Red Hat Security Advisory 2012-0676-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way the KVM_CREATE_IRQCHIP ioctl was handled. Calling this ioctl when at least one virtual CPU already existed could lead to a NULL pointer dereference later when the VCPU is scheduled to run. A malicious user in the kvm group on the host could use this flaw to crash the host. A flaw was found in the way device memory was handled during guest device removal. Upon successful device removal, memory used by the device was not properly unmapped from the corresponding IOMMU or properly released from the kernel, leading to a memory leak. A malicious user in the kvm group on the host who has the ability to assign a device to a guest could use this flaw to crash the host.
75bbd88324ddd95cff9e55be111b3594Debian Linux Security Advisory 2459-2 - The recent quagga update, DSA-2459-1, introduced a memory leak in the bgpd process in some configurations.
5095afa51d00ac16ccca45fe30b0cebeIntuit Help System suffers from protocol URL heap corruption and memory leak vulnerabilities.
c4a7ca65d102d5fbddb0b26479033d43Cisco Security Advisory - Cisco IOS Software contains four vulnerabilities related to Cisco IOS Zone-Based Firewall features. These vulnerabilities are as follows: Memory Leak Associated with Crafted IP Packets. Memory Leak in HTTP Inspection. Memory Leak in H.323 Inspection. Memory Leak in SIP Inspection Workarounds that mitigate these vulnerabilities are not available. Cisco has released free software updates that address these vulnerabilities.
d01649c54dfd485810387931863753a1Mandriva Linux Security Advisory 2012-041 - A memory leak and a hash table collision flaw in expat could cause denial of service attacks. The updated packages have been patched to correct this issue.
bc5d99bc968a3302928048a8bf550249Cisco Security Advisory - Cisco Unified Communications Manager contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol (SIP) messages. Exploitation of this vulnerability could cause an interruption of voice services. Cisco has released free software updates for supported Cisco Unified Communications Manager versions to address the vulnerability. A workaround exists for this SIP vulnerability.
92d32bec8f7057cebc21076875e2fb9bCisco Security Advisory - Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or trigger memory leaks that may result in system instabilities. Affected devices would need to be configured to process SIP messages for these vulnerabilities to be exploitable. Cisco has released free software updates that address these vulnerabilities. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerabilities.
bc0662c54a51abc3c5b7b913522a0f91Cisco Security Advisory - Cisco IOS Software contains a memory leak vulnerability in the Data-Link Switching (DLSw) feature that could result in a device reload when processing crafted IP Protocol 91 packets. Cisco has released free software updates that address this vulnerability.
46eb11cc4b60f4c92fd786d7d3a08117The re-factoring of XML validation for Tomcat 7.0.x re-introduced the vulnerability previously reported as CVE-2009-0783. This was initially reported as a memory leak. If a web application is the first web application loaded, this bug allows that web application to potentially view and/or alter the web.xml, context.xml and tld files of other web applications deployed on the Tomcat instance.
fffc75ef02341bc27a0d78a4480c077eInformation leak exploit for Linux kernel versions 2.6.37-rc1 and below which leaks kernel stack space back to userland due to uninitialized struct member "reserved" in struct serial_icounter_struct copied to userland. Uses ioctl to trigger memory leak, dumps to file and displays to command line.
5561330a1567df8efd9ee941ff262eb5Mandriva Linux Security Advisory 2011-006 - The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
21f68cfded4bb3660d0d738cd1483079Call of Duty: Black Ops suffers from a remote memory leak vulnerability.
9adeaf26d3957452c43264d43577a606Cisco Security Advisory - Cisco IOS Software contains a vulnerability when the Cisco IOS SSL VPN feature is configured with an HTTP redirect. Exploitation could allow a remote, unauthenticated user to cause a memory leak on the affected devices, that could result in a memory exhaustion condition that may cause device reloads, the inability to service new TCP connections, and other denial of service (DoS) conditions.
a2d12f1b2272bc162bcc23b43b923433Mandriva Linux Security Advisory 2010-133 - Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file. Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
8bc09ccec02bd7ed4d12ea2e21fb049eMicrosoft mshtml.dll CTimeoutEventList::InsertIntoTimeoutList proof of concept memory leak exploit.
9c22da9d51da460666f5003cf146ec03Debian Linux Security Advisory 2005-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. Note that this advisory says DSA-2004-1 but it is actually DSA-2005-1.
6df548355a759babe2620aa7553824b3Debian Linux Security Advisory 1996-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation.
fbdc26403ae55b8522f95a30964c1ce5Mandriva Linux Security Advisory 2010-022 - Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_free_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct thies issue.
fdb2aaebfd656adeaa8421e92c498f67Debian Linux Security Advisory 1970-1 - It was discovered that a significant memory leak could occur in openssl, related to the reinitialization of zlib. This could result in a remotely exploitable denial of service vulnerability when using the Apache httpd server in a configuration where mod_ssl, mod_php5, and the php5-curl extension are loaded.
8d1a271bb5317cdc26ad5321030a05a4Mandriva Linux Security Advisory 2009-344 - Heap-based buffer overflow in the DBD::Pg module for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows. Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides a fix for these vulnerabilities.
6568807db6b679a8d2ced213cdcaf226Mandriva Linux Security Advisory 2009-297 - The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file. FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a Tcp/udp memory leak. Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference. The updated packages fix this issue. Packages for 2008.0 are being provided due to extended support for Corporate products.
129d959bd54745147f8207da93404771Mandriva Linux Security Advisory 2009-297 - The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file. FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a Tcp/udp memory leak. Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference. The updated packages fix this issue.
d5dcf4cf7089c9f97fbaa79ed53d1368Debian Linux Security Advisory 1929-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation.
fa4854a1ebb10e160b2bac27b0969685Debian Linux Security Advisory 1928-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation.
61da1f5223209143e1c4d125b72d0c64Debian Linux Security Advisory 1927-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation.
f8054da58a078bd6ca1846795f0387b0
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed