Scientific Linux Security Update : ccid on SL5.x i386/x86_64 (20130930)

An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon root, by default, by inserting a...

Updated polarssl package fixes security vulnerabilities

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in PolarSSL before 1.2.6, does not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and...

Amazon Linux AMI : net-snmp (ALAS-2012-97)

An array index error, leading to an out-of-bounds buffer read flaw, was found in the way the net-snmp agent looked up entries in the extension table. A remote attacker with read privileges to a Management Information Base MIB subtree handled by the 'extend' directive in '/etc/snmp/snmpd.conf' cou...

Oracle Linux 5 : net-snmp (ELSA-2013-0124)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0124 advisory. - fixed CVE-2012-2141, an array index error in the extension table 815813 Tenable has extracted the preceding description block directly from the Oracle Linux...

CVE-2013-4077

Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service application crash via a crafted packet, related to nbap.cnf and packet-nbap.c...

CVE-2013-4077

Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service application crash via a crafted packet, related to nbap.cnf and packet-nbap.c...

CVE-2013-4077

CVE-2013-4077 affects the NBAP dissector in Wireshark 1.8.x before 1.8.8. The issue is an array index error in NBAP processing (nbap.cnf and packet-nbap.c) that can cause a denial of service (application crash) via a crafted packet. Documents validate the root cause and version bound; no exploit ...

CVE-2013-1210

Cisco Nexus 1000V Nexus 1000V VEM kernel driver for VMware ESXi is affected by CVE-2013-1210 due to an out-of-bounds array access when STUN debugging is enabled. The issue can be exploited remotely by sending crafted STUN packets to the VEM, potentially crashing the ESXi hypervisor and causing a ...

Scientific Linux Security Update : ccid on SL6.x i386/x86_64 (20130221)

An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon root, by default, by inserting a...

CVE-2013-1763

Array index error in the sockdiagrcvmsg function in net/core/sockdiag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message...

Code injection

Array index error in the sockdiagrcvmsg function in net/core/sockdiag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message...

CVE-2013-1763

Array index error in the sockdiagrcvmsg function in net/core/sockdiag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message...

CVE-2013-1763

CVE-2013-1763 affects the Linux kernel pre-3.7.10, where an array index error in net/core/sock_diag.c (__sock_diag_rcv_msg) could allow a local attacker to gain privileges via a large family value in a Netlink message. The impact is a local privilege escalation with full confidentiality/integrity...

CVE-2013-1763

Array index error in the sockdiagrcvmsg function in net/core/sockdiag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message...

EUVD-2013-1789

Array index error in the sockdiagrcvmsg function in net/core/sockdiag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message...

ccid security update

CentOS Errata and Security Advisory CESA-2013:0523 An updated ccid package that fixes one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS...

SAP NetWeaver Message Server Memory Corruption (CVE-2013-1592)

A code execution vulnerability has been reported in SAP NetWeaver Message Server. The vulnerability is due to an array index error in the function MsJ2EEAddStatistics. A remote attacker can exploit this vulnerability by sending a specially crafted message to a vulnerable server...

Code injection

Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet...

CVE-2012-4704

CVE-2012-4704 affects the 3S CODESYS Gateway-Server (prior to ver. 2.3.9.27). The vulnerability is described as a memory access error (array/index handling) in the Gateway-Server that can allow a remote attacker to execute arbitrary code via a crafted packet. ICS-CERT/3S advisories confirm remote...

CVE-2012-4704

Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet...