UBUNTU-CVE-2014-0146

The qcow2open function in the block/qcow2.c in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service NULL pointer dereference via a crafted image which causes an error, related to the initialization of the snapshotoffset and nbsnapshots fields...

CVE-2014-0146

The qcow2open function in the block/qcow2.c in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service NULL pointer dereference via a crafted image which causes an error, related to the initialization of the snapshotoffset and nbsnapshots fields...

Patch Management: SCCM Computer Info Initialization

Binary data sccmgetcomputerinfo.nbin...

UBUNTU-CVE-2014-0101

The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an sctpsfauthenticate call, which allows remote attackers to cause a denial of service NULL pointer dereference and system crash via an...

Microsoft Internet Explorer Memory Corruption (MS14-012: CVE-2014-0313)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

Microsoft Internet Explorer Memory Corruption (MS14-012; CVE-2014-0312)

A remote code execution vulnerability has been reported in Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open ...

PT-2019-7010 · Thoughtworks · Xstream Api

Name of the Vulnerable Software and Affected Versions: Xstream API versions up to 1.4.6 Xstream API version 1.4.10 Description: The issue allows a remote attacker to execute arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format, such as...

Java-Bot, a Cross-platform malware launching DDoS attacks from infected computers

These days botnets are all over the news. In simple terms, a botnet is a group of computers networked together, running a piece of malicious software that allows them to be controlled by a remote attacker. A major target for most of the malware is still Windows, but the growing market of Mac OS X...

CVE-2013-6457

The libxlDomainGetNumaParameters function in the libxl driver libxl/libxldriver.c in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service invalid free operation and crash or possibly execute arbitrary code via an inactive domain to t...

CVE-2013-6457

The libxlDomainGetNumaParameters function in the libxl driver libxl/libxldriver.c in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service invalid free operation and crash or possibly execute arbitrary code via an inactive domain to t...

UBUNTU-CVE-2013-7265

The pnrecvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2 recvmmsg, ...

[SECURITY] Fedora 20 Update: perl-Proc-Daemon-0.14-9.fc20

This is version 0.14 of Proc::Daemon This module contains the routine Init which can be called by a Perl program to initialize itself as a daemon. A daemon is a process that runs in the background with no controlling terminal. Generally servers like FTP and HTTP servers run as daemon processes...

Amazon Linux AMI : nspr (ALAS-2013-266)

A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. CVE-2013-5605 It was found that the fix for...

UBUNTU-CVE-2013-6394

Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector IV, which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks...

Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64 (20131205)

A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. CVE-2013-5605 It was found that the fix for...

Security fix for the ALT Linux 7 package openssh version 5.9p1-alt7

5.9p1-alt7 built Dec. 9, 2013 Dmitry V. Levin in task 110259 Nov. 8, 2013 Dmitry V. Levin - sshd: applied upstream initialization fix CVE-2013-4548...

DEBIAN-CVE-2013-0860

The fferframeend function in libavcodec/errorresilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data...

Null pointer dereference

The fferframeend function in libavcodec/errorresilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data...

luci: paster hidden untrusted path and "command" (callable association) injection

A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user...

Design/Logic Flaw

Use-after-free vulnerability in the Channel::SendRTCPPacket function in voiceengine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other...