SuSE 11.3 Security Update : icedtea-web (SAT Patch Number 8974)

The OpenJDK Java Plugin IcedTea Web was released to fix a temporary file access problem. Changes : - Dialogs center on screen before becoming visible. - Support for u45 new manifest attributes Application-Name. - Custom applet permission policies panel in itweb-settings control panel. - Plugin...

array index error in dtoa implementation of many products

Array index error in the 1 dtoa implementation in dtoa.c aka pdtoa.c and the 2 gdtoa aka new dtoa implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x...

oath-toolkit replay attack

Implementation bug leads to replay attack possibility...

RedHat Update for kernel RHSA-2014:0285-01

Check for the Version of kernel OpenVAS Vulnerability Test RedHat Update for kernel RHSA-2014:0285-01 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

CVE-2014-1702

Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThread function in modules/webdatabase/DatabaseThread.cpp in the web database implementation in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecifie...

CentOS 5 : kernel (CESA-2014:0285)

Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...

Cisco Intelligent Automation for Cloud Cryptographic Implementation Issues

Issues in the cryptographic implementation of Cisco Intelligent Automation for Cloud Cisco IAC may allow an unauthenticated, remote attacker to recover cryptographic material used in all Cisco IAC installations. The issues are due to the inclusion of fixed cryptographic material in the product...

Debian Security Advisory DSA 2879-1 (libssh - security update)

It was discovered that libssh, a tiny C SSH library, did not reset the state of the PRNG after accepting a connection. A server mode application that forks itself to handle incoming connections could see its children sharing the same PRNG state, resulting in a cryptographic weakness and possibly...

Information disclosure

EMC Documentum TaskSpace TSP 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dmworld group and the dmsuperusersdynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by...

CVE-2013-6493

The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp...

Design/Logic Flaw

The certificate-import feature in the Certificate Authority Proxy Function CAPF CLI implementation in Cisco Unified Communications Manager Unified CM 10.01 and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461...

Siemens RuggedCom资源耗尽漏洞

CVECAN ID: CVE-2014-1966 RuggedCom ROS产品是交换机和串行到以太网设备。 RuggedCom ROS设备 3.11之前版本的SNMP实现中存在安全漏洞，远程攻击者通过特制的数据包利用此漏洞可造成拒绝服务。 0 Siemens RuggedCom ROS-based 3.11 厂商补丁： Siemens ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.siemens.com/corporate-technology/pool/...

Apple's SSL Vulnerability might allow NSA to hack iOS Devices Remotely

Just two days before Apple has disclosed a critical Security flaw in the SSL implementation on the iOS software that would allow man-in-the-middle attacks to intercept the SSL data by spoofing SSL servers. Dubbed as CVE-2014-1266, the so-called ‘goto fail;’ vulnerability in which the secure...

Design/Logic Flaw

The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 for RS950G, ROS 3.12 before 3.12.4, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service device outage via crafted packets...

CVE-2014-1966

The CVE-2014-1966 issue affects Siemens RuggedCom ROS: SNMP implementation in ROS before 3.11, ROS 3.11 for RS950G, ROS 3.12 before 3.12.4, and ROS 4.0 for RSG2488. The vulnerability allows remote attackers to cause a denial of service (device outage) by sending specially crafted SNMP packets. Do...

CVE-2014-0734

SQL injection vulnerability in the Certificate Authority Proxy Function CAPF implementation in Cisco Unified Communications Manager Unified CM 10.01 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483...

DuoSecurity Finds Two-Factor Authentication Vulnerability

Hosted two-factor authentication firm Duo Security acknowledged late last week that it discovered a vulnerability in its WordPress plugin duowordpress plugin that could allow a user to bypass two-factor authentication 2FA on a multisite network. Jon Oberheide, one of Duo’s founders, stressed last...

Debian DSA-2862-1 : chromium-browser - several vulnerabilities

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2013-6641 Atte Kettunen discovered a use-after-free issue in Blink/Webkit form elements. - CVE-2013-6643 Joao Lucas Melo Brasio discovered a Google account information disclosure issue related to the one-click sign-on...

CVE-2011-1837

The lock-counter implementation in utils/mount.ecryptfsprivate.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors...

CVE-2011-1837

The lock-counter implementation in utils/mount.ecryptfsprivate.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors...