37 matches found
The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code
The vulnerabilities of MediaTek components—M4U drivers, audio drivers, touchscreen drivers, GPU drivers, and Android operating system command queue drivers—are related to deficiencies in access control. Exploiting these vulnerabilities allows a remote attacker to execute arbitrary code, leading t...
The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code
The vulnerabilities of MediaTek components—M4U drivers, audio drivers, touchscreen drivers, GPU drivers, and Android operating system command queue drivers—are related to deficiencies in access control. Exploiting these vulnerabilities allows a remote attacker to execute arbitrary code, leading t...
The vulnerabilities of PDF viewer programs such as Adobe Reader, Adobe Reader Document Cloud, and PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat allow attackers to execute arbitrary code.
The vulnerabilities of PDF viewer programs such as Adobe Reader and Adobe Reader Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are related to recompilation issues. Exploiting these vulnerabilities allows a malicious actor to execute arbitrary...
gdk-pixbuf: Multiple Vulnerabilities
Background gdk-pixbuf is an image loading library for GTK+. Description Three heap-based buffer overflow vulnerabilities have been discovered in gdk-pixbuf. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted ima...
Network Audio System: Multiple vulnerabilities
Background Network Audio System is a network transparent, client/server audio transport system. Description Multiple vulnerabilities have been discovered in Network Audio System. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could possibly...
International Components for Unicode: Denial of service
Background International Components for Unicode is a set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description Multiple vulnerabilities have been discovered in International Components for Unicode. Please review the CVE identifiers referenc...
Pixman: User-assisted execution of arbitrary code
Background Pixman is a pixel manipulation library. Description The trapezoid handling code in Pixman contains an integer underflow vulnerability. Impact A context-dependent attacker could entice a user to open a specially crafted file using an application linked against Pixman, possibly resulting...
GEGL: User-assisted execution of arbitrary code
Background GEGL is a graph-based image processing framework. Description Multiple integer overflows in GEGL may cause a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted PPM image using an application linked against GEGL, possibly resulting in...
nginx 'ngx_http_close_connection()'远程整数溢出漏洞
BUGTRAQ ID: 59496 nginx是HTTP及反向代理服务器,同时也用作邮件代理服务器,由Igor Sysoev编写。 nginx在实现上存在远程整数溢出漏洞,当 r-count 小于0或大于255时,Nginx ngxhttpcloseconnection函数会存在整数溢出错误,远程攻击者通过恶意http请求利用此漏洞,可能在应用上下文中执行任意代码。 0 Igor Sysoev nginx 1.1.19 Igor Sysoev nginx 1.1.17 Igor Sysoev nginx 1.0.9 Igor Sysoev nginx 1.0.8 Igor Sysoev...
Gentoo Security Advisory GLSA 201101-03 (libvpx)
The remote host is missing updates announced in advisory GLSA 201101-03. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
FreeBSD直接管道写操作本地信息泄露漏洞
BUGTRAQ ID: 35279 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 FreeBSD和其他UNIX类系统上最常见的进程间通讯方式之一是匿名管道。这种机制会创建一对文件描述符,可以从一个描述符读取写入到另一个描述符的数据。 FreeBSD的管道实现中包含名为“直接写入”的优化。在这种优化中,FreeBSD内核利用虚拟内存映射允许直接在进程之间拷贝数据,而不是在调用...
Ubuntu USN-752-1 (linux-source-2.6.15)
The remote host is missing an update to linux-source-2.6.15 announced via advisory USN-752-1. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed...
FreeBSD-SA-06:14.fpu
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:14.fpu Security Advisory The FreeBSD Project Topic: FPU information disclosure Category: core Module: sys Announced: 2006-04-19 Credits: Jan Beulich Affects:...
FreeBSD-SA-05:02.sendfile
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:02.sendfile Security Advisory The FreeBSD Project Topic: sendfile kernel memory disclosure Category: core Module: syskern Announced: 2005-04-04 Credits: Sven...
SRT2003-04-24-1532 - Options Parsing Tool library buffer overflows.
Secure Network Operations, Inc. http://www.secnetops.com Strategic Reconnaissance Team [email protected] Team Lead Contact [email protected] Our Mission: Secure Network Operations offers expertise in Networking, Intrusion Detection Systems IDS, Software Security Validation, and...
Re: Naptha - New DoS
I personally find it a bit questionable to release such an advisory and give only so little technical information about the vulnerability, how is anyone supposed to understand and protect about it then? Sounds to me like "we found the ultimate IP stack bug, be afraid, be very afraid, but no, we'r...
[SECURITY] New version of xchat released (update)
------------------------------------------------------------------------ Debian Security Advisory [email protected] http://www.debian.org/security/ Wichert Akkerman August 30, 2000 - ------------------------------------------------------------------------ Package : xchat Problem type : remote...