IBM Tivoli Storage Manager Server 6.1.x Multiple Vulnerabilities

The version of IBM Tivoli Storage Manager installed on the remote host is 6.1 running on Windows or AIX. It is, therefore, potentially affected by multiple flaws in its bundled SSL library: - A flaw that could allow a remote attacker to cause a denial of service via a specially crafted...

IBM Tivoli Storage Manager Server 5.5.x Multiple Vulnerabilities

The version of IBM Tivoli Storage Manager installed on the remote host is 5.5 running on Windows or AIX. It is, therefore, potentially affected by multiple flaws in its bundled SSL library: - A flaw that could allow a remote attacker to cause a denial of service via a specially crafted...

CentOS 7 : kernel (CESA-2014:1023)

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

SlowHTTPTest - Application Layer DoS attack simulator

SlowHTTPTest is a highly configurable tool that simulates some Application Layer Denial of Service attacks. It works on majority of Linux platforms, OSX and Cygwin - a Unix-like environment and command-line interface for Microsoft Windows. It implements most common low-bandwidth Application Layer...

Phony Googlebots Becoming a Real DDoS Attack Tool

Even an enterprise with the harshest, strictest blocking rules in place is likely to leave the door ajar for Google’s search bot software known as a Googlebot. Googlebots crawl websites collecting data along the way in order to build a searchable index that assures a site will be listed and ranke...

kernel: net: pppol2tp: level handling in pppol2tp_[s,g]etsockopt()

A flaw was found in the way the pppol2tpsetsockopt and pppol2tpgetsockopt functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOLPPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system...

kernel: net: pppol2tp: level handling in pppol2tp_[s,g]etsockopt()

A flaw was found in the way the pppol2tpsetsockopt and pppol2tpgetsockopt functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOLPPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system...

kernel: net: pppol2tp: level handling in pppol2tp_[s,g]etsockopt()

A flaw was found in the way the pppol2tpsetsockopt and pppol2tpgetsockopt functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOLPPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system...

Integer overflow

Integer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer mask data in a PSD file, which triggers a heap-based buffer overflow...

DEBIAN-CVE-2014-4943

The PPPoL2TP feature in net/l2tp/l2tpppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket...

OpenJDK: Incorrect TLS/EC management (Security, 8031340)

Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security...

openstack-neutron: L3-agent denial of service through IPv6 subnet

The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service IPv4 address attachment outage by attaching an IPv6 private subnet to a L3 router...

USN-2290-1 linux vulnerabilities

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol PPP when used with the Layer Two Tunneling Protocol L2TP. A local user could exploit this flaw to gain administrative privileges. CVE-2014-4943 Salva Peiró discovered an information leak in the Linux kernel's media- device...

Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2281-1)

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol PPP when used with the Layer Two Tunneling Protocol L2TP. A local user could exploit this flaw to gain administrative privileges. CVE-2014-4943 An flaw was discovered in the Linux kernel's audit subsystem when auditing...

bouncycastle: TLS CBC padding timing attack

It was discovered that bouncycastle leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle...

Oracle Database Multiple Vulnerabilities (July 2014 CPU)

The remote Oracle database server is missing the July 2014 Critical Patch Update CPU. It is, therefore, affected by security issues in the following components : - XML Parser - Network Layer - RDBMS Core %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

PT-2014-6222 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.15.7 Description: The issue allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. This is related to the PPPoL2TP feature in net/l2tp/l2tp...

Theeta CMS (Cross Site Scripting,SQL Injection) Multiple Vulnerabilities

No description provided by source. / \ / | | | \ / | | | | | | | | | | || | | | | | | | | '| | | | | | | | | | |/ \ / |/ / / | | | | || | || | || || | / || | | | / | | || / / |/ || ,|\|,| +-+-+-+-+ |C|r|e|w| +-+-+-+-+ Theeta CMS Cross Site Scripting,SQL Injection Multiple Vulnerabilities...

Cisco IOS 12 MSFC2 Malformed Layer 2 Frame Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9562/info A problem has been identified in the handling of specific types of traffic by Cisco 6000, 6500, and 7600 routers with the MSFC2 device. Because of this, an attacker could potentially crash a vulnerable system...