CVE-2016-5285 (aura_application_enablement_services, aura_application_server_5300, aura_communication_manager, aura_communication_manager_messagint, aura_conferencing, aura_experience_portal, aura_messaging, aura_session_manager, aura_system_manager, aura_system_platform_firmware, aura_utility_services, breeze_platform, call_management_system, cs1000e/cs1000m_signaling_server_firmware, cs1000e_firmware, cs1000m_firmware, debian_linux, enterprise_linux, ip_office, iq, linux_enterprise_server, meeting_exchange, message_networking, nss, one-x_client_enablement_services, proactive_contact, session_border_controller_for_enterprise_firmware)

Null pointer dereference vulnerability exists in K11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime in NSS before 3.26, which causes the TLS/SSL server using NSS to crash.

View Full Alert

CVE-2014-3675 (enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_server_tus, enterprise_linux_workstation, shim)
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet. View Full Alert
CVE-2014-3675 (enterprise_linux_desktop, enterprise_linux_eus, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_tus, enterprise_linux_workstation, shim)
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet. View Full Alert
CVE-2019-10182 (enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_workstation, icedtea-web)
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially…

Related Posts