security flaw

Multiple unknown vulnerabilities in the 1 KINK, 2 L2TP, 3 MGCP, 4 EIGRP, 5 DLSw, 6 MEGACO, 7 LMP, and 8 RSVP dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service infinite loop...

RHEL 3 : kernel (RHSA-2005:293)

Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating syste...

Important: Red Hat Security Advisory: kernel security update

Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating syste...

security flaw

The International Domain Name IDN support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing...

USN-95-1: Linux kernel vulnerabilities

A remote Denial of Service vulnerability was discovered in the Netfilter IP packet handler. This allowed a remote attacker to crash the machine by sending specially crafted IP packet fragments. CAN-2005-0209 The Netfilter code also contained a memory leak. Certain locally generated packet fragmen...

security flaw

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via 1 a web site that does not finish loading, which shows the lock of the previous site, 2 a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake ...

PT-2005-1108

Name of the Vulnerable Software and Affected Versions SHA-1 affected versions not specified Description The issue is related to the SHA-1 algorithm not being collision resistant, making it easier for attackers to conduct spoofing attacks. This has been demonstrated by attacks on the use of SHA-1 ...

Linux kernel scm_send local DoS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Synopsis: Linux kernel scmsend local DoS Product: Linux kernel Version: 2.4 up to and including 2.4.28, 2.6 up to and including 2.6.9 Vendor: http://www.kernel.org/ URL: http://isec.pl/vulnerabilities/isec-0019-scm.txt CVE: CAN-2004-1016 Author: Paul...

Microsoft Internet Explorer Secure Sockets Layer Caching Vulnerability

Description Microsoft Internet Explorer is reported prone to a Secure Sockets Layer caching vulnerability. It is reported that arbitrary content may be cached to the computer that is viewing a malicious site when this vulnerability is exploited. This cached content will be rendered in the context...

Important: Red Hat Security Advisory: cyrus-sasl security update

Updated cyrus-sasl packages that fix a setuid and setgid application vulnerability are now available. Updated 7th October 2004 Revised cryus-sasl packages have been added for Red Hat Enterprise Linux 3; the patch in the previous packages broke interaction with ldap. The cyrus-sasl package contain...

Cisco VPN 3000 Concentrator Multiple Service Banner System Information Disclosure (CSCdu35577 HTTP Check)

The remote VPN concentrator gives out too much information in application layer banners. An incorrect page request provides the specific version of software installed. This vulnerability is documented as Cisco bug ID CSCdu35577. %NASLMINLEVEL 70300 This script was written by Michael J. Richardson...

security flaw

modssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service CPU consumption by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop...

CVE-2004-1774

Buffer overflow in the SDOCODESIZE procedure of the MD2 package MDSYS.MD2.SDOCODESIZE in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter...

IRM 010: Top Layer Attack Mitigator IPS 5500 Denial of Service

---------------------------------------------------------------------------- IRM Security Advisory No. 010 Top Layer Attack Mitigator IPS 5500 Denial of Service Vulnerability Type / Importance: DoS / High Problem discovered: July 22nd 2004 Vendor contacted: July 23rd 2004 Advisory published: Augu...

Mandrake Linux Security Advisory : kernel (MDKSA-2003:074)

Multiple vulnerabilities were discovered and fixed in the Linux kernel. - CVE-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets. -...

PT-2004-1827 · Apache · Apache +1

Name of the Vulnerable Software and Affected Versions: Apache versions 2.0.50 and earlier Description: The issue allows remote attackers to cause a denial of service by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop, consuming CPU resources...

RHEL 2.1 : openssl (RHSA-2003:063)

Updated OpenSSL packages are available that fix a potential timing-based attack. Updated 12 March 2003 Added packages for Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS OpenSSL is a commercial-grade, full-featured, open source toolkit which implements the Secure Sockets Layer SSL v2/...

CVE-2004-0120

The Microsoft Secure Sockets Layer SSL library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages...

Microsoft Windows Secure Sockets Layer (SSL) library vulnerable to DoS

Overview A vulnerability in the Microsoft Secure Sockets Layer library could allow a remote attacker to cause a denial-of-service condition on an affected system. Description The Secure Sockets Layer SSL protocol is commonly used to provide authentication, encryption, integrity, and non-repudiati...

Microsoft Private Communication Technology (PCT) fails to properly validate message inputs

Overview A vulnerability exists in the Private Communications Transport PCT protocol, which is part of the Microsoft Secure Sockets Layer SSL library. Exploitation of this vulnerability may permit a remote attacker to compromise the system. An exploit for this issue currently being used to...