IBM AIX digest buffer overflow in filename argument to command

Overview There is a buffer overflow in the digest command that may allow a local attacker to gain root privileges. Description The digest command is intended to be run by the qdaemon to generate a binary version of the queue configuration daemon information stored in /etc/qconfig. The digest...

Passwords sent via SSH encrypted with RC4 can be easily cracked

Overview Passwords sent using SSH with RC4 encryption can be easily cracked by an attacker who is able to capture and replay the session. This problem occurs for three reasons: SSH sessions can be replayed, the RC4 encryption algorithm has some specific weaknesses, and the SSH daemon provides too...

Adobe Acrobat products have buffer overflow in the CIDFont /Registry and /Ordering entries

Overview By embedding malicious code in a Portable Document Format PDF file, an attacker can cause arbitrary code to execute on the victim's system. Description The Adobe Acrobat PDF file format facility for specifying fonts contains buffer overflows in the /Registry and /Ordering entries. Each o...

Denial of Service Attack in NetBIOS Services

Overview The NetBIOS Name Service NBNS provides a means for hostname and address mapping on a NetBIOS-aware network. The NetBIOS over TCP/IP protocols including NBNS are described in the Internet Engineering Task Force IETF Request for Comments RFC1001 and RFC1002. These protocols do not specify ...

CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions

Overview A Speculative Race Condition SRC vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. CPU hardware utilizing speculative execution that are vulnerable to Spectre v1 are likely affected. An unauthenticated attacker can exploit this...

Vulnerabilities in TP-Link routers, WR710N-V1-151022 and Archer C5 V2

Overview TP-Link router WR710N-V1-151022 running firmware published 2015-10-22 and Archer-C5-V2-160201 running firmware published 2016-02-01 are susceptible to two vulnerabilities: 1. A buffer overflow during HTTP Basic Authentication allowing a remote attacker to corrupt memory allocated on a he...

SMA Technologies OpCon UNIX agent adds the same SSH key to all installations

Overview SMA Technologies OpCon UNIX agent adds the same SSH key on every installation and subsequent updates. An attacker with access to the private key can gain root access on affected systems. Description During OpCon UNIX agent installation and updates, an SSH public key is added to the root...

Flash Seats Mobile App for Android and iOS fails to validate SSL certificates

Overview Flash Seats Mobile App for Android, version 1.7.9 and earlier, and for iOS, version 1.9.51 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks. Description CWE-295: Improper...

Objective Systems ASN1C generates code that contains a heap overflow vulnerability

Overview ASN.1 is a standard representation of data for networking and telecommunications applications. Objective System's ASN1C compiler generates C and C++ code that may be vulnerable to heap overflow. Description CWE-122: Heap-based Buffer Overflow - CVE-2016-5080ASN1C is used to generate...

libarchive contains a heap-based buffer overflow due to improper input validation

Overview An attacker may be able to coerce a user into executing arbitrary code in the context of the current user by attempting to unzip a crafted zip file provided by the attacker. Description CWE-20: Improper Input Validation - CVE-2016-1541A crafted zip file can provide an incorrect compresse...

IKE/IKEv2 protocol implementations may allow network amplification attacks

Overview Implementations of the IKEv2 protocol are vulnerable to network amplification attacks. Description CWE-406: Insufficient Control of Network Message Volume Network Amplification IKE/IKEv2 and other UDP-based protocols can be used to amplify denial-of-service attacks. In some scenarios, an...

Qolsys IQ Panel contains multiple vulnerabilities

Overview All firmware versions of Qolsys IQ Panel contain hard-coded cryptographic keys, do not validate signatures during software updates, and use a vulnerable version of Android OS. Description Qolsys IQ Panel is an Android OS-based touch screen controller for home automation devices and...

Mozilla Network Security Services (NSS) fails to properly verify RSA signatures

Overview The Mozilla Network Security Services NSS library fails to properly verify RSA signatures due to incorrect ASN.1 parsing of DigestInfo. This vulnerability may allow an attacker to forge a RSA signature, such as a SSL certificate. Description CWE-295: Improper Certificate Validation RSA...

Datum Systems satellite modem devices contain multiple vulnerabilities

Overview Datum Systems PSM-4500 and PSM-500 series satellite modem devices contain multiple vulnerabilities Description CWE-220:Sensitive Data Under FTP Root - CVE-2014-2950The Datum Systems SnIP operating system on PSM-4500 and PSM-500 satellite modem devices has FTP enabled by default with no...

Dell ML6000 and Quantum Scalar i500 tape backup system command injection vulnerability

Overview Dell ML6000 and Quantum Scalar i500 tape backup system contain a command injection vulnerability. Description CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'Dell's and Quantum's advisories state the following: The tape library's remote use...

avast! Mobile Security Android application denial-of-service vulnerability

Overview avast! Mobile Security Android application version 2.0.3587, and possibly earlier versions, contains a denial-of-service vulnerability. Description avast! Mobile Security version 2.0.3587 crashes if an Intent is sent to com.avast.android.mobilesecurity.app.scanner.DeleteFileActivity with...

The TigerText Free Consumer Private Texting App (iOS) sends unencrypted user information in support requests

Overview The TigerText Free Consumer Private Texting App iOS sends unencrypted user information to TigerText support. Description The TigerText app generates an unencrypted log file containing the TigerText username and password on the device when a user taps on "Contact Customer Support." An ema...

Askiaweb survey application contains multiple vulnerabilities

Overview The Askiaweb survey application contains multiple vulnerabilities. Description The Askiaweb survey application contains multiple vulnerabilities.CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' - CVE-2013-0123 The administration interface for the...

BigAnt IM Message server and components contain multiple vulnerabilities

Overview BigAnt IM Message server and components contain multiple vulnerabilities which could allow an attacker to perform administrative functions on the the system Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' - CVE-2012-6273During the SH...

Adobe Shockwave player installs Xtras without prompting

Overview Adobe Shockwave Player installs Xtras that are signed by Adobe or Macromedia without prompting, which can allow an attacker to target vulnerabilities in older Xtras. Description Adobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia and Adobe...

libpng invalid sCAL chunk processing vulnerability

Overview libpng reads uninitialized memory when processing invalid sCAL chunks. Description When libpng encounters a sCAL chunk that is empty it will read uninitialized memory. libpng also does not properly handle a sCAL chunk that lacks the terminating zero between the two strings...

Imperva SecureSphere management GUI contains an XSS vulnerability

Overview An XSS vulnerability exists in the Imperva SecureSphere management GUI. Description Dell SecureWorks' SWRX-2011-001 advisory states:"A vulnerability exists in Imperva SecureSphere due to improper validation of user-controlled input. User-controllable input is not properly sanitized for...

FreeType 2 CFF font stack corruption vulnerability

Overview FreeType 2 contains a vulnerability in the processing of CFF fonts, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description FreeType is a font engine that can open and process font files. FreeType 2 includes the ability to handle a...

libpng fails to limit number of rows in header

Overview Libpng contains a vulnerability in the way it handles images containing an extra row of image data beyond the height reported in the image header. Description A vulnerability exists in the way libpng receives an extra row of image data beyond the height reported in the header of the imag...

IntelliCom NetBiter Config HICP hostname buffer overflow

Overview The IntelliCom NetBiter Config HICP configuration utility has a buffer overflow vulnerability that can be triggered by a specially crafted hostname hn value. An attacker with network access could exploit this vulnerability to execute arbitrary code with the privileges of the user running...

Microsoft Windows DNS Server response validation vulnerability

Overview The Microsoft Windows DNS server contains a response validation vulnerability. If successfully exploited, this vulnerability may allow an attacker to poison the affected DNS server's cache. Description The Domain Name System DNS is responsible for translating host names to IP addresses a...

Microsoft Internet Explorer 6 contains a cross-domain vulnerability

Overview Microsoft Internet Explorer 6 is vulnerable to a cross-domain scripting violation, which can allow a remote, unauthenticated attacker to access the content of a web page in a different domain. Description IE uses a cross-domain security model to maintain separation between browser frames...

GnuTLS Server Name extension Denial of Service

Overview A vulnerability exists in GnuTLS that may allow a remote attacker to cause a denial of service. Description GnuTLS contains a vulnerability in gnults-serv that may result in a denial of service when handling a specially crafted Client Hello message. According to CERT-FI Vulnerability...

Apple Safari fails to properly handle a file name

Overview A vulnerabilty in Apple Safari handles specially crafted file name may allow execution of arbitrary code or denial of service. Description According to Apple Safari 3.1.1:A memory corruption issue exists in Safari's file downloading. By enticing a user to download a file with a malicious...

Microsoft Word code execution vulnerability

Overview Microsoft Word contains a vulnerability that may allow an attacker to execute arbitrary code. Description Per Microsoft Security Bulletin MS08-009:A remote code execution vulnerability exists in the way that Word handles specially crafted Word files. The vulnerability could allow remote...

Adobe Flash Player asfunction protocol may enable cross-site scripting

Overview The Adobe Flash player asfunction protocol could allow an attacker to conduct cross-site scripting attacks on websites that host vulnerable Flash files. Description The Adobe Flash Player is a player for the Flash media format and enables frame-based animations and multimedia to be viewe...

MIT Kerberos 5 kadmind buffer overflow vulnerability

Overview An unspecified vulnerability in MIT Kerberos kadmind server may allow an attacker to execute arbitrary code. Description Kerberos is a network authentication system that uses a trusted third party to authenticate clients and servers to each other. It is designed to provide strong...

Axis Communications CamImage ActiveX control stack buffer overflow

Overview The Axis Communications CamImage ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to run arbitrary code on a vulnerable system. Description Axis Communications provides an ActiveX control for viewing motion JPEG streams in Microsoft...

Internet Pictures Corporation iPIX Image Well ActiveX controls contain buffer overflows

Overview The Internet Pictures Corporation iPIX Image Well ActiveX controls contain buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Internet Pictures Corporation has produced equipment and software to create 360...

file integer overflow vulnerability

Overview The file program contains a vulnerability that may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description file is a program for Unix-like operating systems that is used to determine what type of data is contained in a file.file contains a buffer...

NETxAutomation NETxEIB OPC Server fails to properly validate OPC server handles

Overview The NETxAutomation NETxEIB OPC Server contains a vulnerability that may allow a remote attacker to execute arbitary code or cause a denial-of-service. Description OLE for Process Control OPC is a specification for a standard set of OLE COM objects for use in the process control and...

Linux Kernel vulnerable to DoS via the ipv6_getsockopt_sticky() function

Overview The Linux Kernel contains a vulnerability that may allow a remote attacker to create a denial-of-service condition. Description Internet Protocol version 6 IPv6 is a IP standard that is designed to replace the Internet Protocol version 4 IPv4. The Linux kernel provides IPv6 support, and...

Apple QuickTime movie heap buffer overflow vulnerability

Overview The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description Apple QuickTime contains a heap buffer overflow vulnerability. This vulnerability may allow an...

Apple Mac OS X Finder DMG volume name buffer overflow

Overview Apple Mac OS X Finder fails to properly handle DMG files with large volume names, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description DMG files are disk images that can contain a variety of filesystems. Apple Mac OS X Finder...

Microsoft Excel memory access vulnerability

Overview An unspecified vulnerability in Microsoft Excel may allow a remote attacker to execute arbitrary code. Description Microsoft Excel contains a vulnerability. According to Microsoft Security Bulletin MS07-015 The vulnerability is caused when Excel opens a specially crafted Excel file which...

PGP Desktop service fails to validate user supplied data

Overview PGP Desktop fails to properly validate objects passed into the PGP Desktop service. This vulnerability may allow a remote, authenticated attacker to execute arbitrary code. Description PGP Desktop versions prior to 9.5.1 fail to properly validate objects passed into the PGP Desktop servi...

Citrix ICA Client ActiveX control buffer overflow

Overview A vulnerability in an ActiveX control provided with the Citrix Presentation Server Client could allow a remote attacker to execute arbitrary code on an affected system. Description The Citrix Presentation Server Client software provides an ActiveX control that can be used to integrate th...

ICONICS Dialog Wrapper Module ActiveX control vulnerable to buffer overflow

Overview ICONICS Dialog Wrapper Module ActiveX control contains a buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description OLE for Process Control OPC is a specification for a standard set of OLE COM objects for use in the proce...

Mozilla Layout Engine vulnerability

Overview A vulnerability exists in the Mozilla Layout Engine that may allow a remote attacker to compromise a vulnerable system. Description The Mozilla Layout Engine contains an unspecified vulnerability that may result in memory corruption. The impact of this memory corruption is unclear...

Apple Mac OS X Finder fails to properly handle malformed .DS_Store files

Overview Apple Finder fails to properly handle malformed .DSStore files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description .DSStore files are hidden files used by Apple Finder to control the display of a folder and its contents.According to App...

Sky Software FileView ActiveX control buffer overflow vulnerability

Overview The Sky Software FileView ActiveX control contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Sky Software FileView object is an ActiveX control that is provided with several...

Mozilla products allow execution of arbitrary JavaScript

Overview Multiple Mozilla products allow running JavaScript to be recompiled while executing. This vulnerability may allow a remote attacker to execute arbitrary JavaScript bytecode. Description According to Mozilla Foundation Security Advisory 2006-67: ...it was possible to modify a Script objec...

Mozilla products vulnerable to memory corruption

Overview A vulnerability exists in the way Mozilla products process JavaScript. This vulnerability may allow an attacker to execute arbitrary code. Description The Mozilla Foundation supports several Open Source projects, including the Mozilla, Seamonkey, and Firefox web browsers. The Thunderbird...

Wireshark contains an unspecified vulnerability in the DHCP dissector

Overview Wireshark contains a vulnerability in the DHCP dissector that may cause a denial-of-service condition. Description Wireshark for Microsoft Windows contains a vulnerability in the DHCP dissector that may cause a denial-of-service condition. This vulnerability may be exploited when the...

Microsoft XML Core Services XMLHTTP ActiveX control fails to properly interpret certain HTTP operations

Overview The Microsoft XML Core Services XMLHTTP ActiveX control fails to properly interpret certain HTTP operations. An attacker who exploits this vulnerability may be able to read cookies or view other sensitive data from a vulnerable system. Description Microsoft XML Core Services MSXML allow...