1303 matches found
CentOS Update for openssl CESA-2014:1653 centos5
Check the version of openssl SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882063";...
Debian DSA-3053-1 : openssl - security update (POODLE)
Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit. - CVE-2014-3513 A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol SRTP extension data. A remote attacker could send multiple specially crafted...
USN-2385-1 openssl vulnerabilities
It was discovered that OpenSSL incorrectly handled memory when parsing DTLS SRTP extension data. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2014-3513 I...
USN-2385-1: OpenSSL vulnerabilities
It was discovered that OpenSSL incorrectly handled memory when parsing DTLS SRTP extension data. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2014-3513 I...
Debian Security Advisory DSA 3053-1 (openssl - security update)
Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit. CVE-2014-3513 A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol SRTP extension data. A remote attacker could send multiple specially crafted handshak...
DSA-3053-1 openssl - security update
Bulletin has no description...
New POODLE SSL 3.0 Attack Exploits Protocol Fallback Issue
A new attack on the SSLv3 protocol, disclosed Tuesday, takes advantage of an issue with the protocol that enables a network attacker to recover the plaintext communications of a victim. The attack is considered easier to exploit than similar previous attacks against SSL/TLS, such as BEAST and...
openSUSE Security Update : libQtWebKit-devel (openSUSE-SU-2011:1119-1)
Specially crafted font files could cause a single byte heap based buffer overflow CVE-2011-3193. Specially crafted grey scale images could cause a heap based buffer overflow CVE-2011-3194. The update also fixes the following non-security bugs : - fix QFileDialog not showing system files bnc669604...
CVE-2014-3274
Cisco TelePresence System CTS 6.0.55 and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager UCM to...
CVE-2014-3274
Cisco TelePresence System CTS 6.0.55 and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager UCM to...
CVE-2013-7343
Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding within the callback parameter name. NOTE: this vulnerability exists because of an incomplete fix fo...
UBUNTU-CVE-2013-7342
Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback parameter, a related issue to CVE-2013-7341...
Cross site scripting
Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback parameter, a related issue to CVE-2013-7341...
UBUNTU-CVE-2013-7343
Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding within the callback parameter name. NOTE: this vulnerability exists because of an incomplete fix fo...
CVE-2013-7342
Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback parameter, a related issue to CVE-2013-7341...
CVE-2013-7343
Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding within the callback parameter name. NOTE: this vulnerability exists because of an incomplete fix fo...
CVE-2013-7343
CVE-2013-7343 describes a cross-site scripting (XSS) vulnerability in Flowplayer’s Flash fallback component, specifically in the flowplayer.swf used by Flowplayer HTML5 5.4.3. The issue allows remote attackers to inject arbitrary web script or HTML by abusing URL encoding within the name of the c...
PYSEC-2014-95
Race condition in the xdg.BaseDirectory.getruntimedir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once th...
CVE-2014-1624
Race condition in the xdg.BaseDirectory.getruntimedir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once th...
Enghouse Interactive IVR Pro (VIP2000) Remote Root
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 XPD - XPD Advisory https://xpd.se Enghouse Interactive IVR Pro VIP2000 remote root authentication bypass Vulnerability Advisory ID: XPD-2013-001 CVE reference: CVE-2013-6838 Affected platforms: IVR Pro/Contact Center VIP2000 platforms with OpenVZ an...