CVE-2014-4771

CVE-2014-4771 affects IBM WebSphere MQ: remote authenticated users can exhaust queue slots via a crafted PCF query, impacting MQ servers in versions 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before 7.5.0.5, and 8 before 8.0.0.1. The connected documents confirm the affected versions and the D...

kernel: net: sctp: remote memory pressure from excessive queueing

A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service...

APPLE-SA-2015-01-27-1 Apple TV 7.0.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-01-27-1 Apple TV 7.0.3 Apple TV 7.0.3 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: A maliciously crafted afc command may allow access to protected parts of the filesystem...

Code injection

IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app...

Apple TV and iOS IOHIDFamily Event Queue Null Pointer Reference Vulnerability

Apple iOS is the latest operating system for Apple's iPhone and iPod touch devices. Apple TV is Apple's way of allowing photos, videos and music from PCs and iPods to be transmitted wirelessly to a TV in high definition. Apple TV and iOS contain an IOHIDFamily event queue handling null pointer...

Apple MAC OS X Yosemite IODataQueue Object Handling Checksum Vulnerability

Apple MAC OS X Yosemite is the latest operating system developed by Apple. Apple MAC OS X Yosemite suffers from a checksum issue with some metadata fields in the handling of the IODataQueue object, which allows malicious applications to execute arbitrary code in the system context...

kernel: net: sctp: remote memory pressure from excessive queueing

A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service...

Microsoft Message Queue QMGetRemoteQueueName Buffer Overflow - Ver2 (CVE-2008-3479)

A buffer overflow vulnerability has been reported in Microsoft Windows 2000. An attacker could exploit this vulnerability via a crafted RPC call, related to improper processing of parameters to string APIs. Successful exploitation of this vulnerability could allow a remote attacker to execute...

kernel: net: sctp: remote memory pressure from excessive queueing

A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service...

kernel: net: sctp: remote memory pressure from excessive queueing

A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service...

DEBIAN-CVE-2014-3688

The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service memory consumption by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/smstatefuns.c...

Open Web Analytics 1.5.6 PHP Object Injection Vulnerability

Exploit for php platform in category web applications Open Web Analytics setSetting'base', 'isremoteeventqueue', true; $owa-e-debug$POST; $rawevent = owacoreAPI::getRequestParam'event'; if $rawevent $dispatch = owacoreAPI::getEventDispatch; $event = unserialize base64decode $rawevent ;...

AST-2014-016: Remote Crash Vulnerability in PJSIP channel driver

Asterisk Project Security Advisory - AST-2014-015 Product Asterisk Summary Remote Crash Vulnerability in PJSIP channel driver Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate Exploits Known No Reported On 30 October 2014 Reported By Yaron Nahum...

DEBIAN-CVE-2014-7824

D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service prevention of new connections and connection drop by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix fo...

CVE-2014-3684

CVE-2014-3684 affects the TORQUE Resource Manager (lib/Libifl/tm.c, tm_adopt) across 5.0.x, 4.5.x, 4.2.x and earlier. The root cause is that the owner of a process is not validated to also own the adopted session id, enabling remote authenticated users to kill arbitrary processes via a crafted ex...

UBUNTU-CVE-2014-3688

The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service memory consumption by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/smstatefuns.c...

Microsoft Windows multiple security vulnerabilities

Restrictions bypass and memory corruptions in Internet Explorer, .Net code execution, TrueType embedded fonts code execution, OLE code execution, message queue service and FAT32 driver privilege escalation...

DEBIAN-CVE-2014-7202

streamengine.cpp in libzmq aka ZeroMQ/C++ 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request...

CVE-2014-4793

IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors...

qemu: virtio-net: out-of-bounds buffer write on invalid state load

The virtionetload function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of currqueues is greater than maxqueues, which triggers an out-of-bounds write...