UBUNTU-CVE-2017-11104

Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check...

PT-2017-11743 · Cz.Nic +1 · Knot Dns +1

Name of the Vulnerable Software and Affected Versions: Knot DNS versions prior to 2.4.5 Knot DNS versions 2.5.x prior to 2.5.2 Description: The issue is related to a flaw in the TSIG protocol implementation. This flaw allows an attacker with a valid key name and algorithm to bypass TSIG...

CVE-2016-10063

Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service application crash or have other unspecified impact via a crafted file, related to extend validity...

CVE-2016-10063

Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service application crash or have other unspecified impact via a crafted file, related to extend validity...

FreeBSD : cURL -- ocsp status validation error (311e4b1c-f8ee-11e6-9940-b499baebfeaf)

The cURL project reports : SSLVERIFYSTATUS ignored curl and libcurl support 'OCSP stapling', also known as the TLS Certificate Status Request extension using the CURLOPTSSLVERIFYSTATUS option. When telling curl to use this feature, it uses that TLS extension to ask for a fresh proof of the server...

CVE-2017-2629

curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid proof, even when there is none or if the server...

CURL-CVE-2017-2629 SSL_VERIFYSTATUS ignored

curl and libcurl support "OCSP stapling", also known as the TLS Certificate Status Request extension using the CURLOPTSSLVERIFYSTATUS option. When telling curl to use this feature, it uses that TLS extension to ask for a fresh proof of the server's certificate's validity. If the server does not...

SSL_VERIFYSTATUS ignored

curl and libcurl support "OCSP stapling", also known as the TLS Certificate Status Request extension using the CURLOPTSSLVERIFYSTATUS option. When telling curl to use this feature, it uses that TLS extension to ask for a fresh proof of the server's certificate's validity. If the server does not...

Input validation

An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These specify a validity period; however, both values are optional. Crypto-J treats the lack of a nextUpda...

CVE-2016-8212

An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These specify a validity period; however, both values are optional. Crypto-J treats the lack of a nextUpda...

CVE-2016-8212

An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These specify a validity period; however, both values are optional. Crypto-J treats the lack of a nextUpda...

CVE-2016-10063

Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service application crash or have other unspecified impact via a crafted file, related to extend validity...

XMS is unable to connect to DEP - Error: "Connection failed" when testing the connection

In the XMS console, inside iOS Bulk Enrollment DEP Configuration, when importing the Token file from the DEP Portal, the connectivity test is failing with error "Connection Failed". However, XMS connectivity tests are showing that XMS is able to reach Apple's websites, the ports are correctly...

Information disclosure

Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by 1 attending or 2 hosting a meeting, aka Bug ID CSCux84312...

MOBOTIX Video Security Cameras - Cross-Site Request Forgery (Add Admin)

Add admin user Testingus: ---...

PV superpage functionality missing sanity checks

ISSUE DESCRIPTION The PV superpage functionality lacks certain validity checks on data being passed to the hypervisor by guests. This is the case for the page identifier MFN passed to MMUEXTMARKSUPER and MMUEXTUNMARKSUPER sub-ops of the HYPERVISORmmuextop hypercall as well as for various forms of...

xen-kernel -- PV superpage functionality missing sanity checks

The Xen Project reports: The PV superpage functionality lacks certain validity checks on data being passed to the hypervisor by guests. This is the case for the page identifier MFN passed to MMUEXTMARKSUPER and MMUEXTUNMARKSUPER sub-ops of the HYPERVISORmmuextop hypercall as well as for various...

R-Scripts VRS 7R Cross Site Request Forgery / Cross Site Scripting Vulnerabilities

PHP Vacation Rental Script version 7R suffers from cross site request forgery and cross site scripting vulnerabilities. R-Scripts VRS 7R Multiple Stored XSS And CSRF Vulnerabilities Vendor: R-Scripts Product web page: http://www.r-scripts.com Affected version: 7R Summary: PHP Vacation Rental Scri...

Realtyna RPL 8.9.2 CSRF / Cross Site Scripting

Realtyna RPL 8.9.2 Joomla Extension Persistent XSS And CSRF Vulnerabilities Vendor: Realtyna LLC Product web page: https://www.realtyna.com Affected version: 8.9.2 Summary: Realtyna CRM Client Relationship Management Add-on for RPL is a Real Estate CRM specially designed and developed based on...

flash-plugin: multiple code execution issues fixed in APSB15-25

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary...