openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write()

The dossl3write function in s3pkt.c in OpenSSL 1.x through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via vectors...

Bro - Passive Open-Source Network Traffic Analyzer

While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it ...

Debian Security Advisory DSA 2944-1 (gnutls26 - security update)

Joonas Kuorilehto discovered that GNU TLS performed insufficient validation of session IDs during TLS/SSL handshakes. A malicious server could use this to execute arbitrary code or perform denial of service. OpenVAS Vulnerability Test $Id: deb2944.nasl 6759 2017-07-19 09:56:33Z teissa $...

UBUNTU-CVE-2013-5919

Suricata before 1.4.6 allows remote attackers to cause a denial of service crash via a malformed SSL record...

PT-2014-3000 · Open Information Security Foundation · Suricata

Name of the Vulnerable Software and Affected Versions: Suricata versions prior to 1.4.6 Description: The issue allows remote attackers to cause a denial of service, resulting in a crash, by sending a malformed SSL record. Recommendations: For versions prior to 1.4.6, update to version 1.4.6 or...

DEBIAN-CVE-2012-5662

x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

UBUNTU-CVE-2012-5662

x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

Cisco IOS LLDP Request Processing DoS

According to its self-reported IOS version, the remote device may be affected by a denial of service vulnerability related to incorrect handling of malformed Link Layer Discovery Protocol LLDP packets. An adjacent, unauthenticated attacker could exploit this issue by sending malformed packets,...

CVE-2013-4320

The File Abstraction Layer FAL in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL...

CVE-2013-4321

The File Abstraction Layer FAL in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4250...

Design/Logic Flaw

The 1 file upload component and 2 File Abstraction Layer FAL in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file...

Design/Logic Flaw

The File Abstraction Layer FAL in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4250...

CVE-2013-4250

The 1 file upload component and 2 File Abstraction Layer FAL in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file...

CVE-2013-4320

The File Abstraction Layer FAL in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL...

CVE-2013-4320

The data shows a TYPO3 File Abstraction Layer (FAL) vulnerability (CVE-2013-4320) affecting TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4, caused by improper permission checks in FAL that permit remote authenticated users to create or read arbitrary files via a crafted URL. Connected sources al...

CVE-2013-4321

The vulnerability concerns TYPO3’s File Abstraction Layer (FAL) in TYPO3 6.0.x (before 6.0.8/6.0.9) and 6.1.x (before 6.1.4) where remote authenticated editors can execute arbitrary PHP code by using unspecified characters in the file extension when renaming a file. This issue is a consequence of...

CVE-2013-4321

The File Abstraction Layer FAL in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4250...

Debian DSA-2928-1 : linux-2.6 - privilege escalation/denial of service/information leak

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-0196 Jiri Slaby discovered a race condition in the pty...

[SECURITY] [DSA 2926-1] linux security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2926-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 12, 2014 http://www.debian.org/security/faq -...

Microsoft Giving .NET Users The Option to Shed RC4

Microsoft didn’t beat around the bush when it warned customers to stay away from the deprecated RC4 algorithm last fall. Now it’s giving those who use its .NET software framework an option to disable the cipher in Transport Layer Security TLS as well. In a security advisory issued on its Security...