3663 matches found
openSUSE Security Update : libvorbis (openSUSE-2012-141)
Specially crafted ogg files could cause a heap-based buffer overflow in the vorbis audio compression library that could potentially be exploited by attackers to cause a crash or execute arbitrary code %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...
Facebook CSRF Tokens in Heavy Rotation to Ward off BREACH
The BREACH attack was the talk of Black Hat last summer. It was disclosed less than two months after the first Snowden leaks and helped renew focus on the security of online communication and the protocols guarding ecommerce and messaging. What BREACH did was throw a wrench into cross-site reques...
Answers is vulnerable to BREACH (SSL/HTTP gzip) attack
This is an external report, and not a high priority - certainly much lower impact than ANSWERS-648. This issue was reported by Nakul Mohan , 11 May - the email is too long to reproduce here. An attacker with the ability to: Inject partial chosen plaintext into a victim's requests Measure the size...
Answers is vulnerable to BREACH (SSL/HTTP gzip) attack
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47215. panel This is an external report, and not a high priority - certainly much lower impact than ANSWERS-648. This issue was...
Answers is vulnerable to BREACH (SSL/HTTP gzip) attack
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47215. panel This is an external report, and not a high priority - certainly much lower impact than ANSWERS-648. This issue was...
USN-2190-1: JBIG-KIT vulnerability
Florian Weimer discovered that JBIG-KIT incorrectly handled certain malformed images. If a user or automated system were tricked into processing a specially crafted image, JBIG-KIT could be made to crash, or possibly execute arbitrary code...
CVE-2013-0296
Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring...
DEBIAN-CVE-2013-0296
Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring...
Race condition
Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring...
CVE-2013-0296
Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring...
UBUNTU-CVE-2013-0296
Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring...
CVE-2013-0296
Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring...
CVE-2013-0296
CVE-2013-0296 : The race condition affects pigz, prior to version 2.2.5, where permissions derived from the process umask may be applied during compression before aligning the file’s permissions with the source. This can allow local users to bypass intended access controls while compression is in...
[SECURITY] [DSA 2895-2] prosody regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-2895-2 [email protected] http://www.debian.org/security/ Luciano Bello April 21, 2014 http://www.debian.org/security/faq -...
SSL/TLS CRIME attack against HTTPS
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differenc...
DEBIAN-CVE-2014-2744
plugins/modcompression.lua in 1 Prosody before 0.9.4 and 2 Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service resource consumption via compressed XML elements in an XMPP stream, aka an...
CVE-2014-2744
plugins/modcompression.lua in 1 Prosody before 0.9.4 and 2 Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service resource consumption via compressed XML elements in an XMPP stream, aka an...
CVE-2014-2744
plugins/modcompression.lua in 1 Prosody before 0.9.4 and 2 Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service resource consumption via compressed XML elements in an XMPP stream, aka an...
Design/Logic Flaw
plugins/modcompression.lua in 1 Prosody before 0.9.4 and 2 Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service resource consumption via compressed XML elements in an XMPP stream, aka an...
CVE-2014-2744
plugins/modcompression.lua in 1 Prosody before 0.9.4 and 2 Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service resource consumption via compressed XML elements in an XMPP stream, aka an...