RHEL 6 : glibc (RHSA-2016:0175)

Updated glibc packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RedHat Update for glibc RHSA-2016:0175-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Httpd < 2.4.20 : mod_http2: denial of service by thread starvation

By manipulating the flow control windows on streams, a client was able to block server threads for long times, causing starvation of worker threads. Connections could still be opened, but no streams where processed for these. This issue affected HTTP/2 support in 2.4.17 and 2.4.18...

Apple Mac OSX - IOBluetoothHCIPacketLogUserClient Memory Corruption

/ Source: https://code.google.com/p/google-security-research/issues/detail?id=572 The OS data types OSArray etc are explicity not thread safe; they rely on their callers to implement the required locking to serialize all accesses and manipulations of them. By sending two spoofed no-more-senders...

Apple Mac OSX iOS Kernel - iokit Registry Iterator Manipulation Double-Free

Apple Mac OSX iOS Kernel - iokit Registry Iterator Manipulation Double-Free / Source: https://code.google.com/p/google-security-research/issues/detail?id=598 The userspace MIG wrapper IORegistryIteratorExitEntry invokes the following kernel function: kernreturnt isioregistryiteratorexitentry...

Wireshark - dissect_nhdr_extopt Stack Based Buffer Overflow

Exploit for multiple platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=696 The following crash due to a stack-based buffer overflow can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$...

Debian DLA-380-1 : libvncserver security update

An issue had been discovered and resolved by the libvncserver upstream developer Karl Runge addressing thread-safety in libvncserver when libvncserver is used for handling multiple VNC connections 1. Unfortunately, it is not trivially feasible because of ABI breakage to backport the related patch...

[SECURITY] [DLA 380-1] libvncserver security update

Package : libvncserver Version : 0.9.7-2+deb6u2 An issue had been discovered and resolved by the libvncserver upstream developer Karl Runge addressing thread-safety in libvncserver when libvncserver is used for handling multiple VNC connections 1. Unfortunately, it is not trivially feasible becau...

DLA-380-1 libvncserver - security update

Bulletin has no description...

DEBIAN-CVE-2015-8661

The h264sliceheaderinit function in libavcodec/h264slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other...

Automatic SQL Database Injection: jSQL Injection

jSQL Injection is a lightweight application used to find database information from a distant server. Tool is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. Features: GET, POST, header, cookie methods Normal, error based, blind, time based algorithms Automatic best algorit...

RedHat Update for glibc RHSA-2015:2172-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: partial ASLR bypass through TLS base addresses leak

An information leak flaw was found in the way the Linux kernel changed certain segment registers and thread-local storage TLS during a context switch. A local, unprivileged user could use this flaw to leak the user space TLS base address of an arbitrary process...

[SECURITY] Fedora 23 Update: nspr-4.10.10-1.fc23

NSPR provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing and calendar time, basic memory management malloc and free and shared library linking...

CVE-2007-2844

PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access...

Deliberately Insecure Web Application: OWASP WebGoat

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat in either J2EE or WebGoat for .Net in ASP.NET. In each lesson, users must demonstrate their understanding of a security issue by...

The vulnerability of Firefox and Firefox ESR browsers allows a perpetrator to trigger a service failure.

The vulnerability of the AnimationThread function in Firefox and Firefox ESR browsers is caused by buffer overflow. Exploiting this vulnerability allows a malicious actor to cause service interruptions by using the incorrect sscanf argument...

UBUNTU-CVE-2015-7176

The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impa...

Microsoft Windows 10 (Build 10130) - User Mode Font Driver Thread Permissions Privilege Escalation

Microsoft Windows 10 Build 10130 - User Mode Font Driver Thread Permissions Privilege Escalation Source: https://code.google.com/p/google-security-research/issues/detail?id=468 Windows: User Mode Font Driver Thread Permissions EoP Platform: Windows 10 Build 10130 Class: Elevation of Privilege...

Microsoft Windows - NtUserGetClipboardAccessToken Token Leak (MS15-023)

Source: https://code.google.com/p/google-security-research/issues/detail?id=461 Windows: NtUserGetClipboardAccessToken Token Leak Redux Platform: Windows 8.1 Update, Windows 10 Build 10130 Class: Security Bypass/EoP Summary: The NtUserGetClipboardAccessToken win32k system call exposes the access...