68 matches found
SUSE-SU-2018:1997-2 Security update for shadow
This update for shadow fixes the following issues: - CVE-2016-6252: Incorrect integer handling could results in local privilege escalation bsc1099310...
Security update for shadow (important)
This update for shadow fixes the following issues: - CVE-2016-6252: Incorrect integer handling could results in local privilege escalation bsc1099310 This update was imported from the SUSE:SLE-12-SP2:Update update project...
SUSE SLES12 Security Update : shadow (SUSE-SU-2018:1995-1)
This update for shadow fixes the following issues : - CVE-2016-6252: Fixed incorrect integer handling that could results in a local privilege escalation bsc1099310 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable ha...
SUSE-SU-2018:1990-1 Security update for mercurial
This update for mercurial fixes the following issues: Security issues fixed: - CVE-2018-13346: Fix mpatchapply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data bsc1100354. - CVE-2018-13347: Fix mpatch.c that mishandles integer...
SUSE-SU-2018:1995-1 Security update for shadow
This update for shadow fixes the following issues: - CVE-2016-6252: Fixed incorrect integer handling that could results in a local privilege escalation bsc1099310...
CVE-2018-13347
mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002...
xrdp -- local user can cause a denial of service
xrdp reports: The scpv0saccept function in the session manager uses an untrusted integer as a write length, which allows local users to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted input stream...
The vulnerability of the modular IRC server InspIRCd for the Debian GNU/Linux operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the modular IRC server InspIRCd for the Debian GNU/Linux operating system is related to improper handling of integer variables. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...
Updated shadow-utils packages fix security vulnerabilities
It was found that shadow-utils-4.2.1 had a potentially unsafe use of getlogin with the concern that the utmp entry might have a spoofed username associated with a correct uid CVE-2016-6251. It was found that shadow-utils-4.2.1 had an incorrect integer handling problem where it looks like the int...
MGASA-2017-0024 Updated shadow-utils packages fix security vulnerabilities
It was found that shadow-utils-4.2.1 had a potentially unsafe use of getlogin with the concern that the utmp entry might have a spoofed username associated with a correct uid CVE-2016-6251. It was found that shadow-utils-4.2.1 had an incorrect integer handling problem where it looks like the int...
The vulnerabilities of the Wi-Fi Protected Access WPA Supplicant client, the Jouni Malinen Hostapd software access point, and the openSUSE operating system allow a hacker to trigger a service failure.
Multiple vulnerabilities exist in the Wi-Fi Protected Access WPA Supplicant software, the Jouni Malinen Hostapd access point software, and the openSUSE operating system. These vulnerabilities are related to integer handling errors. Exploitation of these vulnerabilities could allow a malicious act...
Wireshark LLDP Dissector Denial of Service Vulnerability
Wireshark is an open source network protocol analysis tool. The Wireshark LLDP parser epan/proto.c function fails to properly handle integer data types, allowing an attacker to exploit the vulnerability by submitting a special message to crash the application...
CVE-2015-2190
epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service assertion failure and application exit via a crafted packet that is improperly handled by the LLDP dissector...
CVE-2015-2190
epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service assertion failure and application exit via a crafted packet that is improperly handled by the LLDP dissector...
Linux Kernel 2.5.x/2.6.x CPUFreq Proc Handler Integer Handling Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10201/info A local integer handling vulnerability has been announced in the Linux kernel. It is reported that this vulnerability may be exploited by an unprivileged local user to obtain kernel memory contents. Additionall...
PHP 4.x/5.0 Shared Memory Module Offset Memory Corruption Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12045/info PHP shared memory module shmop is reported prone to an integer handling vulnerability. The issue exists in the PHPFUNCTIONshmopwrite function and is as a result of a lack of sufficient sanitization performed on...
CVE-2012-4293
plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service application exit via a malformed packet...
flash-plugin: information disclosure flaw (APSB12-05)
Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to obtain sensitive information via unspecified...
CVE-2012-0769
Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to obtain sensitive information via unspecified...
Design/Logic Flaw
Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to obtain sensitive information via unspecified...