405 matches found
Pidgin MXIT read stage 0x3 Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0118 Pidgin MXIT read stage 0x3 Code Execution Vulnerability June 21, 2016 CVE Number CVE-2016-2376 DESCRIPTION A buffer overflows vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could...
DEBIAN-CVE-2016-4081
epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service infinite loop via a crafted packet...
UBUNTU-CVE-2016-2114
The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream...
SUSE-SU-2016:0872-1 Security update for fetchmail
This update for fetchmail fixes the following issues: - CVE-2012-3482: A denial of service vulnerability in the base64 decoder during processing server NTLM protocol exchange was fixed bsc775988...
CVE-2015-8023
The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message...
lldp 'protocols/lldp.c' buffer overflow vulnerability
lldp is a link-layer discovery protocol that allows network devices to advertise their device identity and performance on the local subnet. lldp 'protocols/lldp.c' does not perform proper bounds checking on user-submitted input, allowing an attacker to exploit the vulnerability by submitting a...
With alphafuzzer mining network Protocol vulnerability-vulnerability warning-the black bar safety net
AlphaFuzzer digging a communication software memory corruption vulnerability AlphaFuzzer is a versatile vulnerability discovery framework, the cutoff to 1. 3 version, AlphaFuzzer contains only a file format vulnerability discovery framework. From 1. 4 version start, AlphaFuzzer increased network...
Cisco IOS Software UBR Devices SNMP Subsystem Denial of Service Vulnerability
Cisco IOS is the interconnected Internet operating system used on most Cisco Systems routers and network switches. A vulnerability in the SNMP subsystem of the Cisco Universal Broadband Router allows an authenticated, remote attacker to cause the PXF process on the PRE module to crash...
OpenSSL 3.0 Protocol Vulnerability
US-CERT is aware of a design vulnerability found in the way SSL 3.0 handles block cipher mode padding. Exploitation of this vulnerability may allow a remote attacker to decrypt and extract information from inside an encrypted transaction. US-CERT recommends users and administrators review TA14-29...
CVE-2014-3566
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue...
CVE-2014-3566
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue...
kernel: netfilter: nf_conntrack_dccp: incorrect skb_header_pointer API usages
net/netfilter/nfconntrackprotodccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via a DCCP packet that triggers a call to the 1 dccpnew, 2 dccppacket, or 3...
Chip and PIN EMV Protocol security vulnerabilities found
Chip-and-PIN payment cards are coming to the United States after a long head start as a standard card-present payment method in Europe and Asia. Already, retailer Target accelerated its plan to move its branded debit and credit cards to chip-and-PIN, also known as EMV Europay, MasterCard and Visa...
DEBIAN-CVE-2013-7264
The l2tpiprecvmsg function in net/l2tp/l2tpip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2 recvmmsg, ...
Bitcoin Researcher Says It's 'Folly' to Ignore New Attack
The author of a paper that describes a new attack on the Bitcoin protocol says that criticisms of the paper are misguided and that there are serious problems with Bitcoin that need to be addressed. Ermin Gun Sirer, a professor at Cornell, published the paper earlier this week along with his...
CVE-2013-0075
The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service reboot via a crafted packet that terminates a TCP connection, aka "TCP FIN...
mysql: unspecified vulnerability related to the MySQL Protocol (CPU Oct 2012)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol...
CVE-2012-1870
The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a...
CVE-2012-0053
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...
APPLE-SA-2011-10-12-2 Apple TV Software Update 4.4
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-12-2 Apple TV Software Update 4.4 Apple TV Software Update 4.4 is now available and addresses the following: Apple TV Available for: Apple TV 4.0 through 4.3 Impact: An attacker with a privileged network position may intercept user...