8439 matches found
Scientific Linux Security Update : rpm on SL7.x x86_64 (20141209)
It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and...
CVE-2014-8269
Multiple stack-based buffer overflows in 1 HWOPOSScale.ocx and 2 HWOPOSSCANNER.ocx in Honeywell OPOS Suite before 1.13.4.15 allow remote attackers to execute arbitrary code via a crafted file that is improperly handled by the Open method...
CVE-2014-8956
Stack-based buffer overflow in the K7Sentry.sys kernel mode driver aka K7AV Sentry Device Driver before 12.8.0.119, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via unspecified vectors...
CVE-2014-1593
Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content...
CVE-2014-9163
Adobe Flash Player is affected by CVE-2014-9163: a stack-based buffer overflow allows remote code execution. Affected: Windows and OS X Flash Player before 13.0.0.259 and 14.x before 15.0.0.246, and Linux Flash Player before 11.2.202.425. Root cause: stack-based overflow in vulnerable code paths;...
Stack overflow
Stack-based buffer overflow in the ihexscan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service crash and possibly have other unspecified impact via a crafted ihex file...
CVE-2014-8503
CVE-2014-8503 is a stack-based buffer overflow in the IHEX parser (ihex_scan in bfd/ihex.c) of GNU Binutils
Updated flash-player-plugin packages fix multiple security vulnerabilities
Adobe Flash Player 11.2.202.425 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves memory corruption vulnerabilities that could lead to code execution CVE-2014-0587,...
CVE-2014-8504
Stack-based buffer overflow in the srecscan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service crash and possibly have other unspecified impact via a crafted file...
Adobe Flash Player CVE-2014-9163 Stack Based Buffer Overflow Vulnerability
Description Adobe Flash Player is prone to a stack-based buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts likely result in denial-of-service conditions. Technologies Affected Adobe Fla...
Google Chrome < 39.0.2171.95 Multiple Vulnerabilities (Mac OS X)
The version of Google Chrome installed on the remote Mac OS X host is a version prior to 39.0.2171.95. It is, therefore, affected by the following vulnerabilities : - A security bypass vulnerability that allows an attacker to bypass the same-origin policy. CVE-2014-0580 - Multiple memory corrupti...
Flash Player For Mac <= 15.0.0.239 Multiple Vulnerabilities (APSB14-27)
According to its version, the installation of Adobe Flash Player installed on the remote Mac OS X host is equal or prior to 15.0.0.239. It is, therefore, affected by the following vulnerabilities : - A security bypass vulnerability that allows an attacker to bypass the same-origin policy...
Debian Security Advisory DSA 3093-1 (linux - security update)
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation: CVE-2014-7841 Liu Wei of Red Hat discovered that a SCTP server doing ASCONF will panic on malformed INIT chunks by triggering a NULL pointer dereference. CVE-2014-8369 A...
VFU 4.10-1.1 - Local Buffer Overflow
Exploit Author: Juan Sacco - http://www.exploitpack.com Tested on: GNU/Linux - Debian Wheezy Description: VFU v4.10-1.1 is prone to a stack-based buffer overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. An attacker can exploit this...
[CORE-2014-0010] - Advantech WebAccess Stack-based Buffer Overflow
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Advantech WebAccess Stack-based Buffer Overflow 1. Advisory Information Title: Advantech WebAccess Stack-based Buffer Overflow Advisory ID: CORE-2014-0010 Advisory URL:...
CVE-2014-8884
Stack-based buffer overflow in the ttusbdecfedvbsdiseqcsendmastercmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service system crash or possibly gain privileges via a large message length in an ioctl call...
Mandriva Linux Security Advisory : libvncserver (MDVSA-2014:229)
Updated libvncserver packages fix security vulnerabilities : A malicious VNC server can trigger incorrect memory management handling by advertising a large screen size parameter to the VNC client. This would result in multiple memory corruptions and could allow remote code execution on the VNC...
CVE-2014-8713
Stack-based buffer overflow in the buildexpertdata function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service application crash via a crafted packet...
Updated kdenetwork4 packages fix security vulnerabilities in krfb
A malicious VNC client can trigger multiple DoS conditions on the VNC server by advertising a large screen size, ClientCutText message length and/or a zero scaling factor parameter CVE-2014-6053, CVE-2014-6054. A malicious VNC client can trigger multiple stack-based buffer overflows by passing a...
Stack overflow
Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ipaddress parameter in an HTML document...