CVE-2014-6695

The CVE-2014-6695 entry concerns The Wedding Photo Frames-Love Pics (com.WeddingPhotoFramesLovePics) Android app (version 1.0) that fails to verify SSL X.509 certificates. Root cause: improper certificate validation in SSL/TLS communication, enabling man-in-the-middle attackers to spoof servers a...

USN-2319-2 openjdk-7 regression

USN-2319-1 fixed vulnerabilities in OpenJDK 7. Due to an upstream regression, verifying of the init method call would fail when it was done from inside a branch when stack frames are activated. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Several...

netty: DoS via memory exhaustion during data aggregation

A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service...

netty: DoS via memory exhaustion during data aggregation

A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service...

Linux Kernel 2.6.x AppleTalk ATalk_Sum_SKB Function Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23376/info The Linux kernel is prone to a denial-of-service vulnerability. This issue presents itself when malformed AppleTalk frames are processed. An attacker can exploit this issue to crash host computers, effectively...

NetGear MA521 Wireless Driver 5.148.724 Long Beacon Probe Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21175/info NetGear MA521 Wireless device is prone to a stack-based buffer-overflow vulnerability because the driver fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory...

Cisco ASA < 8.4.4.6 & 8.2.5.32 - Ethernet Information Leak

No description provided by source. !/usr/bin/env python CVE-2003-0001 'Etherleak' exploit ================================= Exploit for hosts which use a network device driver that pads ethernet frames with data which vary from one packet to another, likely taken from kernel memory, system memory...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0777-1)

java-160-openjdk was updated to 1.12.5 bnc817157 - Security fixes - S6657673, CVE-2013-1518: Issues with JAXP - S7200507: Refactor Introspector internals - S8000724, CVE-2013-2417: Improve networking serialization - S8001031, CVE-2013-2419: Better font processing - S8001040, CVE-2013-1537: Rework...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:0964-1)

update to icedtea-2.3.9 bnc816720 - Security fixes - S6657673, CVE-2013-1518: Issues with JAXP - S7200507: Refactor Introspector internals - S8000724, CVE-2013-2417: Improve networking serialization - S8001031, CVE-2013-2419: Better font processing - S8001040, CVE-2013-1537: Rework RMI model -...

UBUNTU-CVE-2014-0193

WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service memory consumption via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames...

PT-2014-3528 · Netty · Netty

Name of the Vulnerable Software and Affected Versions: Netty versions 3.6.x through 3.6.8 Netty versions 3.7.x through 3.7.0 Netty versions 3.8.x through 3.8.1 Netty versions 3.9.x through 3.9.0 Netty versions 4.0.x through 4.0.18 Description: The issue allows remote attackers to cause a denial o...

Multiple Vulnerabilities in Cisco Wireless LAN Controllers (cisco-sa-20140305-wlc)

The remote Cisco Wireless LAN Controller WLC is affected by one or more of the following vulnerabilities : - Errors exist related to the handling of specially crafted ethernet 802.11 frames that could allow denial of service attacks. CSCue87929, CSCuf80681 - An error exists related to the handlin...

Multiple Vulnerabilities in Cisco Intrusion Prevention System Software (cisco-sa-20140219-ips)

According to its self-reported version, the version of the Cisco Intrusion Prevention System software running on the remote is affected by the following denial of service vulnerabilities : - The Analysis Engine can become unresponsive due to improper handling of fragmented packets processed throu...

CVE-2014-0720

Cisco IPS Software 7.1 before 7.18E4 and 7.2 before 7.22E4 allows remote attackers to cause a denial of service Analysis Engine process outage via a flood of jumbo frames, aka Bug ID CSCuh94944...

Design/Logic Flaw

Cisco IPS Software 7.1 before 7.18E4 and 7.2 before 7.22E4 allows remote attackers to cause a denial of service Analysis Engine process outage via a flood of jumbo frames, aka Bug ID CSCuh94944...

CVE-2014-0720

Cisco IPS Software 7.1 before 7.18E4 and 7.2 before 7.22E4 allows remote attackers to cause a denial of service Analysis Engine process outage via a flood of jumbo frames, aka Bug ID CSCuh94944...

Cisco IPS Software拒绝服务漏洞(CVE-2014-0720)

BUGTRAQ ID: 65669 CVECAN ID: CVE-2014-0720 Cisco IPS Software是网络入侵防御软件。 Cisco IPS处理大量的巨型帧时存在安全漏洞，未经身份验证的远程攻击者可利用此漏洞造成分析引擎进程崩溃，导致拒绝服务。 0 Cisco IPS 4200 Series Sensors 厂商补丁： Cisco ----- Cisco已经为此发布了一个安全公告（cisco-sa-20140219-ips）以及相应补丁: cisco-sa-20140219-ips：Multiple Vulnerabilities in Cisco IPS...

ESXi 5.0 < Build 515841 Multiple Vulnerabilities (remote check)

The remote VMware ESXi 5.0 host is affected by the following security vulnerabilities : - A security bypass vulnerability exists in the e1000 driver in the Linux kernel due to improper handling of Ethernet frames that exceed the MTU. An unauthenticated, remote attacker can exploit this, via...

Cisco MDS 9000 NX-OS Software Denial of Service Vulnerability

A vulnerability in the supervisor of the Cisco MDS Family could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of Virtual Router Redundancy Protocol VRRP frames. An attacker could exploit this vulnerability by...

[SECURITY] Fedora 19 Update: elinks-0.12-0.35.pre6.fc19

Elinks is a text-based Web browser. Elinks does not display any images, but it does support frames, tables and most other HTML tags. Elinks' advantage over graphical browsers is its speed--Elinks starts and exits quickly and swiftly displays Web pages...