The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.
Monthly Archives: October 2016
Yahoo Slams Email Surveillance Story: Experts Demand Details
Yahoo calls a bombshell email surveillance story “misleading” as legal, civil liberties and security experts demand answers.
Red Hat Security Advisory 2016-2007-01
Red Hat Security Advisory 2016-2007-01 – Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 53.0.2785.143. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
Red Hat Security Advisory 2016-2008-01
Red Hat Security Advisory 2016-2008-01 – In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 7.1 will be retired as of March 31, 2017, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or Urgent priority bug fixes, for Red Hat Enterprise Linux 7.1 EUS after March 31, 2017.
Flash Operator Panel 2.31.03 Script Insertion
Flash Operator Panel version 2.31.03 suffers from a script insertion vulnerability.
Cyberoam iview UTM 0.1.2.7 Cross Site Scripting
Cyberoam iview UTM version 0.1.2.7 suffers from a client-side cross site scripting vulnerability.
Clean Master 1.0 Privilege Escalation
Clean Master version 1.0 suffers from an unquoted path privilege escalation vulnerability.