5119 matches found
CVE-2015-6352
Cisco Unified Communications Domain Manager before 10.61 provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests, aka Bug ID CSCut67891...
CVE-2007-0454
Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping...
CVE-2015-6760
The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service invalid read or write or possibly have unspecified other impact v...
UBUNTU-CVE-2015-6760
The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service invalid read or write or possibly have unspecified other impact v...
CVE-2015-6760
Removed by vendor...
CVE-2015-6760
The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service invalid read or write or possibly have unspecified other impact v...
The vulnerability of the RPCbind server for dynamic naming services allows a attacker to cause a service failure.
The vulnerability of the xprtsetcaller function of dynamic naming server RPC ports is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to cause service failures by using specially crafted packets containing the PMAPCALLIT code...
CVE-2015-6654
The xenmemaddtophysmapone function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by leveraging permissions to map t...
Denial of service
The xenmemaddtophysmapone function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by leveraging permissions to map t...
CVE-2015-6654
CVE-2015-6654 affects Xen up to and including 4.5.x/4.4.x, where xenmem_add_to_physmap_one does not cap printk messages when failing to retrieve a reference on a foreign page. This can enable DoS by remote domains with permission to map memory of another guest. Upstream mitigation was released in...
CVE-2015-6654
The xenmemaddtophysmapone function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by leveraging permissions to map t...
UPnP IGD SOAP Port Mapping Utility
Manage port mappings on UPnP IGD-capable device using the AddPortMapping and DeletePortMapping SOAP requests This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'nokogiri' class MetasploitModule 'UPnP IGD SOAP Por...
FreeBSD : xen-kernel and xen-tools -- Long latency MMIO mapping operations are not preemptible (d40c66cb-27e4-11e5-a4a5-002590263bf5)
The Xen Project reports : The XENDOMCTLmemorymapping hypercall allows long running operations without implementing preemption. This hypercall is used by the device model as part of the emulation associated with configuration of PCI devices passed through to HVM guests and is therefore indirectly...
SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:0701-1)
Xen was updated 4.4.201 to address three security issues and functional bugs. The following vulnerabilities were fixed : - Long latency MMIO mapping operations are not preemptible XSA-125, CVE-2015-2752, bnc922705 - Unmediated PCI command register access in qemu XSA-126, CVE-2015-2756, bnc922706 ...
SUSE SLES11 Security Update : Xen (SUSE-SU-2015:0745-1)
The Virtualization service XEN was updated to fix various bugs and security issues. The following security issues have been fixed : CVE-2015-2756: XSA-126: Unmediated PCI command register access in qemu could have lead to denial of service attacks against the host, if PCI cards are passed through...
SUSE SLES10 Security Update : Xen (SUSE-SU-2015:0744-1)
The Virtualization service XEN was updated to fix various bugs and security issues. The following security issues have been fixed : XSA-125: Long latency MMIO mapping operations were not preemptible. CVE-2015-2151: XSA-123: Instructions with register operands ignored eventual segment overrides...
SuSE 11.3 Security Update : Xen (SAT Patch Number 10560)
The Virtualization service XEN was updated to fix various bugs and security issues. The following security issues have been fixed : - XSA-126: Unmediated PCI command register access in qemu could have lead to denial of service attacks against the host, if PCI cards are passed through to guests...
Security: Wrong security context loaded when using SAML2 STS Login Module
It was found that when processing undefined security domains, the org.jboss.security.plugins.mapping.JBossMappingManager implementation would fall back to the default security domain if it was available. A user with valid credentials in the defined default domain, with a role that is valid in the...
Security: Wrong security context loaded when using SAML2 STS Login Module
It was found that when processing undefined security domains, the org.jboss.security.plugins.mapping.JBossMappingManager implementation would fall back to the default security domain if it was available. A user with valid credentials in the defined default domain, with a role that is valid in the...
Fedora 20 : xen-4.3.4-2.fc20 (2015-5402)
Long latency MMIO mapping operations are not preemptible XSA-125, CVE-2015-2752 Unmediated PCI command register access in qemu XSA-126, CVE-2015-2756 Certain domctl operations may be abused to lock up the host XSA-127, CVE-2015-2751 update to xen-4.3.4 Note that Tenable Network Security has...