cve details

Wireshark Frame Metadissector Denial-of-Service Vulnerability (CVE-2014-4020) Release date:Updated on: Affected Systems:Wireshark 1.10.0-1.10.7Description:--------------------------------------------------------------------------------Bugtraq id: 68044CVE (CAN) ID: CVE-2014-4020Wireshark is the most popular network protocol parser.Wireshark 1.10.0-1.10.7 has an error in frame metadissector. Attackers can us

Mozilla Firefox Memory Corruption Vulnerability (CVE-2014-1540) Release date:Updated on: Affected Systems:Mozilla Firefox lt; 30.0Description:--------------------------------------------------------------------------------Bugtraq id: 67978CVE (CAN) ID: CVE-2014-1540Firefox/Thunderbird/SeaMonkey is the WEB browser and mail/newsgroup client released by Mozilla.In Event Listener versions earlier than Mozilla

Reexploit Remote Code Execution Vulnerability (CVE-2014-3165) after Google Chrome is released) Release date:Updated on: Affected Systems:Google Chrome Description:--------------------------------------------------------------------------------Bugtraq id: 69201CVE (CAN) ID: CVE-2014-3165Google Chrome is a Web browser tool developed by Google.In versions earlier than Chrome 36.0.1985.143, modules/websockets/W

OpenSSL DTLS Remote Denial of Service Vulnerability (CVE-2014-3510) Release date:Updated on: Affected Systems:OpenSSL Project OpenSSL Description:--------------------------------------------------------------------------------Bugtraq id: 69082CVE (CAN) ID: CVE-2014-3510OpenSSL is an open-source SSL implementation that implements high-strength encryption for network communication. It is widely used in variou

OpenSSL DTLS Remote Denial of Service Vulnerability (CVE-2014-3506) Release date:Updated on: Affected Systems:OpenSSL Project OpenSSL Description:--------------------------------------------------------------------------------Bugtraq id: 69076CVE (CAN) ID: CVE-2014-3506OpenSSL is an open-source SSL implementation that implements high-strength encryption for network communication. It is widely used in variou

CKEditor Preview plug-in Cross-Site Scripting Vulnerability (CVE-2014-5191) Release date:Updated on: Affected Systems:Drupal CKEditor Description:--------------------------------------------------------------------------------Bugtraq id: 69161CVE (CAN) ID: CVE-2014-5191CKEditor is a WYSIWYG text editor used in webpages.CKEditor 4.4.3 Preview plug-in has a cross-site scripting vulnerability. Remote attacke

Apache Cordova For Android Information Leakage Vulnerability (CVE-2014-3502) Release date:Updated on: Affected Systems:Apache Group Cordova Description:--------------------------------------------------------------------------------Bugtraq id: 69046CVE (CAN) ID: CVE-2014-3502Apache Cordova is a platform for building local mobile applications using HTML, CSS, and JavaScript.Android applications built with Ap

OpenSSL SRP Remote Denial of Service Vulnerability (CVE-2014-3512) Release date:Updated on: Affected Systems:OpenSSL Project OpenSSL Description:--------------------------------------------------------------------------------Bugtraq id: 69083CVE (CAN) ID: CVE-2014-3512OpenSSL is an open-source SSL implementation that implements high-strength encryption for network communication. It is widely used in various

Wireshark RLC parser DoS Vulnerability (CVE-2014-5164) Release date:Updated on: Affected Systems:Wireshark Description:--------------------------------------------------------------------------------Bugtraq id: 69002CVE (CAN) ID: CVE-2014-5164Wireshark is the most popular network protocol parser.In the RLC parser of Wireshark 1.10.0-1.10.8, The rlc_decode_li function in epan/dissectors/packet-rlc.c initiali

Wireshark Catapult IrDA parser Denial of Service Vulnerability (CVE-2014-5161) Release date:Updated on: Affected Systems:Wireshark Description:--------------------------------------------------------------------------------Bugtraq id: 69001CVE (CAN) ID: CVE-2014-5161Wireshark is the most popular network protocol parser.In the IrDA parser of Wireshark 1.10.0-1.10.8, The dissect_log function in the plugins/ir

CVE-2015-3795 Http://blog.wuntee.sexy/CVE-2015-3795/ 0x00 background This vulnerability was reported to Apple in June 4. This vulnerability was fixed in the 10.10.5 security update released on April 9, August 13. Related information:Apple advisoryNIST-CVSS 9.3 0x01 mach_shark I have mentioned mach_shark several times in my previous articles. One purpose of this tool is to create a small c-stub function

PCRE Denial of Service Vulnerability (CVE-2015-2328) Release date:Updated on: Affected Systems:PCRE pcreDescription:CVE (CAN) ID: CVE-2015-2328 PCRE (Perl Compatible Regular Expressions) is a Perl library, including a perl-Compatible Regular Expression Library. A heap buffer overflow vulnerability exists in PCRE 8.36 and earlier versions. Using a regular expression constructed, remote attackers can expl

Apache Struts CSRF Bypass Vulnerability (CVE-2014-7809) Release date:Updated on: Affected Systems:Apache Group Struts 2.0.0-2.3.20Description:CVE (CAN) ID: CVE-2014-7809 Struts is an open source architecture used to build Web applications. The token value generated by Apache Struts 2.0.0-2.3.20 can be predicted, which allows remote attackers to bypass the CSRF protection mechanism. Link: http://www.sec

Google Chrome information leakage (CVE-2014-7909) Release date:Updated on: Affected Systems:Google Chrome Description:Bugtraq id: 71167CVE (CAN) ID: CVE-2014-7909 Google Chrome is a Web browser tool developed by Google. Chrome versions earlier than 39.0.2171.65 have the information leakage vulnerability. Attackers can exploit this vulnerability to obtain sensitive information. *> Suggestion:Vendor patch: Go

Wireshark SigComp parser Remote Denial of Service Vulnerability (CVE-2014-8710) Release date:Updated on: Affected Systems:Wireshark 1.10.0-1.10.10Description:Bugtraq id: 71069CVE (CAN) ID: CVE-2014-8710 Wireshark is the most popular network protocol parser. Wireshark 1.10.0-1.10.10 has a security vulnerability in the SigComp parser when processing malformed packet tracing files. Attackers can exploit th

Wireshark AMQP parser Remote Denial of Service Vulnerability (CVE-2014-8711) Release date:Updated on: Affected Systems:Wireshark 1.10.0-1.10.10Description:Bugtraq id: 71070CVE (CAN) ID: CVE-2014-8711 Wireshark is the most popular network protocol parser. Wireshark 1.10.0-1.10.10 has a security vulnerability in the AMQP parser when processing malformed packet tracking files. Attackers can exploit this vu

QEMU multiple local security bypass vulnerabilities (CVE-2014-3689) Release date:Updated on: Affected Systems:QEMUDescription:Bugtraq id: 70997CVE (CAN) ID: CVE-2014-3689 QEMU is an open source simulator software. QEMU's vmware-vga driver (hw/display/vmware_vga.c) has a local denial-of-service vulnerability. Local attackers can exploit this vulnerability to write data to qemu memory locations and obtain

Wireshark TN5250 parser Remote Denial of Service Vulnerability (CVE-2014-8714) Release date:Updated on: Affected Systems:Wireshark 1.10.0-1.10.10Description:Bugtraq id: 71072CVE (CAN) ID: CVE-2014-8714 Wireshark is the most popular network protocol parser. Wireshark 1.10.0-1.10.10 has a security vulnerability in the TN5250 parser when processing malformed packet tracking files. Attackers can exploit thi

Detailed analysis and reproduction of CVE-2014-33930x00 vulnerability introduction: Cisco Adaptive Security Appliance (ASA) Software has a Security vulnerability in the implementation of the custom Clientless ssl vpn entry framework. unauthenticated remote attackers can exploit this vulnerability to modify the Clientless ssl vpn entry content, this vulnerability may cause credential theft, cross-site scripting, and other attacks. This vulnerability i

FFmpeg and Libav cross-border Denial of Service Vulnerability (CVE-2014-8545) Release date: 2014-3 3Updated on: Affected Systems:FFmpeg FFmpegDescription:Bugtraq id: 70886CVE (CAN) ID: CVE-2014-8545 FFmpeg is a free software that allows you to perform video, transfer, and stream functions in multiple formats of audio and video. Libav is a cross-platform free software that allows you to perform video, tra