2551 matches found
Important: Red Hat Security Advisory: qemu-kvm security update
Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Apple iOS WebKit COOKIE Read/Write Vulnerability
Apple iOS is Apple's operating system for several smart devices. A security vulnerability exists in Apple iOS that could allow an attacker to construct a malicious web page, trick users into parsing it, and read and write COOKIEs to the target system...
Immunity Canvas: MS16_006_SILVERLIGHT
Name| ms16006silverlight ---|--- CVE| CVE-2016-0034 Exploit Pack| CANVAS Description| ms16006silverlight Notes| CVE Name: CVE-2016-0034 VENDOR: Microsoft Notes: This module exploits a mishandling of negative offsets during a decoding. This situation could be exploited to overwrite with controlled...
UBUNTU-CVE-2016-1714
The 1 fwcfgwrite and 2 fwcfgread functions in hw/nvram/fwcfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAPSYSRAWIO privilege to cause a denial of service out-of-bounds read or write access and process crash or possibly...
Cisco Videoscape Distribution Suite Service Manager Security Bypass Vulnerability
Cisco Videoscape Distribution Suite Service Manager is a suite of reporting and analysis tools for VDS products from Cisco in the United States. Cisco Videoscape Distribution Suite Service Manager fails to use RBAC control over back-end database access in real-time, allowing remote attackers to...
Kaspersky Total Security Security Bypass Vulnerability
Kaspersky Total Security is a comprehensive multi-device version of the Russian antivirus program. The Kaspersky Total Security program protects user-mode processes by allocating memory with Read, Write, Execute RWX privileges in predictable addresses, allowing an attacker to exploit this...
Microsoft Silverlight RCE Vulnerability
Microsoft Silverlight is a development platform from Microsoft. The platform can build interactive applications for the Web, desktop and mobile devices. A security vulnerability exists in Microsoft Silverlight, which arises from the program's failure to properly handle certain open and close...
The vulnerability of the microprogramming software in Janitza UMG 508, 509, 511, 604, 605 power supply monitoring systems allows a perpetrator to read and write files or execute JASIC code.
The vulnerability of the debugging interface of Microprogramming Software for Control System Chains of Janitza UMG models 508, 509, 511, 604, and 605 is related to the absence of an authentication procedure. Exploiting this vulnerability allows a malicious actor to read and write files, or execut...
Kibana Cross-site Request Forgery CVE-2015-8131
CVE: CVE-2015-8131 Affected versions: All versions up to and including 4.1.2 and 4.2.0. The vulnerability is a cross-site request forgery CSRF or XSRF that could allow an attacker to read and write changes to the .kibana index or gain read and write access to Kibana plugin actions. Remediation: A...
[SECURITY] Fedora 23 Update: libsndfile-1.0.25-17.fc23
libsndfile is a C library for reading and writing sound files such as AIFF, AU, WAV, and others through one standard interface. It can currently read/write 8, 16, 24 and 32-bit PCM files as well as 32 and 64-bit floating point WAV files and a number of compressed formats. It compiles and runs on...
openSUSE Security Update : the Linux Kernel (openSUSE-2015-686)
The openSUSE 13.2 kernel was updated to receive various security and bugfixes. Following security bugs were fixed : - CVE-2015-3290: arch/x86/entry/entry64.S in the Linux kernel on the x8664 platform improperly relied on espfix64 during nested NMI processing, which allowed local users to gain...
QNAP Systems QNAP QTS Directory Traversal Vulnerability
QNAP Systems QNAP QTS is a Turbo NAS operating system from QNAP Systems. A directory traversal vulnerability exists in QNAP Systems QNAP QTS. When AFP is enabled in the program, a remote attacker can read or write arbitrary files by submitting a special directory traversal request while accessing...
Oracle: Security Advisory (ELSA-2015-3037)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2015-3228
Integer overflow in the gsheapallocbytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service crash via a crafted Postscript ps file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write...
Mozilla Firefox 'asm.js' Out-of-Bounds Read/Write Vulnerability
Mozilla Firefox is a popular open source WEB browser. Mozilla Firefox has an out-of-bounds read/write vulnerability in 'asm.js' when validating Javascript, which allows remote attackers to exploit the vulnerability to construct a malicious web page that can be parsed by the user and can be used t...
Google Chrome Multiple Vulnerabilities-02 (Apr 2015) - Mac OS X
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
CVE-2015-0932
The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on por...
Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:089)
Updated freetype2 packages fix security vulnerabilities : It was reported that Freetype before 2.5.3 suffers from an out-of-bounds stack-based read/write flaw in cf2hintmapbuild in the CFF rasterizing code, which could lead to a buffer overflow CVE-2014-2240. It was also reported that Freetype...
Ubuntu: Security Advisory (USN-2506-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
KIE Workbench Arbitrary File Execution Vulnerability
KIE Workbench is a set of JAVA-based development of open source BPM business process management of the complete release , including all the BPM and rules module . An arbitrary file execution vulnerability exists in KIE Workbench 6.0.x that could allow an authenticated remote user to read or write...