Scientific Linux Security Update : php on SL4.x i386/x86_64

It was discovered that the PHP escapeshellcmd function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd and execute arbitrary commands if the PHP script was usi...

Scientific Linux Security Update : php on SL5.x i386/x86_64

It was discovered that the PHP escapeshellcmd function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd and execute arbitrary commands if the PHP script was usi...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64

a flaw in the mount handling routine for 64-bit systems that allowed a local user to cause denial of service CVE-2006-7203, Important. a flaw in the PPP over Ethernet implementation that allowed a remote user to cause a denial of service CVE-2007-2525, Important. a flaw in the Bluetooth subsystem...

SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4186)

This kernel update fixes the following security problems : - The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers IPV6RTHDRTYPE0 that create network amplification between two routers. CVE-2007-2242 The default is that RH0 is disabled now. To...

Code injection

as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack...

UBUNTU-CVE-2012-0808

as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack...

Ubuntu Update for ruby1.8 USN-1377-1

Ubuntu Update for Linux kernel vulnerabilities USN-1377-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN13771.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for ruby1.8 USN-1377-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

CVE-2011-2190

The generateadminpassword function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack...

CVE-2011-2190

The generateadminpassword function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack...

FreeBSD Ports: erlang

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

bash security, bug fix, and enhancement update

3.2-32 - Dont include backup files Resolves: 700157 3.2-31 - Use 'mktemp' for temporary files Resolves: 700157 3.2-30 - Added man page references to systemwide .bashlogout Resolves: 592979 3.2-29 - Readline glitch, when editing line with more spaces and resizing window Resolves: 525474 3.2-28 - F...

CVE-2011-0766

The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys...

CVE-2011-0766

The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys...

CVE-2011-0766

The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys...

Erlang -- ssh library uses a weak random number generator

US-CERT reports: The Erlang/OTP ssh library implements a number of cryptographic operations that depend on cryptographically strong random numbers. Unfortunately the RNG used by the library is not cryptographically strong, and is further weakened by the use of predictable seed material. The RNG...

Erlang/OTP SSH library uses a weak random number generator

Overview The Erlang/OTP SSH library's random number generator is not cryptographically strong because it relies on predictable seed material. Description Geoff Cant's report states:The Erlang/OTP ssh library implements a number of cryptographic operations that depend on cryptographically strong...

CentOS Update for php CESA-2010:0919 centos4 i386

Check for the Version of php OpenVAS Vulnerability Test CentOS Update for php CESA-2010:0919 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for libHX FEDORA-2010-12950

Check for the Version of libHX OpenVAS Vulnerability Test Fedora Update for libHX FEDORA-2010-12950 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

UBUNTU-CVE-2010-3804

The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a...

About the security content of Safari 5.0.3 and Safari 4.1.3

About the security content of Safari 5.0.3 and Safari 4.1.3 Last Modified: November 18, 2010 Article: HT4455 Email this article Print this page Summary This document describes the security content of Safari 5.0.3 and Safari 4.1.3. For the protection of our customers, Apple does not disclose,...