 |
|
|
|
Pidgin memory corruption
updated since 26.06.2008 | | Published: |  | 26.05.2009 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 9114 | | Type: |  | remote | | Level: |  | 6/10 | | Description: |  | Memory corruption on malcrafted filename in MSN protocol. Buffer overflow on Jabber file transfer. Buffer overflow in QQ protocol. |
| Affected: |  | PIDGIN : Pidgin 2.4 | | CVE: |  | CVE-2009-1376 (Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.) | | | | CVE-2009-1375 (The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol.) | | | | CVE-2009-1374 (Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet.) | | | | CVE-2009-1373 (Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.) |
| cscope buffer overflow | | Published: | | 26.05.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9935 | | Type: | | local | | Level: | | 5/10 | | Description: | | Buffer overflow on oversized included file name. |
| Affected: | | CSCOPE : cscope 15.6 | | CVE: | | CVE-2009-1577 (Multiple stack-based buffer overflows in the putstring function in find.c in Cscope before 15.6 allow user-assisted remote attackers to execute arbitrary code via a long (1) function name or (2) symbol in a source-code file.) | | | | CVE-2009-0148 (Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541.) |
| Nortel Contact Center Manager Server multiple security vulnerabilities | | Published: | | 26.05.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9938 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Authentication bypass, information leak. |
| ntpd buffer overflow | | Published: | | 26.05.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9937 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Buffer overflow if autokey option is enabled. |
| Affected: | | NTP : ntp 4.2 | | CVE: | | CVE-2009-1252 (Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.) |
| ATEN IP KVM Switches multiple cryptographic vulnerabilities | | Published: | | 26.05.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9939 | | Type: | | m-i-t-m | | Level: | | 5/10 | | Description: | | Same SSL certificate is used for all devices, static symmetric key is used for code signing, mouse events are not encrypted, predictable session key is used. |
| Affected: | | ATEN : ATEN KH1516i | | | | ATEN : ATEN KN9116 | | | | ATEN : Aten PN9108 | | CVE: | | CVE-2009-1477 (The https web interfaces on the ATEN KH1516i IP KVM switch with firmware 1.0.063, the KN9116 IP KVM switch with firmware 1.1.104, and the PN9108 power-control unit have a hardcoded SSL private key, which makes it easier for remote attackers to decrypt https sessions by extracting this key from their own switch and then sniffing network traffic to a switch owned by a different customer.) | | | | CVE-2009-1474 (The ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not (1) encrypt mouse events, which makes it easier for man-in-the-middle attackers to perform mouse operations on machines connected to the switch by injecting network traffic; and do not (2) set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.) | | | | CVE-2009-1473 (The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified "client-side calculations.") | | | | CVE-2009-1472 (The Java client program for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 has a hardcoded AES encryption key, which makes it easier for man-in-the-middle attackers to (1) execute arbitrary Java code, or (2) gain access to machines connected to the switch, by hijacking a session.) |
| COWON America jetCast buffer overflow | | Published: | | 26.05.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9941 | | Type: | | local | | Level: | | 4/10 | | Description: | | Buffer overflow on MP3 parsing. |
Mozilla Firefox / Microsoft Internet Explorer / Opera /Google Chrome DoS
updated since 26.05.2009 | | Published: | | 10.07.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9940 | | Type: | | client | | Level: | | 3/10 | | Description: | | Hang on circle with large radius value in SVG tags. Hang and memory leak on reload with keygen tag. |
acpid DoS
updated since 26.05.2009 | | Published: | | 23.10.2011 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9936 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Large number of connections leads to endless loop. |
| Affected: | | ACPID : acpid 1.0 | | | | ACPID : acpid 2.0 | | CVE: | | CVE-2011-1159 (acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted application that performs a connect system call but no read system calls.) | | | | CVE-2009-0798 (ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.) |
|
|
|
|
|
|
|
|
