5315 matches found
UBUNTU-CVE-2013-7108
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service crash via a long string in the last key value in...
UBUNTU-CVE-2013-7205
Off-by-one error in the processcgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service crash via a long string in the last key value in the variable list,...
CVE-2013-7108
Removed by vendor...
CVE-2013-7205
Nagios Core is affected by CVE-2013-7205 due to an off-by-one error in process_cgivars() (contrib/daemonchk.c). The flaw can cause a heap-based buffer over-read, enabling remote authenticated users to read process memory or trigger a denial of service. Public references in multiple advisories (De...
CVE-2013-7108
CVE-2013-7108 affects Nagios Core 3.5.1, 4.0.2 and older, and Icinga up to certain releases. It is an off-by-one/heap-over-read flaw in process_cgivars() triggered by a long parameter value, allowing remote authenticated users to read process memory or cause a DoS. Affected products include Nagio...
Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20131121)
This update fixes the following security issues : - A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload UFO feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their...
Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service
source: https://www.securityfocus.com/bid/64363/info Icinga is prone to multiple memory-corruption vulnerabilities due to an off-by-one condition. Attackers may exploit these issues to gain access to sensitive information or crash the affected application, denying service to legitimate users...
Icinga - cgiconfig.c process_cgivars Function Off-by-One Read Remote Denial of Service
Icinga - cgiconfig.c processcgivars Function Off-by-One Read Remote Denial of Service source: https://www.securityfocus.com/bid/64363/info Icinga is prone to multiple memory-corruption vulnerabilities due to an off-by-one condition. Attackers may exploit these issues to gain access to sensitive...
CVE-2013-0853
The wavpackdecodeframe function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error...
CVE-2013-0853
The wavpackdecodeframe function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error...
CVE-2013-0853
The wavpackdecodeframe function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error...
Preparing for Managed Security Services
Wade Woolwine Presents at MIRcon® 2013 As a complement to my MIRcon® 2013 presentation titled "Getting the Best Bang for the Buck with Managed Security Providers" and to address some questions I received from the audience, I have prepared a quick summary of my presentation. Many businesses consid...
OpenSSL Denial Of Service
General info: ============= The bn multiprecision integer arithmetics part of the OpenSSL library is prone to null ptr deref, off-by-one and others resulting in DoS/crashes. Versions tested were between 0.9.8k and 1.0.1e. We were too lazcough busy to prepare the fancy table, sorry guys. Some PoC...
MySQL yaSSL Heap Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of MySQL with yaSSL. Authentication is not required to exploit this vulnerability. The specific flaw exists within the yaSSL library that is optionally used by MySQL for SSL communication. There exist...
kernel: ansi_cprng: off by one error in non-block size request
Off-by-one error in the getprngbytes function in crypto/ansicprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the...
CVE-2013-4487
Off-by-one error in the danerawtlsa in the DANE library libdane in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service memory corruption via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466...
Mozilla FireFox 24/25 All OS Freeze & Crash Exploit
This exploit is a 0day vulnerability in Mozilla FireFox = it freeze & crash system. Vulnerable softeware must visit special html page . ATTENTION! You May have to turn off your PHONE or shutdown pc : Данный эксплоит использует уязвимость нулевого дня в Мозилла firefox и может полностью вывести ва...
kernel: ansi_cprng: off by one error in non-block size request
Off-by-one error in the getprngbytes function in crypto/ansicprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the...
Important: Red Hat Security Advisory: kernel-rt security and bug fix update
Updated kernel-rt packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 2.4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...
CentOS Update for kernel CESA-2013:1449 centos5
Check for the Version of kernel OpenVAS Vulnerability Test CentOS Update for kernel CESA-2013:1449 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...