CVE-2014-9895

drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 2013 devices, does not properly initialize certain data structures, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug...

[SECURITY] [DLA 575-2] collectd regression update

Package : collectd Version : 5.1.0-3+deb7u2 Debian Bug : 833013 The previous upload of collectd surfaced a problem in the way the network plugin initializes gcrypt preventing the plugin from being loaded when packet signing or encryption is enabled. Previously, this may have led to program crashe...

Debian Security Advisory DSA 3636-1 (collectd - security update)

Emilien Gaspar discovered that collectd, a statistics collection and monitoring daemon, incorrectly processed incoming network packets. This resulted in a heap overflow, allowing a remote attacker to either cause a DoS via application crash, or potentially execute arbitrary code. Additionally,...

Debian: Security Advisory (DSA-3636-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-5417

Memory leak in the resvinit function in the IPv6 name server management code in libresolv in GNU C Library aka glibc or libc6 before 2.24 allows remote attackers to cause a denial of service memory consumption by leveraging partial initialization of internal resolver data structures...

Debian DSA-3636-1 : collectd - security update

Emilien Gaspar discovered that collectd, a statistics collection and monitoring daemon, incorrectly processed incoming network packets. This resulted in a heap overflow, allowing a remote attacker to either cause a DoS via application crash, or potentially execute arbitrary code. Additionally,...

[SECURITY] [DSA 3636-1] collectd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3636-1 [email protected] https://www.debian.org/security/ Sebastien Delafond July 30, 2016 https://www.debian.org/security/faq -...

DLA-575-1 collectd - security update

Bulletin has no description...

DSA-3636-1 collectd - security update

Bulletin has no description...

CVE-2016-4639

Login Window in Apple OS X before 10.11.6 does not properly initialize memory, which allows local users to cause a denial of service via unspecified vectors...

Design/Logic Flaw

Login Window in Apple OS X before 10.11.6 does not properly initialize memory, which allows local users to cause a denial of service via unspecified vectors...

CVE-2016-4639

CVE-2016-4639: In OS X El Capitan (Login Window), memory initialization flaw allows a local attacker to cause a denial of service. Affected: OS X El Capitan v10.11 and later; remediation: apply OS X 10.11.6 Security Update 2016-004 (patches described by Apple). The Apple advisory clarifies the vu...

CVE-2016-4639

Login Window in Apple OS X before 10.11.6 does not properly initialize memory, which allows local users to cause a denial of service via unspecified vectors...

Juniper Junos FreeBSD libc db Information Disclosure (JSA10756)

According to its self-reported version number, the remote Juniper Junos device is affected by an information disclosure vulnerability in the underlying FreeBSD operating system libc db interface due to improper initialization of memory for Berkeley DB 1.85 database structures. A local attacker ca...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.1 was updated to 4.1.27 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-4997: A buffer overflow in 32bit compatsetsockopt iptables handling could lead to a local privilege escalation. bsc986362 - CVE-2016-5829: Multiple heap-based...

Microsoft Chakra ArrayBuffer.transfer Uninitialized Buffer Information Leak Vulnerability

This vulnerability allows remote attackers to leak sensitive information on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

Weakness with cookie encryption

PMASA-2016-29 Announcement-ID: PMASA-2016-29 Date: 2016-07-07 Summary Weakness with cookie encryption Description A pair of vulnerabilities were found affecting the way cookies are stored. The decryption of the username/password is vulnerable to a padding oracle attack. The can allow an attacker...

Netscaler Instances on SDX show less memory than allocated from within the SVM Console

Question: When I allocate RAM to a Netscaler instance on SDX, the Netscaler reports considerably less memory than is allocated. For instance, if I allocate 16gb, the Netscaler instance shows only 12gb allocated. Answer: This is an expected behavior. When NetScaler is started and is initializing t...

Foxit Reader Pattern Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF...

CVE-2016-4470

The keyrejectandlink function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service system crash via vectors involving a crafted keyctl request2 command...