Design/Logic Flaw

The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service device reload via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730...

Code injection

The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service device reload via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733...

CVE-2013-5479

The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service device reload via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730...

CVE-2013-5481

Cisco IOS Software NAT implementation contains a vulnerability in PPTP handling that, when NAT is used, can be exploited by remote attackers sending crafted TCP port-1723 packets to cause a DoS and device reload. Affected releases include Cisco IOS 12.2 and 15.0–15.3. The issue is identified as B...

CVE-2013-5480

The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service device reload via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733...

Astium Remote Code Execution Vulnerability

This Metasploit module exploits vulnerabilities found in Astium astium-confweb-2.1-25399 RPM and lower. A SQL Injection vulnerability is used to achieve authentication bypass and gain admin access. From an admin session arbitrary PHP code upload is possible. It is used to add the final PHP payloa...

Astium Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Astium Remote Cod...

Cisco IOS Software Internet Key Exchange Memory Leak Vulnerability

A vulnerability in the Internet Key Exchange IKE protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a device reload. The vulnerability is due to incorrect handling of malformed IKE packets by the...

Cisco Releases Semiannual IOS Software Security Advisory Bundled Publication

Cisco has released its semiannual Cisco IOS Software Security Advisory Bundled Publication. This publication includes eight Security Advisories that address vulnerabilities in Cisco IOS Software. Exploits of these vulnerabilities could result in a denial of service DoS condition, interface queue...

Medium: gnupg

Issue Overview: GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. Affected Packages: gnupg Issue Correction: Run yum update gnu...

Astium Remote Code Execution

This module exploits vulnerabilities found in Astium astium-confweb-2.1-25399 RPM and lower. A SQL Injection vulnerability is used to achieve authentication bypass and gain admin access. From an admin session arbitrary PHP code upload is possible. It is used to add the final PHP payload to...

CVE-2013-5496

CVE-2013-5496 affects Cisco NX-OS Open Network Environment Platform (ONEP). A vulnerability due to insufficient pointer validation allows an authenticated, remote attacker to cause a network element to reload (DoS) by sending crafted packets. The issue, tracked as CSCui51551, is documented in Cis...

Cisco Open Network Environment Platform Unvalidated Pointer Vulnerability

A vulnerability in the Open Network Environment Platform ONEP could allow an authenticated, remote attacker to cause the network element to reload. The vulnerability is due to insufficient pointer validation. An attacker could exploit this vulnerability by sending a crafted packet to an ONEP...

VulnCheck KEV: CVE-2013-1690

Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service DoS or possibly execute malicious code via a crafted web site...

CVE-2013-4242

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload...

Design/Logic Flaw

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload...

CVE-2013-4242

CVE-2013-4242 affects GnuPG before 1.4.14 and Libgcrypt before 1.5.3 (as used in GnuPG 2.0.x), enabling a local user to obtain private RSA keys via a cache side-channel (Flush+Reload) on the L3 cache. The root cause is a cache side-channel leak in the RSA key handling within GnuPG/Libgcrypt. Docu...

Memory corruption

Cisco IOS XR allows local users to cause a denial of service Silicon Packet Processor memory corruption, improper mutex handling, and device reload by starting an outbound flood of large ICMP Echo Request packets and stopping this with a CTRL-C sequence, aka Bug ID CSCui60347...

Ubuntu Update for gnupg USN-1923-1

Check for the Version of gnupg OpenVAS Vulnerability Test $Id: gbubuntuUSN19231.nasl 8542 2018-01-26 06:57:28Z teissa $ Ubuntu Update for gnupg USN-1923-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; y...

USN-1923-1: GnuPG, Libgcrypt vulnerability

Yuval Yarom and Katrina Falkner discovered a timing-based information leak, known as Flush+Reload, that could be used to trace execution in programs. GnuPG and Libgcrypt followed different execution paths based on key-related data, which could be used to expose the contents of private keys...