Vulnerability

Siemens RuggedCom ROS and ROX-based devices are used for device connectivity in harsh environments, e.g. substations, traffic management chassis etc. An information disclosure vulnerability exists in Siemens RUGGEDCOM ROS versions prior to 4.2.1. Because the program fails to pad Ethernet frames...

qemu: vnc: insufficient resource limiting in VNC websockets decoder

It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory...

Updated qemu packages fixes security vulnerabilities

Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service QEMU process crash. CVE-2015-5278 Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw in the NE2000 NIC emulation....

Cisco Wireless LAN Controller 802.11i Management Frame Handling Denial of Service Vulnerability

Cisco Wireless LAN Controller is a wireless LAN controller product. Cisco Wireless LAN Controller fails to properly discard malformed values in 802.11i management frames from wireless clients, allowing remote attackers to exploit the vulnerability by submitting a special request to crash the devi...

CVE-2015-3876

libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a 1 MP3 or 2 MP4 file...

kernel security, bug fix, and enhancement update

2.6.32-573 - security selinux: dont waste ebitmap space when importing NetLabel categories Paul Moore 1130197 - x86 Revert Add driver auto probing for x86 features v4 Prarit Bhargava 1231280 - net bridge: netfilter: dont call iptables on vlan packets if sysctl is off Florian Westphal 1236551 - ne...

CVE-2015-1284

The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service invalid count value and use-after-free or possibly...

The vulnerability of the Cisco IOS operating system, which allows a intruder to trigger a service failure

The vulnerability of the Cisco IOS operating system is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending IEEE 802.3x control frames remotely...

Cisco ASR 9000 IOS XR Resource Management Error Vulnerability

Cisco IOS XR on ASR 9000 is a set of operating systems from Cisco that run in the 9000 series router devices. A security vulnerability exists in Cisco IOS XR version 5.3.1 for Cisco ASR 9000 devices. A remote attacker can exploit this vulnerability to cause a denial of service NPU chip reset or...

CVE-2015-4205

Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service NPU chip reset or line-card reload by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959...

Design/Logic Flaw

Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service NPU chip reset or line-card reload by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959...