Apache 2.2 - Scoreboard Invalid Free On Shutdown

Source: http://www.halfdog.net/Security/2011/ApacheScoreboardInvalidFreeOnShutdown/ Introduction Apache 2.2 webservers may use a shared memory segment to share child process status information scoreboard between the child processes and the parent process running as root. A child running with lowe...

Apple Quicktime JPEG2000 COD Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the JP2Deco component whi...

Mozilla Multiple dangling pointer vulnerabilities (MFSA 2011-23)

Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service application crash or possibly execut...

Mozilla Multiple dangling pointer vulnerabilities (MFSA 2011-23)

Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service application crash or possibly execut...

Mozilla Multiple dangling pointer vulnerabilities (MFSA 2011-23)

Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service application crash or possibly execut...

IPv6 Crafted Packet Vulnerability - Cisco Systems

Cisco Internetwork Operating System IOS Software is vulnerable to a Denial of Service DoS and potentially an arbitrary code execution attack from a specially crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv...

kernel: possible kernel oops from user MSS

The dotcpsetsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCPMAXSEG aka MSS values, which allows local users to cause a denial of service OOPS via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect u...

kernel: possible kernel oops from user MSS

The dotcpsetsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCPMAXSEG aka MSS values, which allows local users to cause a denial of service OOPS via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect u...

kvm: invalid selector in fs/gs causes kernel panic

The KVM implementation in the Linux kernel before 2.6.36 does not properly reload the FS and GS segment registers, which allows host OS users to cause a denial of service host OS crash via a KVMRUN ioctl call in conjunction with a modified Local Descriptor Table LDT...

CVE-2010-3698

The KVM implementation in the Linux kernel before 2.6.36 does not properly reload the FS and GS segment registers, which allows host OS users to cause a denial of service host OS crash via a KVMRUN ioctl call in conjunction with a modified Local Descriptor Table LDT...

PT-2010-5331 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.37-rc2 Description: The issue is related to the do tcp setsockopt function in the Linux kernel, which does not properly restrict TCP MAXSEG aka MSS values. This allows local users to cause a denial of servic...

kernel security and bug fix update

2.6.18-194.17.1.0.1.el5 - xen check to see if hypervisor supports memory reservation change Chuck Anderson orabug 7556514 - Add entropy support to igb John Sobecki orabug 7607479 - nfs convert ENETUNREACH to ENOTCONN orabug 7689332 - NET Add xen pv/bonding netconsole support Tina Yang orabug...

kernel: mm: keep a guard page below a grow-down stack segment

The doanonymouspage function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to t...

CVE-2010-2240

The doanonymouspage function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to t...

kernel security update

2.6.18-194.11.3.0.1.el5 - xen check to see if hypervisor supports memory reservation change Chuck Anderson orabug 7556514 - Add entropy support to igb John Sobecki orabug 7607479 - nfs convert ENETUNREACH to ENOTCONN orabug 7689332 - NET Add xen pv/bonding netconsole support Tina Yang orabug...

Microsoft Windows - nt!NtCreateThread Race Condition with Invalid Code Segment (MS10-047)

Microsoft Windows - nt!NtCreateThread Race Condition with Invalid Code Segment MS10-047 Microsoft Windows nt!NtCreateThread race condition with invalid code segment ---------------------------------------------------------------------------- CVE-2010-1888 Creating a new thread on windows involves...

Microsoft Windows - nt!NtCreateThread Race Condition with Invalid Code Segment (MS10-047)

Microsoft Windows nt!NtCreateThread race condition with invalid code segment ---------------------------------------------------------------------------- CVE-2010-1888 Creating a new thread on windows involves passing several structures to NtCreateThread. These structures describe the execution...

Microsoft Windows nt!NtCreateThread Race Condition

Microsoft Windows nt!NtCreateThread race condition with invalid code segment ---------------------------------------------------------------------------- CVE-2010-1888 Creating a new thread on windows involves passing several structures to NtCreateThread. These structures describe the execution...

apache -- Remote DoS bug in mod_cache and mod_dav

Apache ChangeLog reports: moddav, modcache: Fix Handling of requests without a path segment...

qemu: Improper handling of erroneous data provided by Linux virtio-net driver

The virtionetbadfeatures function in hw/virtio-net.c in the virtio-net driver in the Linux kernel before 2.6.26, when used on a guest OS in conjunction with qemu-kvm 0.11.0 or KVM 83, allows remote attackers to cause a denial of service guest OS crash, and an associated qemu-kvm process exit by...