BenTasker.co.uk

Home
Blog
Whitepapers
Documentation
Shop
Feeds
Photography

Home / Blog / Security

Latest Posts

Honda Civic EGR Valve Replacement
Optimised Routing and Opportunistic Tor Enabled
Integrating against the RequestRouter Alt-Svc Hints API
Vauxhall Corsa D Headlight Bulb Replacement
Saab 9-3 Door Lock Unit Repair

Security

A guide to designing Account Security Mechanisms	26 March 2017
Don't Use Web2Tor/Tor2Web (especially Onion.cab)	04 March 2017
The State of Mobile Banking (in the UK)	21 June 2016
The DVLA is routinely sending sensitive details via email	28 December 2014
Understanding Password Storage	22 June 2014
My Own Little HeartBleed Headache	19 April 2014
Why You Shouldn't be using SHA1 or MD5 to Store Passwords	07 June 2013
Darkleech Apache attacks on the rise, but is it really that hard to detect?	02 May 2013
Republished: Tips for fighting password theft	16 May 2012
Republished: Why you should never share Login Details	16 May 2012

Page 1 of 3

Start
Prev
1
2
3
Next
End

Recent CVEs

CVE-2008-7320
CVE-2009-4031 (linux_kernel)
CVE-2009-4536 (debian_linux, linux_kernel)
CVE-2009-4537 (debian_linux, linux_kernel)
CVE-2009-4538 (debian_linux, linux_kernel)
CVE-2009-4608 (accessguardian)
CVE-2010-0003 (debian_linux, linux_kernel)
CVE-2010-0159 (debian_linux, firefox, seamonkey, thunderbird, ubuntu_linux)
CVE-2010-0291 (debian_linux, linux_kernel)
CVE-2010-0307 (debian_linux, linux_kernel, ubuntu_linux)

Return to listing

CVE-2008-7320

** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision.

CVE-2009-4031 (linux_kernel)

The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 emulator in the KVM subsystem in the Linux kernel before 2.6.32-rc8-next-20091125 tries to interpret instructions that contain too many bytes to be valid, which allows guest OS users to cause a denial of service (increased scheduling latency) on the host OS via unspecified manipulations related to SMP support.

CVE-2009-4536 (debian_linux, linux_kernel)

drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.

CVE-2009-4537 (debian_linux, linux_kernel)

drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.

CVE-2009-4538 (debian_linux, linux_kernel)

drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.

CVE-2009-4608 (accessguardian)

Cross-site scripting (XSS) vulnerability in Canon IT Solutions Inc. ACCESSGUARDIAN 3.0.14 and earlier, and 3.5.6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to authentication.

CVE-2010-0003 (debian_linux, linux_kernel)

The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address.

CVE-2010-0159 (debian_linux, firefox, seamonkey, thunderbird, ubuntu_linux)

The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.

CVE-2010-0291 (debian_linux, linux_kernel)

The Linux kernel before 2.6.32.4 allows local users to gain privileges or cause a denial of service (panic) by calling the (1) mmap or (2) mremap function, aka the "do_mremap() mess" or "mremap/mmap mess."

CVE-2010-0307 (debian_linux, linux_kernel, ubuntu_linux)

The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function.

Latest Posts

Honda Civic EGR Valve Replacement
Optimised Routing and Opportunistic Tor Enabled
Integrating against the RequestRouter Alt-Svc Hints API
Vauxhall Corsa D Headlight Bulb Replacement
Saab 9-3 Door Lock Unit Repair

License Details
Privacy Policy
Cookies
Stored Data
Sitemap

Donations BTC: 14hJYqCNLi7yJH8QkUqB2VEg3jx4pXBN5X / https://paypal.me/BTasker

Based on a template by JoomSpirit, customised by B Tasker

JoomSpirit

About this template