Debian DSA-1621-1 : icedove - several vulnerabilities

Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0304 It was discovered that a buffer overflow in MIME decoding can lead t...

Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : linux, linux-source-2.6.15/20/22 vulnerabilities (USN-625-1)

Dirk Nehring discovered that the IPsec protocol stack did not correctly handle fragmented ESP packets. A remote attacker could exploit this to crash the system, leading to a denial of service. CVE-2007-6282 Johannes Bauer discovered that the 64bit kernel did not correctly handle hrtimer updates. ...

USN-625-1: Linux kernel vulnerabilities

Dirk Nehring discovered that the IPsec protocol stack did not correctly handle fragmented ESP packets. A remote attacker could exploit this to crash the system, leading to a denial of service. CVE-2007-6282 Johannes Bauer discovered that the 64bit kernel did not correctly handle hrtimer updates. ...

CentOS 3 / 4 / 5 : cups (CESA-2008:0498)

Updated cups packages that fix a security issue are now available for Red Hat Enterprise Linux 3, Red Hat Enterprise Linux 4, and Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System CUPS...

CVE-2008-1573

The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information memory contents via a crafted 1 BMP or 2 GIF image, which causes an out-of-bounds read...

CVE-2008-1573

Apple Mac OS X ImageIO’s BMP/GIF decoding engine is affected by CVE-2008-1573: an out-of-bounds read could disclose memory contents when processing crafted BMP or GIF images. Affected versions are Mac OS X before 10.5.3. The issue is addressed by updating to Mac OS X 10.5.3 Security Update; apply...

FENCE-Pro and Systemwalker Desktop Encryption self-decoding file vulnerability

Overview Fujitsu's encryption software FENCE-Pro and Systemwalker Desktop Encryption share the same components. A vulnerability exists in self-decoding files created using this software. Impact The third party could view the contents of self-decoding files and obtain the passwords used for the...

mod_jk sends decoded URL to tomcat

modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...

[SECURITY] Fedora 8 Update: xine-lib-1.1.11.1-1.fc8

This package contains the Xine library. Xine is a free multimedia player. It can play back various media. It also decodes multimedia files from local disk drives, and displays multimedia streamed over the Internet. It interprets many of the most common multimedia formats available - and some of t...

RHEL 3 / 4 : cups (RHSA-2008:0206)

Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System CUPS provides a portable printing layer for UNIXR...

USN-598-1: CUPS vulnerabilities

It was discovered that the CUPS administration interface contained a heap- based overflow flaw. A local attacker, and a remote attacker if printer sharing is enabled, could send a malicious request and possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In...

Moderate: Red Hat Security Advisory: cups security update

Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System CUPS provides a portable printing layer for UNIXR operatin...

Debian: Security Advisory (DSA-1515-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft IE FTP跨站命令注入漏洞

BUGTRAQ ID: 28208 Internet Explorer是微软发布的非常流行的WEB浏览器。 如果用户访问了包含有恶意FTP URL的网页的话，Internet Explorer 5和6解码可能无法正确地过滤URL，强制Internet Explorer通过在HTML元素所提供的URL中每条命令后注入URL编码的CRLF对连接起FTP命令。 iframe src="ftp://user@site:port/%0D%0ADELE%20foo.txt%0D%0A//"/ 此外，如果恶意URL的末尾添加了两个斜线的话，Internet...

Debian Security Advisory DSA 1461-1 (libxml2)

The remote host is missing an update to libxml2 announced via advisory DSA 1461-1. OpenVAS Vulnerability Test $Id: deb14611.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1461-1 libxml2 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

[SECURITY] Fedora 7 Update: xine-lib-1.1.10-1.fc7

This package contains the Xine library. Xine is a free multimedia player. It can play back various media. It also decodes multimedia files from local disk drives, and displays multimedia streamed over the Internet. It interprets many of the most common multimedia formats available - and some of t...

[SECURITY] Fedora 8 Update: xine-lib-1.1.10-1.fc8

This package contains the Xine library. Xine is a free multimedia player. It can play back various media. It also decodes multimedia files from local disk drives, and displays multimedia streamed over the Internet. It interprets many of the most common multimedia formats available - and some of t...

Debian Security Advisory DSA 1312-1 (libapache-mod-jk)

The remote host is missing an update to libapache-mod-jk announced via advisory DSA 1312-1. OpenVAS Vulnerability Test $Id: deb13121.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1312-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 591-1 (libgd2)

The remote host is missing an update to libgd2 announced via advisory DSA 591-1. OpenVAS Vulnerability Test $Id: deb5911.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 591-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 206-1 (tcpdump)

The remote host is missing an update to tcpdump announced via advisory DSA 206-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...