92 matches found
Python 2.7.x < 2.7.15 Heap-Based Buffer Overflow Vulnerability Python Issue (bpo-31530) - Mac OS X
Python is prone to a heap-based buffer overflow vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...
Fedora 26 : SDL2 (2017-5b132e3803)
Added audio stream conversion functions : - SDLNewAudioStream - SDLAudioStreamPut - SDLAudioStreamGet - SDLAudioStreamAvailable - SDLAudioStreamFlush - SDLAudioStreamClear - SDLFreeAudioStream - Added functions to query and set the SDL memory allocation functions : - SDLGetMemoryFunctions -...
loguru
...
Apple Mac OSX - Kernel Use-After-Free and Double Delete Due to Incorrect Locking in Intel GPU Driver
Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=708 The external methods IGAccelGLContext::unmapusermemory and IGAccelCLContext::unmapusermemory take an 8 byte struct input which is a user-space pointer previously passed to the...
Apple Mac OSX - IOBluetoothHCIPacketLogUserClient Memory Corruption
/ Source: https://code.google.com/p/google-security-research/issues/detail?id=572 The OS data types OSArray etc are explicity not thread safe; they rely on their callers to implement the required locking to serialize all accesses and manipulations of them. By sending two spoofed no-more-senders...
php: Double-free in zend_ts_hash_graceful_destroy()
A double free flaw was found in zendtshashgracefuldestroy function in the PHP ZTS module. This flaw could possibly cause a PHP application to crash...
Lightweight Disassembly Framework: Capstone
Lightweight Disassembly Framework Capstone is a multi-platform, multi-architecture lightweight disassembly framework. Capstone Disassembly Engine v3.0 Released Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community. Features...
FreeBSD OpenSSH DoS
Race condition because of invalid thread-safe library linking...
[Capstone] Ultimate Disassembly Framework
Capstone is a lightweight multi-platform, multi-architecture disassembly framework. Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community. Features Support hardware architectures: ARM, ARM64 aka ARMv8, Mips & X86 more details...
Oracle Linux 4 : cyrus-sasl (ELSA-2007-0795)
From Red Hat Security Advisory 2007:0795 : An updated cyrus-sasl package that addresses a security issue and fixes various other bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The cyrus-sas...
CentOS Update for 389-ds-base CESA-2013:0742 centos6
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scripttagname:"affected",...
Scientific Linux Security Update : 389-ds-base on SL6.x i386/x86_64 (20130415)
It was found that the 389 Directory Server did not properly restrict access to entries when the 'nsslapd-allow-anonymous-access' configuration setting was set to 'rootdse'. An anonymous user could connect to the LDAP database and, if the search scope is set to BASE, obtain access to information...
RHEL 5 : libvirt (RHSA-2011:0478)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:0478 advisory. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition,...
[BSA-052] Security Update for libvirt
Guido Günther uploaded new packages for libvirt which fixed the following security problems: CVE-2011-2511 Integer overflow in VirDomainGetVcpus CVE-2011-1486 Non thread safe error reporting For the squeeze-backports distribution the problems have been fixed in version 0.9.2-7bpo60+1. For the...
OpenSSL -- multiple vulnerabilities
OpenSSL Team reports: Two security flaws have been fixed in OpenSSL 1.0.0e Under certain circumstances OpenSSL's internal certificate verification routines can incorrectly accept a CRL whose nextUpdate field is in the past. CVE-2011-3207 OpenSSL server code for ephemeral ECDH ciphersuites is not...
Ubuntu 10.04 LTS / 10.10 / 11.04 : libvirt vulnerabilities (USN-1152-1)
It was discovered that libvirt did not use thread-safe error reporting. A remote attacker could exploit this to cause a denial of service via application crash. CVE-2011-1486 Eric Blake discovered that libvirt had an off-by-one error which could be used to reopen disk probing and bypass the fix f...
CVE-2011-1486
CVE-2011-1486 affects libvirt’s libvirtd: libvirt before 0.9.0 uses non‑thread-safe error reporting, allowing remote attackers to cause a denial of service (crash) by having multiple threads report errors simultaneously. This is evidenced in multiple advisories (openSUSE/libvirt patches note the ...
CVE-2011-1486
libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service crash by causing multiple threads to report errors at the same time...
CVE-2011-1486
libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service crash by causing multiple threads to report errors at the same time...
CVE-2011-1486
libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service crash by causing multiple threads to report errors at the same time...