PowerDNS Authoritative Server Packet Resolution Error Vulnerability

PowerDNS Authoritative Server provides DNS-related products and services. PowerDNS Authoritative Server versions 3.4.4-3.4.7 fail to properly process carefully constructed query packets and contain a packet parsing security vulnerability that can be exploited by remote attackers to cause a denial...

UBUNTU-CVE-2015-3148

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request...

CA Spectrum Elevation of Privilege Vulnerability

CA Spectrum formerly known as CA Spectrum Infrastructure Manage is a set of converged infrastructure management software developed by CA. The software provides fault management, application performance management and failure cause analysis and other functions. A security vulnerability exists in C...

CVE-2 0 1 5-0 2 0 4 OpenSSL FREAK Attack vulnerability detection methods and repair recommendations-vulnerability warning-the black bar safety net

0×0 1 Introduction Near the Lantern Festival on the occasion, OpenSSL and because of the FREAK attack（also known as the Factoring Attack on RSA-EXPORT Keys vulnerability or CVE-2 0 1 5-0 2 0 4. the vulnerability fights uproar. Apple and Google are in on Tuesday indicated that they are fixing the...

Symantec NetBackup OpsCenter Arbitrary Code Execution Vulnerability

Symantec NetBackup OpsCenter is a unified data protection management software from Symantec Symantec. The software allows centralized monitoring and reporting of the operational status of heterogeneous data protection environments through a console. A security vulnerability exists in Symantec...

DEBIAN-CVE-2014-9620

The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes...

DEBIAN-CVE-2014-4344

The accctxcont function in the SPNEGO acceptor in lib/gssapi/spnego/spnegomech.c in MIT Kerberos 5 aka krb5 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty continuation token at a certain point...

UBUNTU-CVE-2014-5177

libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the 1 virDomainDefineXML, 2 virNetworkCreateXML, 3...

DEBIAN-CVE-2014-0172

Integer overflow in the checksection function in dwarfbeginelf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a malformed compressed debug section in an ELF...

PYSEC-2014-54

Multiple cross-site scripting XSS vulnerabilities in 1 spamProtect.py, 2 pts.py, and 3 request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

DEBIAN-CVE-2013-6422

The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification CURLOPTSSLVERIFYPEER, also disables the CURLOPTSSLVERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle MITM...

UBUNTU-CVE-2013-4435

Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...

DEBIAN-CVE-2013-5093

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object...

python-keystoneclient: middleware memcache encryption and signing bypass

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass...

python-keystoneclient: middleware memcache encryption and signing bypass

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass...

DEBIAN-CVE-2012-2768

Multiple cross-site scripting XSS vulnerabilities in the topic administration page in the RTFM extension 2.0.4 through 2.4.3 for Best Practical Solutions RT allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

PT-2012-1838 · Moodle · Moodle

Name of the Vulnerable Software and Affected Versions: Moodle versions 1.9.x through 1.9.11 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The vulnerabilities are related to UR...

JNDI: unauthenticated remote write access is permitted by default

The 1 JNDI service, 2 HA-JNDI service, and 3 HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly...

DEBIAN-CVE-2011-1528

The krb5ldaplockoutaudit function in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service assertion failure and daemon exit via unspecified vectors, related to the...

CVE-2011-1689

Multiple cross-site scripting XSS vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...