250 matches found
SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6637)
This update fixes various bugs and some security issues in the SUSE Linux Enterprise 10 SP 3 kernel. The following security issues were fixed: CVE-2009-3238: The getrandomint function in drivers/char/random.c in the Linux kernel produces insufficiently random numbers, which allows attackers to...
CVE-2010-3073
SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...
Design/Logic Flaw
SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...
CVE-2010-3073
SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...
CVE-2010-3073
SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...
CVE-2009-2752
IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...
Information disclosure
IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...
Free Microsoft Tool Hardens Programs Against Attack
Microsoft has released a free tool for retroactively hardening applications against known attacks, without recompiling the program with a special compiler flag. The Enhanced Mitigation Evaluation Toolkit EMET allows developers and administrators to activate specific protection mechanisms in...
Linux Kernel get_random_int函数不充分随机数漏洞
Linux kernel 2.6.x CVE ID: CVE-2009-3238 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的drivers/char/random.c文件中的getrandomint函数所生成的随机数随机性不够,攻击者可以相对容易的预测返回值,绕过基于随机化的保护机制。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
CVE-2009-3238
The getrandomint function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to...
CVE-2009-3238
The getrandomint function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via 1 the User.lang parameter to the login page aka gw/webacc, 2 style expressions in a message...
CVE-2009-1635
Multiple cross-site scripting XSS vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via 1 the User.lang parameter to the login page aka gw/webacc, 2 style expressions in a message...
CVE-2009-1594
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A encoded newline, as demonstrated by a %0A in a cross-site scripting XSS attack URL...
Cross site scripting
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A encoded newline, as demonstrated by a %0A in a cross-site scripting XSS attack URL...
CVE-2009-1594
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A encoded newline, as demonstrated by a %0A in a cross-site scripting XSS attack URL...
Moderate: Red Hat Security Advisory: icu security update
Updated icu packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The International Components for Unicode ICU library provides robust and full-featured Unicode...
CentOS Update for kernel CESA-2008:0211 centos3 x86_64
Check for the Version of kernel OpenVAS Vulnerability Test CentOS Update for kernel CESA-2008:0211 centos3 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
CVE-2008-5510
The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines...
CVE-2008-5510
The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines...