5149 matches found
Oracle Linux 5 : gnupg (ELSA-2013-1458)
The remote Oracle Linux 5 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2013-1458 advisory. - fix CVE-2013-4351 gpg treats no-usage-permitted keys as all-usages-permitted - fix CVE-2012-6085 GnuPG: readblock corrupt key input validation - fix...
GnuPG: infinite recursion in the compressed packet parser DoS
The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service infinite recursion via a crafted OpenPGP message...
GnuPG: infinite recursion in the compressed packet parser DoS
The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service infinite recursion via a crafted OpenPGP message...
Medium: gnupg2
Issue Overview: GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared no usage permitted as if it has all bits set all usage permitted, which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. The compressed...
Debian DSA-2774-1 : gnupg2 - several vulnerabilities
Two vulnerabilities were discovered in GnuPG 2, the GNU privacy guard, a free PGP replacement. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-4351 When a key or subkey had its 'key flags' subpacket set to all bits off, GnuPG currently would treat t...
Debian Security Advisory DSA 2774-1 (gnupg2 - several vulnerabilities)
Two vulnerabilities were discovered in GnuPG 2, the GNU privacy guard, a free PGP replacement. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4351When a key or subkey had its key flags subpacket set to all bits off, GnuPG currently would treat the key...
DSA-2773-1 gnupg - several
Bulletin has no description...
Debian: Security Advisory (DSA-2773-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2013-4402
The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service infinite recursion via a crafted OpenPGP message...
FreeBSD : gnupg -- possible infinite recursion in the compressed packet parser (749b5587-2da1-11e3-b1a9-b499baab0cbe)
Werner Koch reports : Special crafted input data may be used to cause a denial of service against GPG GnuPG's OpenPGP part and some other OpenPGP implementations. All systems using GPG to process incoming data are affected.. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive tex...
CVE-2011-1483
wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterpris...
CVE-2011-1483
wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterpris...
DoS vulnerability in Mozilla Firefox and Microsoft Internet Explorer
Hello 3APA3A! I want to warn you about Denial of Service vulnerability in Mozilla Firefox and Microsoft Internet Explorer. Earlier Jean Pascal Pereira has found DoS vulnerability in browser Firefox 14.0.1 http://1337day.com/exploit/description/19201. And at 07.04.2013 I've checked this...
CVE-2013-2004
The 1 GetDatabase and 2 XimParseStringFile functions in X.org libX11 1.5.99.901 1.6 RC1 and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service stack consumption via a crafted file...
CVE-2013-2004
The 1 GetDatabase and 2 XimParseStringFile functions in X.org libX11 1.5.99.901 1.6 RC1 and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service stack consumption via a crafted file...
CVE-2013-2004
The 1 GetDatabase and 2 XimParseStringFile functions in X.org libX11 1.5.99.901 1.6 RC1 and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service stack consumption via a crafted file...
dir_bruter
This plugin finds directories on a web server by brute-forcing their names using a wordlist. Given the large amount of time that this plugin can consume, by default, it will only try to identify directories in the web root "/", ignoring the path that is sent as its input. Two configurable...
FreeBSD : xorg -- protocol handling issues in X Window System client libraries (2eebebff-cd3b-11e2-8f09-001b38c3836c)
freedesktop.org reports : Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Org's security team to analyze, confirm, and fix these issues. Most...
DNS Amplification Attacks (UDP) - Active Check
A misconfigured Domain Name System DNS server can be exploited to participate in a Distributed Denial of Service DDoS attack. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
OpenJDK: MethodHandles.Lookup incorrect permission checks, Java 7 0day (Libraries, 8006017)
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by 1 using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using t...