Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying entries 1 - 10 of 57353 in total

NAT-PMP Malicious Port Mapping (R7-2014-17) Vulnerability

  • Severity: 9
  • Published: October 19, 2014

When NAT-PMP is improperly implemented or configured and it responds to queries from IP addresses not behind NAT, it possible for remote attackers to manipulate the firewall and NAT rules of the affected device to possibly:

  • Intercept network traffic destined to the internal or ext...

NAT-PMP External Address Information Disclosure (R7-2014-17) Vulnerability

  • Severity: 4
  • Published: October 19, 2014

When NAT-PMP is improperly implemented or configured and it responds to queries from IP addresses not behind NAT, the "external address" can disclose internal addressing schemes which may be useful in launching further attacks.

SUSE Linux Security Advisory: SUSE-SU-2014:1294-1 Vulnerability

  • Severity: 4
  • Published: October 16, 2014

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

OpenSSL (CVE-2014-3513) Vulnerability

  • Severity: 4
  • Published: October 15, 2014

A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for b...

OpenSSL (CVE-2014-3567) Vulnerability

  • Severity: 4
  • Published: October 15, 2014

When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this ...

USN-2385-1: OpenSSL vulnerabilities Vulnerability

  • Severity: 4
  • Published: October 15, 2014

It was discovered that OpenSSL incorrectly handled memory when parsingDTLS SRTP extension data. A remote attacker could possibly use this issueto cause OpenSSL to consume resources, resulting in a denial of service.This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.(CVE-2014-3513) It was discovered that OpenSSL incorrectly ha...

SUSE Linux Security Advisory: CVE-2014-2576 Vulnerability

  • Severity: 4
  • Published: October 15, 2014

plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.

Centreon SQL and Command Injection Exploit

Disclosed: October 15, 2014

This module exploits several vulnerabilities on Centreon 2.5.1 and prior and Centreon Enterprise Server 2.2 and prior. Due to a combination of SQL injection and command injection in the displayServiceStatus.php component, it is possible to execute arbitrary commands as long as there is a valid session registered in the ce...

ELSA-2014-1655 Moderate: Oracle Linux 7 libxml2 security update Vulnerability

  • Severity: 4
  • Published: October 15, 2014

Oracle Linux Security Advisory ELSA-2014-1655 https://access.redhat.com/errata/RHSA-2014:1655.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: libxml2-2.9.1-5.0.1.el7_0.1.i686.rpm libxml2-2.9.1-5.0.1.el7_0.1.x86_64.rpm libxml2-devel-2.9.1-5.0.1.el7_0.1.i686.rpm libxml2-de...

OpenSSL (CVE-2014-3568) Vulnerability

  • Severity: 4
  • Published: October 15, 2014

When OpenSSL is configured with "no-ssl3" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them.