php: invalid pointer free() in phar_tar_process_metadata()

An invalid free flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened...

CentOS Update for openssl CESA-2015:0716 centos7

Check the version of openssl SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882147";...

Moderate: Red Hat Security Advisory: openssl security update

Updated openssl packages that fix multiple security issues are now available for Red Hat Storage 2.1. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for ea...

openssl: invalid pointer use in ASN1_TYPE_cmp()

An invalid pointer use flaw was found in OpenSSL's ASN1TYPEcmp function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application...

Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark1)

The remote Solaris system is missing necessary patches to address security updates : - Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service infinite loop via vectors related to the 1 ANSI MAP, 2 ASF, 3 IEEE 802.11, 4 IEEE 802.3, and 5 LTP...

CVE-2014-9221

CVE-2014-9221 affects strongSwan’s IKEv2 KE handling with DH group 1025, causing a NULL pointer dereference and potential denial of service. Public details in connected advisories confirm the flaw exists in strongSwan 4.5.x–5.2.x (before 5.2.1) and can crash the IKE daemon on receiving a crafted ...

CVE-2014-9221

strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service invalid pointer dereference via a crafted IKEv2 Key Exchange KE message with Diffie-Hellman DH group 1025...

UBUNTU-CVE-2014-8439

Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial o...

CVE-2014-8439

Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial o...

CVE-2014-8439

Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial o...

CVE-2014-8439

Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial o...

Null pointer dereference

kernel/trace/tracesyscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service invalid pointer dereference via a crafted application...

CVE-2014-7826

CVE-2014-7826 affects the Linux kernel up to 3.17.2, where kernel/trace/trace_syscalls.c in the ftrace subsystem mishandles private syscall numbers. This can allow a local user to gain privileges or cause a denial of service via an crafted application (invalid pointer dereference). Connected advi...

CVE-2014-7826

kernel/trace/tracesyscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service invalid pointer dereference via a crafted application...

PT-2014-8294 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 3.17.2 Description: The issue allows local users to gain privileges or cause a denial of service due to an invalid pointer dereference. This occurs when the ftrace subsystem is used and private syscall numbers ar...

CVE-2014-8755

Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to "the ability to nullify an arbitrary address in memory."...

Null pointer dereference

Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to "the ability to nullify an arbitrary address in memory."...

CVE-2014-8755

CVE-2014-8755 affects Panasonic Network Camera View 3/4 via the WebVideoCam ActiveX control. The flaw is a null pointer dereference in GetImageDataPrint that allows remote code execution when a user visits a crafted page or file (user interaction required per ZDI). Impact is arbitrary code execut...

CVE-2014-8755

Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to "the ability to nullify an arbitrary address in memory."...

Null pointer dereference

The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service invalid pointer dereference via unspecified vectors...