A design flaw in Avast Sandbox allows a potentially harmful program to escape the sandbox and infect the host by dropping its files out of it and/or by modifying existing legitimate files of any type. Affected products include Avast Internet Security v11.x.x, Avast Pro Antivirus v11.x.x, Avast Premier v11.x.x, Avast Free Antivirus v11.x.x, Avast Business Security v11.x.x, Avast Endpoint Protection v8.x.x, Avast Endpoint Protection Plus v8.x.x, Avast Endpoint Protection Suite v8.x.x, Avast Endpoint Protection Suite Plus v8.x.x, Avast File Server Security v8.x.x, and Avast Email Server Security v8.x.x.
Monthly Archives: April 2016
CVE-2014-9761
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
CVE-2014-9765
Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file.
CVE-2015-1776
Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file.
CVE-2015-7511
Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.
CVE-2015-8778
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.
CVE-2015-8776
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
CVE-2015-8779
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
CVE-2016-0741
slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.
CVE-2016-2390
The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the –with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.