2518 matches found
DEBIAN-CVE-2015-3228
Integer overflow in the gsheapallocbytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service crash via a crafted Postscript ps file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write...
Mozilla Firefox 'asm.js' Out-of-Bounds Read/Write Vulnerability
Mozilla Firefox is a popular open source WEB browser. Mozilla Firefox has an out-of-bounds read/write vulnerability in 'asm.js' when validating Javascript, which allows remote attackers to exploit the vulnerability to construct a malicious web page that can be parsed by the user and can be used t...
Google Chrome Multiple Vulnerabilities-02 (Apr 2015) - Mac OS X
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
CVE-2015-0932
The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on por...
Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:089)
Updated freetype2 packages fix security vulnerabilities : It was reported that Freetype before 2.5.3 suffers from an out-of-bounds stack-based read/write flaw in cf2hintmapbuild in the CFF rasterizing code, which could lead to a buffer overflow CVE-2014-2240. It was also reported that Freetype...
Ubuntu: Security Advisory (USN-2506-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
KIE Workbench Arbitrary File Execution Vulnerability
KIE Workbench is a set of JAVA-based development of open source BPM business process management of the complete release , including all the BPM and rules module . An arbitrary file execution vulnerability exists in KIE Workbench 6.0.x that could allow an authenticated remote user to read or write...
SuSE 11.3 Security Update : unzip (SAT Patch Number 10344)
This update fixes the following security issues : - input sanitization errors. bnc909214. CVE-2014-8139 - out-of-bounds read/write in testcompreb bnc914442. CVE-2014-9636 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fro...
CVE-2014-8115
CVE-2014-8115 affects KIE Workbench 6.0.x (KIE Workbench) with insufficient authorization constraints that allow remote authenticated users to read or write arbitrary files via unknown vectors. The CVSS base score is 6.5 (Medium) with network attack vector and partial confidentiality/integrity/av...
[SECURITY] [DLA-152-1] postgresql-8.4 update
Package : postgresql-8.4 Version : 8.4.22lts1-0+deb6u1 CVE ID : CVE-2014-8161 CVE-2015-0241 CVE-2015-0243 CVE-2015-0244 Several vulnerabilities were discovered in PostgreSQL, a relational database server system. The 8.4 branch is EOLed upstream, but still present in Debian squeeze. This new LTS...
Debian DSA-3155-1 : postgresql-9.1 - security update
Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. - CVE-2014-8161: Information leak A user with limited clearance on a table might have access to information in columns without SELECT rights on through server error messages. - CVE-2015-0241: Out of boundaries...
AZL-35334 CVE-2014-9636 affecting package unzip for versions less than 6.0-20
unzip 6.0 allows remote attackers to cause a denial of service out-of-bounds read or write and crash via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression...
[SECURITY] [DSA 3155-1] postgresql-9.1 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3155-1 [email protected] http://www.debian.org/security/ Luciano Bello February 06, 2015 http://www.debian.org/security/faq -...
DSA-3155-1 postgresql-9.1 - security update
Bulletin has no description...
LibTIFF Out-of-Bounds Read/Write Denial of Service Vulnerability
LibTiff is an application library responsible for encoding/decoding TIFF image format. The use of the LibTiff library's "tiff2pdf" tool to process malformed TIFF images suffers from an out-of-bounds read/write vulnerability, which allows an attacker to exploit the vulnerability to build a malicio...
[CVE-2014-7301] SGI Tempo System Database Password Exposure
SGI Tempo System Database Password Exposure Software: SGI Tempo SGI ICE-X Supercomputers Affected Versions: Unknown CVE Reference: CVE-2014-7301 Author: John Fitzpatrick, MWR Labs Severity: Medium Risk Vendor: Silicon Graphics International Corp SGI Vendor Response: Uncooperative Description It i...
SGI Tempo Database Password Disclosure
SGI Tempo System Database Password Exposure Software: SGI Tempo SGI ICE-X Supercomputers Affected Versions: Unknown CVE Reference: CVE-2014-7301 Author: John Fitzpatrick, MWR Labs Severity: Medium Risk Vendor: Silicon Graphics International Corp SGI Vendor Response: Uncooperative Description It i...
CVE-2014-9066
Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service write denial or NMI watchdog timeout and host crash via a large number of read requests, a different vulnerability than...
CVE-2014-9065
common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service write denial or NMI watchdog timeout and host crash via a large number of read requests, a different vulnerability to CVE-2014-9066...
CVE-2014-8093
Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System aka X11 or X X11R6.7, and X.Org Server aka xserver and xorg-server before 1.16.3 allow remote authenticated users to cause a denial of service crash or possibly execute arbitrary code via a crafted request to th...