Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64 (20120529)

An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS Datagram Transport Layer Security application data record lengths when using a block cipher in CBC cipher-blockchaining mode. A malicious DTLS client or server could use this flaw to crash its DTLS...

CentOS Update for openssl CESA-2012:0699 centos6

Check for the Version of openssl OpenVAS Vulnerability Test CentOS Update for openssl CESA-2012:0699 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

CentOS Update for openssl CESA-2012:0699 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for openssl CESA-2012:0699 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Moderate: Red Hat Security Advisory: openssl security and bug fix update

Updated openssl packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Asterisk SIP Channel Driver Uninitialized Variable Request Parsing DoS (AST-2011-012)

According to the version in its SIP banner, the version of Asterisk running on the remote host can be crashed remotely by an authenticated user when parsing an invalid SIP URI. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descripti...

DEBIAN-CVE-2011-4100

The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.3 does not initialize a certain variable, which allows remote attackers to cause a denial of service application crash via a malformed packet...

AST-2011-012: Remote crash vulnerability in SIP channel driver

Asterisk Project Security Advisory - AST-2011-012 Product Asterisk Summary Remote crash vulnerability in SIP channel driver Nature of Advisory Remote crash Susceptibility Remote authenticated sessions Severity Critical Exploits Known No Reported On October 4, 2011 Reported By Ehsan Foroughi Poste...

asterisk -- remote crash vulnerability in SIP channel driver

Asterisk project reports: A remote authenticated user can cause a crash with a malformed request due to an unitialized variable...

Wireshark Multiple Denial of Service Vulnerabilities - Windows

Wireshark is prone to multiple denial of service vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

ZDI-11-198: (Pwn2Own) Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability

ZDI-11-198: Pwn2Own Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-198 June 14, 2011 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer --...

(Pwn2Own) Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability

This vulnerability allows remote attackers to leak information on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Internet Explorer th...

iDefense Security Advisory 12.14.10: Microsoft Internet Explorer CSS Style Table Layout Uninitialized Memory Vulnerability

iDefense Security Advisory 12.14.10 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 14, 2010 I. BACKGROUND Internet Explorer is a graphical web browser developed by Microsoft Corp. that has been included with Microsoft Windows since 1995. For more information about Internet Explorer,...

SuSE 11 Security Update : (SAT Patch Number 2544)

This update of the Samba server package fixes the following security issues : - A buffer overrun was possible in chainreply code in 3.3.x and below, which could be used to crash the samba server or potentially execute code. CVE-2010-2063 - Take extra care that a mount point of mount.cifs does not...

Memory corruption

The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or...

Microsoft Office Access ActiveX Controls Remote Code Execution Vulnerabilities (982335)

This host is missing a critical security update according to Microsoft Bulletin MS10-044. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

SuSE9 Security Update : Samba (YOU Patch Number 12622)

This update of the Samba server package fixes the following security issue : - A buffer overrun was possible in chainreply code in 3.3.x and below, which could be used to crash the samba server or potentially execute code. CVE-2010-2063 Also, the following bug has been fixed : - An uninitialized...

openSUSE Security Update : cifs-mount (openSUSE-SU-2010:0346-1)

"This update of the Samba server package fixes security issues and bugs. Following security issues were fixed: CVE-2010-2063: A buffer overrun was possible in chainreply code in 3.3.x and below, which could be used to crash the samba server or potentially execute code. CVE-2010-0787: Take extra...

Dedecms select_soft_post. php page the variables are not the initial vulnerability-vulnerability warning-the black bar safety net

Text/ Flyh4t Affected versions: Dedecms 5.5 漏洞 产生 文件 位于 include\dialog\selectsoftpost.php, which is the variable$cfgbasedir not initialized properly, can lead to spare Through the identity authentication and system variable initialization file, cause you can upload any file to the specified...

CVE-2009-3084

The msnslpprocessmsg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service application crash via a handwritten aka Ink message, related to an uninitialized variabl...