CVE-2014-3509

Race condition in the sslparseserverhellotlsext function in t1lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service memory overwrite and client application crash or possibly have...

CVE-2014-3509

Race condition in the sslparseserverhellotlsext function in t1lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service memory overwrite and client application crash or possibly have...

Race condition

Race condition in the sslparseserverhellotlsext function in t1lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service memory overwrite and client application crash or possibly have...

CVE-2014-3509

Race condition in the sslparseserverhellotlsext function in t1lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service memory overwrite and client application crash or possibly have...

CVE-2014-3509

CVE-2014-3511 affects OpenSSL 1.0.1 before 1.0.1i. It describes a protocol-downgrade vulnerability where a Man-in-the-Middle can force the use of TLS 1.0 by triggering ClientHello fragmentation in communications that support later TLS versions. The consequence is potential downgrade of security d...

CVE-2014-3509

Race condition in the sslparseserverhellotlsext function in t1lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service memory overwrite and client application crash or possibly have...

OpenSSL 1.0.0 < 1.0.0n Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.0n. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.0n advisory. - The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i...

CVE-2014-3509

Race condition in the sslparseserverhellotlsext function in t1lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service memory overwrite and client application crash or possibly have...

Mandriva Linux Security Advisory : samba (MDVSA-2014:136)

Updated samba packages fix security vulnerabilities : Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled CVE-2014-0178. Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denia...

Icecast 1.3.7/1.3.8 print_client() Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2264/info Versions of icecast up to and including 1.3.8 beta2 exhibit a format string vulnerability in the printclientfunction of utility.c. A malicious user can cause the printf function to overwrite memory at possibly...

Microsoft WINS Service Memory Overwrite

No description provided by source. $Id: ms04045wins.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Symantec Norton AntiVirus 2002/2003 Device Driver Memory Overwrite Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8329/info It has been reported that a memory corruption vulnerability affects the Symantec Norton AntiVirus Device Driver. According to the report, one of the device control operation handlers attempts to write data to an...

Crob FTP Server 2.50.4 - Remote Username Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7776/info A vulnerability has been reported for Crob FTP Server. The problem occurs due to invalid format specifiers used when displaying a user-supplied username. As a result, it may be possible for an attacker to embed...

Linux Kernel 2.6.x SYS_EPoll_Wait Local Integer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/12763/info A Local integer overflow vulnerability affects the Linux kernel. This issue is due to a failure of the affected kernel to properly handle user-supplied size values. An attacker may leverage this issue to...

CesarFTP 0.99 g Remote Username Buffer Overrun Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7946/info A buffer overrun vulnerability has been reported for CesarFTP. The problem is said to occur when multiple 'USER' commands are processed within a single session. When the issue is triggered, it may be possible to...

Linux Kernel <= 2.6.11 (CPL 0) Local Root Exploit (k-rad3.c)

No description provided by source. / k-rad3.c - linux 2.6.11 and below CPL 0 kernel local exploit v3 Discovered and original exploit coded Jan 2005 by sd [email protected] Modified 2005/9 by alert7 [email protected] XFOCUS Security Team http://www.xfocus.org gcc -o k-rad3 k-rad3.c -static -O2 test...

Lumigent Log Explorer XP_LogAttach_StartProf Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5016/info A buffer overflow vulnerability in xplogattach.dll has been reported for Lumigent Log Explorer. Specifically, this affects the xplogattachStartProf stored procedure. If this condition is successfully exploited, ...

Linux Kernel <= 2.6.36-rc8 - RDS Protocol Local Privilege Escalation

No description provided by source. //source: http://www.vsecurity.com/resources/advisory/20101019-1/ / Linux Kernel = 2.6.36-rc8 RDS privilege escalation exploit CVE-2010-3904 by Dan Rosenberg [email protected] Copyright 2010 Virtual Security Research, LLC The handling functions for sendin...

LBL traceroute 1.4 a5 Heap Corruption Vulnerability (3)

No description provided by source. source: http://www.securityfocus.com/bid/1739/info Traceroute is a well-known network diagnostic tool used for analyzing the path on a network between two hosts. On unix systems, traceroute is typically installed setuid root because of its use of raw sockets...

Samba 3.6.x < 3.6.24 / 4.0.x < 4.0.19 / 4.1.x < 4.1.9 Multiple Vulnerabilities

According to its banner, the version of Samba on the remote host is 3.6.x prior to 3.6.24, 4.0.x prior to 4.0.19, or 4.1.x prior to 4.1.9. It is, therefore, affected by the following vulnerabilities : - A denial of service flaw exists with 'nmbd'. A remote attacker, with a specially crafted packe...