CVE-2017-1000001

CVE-2017-1000001 affects FedMsg 0.18.1 and earlier, where a message validation flaw can occur if validation is configured to run but is not enabled. Affected component: FedMsg (Python package for messaging). Root cause: message validation may not be enabled as configured, enabling potential bypas...

CVE-2016-9122

go-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially lead to confusion. For example, users of the...

Debian Security Advisory DSA 3790-1 (spice - security update)

Several vulnerabilities were discovered in spice, a SPICE protocol client and server library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9577 Frediano Ziglio of Red Hat discovered a buffer overflow vulnerability in the mainchannelallocmsgrcvbuf...

Denial of Service Vulnerability in Multiple Huawei Products (CNVD-2016-11388)

Huawei S9700 and others are S-series switches from Huawei China. A denial of service vulnerability exists in multiple Huawei products, which originates from a program failing to properly validate Multiprotocol Label Switching MPLS messages. A remote attacker could cause a denial of service by...

Cisco IOS Software H.323 Message Validation Denial of Service Vulnerability (cisco-sa-20160928-h323)

A vulnerability in the H.323 subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to create a denial of service DoS condition on an affected device. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

Cisco IOS XE Software H.323 Message Validation Denial of Service Vulnerability

A vulnerability in the H.323 subsystem of Cisco IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service DoS condition on an affected device. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

Debian Security Advisory DSA 3673-1 (openssl - security update)

Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/CVE-2016-2178 Cesar Pereida, Billy Brumley and...

Privilege escalation through IPC channel messages — Mozilla

Mozilla Developer Jed Davis and Mozilla security engineer Christoph Diehl reported that Mozilla had inherited a Inter-process Communication IPC vulnerability when IPC was introduced into Mozilla products through third-party code. This could allow for privilege escalation through IPC channels due ...

Moab Authentication Bypass (insecure message signing) [CVE-2014-5376]

Moab Authentication Bypass insecure message signing : CVE-2014-5376 Software: Moab Affected Versions: Dependent on configuration, can affect all versions of Moab including Moab 8 CVE Reference: CVE-2014-5376 Author: John Fitzpatrick, Luke Jennings MWR Labs http://labs.mwrinfosecurity.com/ Severit...

CVE-2014-5375

The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 does not properly validate the message owner matches the submitting user, which allows remote authenticated users to impersonate arbitrary users via the UserId and Owner tags...

Drupal Mime Mail访问绕过漏洞

Bugtraq ID:65825 Drupal是一套开放源码的内容管理平台。 Drupal Mime Mail对进入的消息进行验证的默认KEY有随机数生成，但在某些平台上该数最大值为32767，攻击者可利用漏洞通过暴力攻击进行破解。 0 Drupal Mime Mail 6.x Drupal Mime Mail 7.x 厂商补丁： Drupal ----- Drupal Mime Mail 6.x-13和7.x-1.0-beta2已经修复该漏洞，建议用户下载更新： http://drupal.org/project/mimemail...

Updated mesa packages fix multiple vulnerabilties

An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs Mozilla Firefox does this, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application...

CVE-2011-3079

The Inter-process Communication IPC implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors...

Input validation

message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...

Ubuntu Update for krb5 vulnerability USN-999-1

Ubuntu Update for Linux kernel vulnerabilities USN-999-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9991.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for krb5 vulnerability USN-999-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

counterpath-dos.txt

Title ===== CounterPath X-Lite SIP phone Remote Denial of Service vulnerability Date ==== 10 August 2007 Affected Software ================= X-Lite versions 3.x tested on 3.0 34025 Maybe eyeBeam also ; Overview ======== X-Lite by CounterPath Solutions, Inc. is a free and wild used SIP based...

wengophone-dos.txt

Title ===== WengoPhone SIP phone Remote Denial of Service vulnerability Date ==== 10 August 2007 Affected Software ================= WengoPhone versions 2.x tested on 2.1 Overview ======== WengoPhone is a thriving VoIP Service Provider from France. It is a free and wild used SIP based softphone...

PT-2005-3110 · Cisco · Cisco 7940/7960

Name of the Vulnerable Software and Affected Versions: Cisco 7940/7960 Voice over IP VoIP phones affected versions not specified Description: The issue concerns the improper validation of certain values in a NOTIFY message, which can be exploited by remote attackers to spoof messages. This could...

Zaep crosssite scripting

Crossite scripting in message validation web interface...