Vulnerabity notice from homeland security

Vulnerabity notice from homeland security

Vulnerability Notes Database
Sponsored by the Department of Homeland Security (DHS)
DATABASE HOME
SEARCH
REPORT A VULNERABILITY
HELP
Search Results
IDDate PublicTitle
VU#20498814 Jul 2014Kaseya’s agent driver contains NULL pointer dereference
VU#53819106 Jan 2010Ghostscript crashes when passing a null ipsp->ip value to the gs_type2_interpret function
VU#24957910 Feb 2001klogd does not adequately handle NULL byte when parsing text using LogLine( )
VU#56505218 Jan 2001Passwords sent via SSH encrypted with RC4 can be easily cracked
VU#78374813 Apr 2004Microsoft Windows Virtual DOS Machine (VDM) contains null pointer dereference
VU#60984019 Oct 2001RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 do not properly handle null characters in URL
VU#65597426 Jan 2004Gaim contains a buffer overflow vulnerability in the yahoo_decode() function
VU#19036626 Jan 2004Gaim contains a buffer overflow vulnerability in the gaim_quotedp_decode() function
VU#65925118 Oct 2011Multiple MIT KRB5 KDC daemon vulnerabilities
VU#38696428 Sep 2006OpenSSL SSLv2 client code fails to properly check for NULL
VU#23665604 Aug 2004libpng png_handle_iCCP() NULL pointer dereference
VU#22803204 Mar 2007Asterisk null pointer dereference remote pre-authentication DoS vulnerability
VU#28857417 Mar 2004OpenSSL contains null-pointer assignment in do_change_cipher_spec() function
VU#26153718 Oct 2002Microsoft Windows RPC service vulnerable to DoS via NULL pointer dereference
VU#66124316 Sep 2002MIT Kerberos V5 KDC vulnerable to denial-of-service via null pointer dereference
VU#63546310 Aug 2000Microsoft SQL Server and Microsoft Data Engine (MSDE) ship with a null default password
VU#79563231 Aug 2004MIT Kerberos 5 ASN.1 decoding functions insecurely deallocate memory (double-free)
VU#65227809 Dec 2003Microsoft Internet Explorer does not properly display URLs
VU#40447026 Jan 2004Gaim contains an off-by-one buffer overflow vulnerability in the yahoo_decode() function
VU#18403001 Jul 2004MySQL fails to properly evaluate zero-length strings in the check_scramble_323() function
VU#55713611 Jul 2001Cayman gateways ship with null administrative and user level passwords
VU#11713917 Apr 2002Sambar Web Server vulnerable to sourcecode disclosure due to improper parsing of scripts
VU#21208810 Apr 2001Alcatel ADSL modems contain a null default password
VU#22697426 Jan 2004Gaim contains an off-by-one buffer overflow vulnerability in the gaim_quotedp_decode() function
VU#30997913 Jul 2012Caucho’s Quercus on Resin contains multiple vulnerabilities
VU#59626805 May 2008Wonderware SuiteLink null pointer dereference
VU#99345211 Jul 2003Sendmail fails to appropriately initialize data structures for DNS maps
VU#65014219 Dec 2013libpng 1.6.1 through 1.6.7 contain a null-pointer dereference vulnerability
VU#11792915 May 2006RealVNC Server does not validate client authentication method
VU#61177610 Jan 2002Oracle9i Application Server PL/SQL Gateway web administration interface uses null authentication by default
VU#69309207 May 2014Caldera 9.20 contains multiple vulnerabilities
VU#87114824 Nov 2012Huawei E585 pocket wifi 2 device contains multiple vulnerabilities
VU#40258029 Apr 2009Jetty HTTP server directory traversal vulnerability
VU#99258518 Mar 2008Check Point VPN-1 information disclosure vulnerability
VU#49570513 Dec 2002Multi-Tech ProxyServers ship with null password for administrative access
VU#29305107 Aug 2001Avaya Argent Office uses weak SNMP authentication mechanism
VU#58168212 Nov 2002ISC BIND 8 fails to properly dereference cache SIG RR elements with invalid expiry times from the internal database
VU#52105910 Apr 2002Microsoft Internet Information Server (IIS) vulnerable to DoS when URL request exceeds maximum allowed length
VU#43172603 Feb 2014Seowon Intech WiMAX SWU-9100 mobile router contains multiple vulnerabilities
VU#54157420 Sep 2004freeRADIUS Server vulnerable to a denial-of-service attack
VU#80609110 Jan 2002Mike Spice’s My Calendar does not adequately validate user input
VU#25010709 Jan 2002Mike Spice’s Vote does not adequately validate user input
VU#31883510 Jan 2002Mike Spice’s Quiz Me! does not adequately validate user input
VU#79695603 Oct 2006Novell GroupWise Messenger fails to properly handle HTTP POST requests.
VU#80063525 Jan 2002rsync fails to properly handle negative values specified for signed integers thereby allowing remote command execution
VU#51878206 Jul 2004Ethereal fails to properly handle malformed SMB packets
VU#34153915 Oct 2001Novell GroupWise Server web-based front-end does not adequately validate user input thereby allowing directory traversal
VU#1653210 Nov 1999BIND T_NXT record processing may cause buffer overflow
VU#10191530 Apr 2002The ISS RealSecure Network Sensor fails to properly process certain types of DHCP traffic.
VU#41211506 Jan 2003Network device drivers reuse old frame buffer data to pad packets
VU#19661716 Apr 2009Xpdf and poppler contain multiple vulnerabilities in the processing of JBIG2 data
VU#89560918 Mar 2008MIT Kerberos krb4-enabled KDC contains multiple vulnerabilities
VU#25262619 May 2008GnuTLS Client Hello repeat Denial of Service
VU#94521608 Feb 2001SSH CRC32 attack detection code contains remote integer overflow
VU#38169904 Jun 2012ISC BIND 9 zero length rdata named vulnerability
VU#67649215 Sep 2009Wireshark Endace ERF unsigned integer wrap vulnerability
VU#57315507 Jun 2001Microsoft Windows 2000 Telnet Service searches all trusted domains for user accounts
VU#13754414 May 2001Microsoft IIS FTP service searches all trusted domains for user accounts
VU#73912304 May 2001ISC BIND 9 fails to process additional data chains in responses correctly thereby causing the server to fail an internal consistency check
VU#93371219 Jun 2006gzip NULL dereference in huft_build()
VU#92068912 Mar 2007Linux Kernel vulnerable to DoS via the ipv6_getsockopt_sticky() function
VU#70245215 Nov 2012Qualcomm Android OS kernel privilege escalation and denial of service vulnerabilites
VU#94322015 Mar 2011MIT KDC vulnerable to double-free when PKINIT enabled
VU#41934403 Apr 2007MIT Kerberos 5 GSS-API library double-free vulnerability
VU#40166026 Jul 2006MIT Kerberos (krb5) ftpd and ksu do not properly validate seteuid() calls
VU#60220423 Sep 2003OpenSSH PAM challenge authentication failure
VU#82726723 Oct 2008Microsoft Server service RPC stack buffer overflow vulnerability
VU#22273922 Oct 2001Handspring VisorPhone vulnerable to DoS via SMS image transfer
VU#19537118 Jun 2002SGI IRIX rpc.xfsmd does not filter shell metacharacters from user input before invoking popen() function
VU#38966516 Dec 2002Multiple vendors’ SSH transport layer protocol implementations contain vulnerabilities in key exchange and initialization
VU#19694529 Jan 2001ISC BIND 8 contains buffer overflow in transaction signature (TSIG) handling code
VU#84999311 Feb 2003Some implementations of mod_dav contain a format string vulnerability in “ap_log_rerror()” function
VU#45674509 Jul 2009ActiveX controls built with Microsoft ATL fail to properly handle initialization data
VU#2027605 Feb 1996phf CGI Script fails to guard against newline characters
VU#96090830 Aug 2013Coursemill Learning Management System contains multiple vulnerabilities
VU#90690720 May 2008FireFTP filename directory traversal sequence vulnerability
VU#46643307 Sep 2007Web sites may transmit authentication tokens unencrypted
VU#82345207 Mar 2014Serena Dimensions CM 12.2 Build 7.199.0 web client vulnerabilities
VU#43738514 Apr 2014PaperThin CommonSpot CMS contains multiple vulnerabilities
VU#88575314 Feb 2007Mozilla browsers “location.hostname” cross-domain vulnerability
VU#82646314 Oct 2013Oracle E-Business Suite password disclosure vulnerability
VU#21839515 Apr 2008CUPS integer overflow vulnerability
VU#1828703 Jan 1999statd bounce vulnerability

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s