5842 matches found
DSA-2125-1 openssl - buffer overflow
Bulletin has no description...
FreeBSD : openssl -- TLS extension parsing race condition (3042c33a-f237-11df-9d02-0018fe623f2b)
OpenSSL Team reports : Rob Hulswit has found a flaw in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. Any OpenSSL based TLS server is vulnerable if it is multi-threaded and uses OpenSSL's internal caching mechanism. Servers tha...
Fedora 14 : apr-util-1.3.10-1.fc14 (2010-16178)
This update includes the latest stable release of the APR-util library. A memory leak in the aprbrigadesplitline function allowed a denial of service attack network services using this function, such as the Apache HTTP Server. CVE-2010-1623 Bug fixes to the 'thread pool' interfaces and ODBC suppo...
Fedora 12 : apr-util-1.3.10-1.fc12 (2010-15916)
This update includes the latest stable release of the APR-util library. A memory leak in the aprbrigadesplitline function allowed a denial of service attack network services using this function, such as the Apache HTTP Server. CVE-2010-1623 Bug fixes to the 'thread pool' interfaces and ODBC suppo...
Fedora 13 : apr-util-1.3.10-1.fc13 (2010-15953)
This update includes the latest stable release of the APR-util library. A memory leak in the aprbrigadesplitline function allowed a denial of service attack network services using this function, such as the Apache HTTP Server. CVE-2010-1623 Bug fixes to the 'thread pool' interfaces and ODBC suppo...
Mandriva Update for subversion MDVSA-2010:199 (subversion)
Check for the Version of subversion OpenVAS Vulnerability Test Mandriva Update for subversion MDVSA-2010:199 subversion Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...
Apache HTTP Server 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
Apache HTTP Server is prone to an information disclosure vulnerability that affects the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Mandriva Update for subversion MDVSA-2010:199 (subversion)
Check for the Version of subversion OpenVAS Vulnerability Test Mandriva Update for subversion MDVSA-2010:199 subversion Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...
[ MDVSA-2010:199 ] subversion
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:199 http://www.mandriva.com/security/ Package : subversion Date : October 12, 2010 Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: A vulnerability was...
BSA-004 Security Update for subversion
Peter Samuelson uploaded new packages for subversion which fixed the following security problems: CVE-2010-3315 When "SVNPathAuthz shortcircuit" is enabled, authz authentication in the moddavsvn module for the Apache HTTP Server is flawed. Remote authenticated users can bypass intended access...
BSA-004 Security Update for subversion
Peter Samuelson uploaded new packages for subversion which fixed the following security problems: CVE-2010-3315 When "SVNPathAuthz shortcircuit" is enabled, authz authentication in the moddavsvn module for the Apache HTTP Server is flawed. Remote authenticated users can bypass intended access...
Debian: Security Advisory (DSA-2097-2)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openssl -- TLS extension parsing race condition
OpenSSL Team reports: Rob Hulswit has found a flaw in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. Any OpenSSL based TLS server is vulnerable if it is multi-threaded and uses OpenSSL's internal caching mechanism. Servers that...
CVE-2010-3315
authz.c in the moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz shortcircuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass...
CVE-2010-1623
Memory leak in the aprbrigadesplitline function in buckets/aprbrigade.c in the Apache Portable Runtime Utility library aka APR-util before 1.3.10, as used in the modreqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service memory...
CVE-2010-3315
authz.c in the moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz shortcircuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass...
CVE-2010-1623
Memory leak in the aprbrigadesplitline function in buckets/aprbrigade.c in the Apache Portable Runtime Utility library aka APR-util before 1.3.10, as used in the modreqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service memory...
CVE-2010-3315
CVE-2010-3315 affects Apache Subversion’s mod_dav_svn: when SVNPathAuthz short_circuit is enabled, authz.c fails to correctly handle a named repository as a rule scope, allowing remote authenticated users to bypass access restrictions via svn commands. Vulnerable products/versions: Apache Subvers...
CVE-2010-1623
The CVE-2010-1623 issue affects the APR-util library (apr_brigade_split_line in buckets/apr_brigade.c) prior to version 1.3.10, where a memory leak can allow remote attackers to cause denial of service through memory consumption related to APR bucket destruction. Affected products commonly includ...
CVE-2010-3315
authz.c in the moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz shortcircuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass...