IBM Domino 9.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities (uncredentialed check)

According to its version, the IBM Domino formerly IBM Lotus Domino application on the remote host is 9.x prior to 9.0.1 Fix Pack 2 FP2. It is, therefore, affected by the following vulnerabilities : - An unspecified error exists related to the TLS implementation and the IBM HTTP server that could...

IBM Notes 9.0.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities

The remote host has a version of IBM Notes formerly Lotus Notes 9.0.x prior to 9.0.1 Fix Pack 2 FP2 installed. It is, therefore, affected by the following vulnerabilities : - An unspecified error exists related to the TLS implementation and the IBM HTTP server that could allow certain error cases...

CentOS 6 : kernel (CESA-2014:1167)

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2326-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2326-1 advisory. A use-after-free was discovered in the SVG implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could...

Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2333-1)

A bug was discovered in the handling of pathname components when used with an autofs direct mount. A local user could exploit this flaw to cause a denial of service system crash via an open system call. CVE-2014-0203 Toralf Forster reported an error in the Linux kernels syscall auditing on 32 bit...

Ubuntu 10.04 LTS : linux vulnerabilities (USN-2332-1)

A bug was discovered in the handling of pathname components when used with an autofs direct mount. A local user could exploit this flaw to cause a denial of service system crash via an open system call. CVE-2014-0203 Toralf Forster reported an error in the Linux kernels syscall auditing on 32 bit...

WPS Implementation Issue Exposes Wi-Fi Routers to Attack

A number of popular home and small office routers suffer from an implementation problem that could lead an experienced hacker down the road toward learning the devices’ eight-digit Wi-Fi Protected Setup WPS PINs in one guess. The attack, developed by Dominique Bongard, founder of 0xcite of...

ManageEngine EventLog Analyzer - Multiple Vulnerabilities (1)

Mogwai Security Advisory MSA-2014-01 ---------------------------------------------------------------------- Title: ManageEngine EventLog Analyzer Multiple Vulnerabilities Product: ManageEngine EventLog Analyzer Affected versions: EventLog Analyzer 9.9 Build 9002 on Windows/Linux Impact: critical...

Design/Logic Flaw

Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation...

CVE-2014-3168

Removed by vendor...

CVE-2014-3951

The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service NULL pointer dereference via a crafted argument to the iconvopen function. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types...

Null pointer dereference

The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service NULL pointer dereference via a crafted argument to the iconvopen function. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types...

CVE-2014-5384

The CVE-2014-5384 entry concerns the VIQR module in the iconv implementation of FreeBSD 10.0 prior to p6 and NetBSD. The vulnerability is an out-of-bounds array access in the VIQR module of iconv_open, allowing context-dependent attackers to cause a denial of service. Affected environment is Free...

CVE-2014-3951

CVE-2014-3951 and CVE-2014-5384 describe issues in the iconv implementation on FreeBSD 10.0 before p6 and NetBSD, split per ADT2 by vulnerability type. The HZ module (CVE-2014-3951) can trigger a NULL pointer dereference in iconv_open, causing denial of service; the VIQR module (CVE-2014-5384) ca...

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2320-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2320-1 advisory. A use-after-free was discovered in the websockets implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

Updated kernel-rt packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

DEBIAN-CVE-2014-5203

wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data...

Updated kernel-vserver package fixes security vulnerabilities

Updated kernel-vserver provides upstream 3.10.51 kernel and fixes the following security issues: Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value...

Updated kernel-tmb package fixes security vulnerabilities

Updated kernel-tmb provides upstream 3.10.51 kernel and fixes the following security issues: Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value CVE-2014-020...

CVE-2014-3512

Multiple buffer overflows in crypto/srp/srplib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via an invalid SRP 1 g, 2 A, or 3 B parameter...