USN-2451-1 cgmanager vulnerability

Serge Hallyn discovered that cgmanager did not consistently enforce proper nesting when modifying cgroup properties. A local attacker in a privileged container could use this to set cgroup values for all cgroups...

PT-2015-6394 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.0 Description: The issue is related to an array index error in the tcm vhost make tpg function, which was later renamed to vhost scsi make tpg, in the Linux kernel. This error might allow guest OS users to cau...

DEBIAN-CVE-2014-8133

arch/x86/kernel/tls.c in the Thread Local Storage TLS implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1638-1)

This openjdk update fixes the following security and non security issues : - Upgrade to 2.4.8 bnc887530 - Changed back from gzipped tarball to xz - Changed the keyring file to add Andrew John Hughes that signed the icedtea package - Change ZERO to AARCH64 tarball - Removed patches : -...

Cross site scripting

Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain credential information via script access to this cookie, aka ZEN-10418...

CVE-2014-9250

Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain credential information via script access to this cookie, aka ZEN-10418...

CVE-2014-9250

CVE-2014-9250 affects Zenoss Core through 5 Beta 3, where the authentication cookie is sent without the HttpOnly flag in Set-Cookie. This exposes credential information to client-side script access, increasing risk of credential exposure. The document notes mitigation by enabling SSL/HTTPS to bet...

DEBIAN-CVE-2014-9319

The ffhevcdecodenalsps function in libavcodec/hevcps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service out-of-bounds access via a crafted .bit file...

Citrix CloudPlatform Default Credentials

The remote Citrix CloudPlatform web administration interface uses a known set of default credentials. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid79641; scriptversion"1.5";...

Crunch - Password Cracking Wordlist Generator

Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations. Features crunch generates wordlists in both combination and permutation ways it can breakup output by number of lines or fi...

DEBIAN-CVE-2014-7815

The setpixelformat function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service crash via a small bytesperpixel value...

DEBIAN-CVE-2014-3690

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service system disruption by...

CVE-2014-8525

CVE-2014-8525 affects McAfee Network Data Loss Prevention (NDLP) prior to 9.3, where the session cookie Set-Cookie header omits the HttpOnly flag. This allows script access to the cookie, potentially exposing sensitive information. The provided sources describe the issue but do not specify affect...

UBUNTU-CVE-2014-7815

The setpixelformat function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service crash via a small bytesperpixel value...

CVE-2014-4830

IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

Code injection

IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

CVE-2014-4830

IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

libXxf86dga: Array Index error leading to heap-based OOB write

Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service crash and possibly execute arbitrary code via crafted length or index values to the 1 XDGAQueryModes and 2 XDGASetMode functions...

DEBIAN-CVE-2014-6054

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service divide-by-zero error and server crash via a zero value in the scaling factor in a 1 PalmVNCSetScaleFactor or 2 SetScale message...

apache tomcat cookie handling problem - characters out of 0x80 - 0xff causing internal server error

Title: Client-based DoS for Apache Tomcat on sending cookie with value out of 0x80 - 0xff scope. Author: Elar Lang @elarlang https://www.linkedin.com/in/elarlang Date: 02. January 2014 / 05. September 2014 Vendor: Apache Product: Tomcat Affected versions at least: 7.0.26 7.0.39 7.0.40 Timeline: 1...