Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying vulnerability details 1 - 10 of 52632 in total

NTP: Traffic amplification in clrtrap feature of ntpd Vulnerability

  • Severity: 5
  • Published: August 24, 2014

An NTP control (mode 6) message with the UNSETTRAP (31) opcode with an unknown association identifier will cause NTP to respond with two packets -- one error response packet indicating that the association identifier was invalid followed by another non-error, largely empty response. Because the number of pa...

NTP: Information disclosure in reslist feature of ntpd (CVE-2014-5209) Vulnerability

  • Severity: 5
  • Published: August 24, 2014

An NTP private (mode 7) message for the XNTPD_OLD (2) and XNTPD (3) implementation with the GET_RESTRICT (16) request code will return the list of hosts/networks that have particular restrictions applied to them. This is the equivalent of an ACL and should be considered sensitive because it can disclose the...

NTP: Traffic Amplification in peers feature of ntpd Vulnerability

  • Severity: 5
  • Published: August 24, 2014

An NTP private (mode 7) message for the XNTPD_OLD (2) and XNTPD (3) implementation with the PEER_LIST_SUM (1) request code will return the list of all hosts that a given NTP server is peering with along with clock metadata (stratum, clock delay, etc). Depending on the number of peers, an NTP servers respons...

NTP: Traffic Amplification in listpeers feature of ntpd Vulnerability

  • Severity: 5
  • Published: August 24, 2014

An NTP private (mode 7) message for the XNTPD_OLD (2) and XNTPD (3) implementation with the PEER_LIST (0) request code will return the list of all hosts that a given NTP server is peering with. Depending on the number of peers, an NTP servers response can be very large and potentially spread over many packe...

NTP: Traffic Amplification in reslist feature of ntpd Vulnerability

  • Severity: 5
  • Published: August 24, 2014

An NTP private (mode 7) message for the XNTPD_OLD (2) and XNTPD (3) implementation with the GET_RESTRICT (16) request code will return the list of hosts/networks that have particular restrictions applied to them, splitting said response over several full-length packets if necessary, allowing a DRDoS attack ...

NTP: Traffic Amplification in CTL_OP_REQ_NONCE feature of ntpd Vulnerability

  • Severity: 5
  • Published: August 24, 2014

An NTP control (mode 6) message with the CTL_OP_REQ_NONCE (12) opcode will generate a single reply that is larger (44 bytes) than the request (12 bytes). This traffic amplification vulnerability can be used to conduct DRDoS attacks.

DSA-3011-1 mediawiki -- security update Vulnerability

  • Severity: 4
  • Published: August 21, 2014

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

DSA-3010-1 python-django -- security update Vulnerability

  • Severity: 4
  • Published: August 21, 2014

Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems:

DSA-3007-1 cacti -- security update Vulnerability

  • Severity: 8
  • Published: August 21, 2014

SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

USN-2322-1: OpenStack Glance vulnerability Vulnerability

  • Severity: 4
  • Published: August 20, 2014

Thomas Leaman and Stuart McLaren discovered that OpenStack Glance did notproperly honor the image_size_cap configuration option. A remoteauthenticated attacker could exploit this to cause a denial of service viadisk consumption. The problem can be corrected by updating your system to the following package version: To update your system,...