CVE-2014-1438

The restorefpuchecking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service task kill or possibly gain...

FreeBSD : openssl -- multiple vulnerabilities (5aaa257e-772d-11e3-a65a-3c970e169bc2)

OpenSSL development team reports : Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f 6 Jan 2014 : - Fix for TLS record tampering bug CVE-2013-4353 - Fix for TLS version checking bug CVE-2013-6449 - Fix for DTLS retransmission bug CVE-2013-6450 %NASLMINLEVEL 70300 C Tenable Network Security,...

openssl -- multiple vulnerabilities

OpenSSL development team reports: Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f 6 Jan 2014: Fix for TLS record tampering bug CVE-2013-4353 Fix for TLS version checking bug CVE-2013-6449 Fix for DTLS retransmission bug CVE-2013-6450...

Quick Heal Antivirus Pro 'pepoly.dll' Stack Buffer Overflow Vulnerability

Quick Heal Antivirus Pro is prone to stack buffer overflow vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

APPLE-SA-2013-12-19-1 Motion 5.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-12-19-1 Motion 5.1 Motion 5.1 is now available and addresses the following: Motion Available for: OS X Mavericks v10.9 or later Impact: A maliciously crafted .motn file could lead to arbitrary code execution Description: An integer...

Debian Security Advisory DSA 2824-1 (curl - unchecked tls/ssl certificate host name)

Marc Deslauriers discovered that curl, a file retrieval tool, would mistakenly skip verifying the CN and SAN name fields when digital signature verification was disabled in the libcurl GnuTLS backend. The default configuration for the curl package is not affected by this issue since the digital...

Debian Security Advisory DSA 2809-1 (ruby1.8 - several vulnerabilities)

Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1821 Ben Murphy discovered that unrestricted entity expansion in REXML can lead to a Denial of Service by consuming a...

DSA-2809-1 ruby1.8 - several

Bulletin has no description...

Ubuntu Update for ruby1.8 USN-2035-1

Check for the Version of ruby1.8 OpenVAS Vulnerability Test $Id: gbubuntuUSN20351.nasl 8672 2018-02-05 16:39:18Z teissa $ Ubuntu Update for ruby1.8 USN-2035-1 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free softwar...

[USN-2035-1] Ruby vulnerabilities

========================================================================== Ubuntu Security Notice USN-2035-1 November 27, 2013 ruby1.8, ruby1.9.1 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : ruby1.8, ruby1.9.1 vulnerabilities (USN-2035-1)

Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. An attacker could possibly use this issue with an application that converts text to floating point numbers to cause the application to crash, resulting in a denial of service, or possibly execute arbitra...

USN-2035-1: Ruby vulnerabilities

Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. An attacker could possibly use this issue with an application that converts text to floating point numbers to cause the application to crash, resulting in a denial of service, or possibly execute arbitra...

Updated glibc package fixes security vulnerabilities

Updated glibc packages fixes the following security issues: Integer overflow in string/strcolll.c in the GNU C Library aka glibc or libc6 2.17 and earlier allows context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via a long string, which triggers a...

[Tundeep v0.2a] Layer 2 VPN/Injection tool

Tundeep is a layer 2 VPN/injection tool that resides almost entirely in user space on the victim aside from the pcap requirement. This can be handled via a silent install however. The tool will build on Linux and Windows victims. Windows compilation is achieved using Cygwin. The attacker must be ...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-246)

Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-235)

Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine...

Updated java-1.6.0-openjdk package fixes multiple vulnerabilities

Updated java-1.6.0-openjdk packages fix security vulnerabilities: Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the...

MGASA-2013-0323 Updated java-1.6.0-openjdk package fixes multiple vulnerabilities

Updated java-1.6.0-openjdk packages fix security vulnerabilities: Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the...

[SECURITY] Fedora 20 Update: roundcubemail-0.9.5-1.fc20

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

CentOS Update for java CESA-2013:1505 centos6

Check for the Version of java OpenVAS Vulnerability Test CentOS Update for java CESA-2013:1505 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...