(May 8) gpsd could be made to crash or possibly run programs if it receivedspecially crafted input.
Comment
Posts Tagged vulnerability
163 results.
(May 2) Stunnel, a program designed to work as an universal SSL tunnel for network daemons, is prone to a buffer overflow vulnerability when using the Microsoft NT LAN Manager (NTLM) authentication (“protocolAuthentication = NTLM”) together with the ‘connect’ protocol [More…]
Debian: 2665-1: strongswan: authentication bypass
May02
on May 2, 2013
at 11:00 am
Posted In: Uncategorized
(Apr 30) Kevin Wojtysiak discovered a vulnerability in strongSwan, an IPsec based VPN solution. When using the openssl plugin for ECDSA based authentication, an empty, zeroed [More…]
Debian: 2663-1: tinc: stack based buffer overflow
Apr24
on April 24, 2013
at 9:54 am
Posted In: Uncategorized
(Apr 22) Martin Schobert discovered a stack-based vulnerability in tinc, a virtual private network daemon. When packets are forwarded via TCP, packet length is not checked against [More…]
- Project: Joomla!
- SubProject: All
- Severity: Moderate
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: Denial of service vulnerability
- Reported Date: 2013-February-18
- Fixed Date: 2013-April-24
- CVE Number: CVE-2013-3242
Description
Object unserialize method leads to possible denial of service vulnerability.
Affected Installs
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
Contact
The JSST at the Joomla! Security Center.
Reported By: Egidio Romano
Ubuntu: 1803-1: X.Org X server vulnerability
Apr19
on April 19, 2013
at 8:36 am
Posted In: Uncategorized
(Apr 17) The X server could be made to reveal keystrokes of other users.
(Apr 15) Applications using libcurl could be made to expose sensitive informationover the network.
Ubuntu: 1799-1: NVIDIA graphics drivers vulnerability
Apr12
on April 12, 2013
at 7:47 am
Posted In: Uncategorized
(Apr 10) NVIDIA graphics drivers could be made to run programs as an administrator.
(Apr 2) Applications using libxslt could be made to crash if they processed aspecially crafted file.
(Mar 30) Matthew Horsfall of Dyn, Inc. discovered that BIND, a DNS server, is prone to a denial of service vulnerability. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or [More…]
(Mar 28) libxml2 could be made to hang if it received specially crafted input.
Debian: 2651-1: smokeping: cross-site scripting vulner
Mar22
on March 22, 2013
at 5:22 am
Posted In: Uncategorized
(Mar 20) A cross-site scripting vulnerability was discovered in smokeping, a latency logging and graphing system. Input passed to the “displaymode” parameter was not properly sanitized. An attacker could use this flaw to execute arbitrary HTML and script code in a user’s browser session in [More…]
Debian: 2648-1: firebird2.5: Multiple vulnerabilities
Mar21
on March 21, 2013
at 5:53 am
Posted In: Uncategorized
(Mar 15) A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code. In addition, a denial of service vulnerability was discovered in the TraceManager. [More…]
Debian: 2645-1: inetutils: denial of service
Mar16
on March 16, 2013
at 5:08 am
Posted In: Uncategorized
(Mar 14) Ovidiu Mara reported in 2010 a vulnerability in the ping util, commonly used by system and network administrators. By carefully crafting ICMP responses, an attacker could make the ping command hangs. [More…]
Debian: 2635-1: cfingerd: buffer overflow
Mar02
on March 2, 2013
at 3:11 am
Posted In: Uncategorized
(Mar 1) Malcolm Scott discovered a remote-exploitable buffer overflow in the rfc1413 (ident) client of cfingerd, a configurable finger daemon. This vulnerability was introduced in a previously applied patch to the cfingerd package in 1.4.3-3. [More…]
Ubuntu: 1725-1: Linux kernel vulnerability
Feb16
on February 16, 2013
at 12:56 am
Posted In: Uncategorized
(Feb 14) The system could be made to crash under certain conditions.
(Feb 12) curl could be made to crash or run programs if it opened a malicious URL.
Ubuntu: 1714-1: QXL graphics driver vulnerability
Feb05
on February 5, 2013
at 11:57 pm
Posted In: Uncategorized
(Feb 5) Guests using the QXL graphics driver could be caused to hang or crash.
(Jan 28) libssh could be made to crash if it received specially crafted networktraffic.
Ubuntu: 1683-1: Linux kernel vulnerability
Jan10
on January 10, 2013
at 8:36 pm
Posted In: Uncategorized
(Jan 10) The system could be made to leak sensitive system information.
Ubuntu: 1669-1: Linux kernel vulnerability
Dec23
on December 23, 2012
at 6:38 pm
Posted In: Uncategorized
(Dec 18) The system could be made to crash under certain conditions.
Ubuntu: 1671-1: Linux kernel vulnerability
Dec22
on December 22, 2012
at 6:26 pm
Posted In: Uncategorized
(Dec 18) The system could be made to crash under certain conditions.
Ubuntu: 1677-1: Linux kernel vulnerability
Dec21
on December 21, 2012
at 6:24 pm
Posted In: Uncategorized
(Dec 20) The system could be made to crash under certain conditions.
Ubuntu: 1667-1: bogofilter vulnerability
Dec17
on December 17, 2012
at 5:56 pm
Posted In: Uncategorized
(Dec 17) bogofilter could be made to crash or run programs if it processed aspecially crafted email.
Ubuntu: 1661-1: Linux kernel vulnerability
Dec12
on December 12, 2012
at 5:31 pm
Posted In: Uncategorized
(Dec 10) The system’s firewall could be bypassed by a remote attacker.
Ubuntu: 1660-1: Linux kernel vulnerability
Dec12
on December 12, 2012
at 5:31 pm
Posted In: Uncategorized
(Dec 10) The system’s firewall could be bypassed by a remote attacker.
Ubuntu: 1651-1: Linux kernel vulnerability
Dec05
on December 5, 2012
at 4:38 pm
Posted In: Uncategorized
(Nov 30) The system could be made to crash under certain conditions.
Ubuntu: 1650-1: Linux kernel vulnerability
Dec05
on December 5, 2012
at 4:38 pm
Posted In: Uncategorized
(Nov 30) The system could be made to crash under certain conditions.
Debian: 2573-1: radsecproxy: SSL certificate verificatio
Nov13
on November 13, 2012
at 1:51 pm
Posted In: Uncategorized
(Nov 10) Ralf Paffrath reported that Radsecproxy, a RADIUS protocol proxy, mixed up pre- and post-handshake verification of clients. This vulnerability may wrongly accept clients without checking their certificate chain under certain configurations. [More…]
Debian: 2560-1: bind9: denial of service
Oct23
on October 23, 2012
at 10:23 am
Posted In: Uncategorized
(Oct 20) It was discovered that BIND, a DNS server, hangs while constructing the additional section of a DNS reply, when certain combinations of resource records are present. This vulnerability affects both recursive and authoritative servers. [More…]