USN-2710-1 OpenSSH Vulnerabilities | Cloud Foundry

USN-2710-1 OpenSSH Vulnerabilities Medium Vendor OpenSSH Versions Affected Ubuntu 14.04 Description Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this iss...

CentOS 4 : tcpdump (CESA-2007:0387)

Updated tcpdump packages that fix a security issue and functionality bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tcpdump is a command line tool for monitoring network traffic. Moritz Jodeit discovered a denial of...

n.runs-SA-2013.004 - Polycom - H.323 Format String Vulnerability

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.004 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom H.323 Format String Vulnerability Risk: HIGH Overview: For every received H.323 SETUP...

Polycom H.323 Format String

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.004 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom H.323 Format String Vulnerability Risk: HIGH Overview: For every received H.323 SETUP...

ZDI-12-154 : IBM Lotus Notes URL Command Injection Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-154 : IBM Lotus Notes URL Command Injection Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-154 August 22, 2012 - -- CVE ID: CVE-2012-2174 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors:...

[SECURITY] [DSA 1680-1] New clamav packages fix potential code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1680-1 [email protected] http://www.debian.org/security/ Florian Weimer December 04, 2008 http://www.debian.org/security/faq -...

FreeBSD : clamav -- off-by-one heap overflow in VBA project parser (24b64fb0-af1d-11dd-8a16-001b1116b350)

Advisory from Moritz Jodeit, November 8th, 2008 : ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the clamd' process by sending an emai...

clamav -- off-by-one heap overflow in VBA project parser

Advisory from Moritz Jodeit, November 8th, 2008: ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the clamd' process by sending an email...

Vulnerability in OpenSSL CVE-2007-5135

A flaw was found in the SSLgetsharedciphers utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer with a single byte. Few applications make use of this vulnerable function and generally it is used only when applications are...

USN-522-1: openssl vulnerabilities

It was discovered that OpenSSL did not correctly perform Montgomery multiplications. Local attackers might be able to reconstruct RSA private keys by examining another user's OpenSSL processes. CVE-2007-3108 Moritz Jodeit discovered that OpenSSL's SSLgetsharedciphers function did not correctly...