DSA-3197-1 openssl - security update

Bulletin has no description...

Debian Security Advisory DSA 3197-1 (openssl - security update)

Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-0286 Stephen Henson discovered that the ASN1TYPEcmp function can be crashed, resulting in denial of service...

CVE-2015-0292

CVE-2015-0292: OpenSSL base64 decoding underflow leading to memory corruption/DoS. Affects OpenSSL prior to 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h. Exploitation via crafted Base64 input (e.g., PEM data) could crash the app; upstream and distro advisories (e.g., RHSA-2015:0715/0716,...

UBUNTU-CVE-2015-0292

Integer underflow in the EVPDecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact v...

Nucom ADSL ADSLR5000UN - ISP Credentials Disclosure

Nucom ADSL ADSLR5000UN - ISP Credentials Disclosure !/usr/bin/perl Exploit Author: Sebastián Magof Hardware: Modem Nucom ADSL R5000UNv2 Software Version: R5TC008 Vulnerable file: guidewan.html location: http://gateway/telecomGUI/guidewan.html Bug: ISP usr+pwd disclosure Type: Local Date: 24/09/20...

UBUNTU-CVE-2014-1725

The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service out-of-bounds read via a window.atob...

CVE-2014-1725

Removed by vendor...

Oracle Linux 4 : pidgin (ELSA-2010-0788)

From Red Hat Security Advisory 2010:0788 : Updated pidgin packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...

Microsoft Exchange Server MIME Base64 Decoding Code Execution (MS07-026; CVE-2007-0213) - Improved Performance

A vulnerability exists in the way Microsoft Exchange servers process certain MIME-encoded attachments. An attacker can exploit this vulnerability for code execution in SYSTEM security context...

Mandriva Linux Security Advisory : fetchmail (MDVSA-2013:037)

Multiple vulnerabilities has been found and corrected in fetchmail : Fetchmail version 6.3.9 enabled all SSL workarounds SSLOPALL which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an...

Mandriva Update for fetchmail MDVSA-2012:149 (fetchmail)

Check for the Version of fetchmail OpenVAS Vulnerability Test Mandriva Update for fetchmail MDVSA-2012:149 fetchmail Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

Debian Security Advisory DSA 2526-1 (libotr)

The remote host is missing an update to libotr announced via advisory DSA 2526-1. OpenVAS Vulnerability Test $Id: deb25261.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2526-1 libotr Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

DEBIAN-CVE-2012-3461

The 1 otrlbase64otrdecode function in src/b64.c; 2 otrlprotodatareadflags and 3 otrlprotoacceptdata functions in src/proto.c; and 4 decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a deni...

[SECURITY] [DSA 2526-1] libotr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2526-1 [email protected] http://www.debian.org/security/ Nico Golde August 12, 2012 http://www.debian.org/security/faq -...

DSA-2526-1 libotr - buffer overflow

Bulletin has no description...

Scientific Linux Security Update : pidgin on SL4.x, SL5.x i386/x86_64

Multiple NULL pointer dereference flaws were found in the way Pidgin handled Base64 decoding. A remote attacker could use these flaws to crash Pidgin if the target Pidgin user was using the Yahoo! Messenger Protocol, MSN, MySpace, or Extensible Messaging and Presence Protocol XMPP protocol...

Debian Security Advisory DSA 2368-1 (lighttpd)

The remote host is missing an update to lighttpd announced via advisory DSA 2368-1. OpenVAS Vulnerability Test $Id: deb23681.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2368-1 lighttpd Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Debian: Security Advisory (DSA-2368-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2368-1 : lighttpd - multiple vulnerabilities (BEAST)

Several vulnerabilities have been discovered in lighttpd, a small and fast webserver with minimal memory footprint. - CVE-2011-4362 Xi Wang discovered that the base64 decoding routine which is used to decode user input during an HTTP authentication, suffers of a signedness issue when processing...

CVE-2011-3692

NetSaro Enterprise Messenger Server 2.0 stores cleartext console credentials in configuration.xml, which allows local users to obtain sensitive information by reading this file and performing a base64 decoding step...