143 matches found
Mandriva Linux Security Advisory : tcpdump (MDVSA-2015:125)
Updated tcpdump package fixes security vulnerabilities : The Tcpdump program could crash when processing a malformed OLSR payload when the verbose output flag was set CVE-2014-8767. The application decoder for the Ad hoc On-Demand Distance Vector AODV protocol in Tcpdump fails to perform input...
Debian DLA-174-1 : tcpdump security update
Several issues have been discovered with tcpdump in the way it handled some printer protocols. Those issues can lead to denial of service, or, potentially, execution of arbitrary code. CVE-2015-0261 Missing bounds checks in IPv6 Mobility printer CVE-2015-2154 Missing bounds checks in ISOCLNS...
CVE-2015-2154
CVE-2015-2154 affects tcpdump prior to 4.7.2. The osi_print_cksum function in print-isoclns.c (ethernet printer) allows remote, unauthenticated targets to trigger a denial of service via crafted length, offset, or base pointer checksum values, potentially crashing the process due to an out-of-bou...
KLA10498 Denial of service vulnerabilities in tcpdump
Multiple serious vulnerabilities have been found in tcpdump. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities 1. An unknown vulnerability can be exploited remotely via a specially designed packets and other unknown vectors; ...
SUSE-RU-2015:0335-1 Security update for tcpdump
When running tcpdump, a remote unauthenticated user could have crashed the application or, potentially, execute arbitrary code by injecting crafted packages into the network. The following vulnerabilities in protocol printers have been fixed: IPv6 mobility printer remote DoS CVE-2015-0261,...
SUSE-SU-2015:0692-1 Security update for tcpdump
When running tcpdump, a remote unauthenticated user could have crashed the application or, potentially, execute arbitrary code by injecting crafted packages into the network. The following vulnerabilities in protocol printers have been fixed: IPv6 mobility printer remote DoS CVE-2015-0261,...
[SECURITY] [DSA 3193-1] tcpdump security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3193-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 17, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DLA 174-1] tcpdump security update
Package : tcpdump Version : tcpdump4.1.1-1+deb6u2 CVE ID : CVE-2015-0261 CVE-2015-2154 CVE-2015-2155 Several issues have been discovered with tcpdump in the way it handled some printer protocols. Those issues can lead to denial of service, or, potentially, execution of arbitrary code. CVE-2015-02...
Debian Security Advisory DSA 3193-1 (tcpdump - security update)
Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service application crash or, potentially, execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb3193.nasl 6609 2017-07-07 12:05:59Z cfischer...
CVE-2014-2154
Cisco ASA Software SIP inspection engine memory leak vulnerability (CVE-2014-2154) allows remote, unauthenticated attackers to exhaust memory and cause instability/DoS by sending crafted SIP packets. Root cause: improper SIP packet handling in the SIP inspection engine. Impact: partial DoS due to...
CVE-2013-2210
Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ aka xml-security-c before 1.7.2 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via malformed XPointer expressions. NOTE: this...
CVE-2013-2154
Stack-based buffer overflow in the XML Signature Reference functionality xsec/dsig/DSIGReference.cpp in Apache Santuario XML Security for C++ aka xml-security-c before 1.7.1 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via malformed...
CVE-2013-2154
Stack-based buffer overflow in the XML Signature Reference functionality xsec/dsig/DSIGReference.cpp in Apache Santuario XML Security for C++ aka xml-security-c before 1.7.1 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via malformed...
Heap overflow
Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ aka xml-security-c before 1.7.2 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via malformed XPointer expressions. NOTE: this...
CVE-2013-2154
Stack-based buffer overflow in the XML Signature Reference functionality xsec/dsig/DSIGReference.cpp in Apache Santuario XML Security for C++ aka xml-security-c before 1.7.1 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via malformed...
CVE-2013-2154
The CVE-2013-2154 entry affects Apache Santuario XML Security for C++ (xml-security-c) before 1.7.1, with a stack-based buffer overflow in DSIGReference::getURIBaseTXFM potentially allowing denial of service and, in some cases, arbitrary code execution via malformed XPointer expressions. Related ...
CVE-2013-2154: Apache Santuario C++ stack overflow vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2013-2154: Apache Santuario XML Security for C++ contains a stack overflow during XPointer evaluation Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Santuario XML Security for C++ library versions prior to...
Debian DSA-2717-1 : xml-security-c - heap overflow
Jon Erickson of iSIGHT Partners Labs discovered a heap overflow in xml-security-c, an implementation of the XML Digital Security specification. The fix to address CVE-2013-2154 introduced the possibility of a heap overflow in the processing of malformed XPointer expressions in the XML Signature...
Debian Security Advisory DSA 2717-1 (xml-security-c - heap overflow)
Jon Erickson of iSIGHT Partners Labs discovered a heap overflow in xml-security-c, an implementation of the XML Digital Security specification. The fix to address CVE-2013-2154 introduced the possibility of a heap overflow in the processing of malformed XPointer expressions in the XML Signature...
DSA-2717-1 xml-security-c - heap overflow
Bulletin has no description...