2241 matches found
Inductive Automation Ignition Information Disclosure Vulnerability
Overview ICS-CERT has received a report from Rubén Santamarta concerning a vulnerability in Inductive Automation’s Ignition software. Ignition is an updated version of FactoryPMI Plant Management Interface, offered by Inductive Automation. This vulnerability allows unauthorized users to download...
SuSE 11.2 Security Update : Xen (SAT Patch Number 7492)
XEN has been updated to fix various bugs and security issues : - XSA 36 To avoid an erratum in early hardware, the Xen AMD IOMMU code by default choose to use a single interrupt remapping table for the whole system. This sharing implied that any guest with a passed through PCI device that is bus...
DEBIAN-CVE-2013-2277
The ffh264decodeseqparameterset function in h264ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service out-of-bounds array access and application crash or possibly have unspecifie...
Unbreakable Enterprise kernel security and bug fix update
2.6.39-400.17.1 - This is a fix on dlmcleanmasterlist Xiaowei.Hu - RDS: fix rds-ping spinlock recursion jeff.liu Orabug: 16223050 - vhost: fix length for cross region descriptor Michael S. Tsirkin Orabug: 16387183 CVE-2013-0311 - kabifix: block/scsi: Allow request and error handling timeouts to b...
Unbreakable Enterprise kernel security update
2.6.32-300.39.4 - exec: do not leave bprm-interp on stack Kees Cook Orabug: 16286741 CVE-2012-4530 - exec: use -ELOOP for max recursion depth Kees Cook Orabug: 16286741 CVE-2012-4530 2.6.32-300.39.3 - Xen: Fix stack corruption in xenfailsafecallback for 32bit PVOPS guests. Frediano Ziglio Orabug:...
[SECURITY] Fedora 17 Update: leptonica-1.69-5.fc17
The library supports many operations that are useful on Document images Natural images Fundamental image processing and image analysis operations Rasterop aka bitblt Affine transforms scaling, translation, rotation, shear on images of arbitrary pixel depth Projective and bi-linear transforms Bina...
Ecava IntegraXor ActiveX Directory Traversal
Overview Independent researchers Billy Rios and Terry McCorkle have identified a Path Traversal vulnerability in the Ecava IntegraXor application. Ecava has produced an update that mitigates this vulnerability. The researchers have validated that the patch fixes this vulnerability. Affected...
NFR Agent FSFUI Record File Upload Remote Command Execution
NFRAgent.exe, a component of Novell File Reporter NFR, allows remote attackers to upload arbitrary files via a directory traversal while handling requests to /FSF/CMD with FSFUI records with UICMD 130. This Metasploit module has been tested successfully against NFR Agent 1.0.4.3 File Reporter 1.0...
OpenJDK: AWT hardening fixes (AWT, 7163201)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate...
Two Microsoft Security Updates Await In Advance of Certificate Key Length Changes
Microsoft is promising a light load of security updates for next Tuesday’s monthly patch release in an attempt to give Windows administrators and security teams time to prepare for an October change to certificate key length requirements. Angela Gunn of Microsoft’s Security Response Team announce...
OpenJDK: AWT hardening fixes (AWT, 7163201)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate...
OpenJDK: AWT hardening fixes (AWT, 7163201)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate...
OpenJDK: AWT hardening fixes (AWT, 7163201)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate...
Oracle Java SE JRE AWT Component Unspecified Vulnerability - Windows
Oracle Java SE JRE is prone to an unspecified vulnerability. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...
Design/Logic Flaw
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate...
CVE-2012-0547
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate...
CVE-2012-0547
CVE-2012-0547 is a Java SE/JRE issue affecting Oracle JRE 7u6 and earlier and 6u34 and earlier. The vulnerability is described as a security-in-depth, AWT-related issue that is not directly exploitable on its own, but can aggravate vulnerabilities that are exploitable when combined with others. A...
Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64
A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session for example, an HTTPS connection to a website. This could force the...
Scientific Linux Security Update : xorg-x11 on SL4.x i386/x86_64
A flaw was found in the way X.Org's composite extension handles 32 bit color depth windows while running in 16 bit color depth mode. If an X.org server has enabled the composite extension, it may be possible for a malicious authorized client to cause a denial of service crash or potentially execu...
Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64
A flaw was found in the Swing library. Forged TimerEvents could be used to bypass SecurityManager checks, allowing access to otherwise blocked files and directories. CVE-2010-4465 A flaw was found in the HotSpot component in OpenJDK. Certain bytecode instructions confused the memory management...