RSS   Vulnerabilities for 'Arora'   RSS

2011-11-29
 
CVE-2011-3367

CWE-20
 

 
Arora, possibly 0.11 and other versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.

 
2010-03-24
 
CVE-2010-1100

CWE-189
 

 
Integer overflow in Arora allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25.

 


Copyright 2017, cxsecurity.com

 

Back to Top