CVE-2015-7054

CVE-2015-7054 affects Apple platforms via the zlib component in the Compression subsystem (iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, watchOS before 2.1). The vulnerability arises because memory is not initialized for an unspecified data structure, allowing remote attackers to execute ...

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2825-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2825-1 advisory. Multiple use-after-free bugs were discovered in the application cache implementation in Chromium. If a user were tricked in to opening a specially crafte...

Updated libraw packages fix security vulnerabilities

Updated libraw packages fix security vulnerabilities: It was found that smaldecodesegment function do not handle index carefully, which may cause index overflow CVE-2015-8366. It was found that phaseonecorrect function does not handle memory object's initialization correctly, which may have...

Microsoft Internet Explorer Memory Corruption (MS15-124: CVE-2015-6083)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

Google Chrome Multiple Vulnerabilities-01 (Dec 2015) - Windows

google chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Google Chrome Denial of Service Vulnerability (CNVD-2015-07975)

Google Chrome is a web browser developed by the American company Google Google. The 'VideoFramePool::PoolImpl::CreateFrame' function in the media/base/videoframepool.cc file in Google Chrome versions prior to 47.0.2526.73 has a security vulnerability. Due to the program failing to properly...

CVE-2015-8480

The CVE-2015-8480 entry relates to Google Chrome before 47.0.2526.73. The vulnerability arises because VideoFramePool::PoolImpl::CreateFrame does not initialize memory for a video-frame data structure, enabling remote attackers to trigger a denial of service via out-of-bounds memory access, poten...

USN-2829-2 linux-lts-vivid vulnerabilities

It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service system crash. CVE-2015-5283 Dmitry Vyukov discovered that the Linux kernel's keyring handler...

UBUNTU-CVE-2015-8367

The phaseonecorrect function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization...

CVE-2015-8367

The phaseonecorrect function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization...

PT-2015-7775 · Libraw +3 · Libraw +3

Name of the Vulnerable Software and Affected Versions: Libraw versions prior to 0.17.1 Description: The issue is related to memory object initialization in the phase one correct function, which can cause memory errors and potentially allow attackers to execute arbitrary code. Recommendations: For...

USN-2823-1 linux vulnerabilities

It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service system crash. CVE-2015-5283 Dmitry Vyukov discovered that the Linux kernel's keyring handler...

OpenJDK: missing checks for proper initialization in ObjectStreamClass (Serialization, 8103671)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization...

OpenJDK: missing checks for proper initialization in ObjectStreamClass (Serialization, 8103671)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization...

OpenJDK: missing checks for proper initialization in ObjectStreamClass (Serialization, 8103671)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization...

CVE-2015-7762

rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement ACK packet, which allows remote attackers to obtain sensitive information by 1 conducting a replay attack or 2 sniffing the network...

DEBIAN-CVE-2015-7762

rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement ACK packet, which allows remote attackers to obtain sensitive information by 1 conducting a replay attack or 2 sniffing the network...

CVE-2015-7762

rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement ACK packet, which allows remote attackers to obtain sensitive information by 1 conducting a replay attack or 2 sniffing the network...

CVE-2015-7763

rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement ACK packet, which allows remote attackers to obtain sensitive information by 1 conducting a replay attack or 2 sniffing the network...

Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-2797-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2797-1 advisory. It was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route...