Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

CVE-2014-3479: PHP: PHP 5 ChangeLog

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.

CVE
Open in Source
#sql#xss#vulnerability#web#ios#mac#windows#apple#google#amazon#ubuntu#linux#debian#dos#apache#js#git#java#oracle#intel#php#c++#rce#perl#xpath#ldap#nginx#samba#pdf#amd#buffer_overflow#acer#samsung#oauth#auth#ssh#telnet#ibm#dell#rpm#postgres#sap#ssl
CVE-2014-0177: About Secunia Research | Flexera

The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.

CVE-2013-6371: About Secunia Research | Flexera

The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.

CVE-2014-2851: current group_info should be put after using.

Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.

CVE-2014-2706

Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c.

CVE-2012-6638

The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service (kernel resource consumption) via a flood of SYN+FIN TCP packets, a different vulnerability than CVE-2012-2663.

CVE-2013-4517: About Secunia Research | Flexera

Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.

CVE-2013-7005: Offensive Security’s Exploit Database Archive

D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#]["Password"] fields in /tmp/teamf1.cfg.ascii.

CVE-2013-6383

The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call.

CVE-2013-5807: Oracle Critical Patch Update - October 2013

Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.