openssl: malformed RFC 3779 data can cause assertion failures

OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service assertion failure via an X.509 certificate containing certificate-extension data associated with 1 IP address blocks or 2 Autonomous System AS identifiers...

DEBIAN-CVE-2011-4360

MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the 1 curid or 2 oldid parameter...

Design/Logic Flaw

OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service assertion failure via an X.509 certificate containing certificate-extension data associated with 1 IP address blocks or 2 Autonomous System AS identifiers...

DEBIAN-CVE-2011-4577

OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service assertion failure via an X.509 certificate containing certificate-extension data associated with 1 IP address blocks or 2 Autonomous System AS identifiers...

CVE-2011-4577

OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service assertion failure via an X.509 certificate containing certificate-extension data associated with 1 IP address blocks or 2 Autonomous System AS identifiers...

CVE-2011-4577

OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service assertion failure via an X.509 certificate containing certificate-extension data associated with 1 IP address blocks or 2 Autonomous System AS identifiers...

CVE-2011-4577

OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service assertion failure via an X.509 certificate containing certificate-extension data associated with 1 IP address blocks or 2 Autonomous System AS identifiers...

CVE-2011-4577

OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service assertion failure via an X.509 certificate containing certificate-extension data associated with 1 IP address blocks or 2 Autonomous System AS identifiers...

ESA-2011-036: RSA, The Security Division of EMC, announces the release of a Security Fix for RSA(r) Adaptive Authentication (On-Premise)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-036: RSA, The Security Division of EMC, announces the release of a Security Fix for RSA® Adaptive Authentication On-Premise Advisories Updated December 6, 2011 Summary: An issue with RSA® Adaptive Authentication On-Premise was discovered whic...

icu, libicu security update

CentOS Errata and Security Advisory CESA-2011:1815 Updated icu packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...

Moderate: Red Hat Security Advisory: icu security update

Updated icu packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

kernel: net: improve sequence number generation

The 1 IPv4 and 2 IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service disrupted networking or hijack network sessions by predicting...

kernel: net: improve sequence number generation

The 1 IPv4 and 2 IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service disrupted networking or hijack network sessions by predicting...

libxml2: Multiple vulnerabilities

Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact A local or remote attacker may be able to execute arbitrary code with th...

PostgreSQL: Multiple vulnerabilities

Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact A remote authenticated attacker could send a specially crafted SQL...

GLSA-201110-16 : Cyrus IMAP Server: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201110-16 Cyrus IMAP Server: Multiple vulnerabilities Multiple vulnerabilities have been discovered in the Cyrus IMAP Server. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated local or...

CVE-2011-4136

django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that...

GLSA-201110-04 : Dovecot: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201110-04 Dovecot: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Dovecot. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could exploit these vulnerabilities t...

PT-2011-1066 · Suse +2 · Ext4Dev-Kmp-Trace +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.1 ext4dev-kmp-trace affected versions not specified Description: The issue concerns the Linux kernel's IPv4 and IPv6 implementations, which use a modified MD4 algorithm. This makes it easier for remote attacke...

ASP.NET vulnerable to cross-site scripting

Overview ASP.NET may create web applications for mobile devices that contain a cross-site scripting vulnerability. ASP.NET contains an issue in the handling of session ID's in mobile devices. When "Mobile Controls" are used in ASP.NET to develop web applications for mobile devices, the applicatio...