ettercap: multiple issues

CVE-2014-6395 arbitrary code execution Heap-based buffer overflow in the dissectorpostgresql function in dissectors/ecpostgresql.c allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual...

CVE-2015-1515

CVE-2015-1515 affects SoftSphere DefenseWall Personal Firewall 3.24. The dwall.sys driver allows local users to escalate privileges by writing to arbitrary memory locations through crafted IOCTLs (0x00222000, 0x00222004, 0x00222008, 0x0022200c, 0x00222010). Multiple sources corroborate a local pr...

Multiple Trend Micro Products tmeext.sys Driver Elevation of Privilege Vulnerabilities

Trend Micro Antivirus Plus, Internet Security and Maximum Security are all antivirus programs from Trend Micro. A security vulnerability exists in the tmeext.sys driver prior to version 2.0.0.1015. A local attacker can exploit this vulnerability by writing to an arbitrary memory location via a...

CVE-2015-1305

McAfee Data Loss Prevention Endpoint DLPe before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 1 0x00224014 or 2 0x0022c018 IOCTL call...

CVE-2014-9632

The CVE-2014-9632 entry affects AVG Internet Security/Protection: the TDI driver avgtdix.sys allows local privilege escalation by writing to arbitrary memory via a crafted 0x830020f8 IOCTL. Affected: AVG Internet Security 2013.x before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315, Protection ...

CVE-2014-9641

The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximum Security allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222400 IOCTL call...

Design/Logic Flaw

IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service write to kernel memory via a crafted app that calls an unspecified user-client method...

SuSE 11.3 Security Update : binutils (SAT Patch Number 10214)

binutils has been updated to fix eight security issues : - Lack of range checking leading to controlled write in bfdelfsetupsections. CVE-2014-8485 - Invalid read flaw in libbfd. CVE-2014-8484 - Write to uninitialized memory in the PE parser. CVE-2014-8501 - Crash in the PE parser. CVE-2014-8502 ...

LibreOffice < 4.2.8 / 4.3.5 RTF File Handling Code Execution (Mac OS X)

The version of LibreOffice installed on the remote Mac OS X host is prior to 4.2.8 or 4.3.x prior to 4.3.5. It is, therefore, affected by an invalid memory write vulnerability. An attacker, using a specially crafted Rich Text Format RTF file, can exploit this to cause a denial of service or...

Fedora 19 : arm-none-eabi-binutils-cs-2014.05.28-3.fc19 (2014-14874)

fix directory traversal vulnerability 1162657 - fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable - fix CVE-2014-8502: heap overflow in objdump - fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file - fix CVE-2014-8504: stack...

Fedora 21 : avr-binutils-2.24-4.fc21 (2014-14995)

fix directory traversal vulnerability - fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable - fix CVE-2014-8502: heap overflow in objdump - fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file - fix CVE-2014-8504: stack overflow in...

Fedora 20 : arm-none-eabi-binutils-cs-2014.05.28-3.fc20 (2014-14833)

fix directory traversal vulnerability 1162657 - fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable - fix CVE-2014-8502: heap overflow in objdump - fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file - fix CVE-2014-8504: stack...

Updated gnutls package fix security vulnerability

An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC Elliptic Curve Cryptography certificates or certificate signing requests CSR. A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application...

DEBIAN-CVE-2014-3689

The vmware-vga driver hw/display/vmwarevga.c in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling...

RedHat Update for gnutls RHSA-2014:1846-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for gnutls CESA-2014:1846 centos7

Check the version of gnutls SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882080";...

Scientific Linux Security Update : gnutls on SL7.x x86_64 (20141112)

An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC Elliptic Curve Cryptography certificates or certificate signing requests CSR. A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application...

Moderate: Red Hat Security Advisory: gnutls security update

Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from...

gnutls: out-of-bounds memory write

An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC Elliptic Curve Cryptography certificates or certificate signing requests CSR resulting in heap corruption...

Microsoft Internet Explorer CSS Transition Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. By setting a "background" style...