Updated nss packages fix security vulnerability

A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library CVE-2017-7502...

CVE-2017-7502

A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library...

The vulnerability of the Mediaserver application’s libhevc service allows a hacker to cause the device to freeze and restart.

The vulnerability of the Mediaserver application’s libhevc service is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service failures, device freezes, and device reboots through a specially created file...

Enterprise security vulnerability notification engine-vulnerability warning-the black bar safety net

Today most enterprises are in vulnerability scanning+vulnerability announcements, there are the following two questions: 1. The drain sweep the presence of the“scan cycle is long, the scan database not updating”, etc., while the scanning report whether the number of interference terms, leading to...

DLA-597-1 libupnp - security update

Bulletin has no description...

krb5: multiple issues

CVE-2014-5355 denial of service When a server process uses the krb5recvauth function, an unauthenticated remote attacker can cause a NULL dereference by sending a zero-byte version string, or a read beyond the end of allocated storage by sending a non-null-terminated version string. The example...

OpenSSL Invalid PSS Parameters Denial of Service (CVE-2015-0208)

A denial of service vulnerability exists in OpenSSL. The vulnerability is due to a null pointer dereference when an OpenSSL application receives and processes a crafted certificate containing invalid RSA PSS parameters. A remote, unauthenticated attacker can exploit this vulnerability by sending ...

OpenSSL DHE Client Key Exchange Denial of Service (CVE-2015-1787)

A denial of service vulnerability exists in OpenSSL. The vulnerability is due to a null pointer dereference that occurs when an OpenSSL application receives and processes a Client Certificate and a crafted Client Key Exchange handshake message.A remote, unauthenticated attacker can exploit this...

Sql injection

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor NPM before 11.5, NetFlow Traffic Analyzer NTA before 4.1, Network Configuration Manager NCM before 7.3.2, IP...

CVE-2014-9566

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor NPM before 11.5, NetFlow Traffic Analyzer NTA before 4.1, Network Configuration Manager NCM before 7.3.2, IP...

SolarWinds Server & Application Monitor (SAM) Detection (HTTP)

HTTP based detection of SolarWinds Server & Application Monitor SAM. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Grinder - System to Automate the Fuzzing of Web Browsers

Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes. Grinder Nodes provide an automated way to fuzz a browser, and generate useful crash information such as call stacks with symbol information as well as logging information which can be used...

IBM Network Station Manager 2.0 R1 Race Condition Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/900/info IBM's Network Station Manager is a client/server application which facilitates management for IBM Network Stations. It is possible to locally gain root priviliges on hosts running the NetStation daemon. NetStatio...

KarjaSoft Sami HTTP Server 1.0.4/1.0.5/2.0.1 Request Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22159/info Sami HTTP Server is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to crash the server application, denying further service to legitimate users. import socket...

OpenSSL TLS Record Tampering Denial of Service (CVE-2013-4353)

A denial of service vulnerability exists in OpenSSL. The vulnerability is due to an error in handling certain TLS records during the handshake process. A remote unauthenticated attacker could exploit this vulnerability by sending tampered records to a vulnerable SSL client which could be a server...

XStream: remote code execution due to insecure XML deserialization

It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream...

Scientific Linux Security Update : pam_krb5/krb5 on SL5.x i386/x86_64

pamkrb5 address the following security issue : A flaw was found in the pamkrb5 'existingticket' configuration option. If a system is configured to use an existing credential cache via the 'existingticket' option, it may be possible for a local user to gain elevated privileges by using a different...

SmarterMail 7.x LDAP Injection

Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author : David Hoyt sqlhacker – Hoyt LLC Contact : [email protected] Home : http://cloudscan.me Dork : insite: SmarterMail Enterprise 7.2 Bug : LDAP Injection + Cross Site Scripting STORED Tested on : SmarterMail 7.x 7.2.3925 //...

SmarterMail 7.2.3925 - Persistent Cross-Site Scripting

SmarterMail 7.2.3925 - Persistent Cross-Site Scripting Source URL http://cloudscan.blogspot.com/2010/10/vendor-smartertoolscom-smartermail-7x.html Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author : David Hoyt sqlhacker – Hoyt LLC Contact : [email protected] Home :...

Debian DSA-2052-1 : krb5 - NULL pointer dereference

Shawn Emery discovered that in MIT Kerberos 5 krb5, a system for authenticating users and services on a network, a NULL pointer dereference flaw in the Generic Security Service Application Program Interface GSS-API library could allow an authenticated remote attacker to crash any server applicati...