Lucene search
K

405 matches found

Talos
Talos
added 2016/06/21 12:0 a.m.32 views

Pidgin MXIT read stage 0x3 Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0118 Pidgin MXIT read stage 0x3 Code Execution Vulnerability June 21, 2016 CVE Number CVE-2016-2376 DESCRIPTION A buffer overflows vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could...

8.1CVSS0.8AI score0.03732EPSS
Exploits1
OSV
OSV
added 2016/04/25 10:59 a.m.2 views

DEBIAN-CVE-2016-4081

epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service infinite loop via a crafted packet...

5.9CVSS5.5AI score0.02006EPSS
Exploits0References1
OSV
OSV
added 2016/04/12 12:0 a.m.3 views

UBUNTU-CVE-2016-2114

The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream...

5.9CVSS6.8AI score0.02601EPSS
Exploits0References4
OSV
OSV
added 2016/03/24 7:55 a.m.3 views

SUSE-SU-2016:0872-1 Security update for fetchmail

This update for fetchmail fixes the following issues: - CVE-2012-3482: A denial of service vulnerability in the base64 decoder during processing server NTLM protocol exchange was fixed bsc775988...

5.8CVSS6.3AI score0.01874EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2015/11/16 12:0 p.m.22 views

CVE-2015-8023

The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message...

5CVSS7.2AI score0.02582EPSS
Exploits0References3
CNVD
CNVD
added 2015/11/01 12:0 a.m.5 views

lldp 'protocols/lldp.c' buffer overflow vulnerability

lldp is a link-layer discovery protocol that allows network devices to advertise their device identity and performance on the local subnet. lldp 'protocols/lldp.c' does not perform proper bounds checking on user-submitted input, allowing an attacker to exploit the vulnerability by submitting a...

9.8CVSS6.6AI score0.05493EPSS
Exploits0References1
myhack58
myhack58
added 2015/09/10 12:0 a.m.15 views

With alphafuzzer mining network Protocol vulnerability-vulnerability warning-the black bar safety net

AlphaFuzzer digging a communication software memory corruption vulnerability AlphaFuzzer is a versatile vulnerability discovery framework, the cutoff to 1. 3 version, AlphaFuzzer contains only a file format vulnerability discovery framework. From 1. 4 version start, AlphaFuzzer increased network...

1.9AI score
Exploits0
CNVD
CNVD
added 2015/06/25 12:0 a.m.5 views

Cisco IOS Software UBR Devices SNMP Subsystem Denial of Service Vulnerability

Cisco IOS is the interconnected Internet operating system used on most Cisco Systems routers and network switches. A vulnerability in the SNMP subsystem of the Cisco Universal Broadband Router allows an authenticated, remote attacker to cause the PXF process on the PRE module to crash...

6.8CVSS6.9AI score0.02744EPSS
Exploits0References1
CISA
CISA
added 2014/10/17 12:0 a.m.14 views

OpenSSL 3.0 Protocol Vulnerability

US-CERT is aware of a design vulnerability found in the way SSL 3.0 handles block cipher mode padding. Exploitation of this vulnerability may allow a remote attacker to decrypt and extract information from inside an encrypted transaction. US-CERT recommends users and administrators review TA14-29...

6.4AI score
Exploits0References1
Cvelist
Cvelist
added 2014/10/15 12:0 a.m.60 views

CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue...

4.6AI score0.99999EPSS
Exploits7References243
UbuntuCve
UbuntuCve
added 2014/10/14 12:0 a.m.54 views

CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue...

4.3CVSS6.7AI score0.99999EPSS
Exploits7References9
RedHat Linux
RedHat Linux
added 2014/06/03 4:26 p.m.8 views

kernel: netfilter: nf_conntrack_dccp: incorrect skb_header_pointer API usages

net/netfilter/nfconntrackprotodccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via a DCCP packet that triggers a call to the 1 dccpnew, 2 dccppacket, or 3...

10CVSS7.1AI score0.10385EPSS
Exploits1References4
ThreatPost
ThreatPost
added 2014/05/21 3:11 p.m.11 views

Chip and PIN EMV Protocol security vulnerabilities found

Chip-and-PIN payment cards are coming to the United States after a long head start as a standard card-present payment method in Europe and Asia. Already, retailer Target accelerated its plan to move its branded debit and credit cards to chip-and-PIN, also known as EMV Europay, MasterCard and Visa...

7.2AI score
Exploits0References3
OSV
OSV
added 2014/01/06 4:55 p.m.1 views

DEBIAN-CVE-2013-7264

The l2tpiprecvmsg function in net/l2tp/l2tpip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2 recvmmsg, ...

4.9CVSS7.3AI score0.00434EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2013/11/08 2:12 p.m.14 views

Bitcoin Researcher Says It's 'Folly' to Ignore New Attack

The author of a paper that describes a new attack on the Bitcoin protocol says that criticisms of the paper are misguided and that there are serious problems with Bitcoin that need to be addressed. Ermin Gun Sirer, a professor at Cornell, published the paper earlier this week along with his...

7.1AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2013/02/13 12:4 p.m.2 views

CVE-2013-0075

The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service reboot via a crafted packet that terminates a TCP connection, aka "TCP FIN...

7.8CVSS5.6AI score0.69936EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/11/14 8:41 p.m.4 views

mysql: unspecified vulnerability related to the MySQL Protocol (CPU Oct 2012)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol...

7.5CVSS5.8AI score0.04501EPSS
Exploits0References4
Cvelist
Cvelist
added 2012/07/10 9:0 p.m.30 views

CVE-2012-1870

The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a...

6.3AI score0.10698EPSS
Exploits0References3
NVD
NVD
added 2012/01/28 4:5 a.m.24 views

CVE-2012-0053

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...

4.3CVSS8.3AI score0.82756EPSS
Exploits4References45
securityvulns
securityvulns
added 2011/10/16 12:0 a.m.92 views

APPLE-SA-2011-10-12-2 Apple TV Software Update 4.4

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-12-2 Apple TV Software Update 4.4 Apple TV Software Update 4.4 is now available and addresses the following: Apple TV Available for: Apple TV 4.0 through 4.3 Impact: An attacker with a privileged network position may intercept user...

9.3CVSS0.4AI score0.73327EPSS
Exploits7
Rows per page
Query Builder