67 matches found
CVE-2011-3188
The 1 IPv4 and 2 IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service disrupted networking or hijack network sessions by predicting...
CVE-2011-3188
The 1 IPv4 and 2 IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service disrupted networking or hijack network sessions by predicting...
CVE-2011-3188
CVE-2011-3188 affects the Linux kernel prior to 3.1, where IPv4 and IPv6 sequence numbers/Fragment IDs are generated with a modified MD4. This predictable value generation enables remote attackers to cause DoS or hijack sessions by crafting packets. The vulnerability is mitigated by upgrading the...
kernel: net: improve sequence number generation
The 1 IPv4 and 2 IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service disrupted networking or hijack network sessions by predicting...
CVE-2011-3188
The 1 IPv4 and 2 IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service disrupted networking or hijack network sessions by predicting...
Google Chrome 'JavaScript' And 'HTTPS' Multiple Vulnerabilities - Aug09
This host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodgooglechromemultvulnaug09.nasl 5055 2017-01-20 14:08:39Z teissa $ Google Chrome 'JavaScript' And 'HTTPS' Multiple Vulnerabilities - Aug09 Authors: Sharath S Copyright: Copyrig...
Design/Logic Flaw
Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the 1 MD2 or 2 MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409...
CVE-2009-2973
Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the 1 MD2 or 2 MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409...
CVE-2009-2973
Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the 1 MD2 or 2 MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409...
CVE-2009-2973
CVE-2009-2973 affects Google Chrome prior to 2.0.172.43, where SSL connections to a site with an X.509 certificate signed using MD2 or MD4 could be spoofed by a man-in-the-middle. This is related to CVE-2009-2409. Connected documents indicate MD2/MD4 hash-signature weaknesses and that mitigations...
CVE-2009-2973
Removed by vendor...
Google Chrome < 2.0.172.43 Multiple Vulnerabilities
The version of Google Chrome installed on the remote host is earlier than 2.0.172.43. Such versions are reportedly affected by multiple issues : - A flaw in the V8 JavaScript engine might allow a specially crafted JavaScript page to access unauthorized data in memory or to execute arbitrary code...
Windows Telnet credential reflection
Added: 08/12/2009 CVE: CVE-2009-1930 BID: 35993 OSVDB: 56904 Background Microsoft Windows operating systems come with a telnet service. This service prompts a user to provide a login name and password. Following successful authentication, the server displays a shell prompt, allowing the user to r...
Critical: Red Hat Security Advisory: nspr and nss security and bug fix update
Updated nspr and nss packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 4.7 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Netscape Portable Runtime NSPR provides platform...
Critical: Red Hat Security Advisory: nspr and nss security, bug fix, and enhancement update
Updated nspr and nss packages that fix security issues, bugs, and add an enhancement are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The packages with this update are identical to the packages...
Novell Client NetIdentity Agent XTIERRPCPIPE pointer dereference vulnerability
Added: 07/24/2009 CVE: CVE-2009-1350 BID: 34400 OSVDB: 53351 Background Novell Client software provides NetWare connectivity to Windows platforms. Problem A vulnerability in the xtagent.exe program allows remote, authenticated attackers to execute arbitrary commands by sending a specially crafted...
S/Key和OPIE数据库漏洞
在使用S/Key或OPIE认证的服务器上存在一个安全漏洞。这个漏洞允许本地用户获得对S/Key或OPIE数据库的访问权。 S/Key是使用一次性口令技术的认证机制。系统管理员可以进行配置,使用户能够通过S/Key认证访问使用login8的任何服务,如Telnet和FTP。制定认证类型的配置文件是/etc/login.conf。 为了配置一个用户能够使用S/Key,管理员或该用户(如果程序是suid root)首先必须使用skeyinit(或keyinit)程序。这个程序初始化S/Key数据库(/etc/skeykeys)中的用户入口项。这个数据库文件包含输入S/Key口令时需要比较的信息...
Novell Client nwspool.dll EnumPrinters buffer overflow
Added: 02/22/2008 CVE: CVE-2008-0639 BID: 27741 OSVDB: 41510 Background Novell Client software provides NetWare connectivity to Windows platforms. Problem The nwspool.dll library in Novell Client is affected by a buffer overflow in the EnumPrinters function, allowing remote attackers to execute...
Samba lsa_io_trans_names buffer overflow
Added: 12/24/2007 CVE: CVE-2007-2446 BID: 24195 OSVDB: 34699 Background Samba is a software package which implements the SMB protocol on a variety of platforms, providing compatibility with Windows systems. Problem A vulnerability in the LSA RPC interface allows a remote attacker to execute...
Novell Client 4.91 SP4 nwspool.dll buffer overflow
Added: 08/10/2007 CVE: CVE-2007-6701 BID: 25092 OSVDB: 37319 Background Novell Client software provides NetWare connectivity to Windows platforms. Problem The nwspool.dll library in Novell Client is affected by buffer overflow vulnerabilities in several different functions, allowing remote...