47153 matches found
CVE-2013-2155: Apache Santuario C++ denial of service vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2013-2155: Apache Santuario XML Security for C++ contains denial of service and hash length bypass issues while processing HMAC signatures Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Santuario XML Security...
FreeBSD mmap+ptrace vulnerability
It's possible to modify mmap memory mapped files via ptrace...
Re: CVE-2013-2156: Apache Santuario C++ heap overflow vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2013-2156: Apache Santuario XML Security for C++ contains heap overflow while processing InclusiveNamespace PrefixList Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Santuario XML Security for C++ library...
[ MDVSA-2013:180 ] curl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:180 http://www.mandriva.com/en/support/security/ Package : curl Date : June 27, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and correcte...
Apple iOS personal hotspot unauthorized access
Password is generated using short wordlist...
xml-security-c security vulnerabilities
Stack overflow, heap buffer overflow...
nfs-utils rpc.gssd privilege escalation
Unsafe PTR DNS record resoulution is used in a security related operation...
Barracuda CudaTel 2.6.02.04 - Persistent Web Vulnerability
Title: ====== Barracuda CudaTel 2.6.02.04 - Persistent Web Vulnerability Date: ===== 2013-06-21 References: =========== http://vulnerability-lab.com/getcontent.php?id=777 BARRACUDA NETWORK SECURITY ID: BNSEC-834 VL-ID: ===== 777 Common Vulnerability Scoring System:...
CVE-2013-2153: Apache Santuario C++ signature bypass vulnerability
CVE-2013-2153: Apache Santuario XML Security for C++ contains an XML Signature Bypass issue Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Santuario XML Security for C++ library versions prior to V1.7.1 Description: The implementation of XML digital signatures...
Apple and Wifi Hotspot Credentials Management Vulnerability
This vulnerability was published to the OWASP Mobile Security list as a research paper by Andreas Kurtz, Daniel Metz and Felix Freiling. See "Cracking iOS personal hotspots using a Scrabble crossword game word list,"...
Happy Birthday FreeBSD! Now you are 20 years old and your security is the same as 20 years ago... :)
$ uname -a FreeBSD fbsd91x64 9.1-RELEASE FreeBSD 9.1-RELEASE 0 r243825: Tue Dec 4 09:23:10 UTC 2012 [email protected]:/usr/obj/usr/src/sys/GENERIC amd64 $ id uid=1001hunger gid=1002hunger groups=1002hunger $ gcc fbsd9lul.c -o fbsd9lul $ ./fbsd9lul FreeBSD 9.0,1 mmap/ptrace exploit by...
[ MDVSA-2013:178 ] nfs-utils
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:178 http://www.mandriva.com/en/support/security/ Package : nfs-utils Date : June 25, 2013 Affected: Business Server 1.0 Problem Description: Updated nfs-utils packages fix security vulnerability It was...
FreeBSD Security Advisory FreeBSD-SA-13:06.mmap [REVISED]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:06.mmap Security Advisory The FreeBSD Project Topic: Privilege escalation via mmap Category: core Module: kernel Announced: 2013-06-18 Credits: Konstantin...
[SECURITY] [DSA 2710-1] xml-security-c security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2710-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso June 18, 2013 http://www.debian.org/security/faq -...
telepathy-gabbleprotection bypass
TLS required flag is ignored on jabber network...
[USN-1875-1] OpenStack Keystone vulnerabilities
========================================================================== Ubuntu Security Notice USN-1875-1 June 14, 2013 keystone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[USN-1831-1] OpenStack Nova vulnerability
========================================================================== Ubuntu Security Notice USN-1831-1 May 16, 2013 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
RUCKUS ADVISORY ID 031813-2: User authentication bypass vulnerability in ZoneDirector administrative web interface
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 RUCKUS ADVISORY ID 031813-2 Customer release date: March 25, 2013 Public release date: May 27, 2013 TITLE User authentication bypass vulnerability in ZoneDirector administrative web interface SUMMARY An user authentication bypass vulnerability has bee...
Wireshark multiple security vulnerabilities
Vulnerabilities in GTPv2, ASN.1 BER, PPP CCP, DCP ETSI, MPEG DSM-CC, CAPWAP, HTTP, DCP ETSI and Websocket dissectors...
DBus DoS
Crash on message processing...
HP Integrated Lights-Out unauthorized access
Unauthorized access if SSO is configured...
[security bulletin] HPSBHF02885 rev.1 - HP Integrated Lights-Out iLO3 and iLO4 using Single-Sign-On (SSO), Remote Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03787836 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03787836 Version: 1 HPSBHF02885 rev....
Avira Antivir DoS
Endless loop on PDF processing...
RUCKUS ADVISORY ID 031813-1: Unauthenticated TCP tunneling on Ruckus devices via SSH server process
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 RUCKUS ADVISORY ID 031813-1 Customer release date: March 25, 2013 Public release date: May 27, 2013 TITLE Unauthenticated TCP tunneling on Ruckus devices via SSH server process SUMMARY An user authentication bypass vulnerability has been discovered...
WebKit / Apple Safari multiple security vulnerabilities
Multiple memory corruptions and crossite scripting...
APPLE-SA-2013-06-04-1 OS X Mountain Lion v10.8.4 and Security Update 2013-002
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-06-04-1 OS X Mountain Lion v10.8.4 and Security Update 2013-002 OS X Mountain Lion v10.8.4 and Security Update 2013-002 is now available and addresses the following: CFNetwork Available for: OS X Mountain Lion v10.8 to v10.8.3 Impact: An...
Apple Mac OS X multiple security vulnerabilities
Information leakage, memory corruption on graphics and video formats parsing, privilege escalation, different libraries vulnerabilities...
[SECURITY] [DSA 2702-1] telepathy-gabble security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2702-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso June 03, 2013 http://www.debian.org/security/faq -...
Chromium / Google Chrome multiple security vulnerabilities
Use-after-free, DoS conditions, race conditions, information leakage, XSS...
LSE Leading Security Experts GmbH - LSE-2013-06-13 - Avira AntiVir Engine
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 === LSE Leading Security Experts GmbH - Security Advisory 2013-06-13 === Avira AntiVir Engine -- Denial of Service / Filtering Evasion - ------------------------------------------------------------- Affected Versions ================= Avira AntiVir...
Ubiquiti airCam buffer overflow
Buffer overflow in RTSP service...
HP Service Manager / HP ServiceCenter security vulnerabilities
Crossite scripting, information leakage...
Subversion security vulnerabilities
Few DoS conditions...
Ruckus ZoneDirector authentication bypass
Unauthorized access if external authentication protocol is configured...
PHP buffer overflow
Buffer overflow in quotedprintableencode function...
Mozilla Firefox / Microsoft Internet Explorer DoS
Crash or hang via resources exhaustion...
DoS vulnerability in Mozilla Firefox and Microsoft Internet Explorer
Hello 3APA3A! I want to warn you about Denial of Service vulnerability in Mozilla Firefox and Microsoft Internet Explorer. Earlier Jean Pascal Pereira has found DoS vulnerability in browser Firefox 14.0.1 http://1337day.com/exploit/description/19201. And at 07.04.2013 I've checked this...
pymongo DoS
NULL pointer dereference...
[SECURITY] [DSA 2705-1] pymongo security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2705-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano June 10, 2013 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2704-1] mesa security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2704-1 [email protected] http://www.debian.org/security/ Raphael Geissert June 09, 2013 http://www.debian.org/security/faq -...
[USN-1878-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-1878-1 June 14, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
[slackware-security] php (SSA:2013-161-01)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security php SSA:2013-161-01 New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+...
[SECURITY] [DSA 2706-1] chromium-browser security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2706-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano June 10, 2013 http://www.debian.org/security/faq -...
CORE-2013-0430 - Buffer overflow in Ubiquiti airCam RTSP service
Core Security - Corelabs Advisory http://corelabs.coresecurity.com Buffer overflow in Ubiquiti airCam RTSP service 1. Advisory Information Title: Buffer overflow in Ubiquiti airCam RTSP service Advisory ID: CORE-2013-0430 Advisory URL:...
[ MDVSA-2013:172 ] wireshark
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:172 http://www.mandriva.com/en/support/security/ Package : wireshark Date : June 12, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and...
[USN-1830-1] OpenStack Keystone vulnerability
========================================================================== Ubuntu Security Notice USN-1830-1 May 16, 2013 keystone vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
Mozilla Firefox 14.01 Memory Exhaustion DoS Exploit
--------------------------------------------------- Mozilla Firefox 14.01 Memory Exhaustion DoS Exploit --------------------------------------------------- Credit: Jean Pascal Pereira [email protected] Description: Mozilla Firefox is prone to a memory exhaustion vulnerability. The issue has been...
X servers and libraries security vulnerabilities
Multiple integer overflows, buffer overflows, memory corruptions, etc...
[security bulletin] HPSBMU02884 rev.1 - HP Service Manager and HP ServiceCenter, Cross Site Scripting (XSS) and Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03784101 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03784101 Version: 1 HPSBMU02884 rev....
APPLE-SA-2013-06-04-2 Safari 6.0.5
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-06-04-2 Safari 6.0.5 Safari 6.0.5 is now available and addresses the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.3 Impact: Visiting a maliciously crafted website may lead to an...