Cisco IOS Software Malformed Border Gateway Protocol Attribute Vulnerability

Cisco IOS Software contains a vulnerability in the Border Gateway Protocol BGP routing protocol feature. The vulnerability can be triggered when the router receives a malformed attribute from a peer on an existing BGP session. Successful exploitation of this vulnerability can cause all BGP...

[SECURITY] Fedora 17 Update: libguac-0.6.3-1.fc17

Guacamole is an HTML5 web application that provides access to desktop environments using remote desktop protocols such as VNC or RDP. A centraliz ed server acts as a tunnel and proxy, allowing access to multiple desktops thr ough a web browser. No plugins are needed: the client requires nothing...

RedHat Update for qpid RHSA-2012:1269-01

Check for the Version of qpid OpenVAS Vulnerability Test RedHat Update for qpid RHSA-2012:1269-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

RedHat Update for qpid RHSA-2012:1269-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Authentication flaw

The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force...

CVE-2012-3137

CVE-2012-3137 affects Oracle Database Server (10.2.x, 11.1.x, 11.2.x series). The issue is a flaw in the O5LOGIN authentication protocol that lets remote attackers obtain the session key and salt for arbitrary users, leaking information about the password hash and enabling brute-force password gu...

CVE-2012-3725

CVE-2012-3725 affects Apple iOS: the DNAv4 protocol in the DHCP component can cause iOS to broadcast MAC addresses of previously connected networks when joining unencrypted Wi‑Fi. This could disclose prior locations/information about a device. Mitigation noted in publicly referenced Apple advisor...

CVE-2012-2993

Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the 1 POP3, 2 IMAP, or 3 SMTP protocol via an arbitrary valid certificate...

Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20120914)

"The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'deprecatednasllevel.inc'; include'compat.inc'; if...

CVE-2012-4929

CVE-2012-4929 (CRIME) : The vulnerability stems from TLS/SSL compression, where the TLS protocol (1.2 and earlier) used by browsers (e.g., Mozilla Firefox, Google Chrome, Qt) can encrypt compressed data without hiding the length of unencrypted data. This length leakage enables a MITM attacker to ...

USN-1558-1 : linux-ti-omap4 vulnerability

A flaw was found in the Linux kernel's Reliable Datagram Sockets RDS protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. This script was automatically generated from Ubuntu Security Notice USN-1558-1. It is released under the Nessus Script Licence...

[SECURITY] Fedora 17 Update: jabberd-2.2.14-4.fc17

The jabberd project aims to provide an open-source server implementation of the Jabber protocols for instant messaging and XML routing. The goal of this project is to provide a scalable, reliable, efficient and extensible server that provides a complete set of features and is up to date with the...

Fedora Update for cifs-utils FEDORA-2012-10421

Check for the Version of cifs-utils OpenVAS Vulnerability Test Fedora Update for cifs-utils FEDORA-2012-10421 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

[SECURITY] [DSA 2533-1] pcp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2533-1 [email protected] http://www.debian.org/security/ Florian Weimer August 23, 2012 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2518-1 (krb5)

The remote host is missing an update to krb5 announced via advisory DSA 2518-1. OpenVAS Vulnerability Test $Id: deb25181.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2518-1 krb5 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

CVE-2012-1909

The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service unspendable transaction by leveraging the ability to create a...

RedHat Update for dhcp RHSA-2012:1141-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

MySQL Authentication Protocol Token Comparison Casting Failure Password Bypass

A flaw in the MySQL server allows remote users to authenticate without a valid password due to a failure when casting a randomly generated token and comparing it to an expected value. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid61393; scriptversion"1.13";...

Scientific Linux Security Update : pidgin on SL4.x, SL5.x i386/x86_64

Multiple NULL pointer dereference flaws were found in the way Pidgin handled Base64 decoding. A remote attacker could use these flaws to crash Pidgin if the target Pidgin user was using the Yahoo! Messenger Protocol, MSN, MySpace, or Extensible Messaging and Presence Protocol XMPP protocol...

Scientific Linux Security Update : pidgin on SL4.x, SL5.x i386/x86_64

Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime OSCAR protocol plug-in in Pidgin, used by the AOL ICQ and AIM insta...