117 matches found
Cisco Intrusion Prevention System Key Generation HTTPS Denial of Service Vulnerability
Cisco Intrusion Prevention System is an intrusion prevention system. A contention condition vulnerability exists in the SSL/TLS subsystem used by the Cisco Intrusion Prevention System WEB interface to generate encryption certificates and keys for affected devices, which could be exploited by an...
Updated firefox and thunderbird packages fix security vulnerabilities
Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...
Firefox < 23.0 Multiple Vulnerabilities
The installed version of Firefox is earlier than 23.0 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. CVE-2013-1701, CVE-2013-1702 - Use-after-free errors exist related to DOM modification when using...
Thunderbird < 17.0.8 Multiple Vulnerabilities (Mac OS X)
The installed version of Thunderbird is earlier than 17.0.8 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. CVE-2013-1701, CVE-2013-1702 - Use-after-free errors exist related to DOM modification when...
Mozilla: CRMF requests allow for code execution and XSS attacks (MFSA 2013-69)
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting XSS attacks...
Mozilla: CRMF requests allow for code execution and XSS attacks (MFSA 2013-69)
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting XSS attacks...
CVE-2013-1710
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting XSS attacks...
Heap overflow
Heap-based buffer underflow in the cryptojsinterpretkeygentype function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted Certificate Request Message Format CRMF request...
Cross site scripting
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting XSS attacks...
CVE-2013-1705
Heap-based buffer underflow in the cryptojsinterpretkeygentype function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted Certificate Request Message Format CRMF request...
Buffer underflow when generating CRMF requests — Mozilla
Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when generating a Certificate Request Message Format CRMF request with certain parameters. This causes a potentially exploitable crash...
CRMF requests allow for code execution and XSS attacks — Mozilla
Mozilla security researcher mozbugra4 reported a mechanism to execute arbitrary code or a cross-site scripting XSS attack when Certificate Request Message Format CRMF request is generated in certain circumstances...
Microsoft Windows SChannel Certificate Request Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability that affects SChannel. Successful exploits will allow an attacker to run arbitrary code in the context of the currently logged-in user. Technologies Affected Avaya Aura Conferencing 6.0 Avaya Aura Conferencing 6.0...
Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability. CVE-2009-2408. Remote exploit for linux platform source: http://www.securityfocus.com/bid/35888/info Mozilla Network Security Services NSS is prone to a security-bypass vulnerability because it fails to proper...
CVE-2008-1580
CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information Subject data from personally identifiable certificates, and use arbitrary certificates...
CVE-2004-0040
Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet...
CVE-2004-0040
Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet...