Ubuntu: Security Advisory (USN-2517-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-1)

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

USN-2518-1: Linux kernel vulnerabilities

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

USN-2517-1 linux-lts-utopic vulnerabilities

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

Race condition

Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state...

CVE-2014-8122

CVE-2014-8122 describes a race condition in JBoss Weld (pre-2.2.8 and pre-3.0.0 Alpha3) where conversation state stored in a thread-local variable was not sanitized at end of a conversation. This could allow a remote attacker to disclose information from a previous conversation to the current one...

Weld: Limited information disclosure via stale thread state

It was discovered that under specific conditions the conversation state information stored in a thread-local variable in JBoss Weld was not sanitized correctly when the conversation ended. This could lead to a race condition that could potentially expose sensitive information from a previous...

Weld: Limited information disclosure via stale thread state

It was discovered that under specific conditions the conversation state information stored in a thread-local variable in JBoss Weld was not sanitized correctly when the conversation ended. This could lead to a race condition that could potentially expose sensitive information from a previous...

Weld: Limited information disclosure via stale thread state

It was discovered that under specific conditions the conversation state information stored in a thread-local variable in JBoss Weld was not sanitized correctly when the conversation ended. This could lead to a race condition that could potentially expose sensitive information from a previous...

Weld: Limited information disclosure via stale thread state

It was discovered that under specific conditions the conversation state information stored in a thread-local variable in JBoss Weld was not sanitized correctly when the conversation ended. This could lead to a race condition that could potentially expose sensitive information from a previous...

USN-2491-1: Linux kernel (EC2) vulnerabilities

Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment SS register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. CVE-2014-9322 Lars Bull reported a race condition in the PIT...

USN-2490-1: Linux kernel vulnerabilities

Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage TLS implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization ASLR protection mechanism. A local user could exploit this fla...

Ubuntu: Security Advisory (USN-2492-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 12.04 LTS : linux vulnerabilities (USN-2492-1)

Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage TLS implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization ASLR protection mechanism. A local user could exploit this fla...

Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2491-1)

Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment SS register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. CVE-2014-9322 Lars Bull reported a race condition in the PIT...

glibc, nscd security update

CentOS Errata and Security Advisory CESA-2015:0092 Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS base score,...

chromium-browser: use-after-free in WebAudio

Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an audio-rendering thread in which AudioNode data is improper...

CVE-2014-7925

Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an audio-rendering thread in which AudioNode data is improper...

CVE-2014-7925

Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an audio-rendering thread in which AudioNode data is improper...

CVE-2014-7925

CVE-2014-7925 affects Blink’s WebAudio: a use-after-free in the audio-rendering thread can allow a remote attacker to cause a denial of service, with possible other impact. Evidence across multiple advisories shows Chrome/Blink remediation via upgrade to a fixed Chrome version (40.0.2214.91/111 d...