8002 matches found
DSA-3090-1 iceweasel - security update
Bulletin has no description...
unzip -- input sanitization errors
oCERT reports: The UnZip tool is an open source extraction utility for archives compressed in the zip format. The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification, the testcompreb and the getZip64Data functions. The input errors may result in...
mysql: Remote Preauth User Enumeration flaw
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames...
Fedora 19 : phpMyAdmin-4.2.12-1.fc19 (2014-15535)
phpMyAdmin 4.2.12.0 2014-11-20 ================================ - Blank/white page when JavaScript disabled - Multi row actions cause full page reloads - ReferenceError: targeurl is not defined - Incorrect text/icon display in Tracking report - Recordset return from procedure display nothing - Ed...
Google Chrome Multiple Vulnerabilities - 01 (Nov 2014) - Mac OS X
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
Medium: libX11, libXcursor, libXfixes, libXi, libXrandr, libXrender, libXres, libXt, libXv, libXvMC, libXxf86dga, libXxf86vm, libdmx, xorg-x11-proto-devel
Issue Overview: Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol data to an X11 server via a malicious X11 client could use either of these flaws t...
Project Zero Patch Tuesday roundup, November 2014
Posted by Chris Evans, Registrar of Bugs It’s been about a week since Patch Tuesday, and the Project Zero reports mentioned in the various advisories are now public. We won’t always be writing a Patch Tuesday roundup, but we often will when we believe there is a sufficiently varied and interestin...
Adobe Flash Player Multiple Vulnerabilities (APSB14-24) - Linux
Adobe Flash Player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:flashplayer";...
Adobe Flash Player Multiple Vulnerabilities (APSB14-24) - Windows
Adobe Flash Player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:flashplayer";...
Adobe AIR Multiple Vulnerabilities (APSB14-24) - Mac OS X
Adobe AIR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:flashplayer"; ifdescription...
[SECURITY] [DSA 3050-3] iceweasel security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3050-3 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 12, 2014 http://www.debian.org/security/faq -...
Chinese Telecom Routes Russian Domestic Internet Traffic through China
Russian Internet traffic, including the domestic one, has continuously been re-routed outside the country due to routing errors by China Telecom, which could result in compromising the security of Russian communications. Internet monitoring service Dyn reported Thursday in a blog post that the...
TigerVNC: User-assisted execution of arbitrary code
Background TigerVNC is a high-performance VNC server/client. Description Two boundary errors in TigerVNC could lead to a heap-based buffer overflow. Impact A remote attacker could entice a user to connect to a malicious VNC server using TigerVNC, possibly resulting in execution of arbitrary code...
Linksys SMART Wi-Fi Firmware Patches Released
Two versions of popular consumer and small office Linksys routers remain vulnerable to a pair of vulnerabilities recently patched in other models of the Belkin-owned networking gear. Linksys EA2700 and EA3500 routers running Linksys SMART Wi-Fi firmware have yet to be patched against...
Debian DSA-3061-1 : icedove - security update
Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update...
CVE-2014-7987
Cross-site scripting XSS vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php...
Linksys SMART WiFi firmware contains multiple vulnerabilities
Overview Linksys EA series routers running the Linksys SMART WiFi firmware contain multiple vulnerabilities. Description CWE-320: Key Management Errors - CVE-2014-8243An remote, unauthenticated attacker can read the router's .htpassword file by requesting https:///.htpasswd. The .htpasswd file...
DSA-3061-1 icedove - security update
Bulletin has no description...
Debian Security Advisory DSA 3061-1 (icedove - security update)
Multiple security issues have been found in Icedove, Debian OpenVAS Vulnerability Test $Id: deb3061.nasl 6759 2017-07-19 09:56:33Z teissa $ Auto-generated from advisory DSA 3061-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2014 Greenbone Networks GmbH...
Debian: Security Advisory (DSA-3061-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...