Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying entries 1 - 10 of 67370 in total

Heroes of Might and Magic III .h3m Map file Buffer Overflow Exploit

Disclosed: July 29, 2015

This module embeds an exploit into an ucompressed map file (.h3m) for Heroes of Might and Magic III. Once the map is started in-game, a buffer overflow occuring when loading object sprite names leads to shellcode execution.

BIND TKEY Query Denial of Service Exploit

Disclosed: July 28, 2015

This module sends a malformed TKEY query, which exploits an error in handling TKEY queries on affected BIND9 'named' DNS servers. As a result, a vulnerable named server will exit with a REQUIRE assertion failure. This condition can be exploited in versions of BIND between BIND 9.1.0 through 9.8.x, 9.9.0 through 9....

Amazon Linux AMI: Security patch for usermode (ALAS-2015-572) (CVE-2015-3245) Vulnerability

  • Severity: 4
  • Published: July 26, 2015

It was found that libuser, as used in the chfn userhelper functionality, does not properly filter out newline characters, which allows an authenticated local attacker to corrupt the /etc/passwd file and cause denial-of-service against the system. (CVE-2015-3245 )

USN-2679-1: Linux kernel (OMAP4) vulnerabilities Vulnerability

  • Severity: 4
  • Published: July 22, 2015

A flaw was discovered in the user space memory copying for the pipe iovecsin the Linux kernel. An unprivileged local user could exploit this flaw tocause a denial of service (system crash) or potentially escalate theirprivileges. (CVE-2015-1805) Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filterJIT optimization. A l...

USN-2683-1: Linux kernel (Vivid HWE) vulnerabilities Vulnerability

  • Severity: 4
  • Published: July 22, 2015

A flaw was discovered in the kvm (kernel virtual machine) subsystem'skvm_apic_has_events function. A unprivileged local user could exploit thisflaw to cause a denial of service (system crash). (CVE-2015-4692) Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filterJIT optimization. A local attacker could exploit this flaw...

ELSA-2015-1483 Important: Oracle Linux libuser security update Vulnerability

  • Severity: 4
  • Published: July 22, 2015

Oracle Linux Security Advisory ELSA-2015-1483 http://linux.oracle.com/errata/ELSA-2015-1483.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: libuser-0.60-7.el7_1.i686.rpm libuser-0.60-7.el7_1.x86_64.rpm libuser-devel-0.60-7.el7_1.i686.rpm libuser-devel-0.60-7.el7_1.x86_64...

USN-2678-1: Linux kernel vulnerabilities Vulnerability

  • Severity: 4
  • Published: July 22, 2015

A flaw was discovered in the user space memory copying for the pipe iovecsin the Linux kernel. An unprivileged local user could exploit this flaw tocause a denial of service (system crash) or potentially escalate theirprivileges. (CVE-2015-1805) Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filterJIT optimization. A l...

FreeBSD: wordpress -- XSS vulnerability (Multiple CVEs) Vulnerability

  • Severity: 4
  • Published: July 22, 2015

Gary Pendergast reports: WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team. ...

CESA-2015:1482: libuser security update Vulnerability

  • Severity: 4
  • Published: July 22, 2015

Updated libuser packages that fix two security issues are now available for CentOS Linux 6. CentOS Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the Refere...