7498 matches found
Microsoft Windows multiple security vulnerabilities
Restrictions bypass and memory corruptions in Internet Explorer, .Net code execution, TrueType embedded fonts code execution, OLE code execution, message queue service and FAT32 driver privilege escalation...
DEBIAN-CVE-2014-7202
streamengine.cpp in libzmq aka ZeroMQ/C++ 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request...
CVE-2014-4793
IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors...
qemu: virtio-net: out-of-bounds buffer write on invalid state load
The virtionetload function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of currqueues is greater than maxqueues, which triggers an out-of-bounds write...
DEBIAN-CVE-2014-4615
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry Ceilometer 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain XAUTHTOKEN values by reading the message queue...
CVE-2014-4615
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry Ceilometer 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain XAUTHTOKEN values by reading the message queue...
CVE-2014-4615
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry Ceilometer 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain XAUTHTOKEN values by reading the message queue...
Xxe
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry Ceilometer 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain XAUTHTOKEN values by reading the message queue...
CVE-2014-4615
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry Ceilometer 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain XAUTHTOKEN values by reading the message queue...
CVE-2014-4615
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry Ceilometer 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain XAUTHTOKEN values by reading the message queue...
pycadf: token leak to message queue
It was found that authentication tokens were not properly sanitized from the message queue by the notifier middleware. An attacker with read access to the message queue could possibly use this flaw to intercept an authentication token and gain elevated privileges. Note that all services using the...
Important: Red Hat Security Advisory: openstack-ceilometer security and bug fix update
Updated OpenStack Telemetry packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which give...
Debian Linux <= 2.1 Print Queue Control Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/508/info The LPRng software is an enhanced, extended, and portable version of the Berkeley LPR software the standard UNIX printer spooler that ships with Debian GNU/Linux. When root controls the print queue, the...
Postfix 1.1.x Denial of Service Vulnerabilities (2)
No description provided by source. source: http://www.securityfocus.com/bid/8333/info Debian has reported two vulnerabilities in the Postfix mail transfer agent. The first vulnerability, CAN-2003-0468, can allow for an adversary to bounce-scan a private network. It has also been reported that thi...
MDaemon <= 6.8.5 WorldClient form2raw.cgi Stack Buffer Overflow
No description provided by source. $Id: mdaemonworldclientform2raw.rb 9653 2010-07-01 23:33:07Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing an...
RPM Select/Elite 5.0 - (.xml config parsing) Unicode Buffer Overflow PoC
No description provided by source. !/usr/bin/python RPM Select/Elite v5.0 .xml config parsing unicode buffer overflow PoC Found by: mrme - http://net-ninja.net/ Homepage: http://lpd.brooksnet.com/ Download: http://www.brooksnet.com/download-rpmselect Tested on: Windows XP SP3 Advisory:...
kernel: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied
Use-after-free vulnerability in the nfqnlzcopy function in net/netfilter/nfnetlinkqueuecore.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the...
UBUNTU-CVE-2014-4615
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry Ceilometer 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain XAUTHTOKEN values by reading the message queue...
CVE-2014-4615
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry Ceilometer 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain XAUTHTOKEN values by reading the message queue...
UBUNTU-CVE-2014-3155
net/spdy/spdywritequeue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service out-of-bounds read by leveraging incorrect queue maintenance...