CVE-2014-1578

The gettile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service out-of-bounds write and application crash or possibly execute arbitrary code via WebM frames with invalid tile sizes that are...

CVE-2014-1578

CVE-2014-1578 affects Mozilla Firefox (Firefox 33.0 and Firefox ESR 31.x before 31.2) and Thunderbird; the issue is an out-of-bounds write in get_tile() when buffering WebM frames with invalid tile sizes, leading to a crash or potentially arbitrary code execution. Connected sources confirm fixes:...

CVE-2014-1578

The gettile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service out-of-bounds write and application crash or possibly execute arbitrary code via WebM frames with invalid tile sizes that are...

CVE-2014-1578

The gettile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service out-of-bounds write and application crash or possibly execute arbitrary code via WebM frames with invalid tile sizes that are...

UBUNTU-CVE-2014-3686

wpasupplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpacli or hostapdcli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame...

netty: DoS via memory exhaustion during data aggregation

A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service...

CVE-2014-6695

The Wedding Photo Frames-Love Pics aka com.WeddingPhotoFramesLovePics application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Information disclosure

The Wedding Photo Frames-Love Pics aka com.WeddingPhotoFramesLovePics application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-6695

The CVE-2014-6695 entry concerns The Wedding Photo Frames-Love Pics (com.WeddingPhotoFramesLovePics) Android app (version 1.0) that fails to verify SSL X.509 certificates. Root cause: improper certificate validation in SSL/TLS communication, enabling man-in-the-middle attackers to spoof servers a...

USN-2319-2 openjdk-7 regression

USN-2319-1 fixed vulnerabilities in OpenJDK 7. Due to an upstream regression, verifying of the init method call would fail when it was done from inside a branch when stack frames are activated. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Several...

netty: DoS via memory exhaustion during data aggregation

A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service...

netty: DoS via memory exhaustion during data aggregation

A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service...

NetGear MA521 Wireless Driver 5.148.724 Long Beacon Probe Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21175/info NetGear MA521 Wireless device is prone to a stack-based buffer-overflow vulnerability because the driver fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory...

Linux Kernel 2.6.x AppleTalk ATalk_Sum_SKB Function Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23376/info The Linux kernel is prone to a denial-of-service vulnerability. This issue presents itself when malformed AppleTalk frames are processed. An attacker can exploit this issue to crash host computers, effectively...

Cisco ASA < 8.4.4.6 & 8.2.5.32 - Ethernet Information Leak

No description provided by source. !/usr/bin/env python CVE-2003-0001 'Etherleak' exploit ================================= Exploit for hosts which use a network device driver that pads ethernet frames with data which vary from one packet to another, likely taken from kernel memory, system memory...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0777-1)

java-160-openjdk was updated to 1.12.5 bnc817157 - Security fixes - S6657673, CVE-2013-1518: Issues with JAXP - S7200507: Refactor Introspector internals - S8000724, CVE-2013-2417: Improve networking serialization - S8001031, CVE-2013-2419: Better font processing - S8001040, CVE-2013-1537: Rework...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:0964-1)

update to icedtea-2.3.9 bnc816720 - Security fixes - S6657673, CVE-2013-1518: Issues with JAXP - S7200507: Refactor Introspector internals - S8000724, CVE-2013-2417: Improve networking serialization - S8001031, CVE-2013-2419: Better font processing - S8001040, CVE-2013-1537: Rework RMI model -...

UBUNTU-CVE-2014-0193

WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service memory consumption via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames...

PT-2014-3528 · Netty · Netty

Name of the Vulnerable Software and Affected Versions: Netty versions 3.6.x through 3.6.8 Netty versions 3.7.x through 3.7.0 Netty versions 3.8.x through 3.8.1 Netty versions 3.9.x through 3.9.0 Netty versions 4.0.x through 4.0.18 Description: The issue allows remote attackers to cause a denial o...

Multiple Vulnerabilities in Cisco Wireless LAN Controllers (cisco-sa-20140305-wlc)

The remote Cisco Wireless LAN Controller WLC is affected by one or more of the following vulnerabilities : - Errors exist related to the handling of specially crafted ethernet 802.11 frames that could allow denial of service attacks. CSCue87929, CSCuf80681 - An error exists related to the handlin...