Lucene search
+L

281 matches found

OpenVAS
OpenVAS
added 2015/05/08 12:0 a.m.23 views

Debian: Security Advisory (DSA-3254-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.6AI score0.01134EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2015/04/24 12:0 a.m.28 views

Debian Security Advisory DSA 3233-1 (wpa - security update)

The Google security team and the smart hardware research group of Alibaba security team discovered a flaw in how wpasupplicant used SSID information when creating or updating P2P peer entries. A remote attacker can use this flaw to cause wpasupplicant to crash, expose memory contents, and...

5.8CVSS0.5AI score0.05228EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2015/04/21 8:12 p.m.16 views

Renewed Attention on Android Apps Failing SSL Validation

SAN FRANCISCO – Android developers whose apps fail to validate SSL certificates are on notice; not only are researchers scanning apps making insecure connections, but so is Google. And the hammer may fall soon. Will Dormann, a researcher with CERT at the Software Engineering Institute at Carnegie...

Exploits0References3
Packet Storm
Packet Storm
added 2015/04/19 12:0 a.m.50 views

Adobe Flash Player copyPixelsToByteArray Integer Overflow

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Adobe Flash Player copyPixelsToByteArray Integer Overflow', 'Description' = %q This module exploits an integer overflow in Adobe Fla...

10CVSS0.5AI score0.84298EPSS
Exploits7
Mageia
Mageia
added 2015/04/15 5:22 p.m.41 views

Updated python-dulwich packages fix security vulnerabilities

Updated python-dulwich package fixes security vulnerabilities: It was discovered that Dulwich allows writing to files under .git/ when checking out working trees. This could lead to the execution of arbitrary code with the privileges of the user running an application based on Dulwich...

7.5CVSS7.3AI score0.04996EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2015/03/30 12:0 a.m.22 views

Debian DSA-3206-1 : dulwich - security update

Multiple vulnerabilities have been discovered in Dulwich, a Python implementation of the file formats and protocols used by the Git version control system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-9706 It was discovered that Dulwich allows...

7.5CVSS8.7AI score0.04996EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2015/03/26 12:0 a.m.33 views

Debian DLA-121-1 : jasper security update

Jose Duart of the Google Security Team discovered a double free flaw CVE-2014-8137 and a heap-based buffer overflow flaw CVE-2014-8138 in JasPer, a library for manipulating JPEG-2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary...

7.5CVSS7.4AI score0.18501EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/03/26 12:0 a.m.56 views

Debian DLA-124-1 : unzip security update

Michele Spagnuolo of the Google Security Team discovered that unzip, an extraction utility for archives compressed in .zip format, is affected by heap-based buffer overflows within the CRC32 verification function CVE-2014-8139, the testcompreb function CVE-2014-8140 and the getZip64Data function...

7.8CVSS7.4AI score0.07448EPSS
Exploits0References5
0day.today
0day.today
added 2015/03/20 12:0 a.m.57 views

Adobe Flash Player PCRE Regex Logic Error Exploit

This Metasploit module exploits a vulnerability found in Adobe Flash Player. A compilation logic error in the PCRE engine, specifically in the handling of the \c escape sequence when followed by a multi-byte UTF8 character, allows arbitrary execution of PCRE bytecode. This module requires...

10CVSS0.3AI score0.75781EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2015/03/19 12:0 a.m.22 views

Mandriva Linux Security Advisory : yaml (MDVSA-2015:060)

Updated yaml packages fix security vulnerabilities : Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially crafted tag that, when...

6.8CVSS7.8AI score0.13195EPSS
Exploits3References6
Tenable Nessus
Tenable Nessus
added 2015/03/19 12:0 a.m.54 views

CentOS 6 / 7 : unzip (CESA-2015:0700)

Updated unzip packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

7.8CVSS7.2AI score0.11562EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2015/02/24 12:0 a.m.26 views

Debian DSA-3166-1 : e2fsprogs - security update

Jose Duart of the Google Security Team discovered a buffer overflow in e2fsprogs, a set of utilities for the ext2, ext3, and ext4 file systems. This issue can possibly lead to arbitrary code execution if a malicious device is plugged in, the system is configured to automatically mount it, and the...

4.6CVSS9.3AI score0.00897EPSS
Exploits0References8
securityvulns
securityvulns
added 2015/02/16 12:0 a.m.60 views

[oCERT-2015-002] e2fsprogs input sanitization errors

2015-002 e2fsprogs input sanitization errors Description: The e2fsprogs package is a set of open source utilities for ext2, ext3 and ext4 filesytems. The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information...

4.6CVSS9.3AI score0.00897EPSS
Exploits0
securityvulns
securityvulns
added 2015/02/11 12:0 a.m.57 views

[ MDVSA-2015:042 ] clamav

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:042 http://www.mandriva.com/en/support/security/ Package : clamav Date : February 10, 2015 Affected: Business Server 1.0 Problem Description: Updated clamav packages fix security vulnerabilities: ClamAV 0.98...

7.5CVSS6AI score0.03234EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/02/11 12:0 a.m.35 views

Mandriva Linux Security Advisory : clamav (MDVSA-2015:042)

Updated clamav packages fix security vulnerabilities : ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them being security bugs : Fix a heap out of bounds condition with crafted Yoda's crypter files. This issue was discovered by Felix Groebert of the Google Security Team. Fix a...

7.5CVSS5.4AI score0.03234EPSS
Exploits0References2
Mageia
Mageia
added 2015/02/09 9:44 p.m.45 views

Updated clamav packages fix security vulnerabilities

ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them being security bugs: Fix a heap out of bounds condition with crafted Yoda's crypter files. This issue was discovered by Felix Groebert of the Google Security Team. Fix a heap out of bounds condition with crafted mew packer file...

7.5CVSS6.4AI score0.03234EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2015/02/08 12:0 a.m.30 views

CVE-2014-9674

The MacReadPOSTResource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service integer overflow and heap-based buffer overflow or possibly have unspecified other...

7.5CVSS7.3AI score0.0571EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2015/02/08 12:0 a.m.25 views

CVE-2014-9671

Off-by-one error in the pcfgetproperties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted PCF file with a 0xffffffff size value that is improperly incremented...

4.3CVSS7.2AI score0.03469EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2015/02/08 12:0 a.m.29 views

CVE-2014-9672

Array index error in the parsefond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service out-of-bounds read or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file...

5.8CVSS6.9AI score0.04684EPSS
Exploits1References2
OSV
OSV
added 2015/02/05 12:0 a.m.34 views

DSA-3154-1 ntp - security update

Bulletin has no description...

6.8CVSS7.1AI score0.06135EPSS
Exploits0
Rows per page
Query Builder