Vulnerabilities in the Internet Key Exchange Xauth Implementation - Cisco Systems

Cisco Internetwork Operating System IOS Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key Exchange IKE Xauth messages when configured to be an Easy VPN Server. Successful exploitation of these vulnerabilities may permit an unauthorized us...

EncFS 1.6.0 - Flawed CBCCFB Cryptography Implementation

EncFS 1.6.0 - Flawed CBCCFB Cryptography Implementation source: https://www.securityfocus.com/bid/42779/info EncFS is prone to design errors in its cryptographic implementation. Three flaws have been identified that contribute to a weakening of the protections provided under CBC/CFB cipher mode...

CVE-2010-3114

CVE-2010-3114 affects Google Chrome prior to 5.0.375.127 and webkitgtk prior to 1.2.6. The root cause is a failure to properly handle SVG documents due to incorrect processing within WebKit’s text/SVG handling paths, enabling remote attackers to induce a denial of service through memory corruptio...

CVE-2010-2959

Integer overflow in net/can/bcm.c in the Controller Area Network CAN implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service system crash via...

kernel: nfsd4: bug in read_buf

Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service panic or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the readbuf and...

Code injection

Unspecified vulnerability in the Transport Layer Security TLS implementation on Cisco Adaptive Security Appliances ASA 5500 series devices with software 7.2 before 7.25, 8.0 before 8.05.15, 8.1 before 8.12.44, 8.2 before 8.22.17, and 8.3 before 8.31.6 and Cisco PIX Security Appliances 500 series...

Design/Logic Flaw

Unspecified vulnerability in the IKE implementation on Cisco Adaptive Security Appliances ASA 5500 series devices with software 7.0 before 7.08.11, 7.1 and 7.2 before 7.25, 8.0 before 8.05.15, 8.1 before 8.12.44, 8.2 before 8.22.10, and 8.3 before 8.31.1 and Cisco PIX Security Appliances 500 seri...

CVE-2010-1581

Unspecified vulnerability in the Transport Layer Security TLS implementation on Cisco Adaptive Security Appliances ASA 5500 series devices with software 7.2 before 7.25, 8.0 before 8.05.15, 8.1 before 8.12.44, 8.2 before 8.22.17, and 8.3 before 8.31.6 and Cisco PIX Security Appliances 500 series...

CVE-2010-2814

Unspecified vulnerability in the Transport Layer Security TLS implementation on Cisco Adaptive Security Appliances ASA 5500 series devices with software 7.2 before 7.25, 8.0 before 8.05.15, 8.1 before 8.12.44, 8.2 before 8.22.17, and 8.3 before 8.31.6 and Cisco PIX Security Appliances 500 series...

Apple Webkit SVG ForeignObject Rendering Layout Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Webkit's...

PT-2010-4077 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.34-rc6 Description: The issue is related to multiple buffer overflows in the XDR implementation in the NFS server, specifically in the fs/nfsd/nfs4xdr.c file. This can be exploited by remote attackers via a...

Wing FTP Server < 3.6.1 Multiple Flaws

According to its banner, the remote host is running a version of Wing FTP Server earlier than 3.6.1. Such versions are reportedly affected by multiple issues : - An unspecified issue in the SSH implementation could allow an authenticated attacker to trigger a denial of service condition. - An...

Memory corruption

The counters functionality in the Cascading Style Sheets CSS implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of servi...

CVE-2010-1784

Removed by vendor...

CVE-2010-1209

Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and ...

CVE-2010-2899

Unspecified vulnerability in the layout implementation in Google Chrome before 5.0.375.125 allows remote attackers to obtain sensitive information from process memory via unknown vectors...

CVE-2010-2902

The SVG implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in the layout implementation in Google Chrome before 5.0.375.125 allows remote attackers to obtain sensitive information from process memory via unknown vectors...

CVE-2010-2901

CVE-2010-2901 affects Google Chrome rendering before 5.0.375.125, with memory corruption enabling remote denial of service via unknown vectors. Public records in multiple feeds (Ubuntu USN-1195-1, openSUSE, Gentoo GLSA/GNU patches) confirm this CVE and reference a Chrome/Chromium exposure prior t...

CVE-2010-2899

Removed by vendor...