CVE-2014-2163

The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x allows remote attackers to cause a denial of service device reload via crafted SIP packets, aka Bug ID CSCua64961...

CVE-2014-2166

The SIP implementation in Cisco TelePresence TC Software 4.x and TE Software 4.x allows remote attackers to cause a denial of service device reload via crafted SIP packets, aka Bug ID CSCto70562...

CVE-2014-2881

Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors...

CVE-2014-1524

The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of...

CVE-2014-0088

The SPDY implementation in the ngxhttpspdymodule module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request...

CVE-2014-1530

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting XSS attacks, via a crafted web sit...

Important: Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update

Updated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

NTP ntpd monlist Query Reflection - Denial of Service

/ Exploit Title: CVE-2013-5211 PoC - NTP DDoS amplification Date: 28/04/2014 Code Author: Danilo PC - CVE : CVE-2013-5211 / / I coded this program to help other to understand how an DDoS attack amplified by NTP servers works CVE-2013-5211 I took of the code that generates a DDoS, so this code onl...

Design/Logic Flaw

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the 1 stdou...

Type confusion

core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibl...

CVE-2014-0181

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the 1 stdou...

CVE-2014-1731

core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibl...

Crlf injection

CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services IIS 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n newline character in an HTTP header...

CVE-2012-1317

The multicast implementation in Cisco IOS before 15.11SY allows remote attackers to cause a denial of service Route Processor crash by sending packets at a high rate, aka Bug ID CSCts37717...

Information disclosure

The multicast implementation in Cisco IOS before 15.11SY allows remote attackers to cause a denial of service Route Processor crash by sending packets at a high rate, aka Bug ID CSCts37717...

Juniper Junos OpenSSL Heartbeat Information Disclosure (JSA10623) (Heartbleed)

According to its self-reported version number, the remote Junos device is affected by an information disclosure vulnerability. An out-of-bounds read error, known as Heartbleed, exists in the TLS/DTLS implementation due to improper handling of TLS heartbeat extension packets. A remote attacker,...

AIX OpenSSL Advisory : openssl_advisory3.asc

The version of OpenSSL running on the remote host is affected by the following vulnerabilities : - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a...

SSL Certificate Chain Contains RSA Keys Less Than 2048 bits (PCI DSS)

At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits. According to industry standards set by the Certification Authority/Browser CA/B Forum, certificates issued after January 1, 2014 must be at least 2048 bits. Some browser SSL implementations ma...

Mandriva Linux Security Advisory : openssl (MDVSA-2014:067)

Updated openssl packages fix security vulnerability : The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attac...

CVE-2014-1726

The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access...