9137 matches found
CVE-2014-1719
Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworkerstub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service heap memory corruption or possibly have...
CVE-2014-1726
The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access...
CVE-2014-1726
The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access...
Security Advisory 0004
Security Advisory 0004 PDF Date: 4/9/2014 Arista 7000 Series Products and Arista EOS Not Vulnerable to OpenSSL CVE-2014-0160 On April 7th, the OpenSSL Project issued a security advisory for a TLS heartbeat read overrun vulnerability. This vulnerability allows attackers to access the memory of web...
OpenSSL -- Local Information Disclosure
OpenSSL reports: A flaw in the implementation of Montgomery Ladder Approach would create a side-channel that leaks sensitive timing information. A local attacker might be able to snoop a signing process and might recover the signing key from it...
USN-2161-1: libyaml-libyaml-perl vulnerabilities
Florian Weimer discovered that libyaml-libyaml-perl incorrectly handled certain large YAML documents. An attacker could use this issue to cause libyaml-libyaml-perl to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2013-6393 Ivan Fratric discovered that...
CentOS Update for kernel CESA-2014:0328 centos6
Check for the Version of kernel OpenVAS Vulnerability Test CentOS Update for kernel CESA-2014:0328 centos6 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...
RedHat Update for kernel RHSA-2014:0328-01
Check for the Version of kernel OpenVAS Vulnerability Test RedHat Update for kernel RHSA-2014:0328-01 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
CVE-2014-2673
The archduptaskstruct function in the Transactional Memory TM implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service Program...
Monoprice.com Cart Enumeration
As similarly stated at http://nmap.org/mailman/listinfo/fulldisclosure I would appreciate if Monoprice.com better secures its ecommerce site by fixing the following flaw rather than hiding it. With no cookies, visiting http://www.monoprice.com/Cart yields an empty cart with no cart id . Adding an...
kernel, perf, python security update
CentOS Errata and Security Advisory CESA-2014:0328 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scorin...
Important: Red Hat Security Advisory: kernel security and bug fix update
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
CVE-2014-1492
The certTestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services NSS before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof...
CVE-2014-0076
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack...
Oracle Linux 6 : net-snmp (ELSA-2014-0321)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2014-0321 advisory. 1:5.5-49.0.1.el65.1 - snmptrapd: Fix crash due to access of freed memory John Haxby orabug 14404682 1:5.5-49.1 - added 'diskio' option to snmpd.conf, it's...
Fedora 19 : jansson-2.6-1.fc19 (2014-3782)
Florian Weimer of the Red Hat Product Security Team found that the hashing implementation in Jansson, a library for encoding, decoding and manipulating JSON data, was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause an application using Jansson to use an...
Fedora 20 : jansson-2.6-1.fc20 (2014-3778)
Florian Weimer of the Red Hat Product Security Team found that the hashing implementation in Jansson, a library for encoding, decoding and manipulating JSON data, was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause an application using Jansson to use an...
CVE-2014-0124
The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/overrideform.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not properly restrict the display of e-mail addresses, which allows remote authenticated users to obtain...
net-snmp security and bug fix update
1:5.5-49.0.1.el65.1 - snmptrapd: Fix crash due to access of freed memory John Haxby orabug 14404682 1:5.5-49.1 - added 'diskio' option to snmpd.conf, it's possible to monitor only selected devices in diskIOTable 990674 - fixed CVE-2014-2284: denial of service flaw in Linux implementation of...
CVE-2014-0127
CVE-2014-0127 affects Moodle: the time-validation logic in mod/feedback/complete.php and mod/feedback/complete_guest.php allows remote authenticated users to bypass restrictions when starting a Feedback activity by selecting an unavailable time. Affected versions include Moodle through 2.3.11, 2....