CVE-2015-0688

Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services Processor ESP module, when NAT is enabled, allows remote attackers to cause a denial of service module crash via malformed H.323 packets, aka Bug ID CSCup21070...

Qt 'qbmphandler.cpp' Divide by Zero Denial of Service Vulnerability

Qt is a cross-platform application framework. A denial-of-service vulnerability exists in the graphics processor of Qt versions prior to 5.5, which can be successfully exploited to cause a crash of the affected application...

libcacard, qemu security update

CentOS Errata and Security Advisory CESA-2015:0349 Updated qemu-kvm packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common...

DEBIAN-CVE-2015-2151

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service memory corruption, or possibly execute arbitrary code via unspecified vectors...

Request Tracker Remote Denial of Service Vulnerability

Best Practical Solutions Request Tracker RT is an enterprise-grade, open source issue tracking system from Best Practical Solutions in the United States. The system has Bug tracking , customer service , customized workflow and other features . A denial of service vulnerability exists in Best...

kernel: kvm: vmx: invvpid vm exit not handled

It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invvpid Invalidate Translations Based on VPID instructions. On hosts with an Intel processor and invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest...

kernel: kvm: vmx: invept vm exit not handled

It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept Invalidate Translations Derived from EPT instructions. On hosts with an Intel processor and invept VM exit support, an unprivileged guest user could use these instructions to crash the guest...

Updated kernel-rt packages fix security vulnerabilities

This kernel-rt update provides as upgrade to upstream 3.14 longterm branch, currently based on 3.14.32 and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types,...

OpenJDK: XML parsing Denial of Service (JAXP, 8017298)

A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an...

[SECURITY] Fedora 20 Update: qemu-1.6.2-13.fc20

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

Raspberry Pi 2 — $35 Computer with Quad-Core Processor and it runs Free Windows 10

Earlier today, when Raspberry Pi Foundation unveiled the second avatar of its mini computer, the tech giant Microsoft revealed that Windows 10 operating system will support the Raspberry Pi 2 for the development of smart devices and appliances. Really a great news for all Micro-computing fans – a...

Cybozu Remote Service Manager Denial of Service Vulnerability

Cybozu Remote Service Manager is Cybozu's remote service management software for accessing Cybozu's internal systems. A security vulnerability exists in Cybozu Remote Service Manager version 2.3.0 and earlier, and version 3.x to 3.1.2. A remote attacker can exploit the vulnerability to cause a...

Mouse-Box — An Entire Computer inside a Mouse

Smartphones in our pockets are exponentially smaller and more powerful that they don't realize the need to carry laptops with us everywhere. Now imagine if a small mouse meets the need of the entire PC? Not just imagination, it has been proved and done by the engineers at a Polish startup...

python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns

A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate,...

[SECURITY] Fedora 20 Update: qemu-1.6.2-12.fc20

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

[SECURITY] Fedora 21 Update: qemu-2.1.2-7.fc21

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

KLA10616 Multiple vulnerabilities in Microsoft Office

Multiple serious vulnerabilities have been found in Microsoft Office products. Malicious users can exploit these vulnerabilities to run arbitrary code, cause denial of service, loss of integrity, security bypass, privilege escalation and obtain sensitive information. Below is a complete list of...

CVE-2014-7252

Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets 102SH allow local user...

Debian Security Advisory DSA 3087-1 (qemu - security update)

Paolo Bonzini of Red Hat discovered that the blit region checks were insufficient in the Cirrus VGA emulator in qemu, a fast processor emulator. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu...

OracleVM 3.0 : xen (OVMSA-2012-0020)

The remote OracleVM system is missing necessary patches to address critical security updates : - x86-64: detect processors subject to AMD erratum 121 and refuse to bootCVE-2006-0744 - guest denial of service on syscall/sysenter exception generation CVE-2012-0217 - Remove unnecessary balloon retri...