[Forgot Password]
Login  Register Subscribe

24547

 
 

132803

 
 

127844

 
 

909

 
 

105823

 
 

152

 
 
Paid content will be excluded from the download.

Filter
Matches : 254 Download | Alert*

This is a flaw in the Intel processor execution engine sharing on SMT (e.g. Hyper-Threading) architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data.

It was found that libreoffice was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.

The host is installed with Kernel on Red Hat Enterprise Linux 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle an ABORT_TASK command. Successful exploitation could allow attackers to crash the service.

The host is installed with ruby on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a RFC 6125 violation vulnerability. A flaw is present in the application, which fails to properly verify host names against X.509 certificate names with wildcards. Successful exploitation could cause Ruby TLS/SSL clients to accept certain certificates as valid against RFC 6125 recommendations.

The host is installed with qemu-kvm before 2.1.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which triggers access of an uninitialized socket. Successful exploitation allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address.

The host is installed with kernel before 2.6.38 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted instruction that triggers an L2 emulation failure report. Successful exploitation allow remote attackers to cause a denial of service (crash).

The host is installed with Mozilla Network Security Services (NSS) before 3.16.2.4 or 3.17.x before 3.17.3 and is prone to an unspecified vulnerability. A flaw is present in the application, which does not ensure that the DER encoding of an ASN.1 length is properly formed. Successful exploitation allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encodin ...

The host is installed with kernel before 3.17.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted application. Successful exploitation allows guest OS users to cause a denial of service (guest OS crash).

The host is installed with kernel through 3.18 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle a crafted application that reads a 16-bit value. Successful exploitation makes it easier for guest OS users to bypass the ASLR protection mechanism.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   25

© SecPod Technologies