4206 matches found
MGASA-2014-0205 Updated postgresql packages fix multiple security vulnerabilities
Updated postgresql packages fix security vulnerabilities: Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role memb...
Updated postgresql packages fix multiple security vulnerabilities
Updated postgresql packages fix security vulnerabilities: Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role memb...
Internet Explorer VML Buffer Overrun (MS07-004) - Ver2 (CVE-2007-0024)
Microsoft Internet Explorer IE contains a remote code execution vulnerability. The vulnerability exists in Microsoft Vector Markup Language VML. VML is a set of XML tags used for exchange, editing, and delivery of vector graphics on the web. By convincing a user to visit a specially crafted Web...
Microsoft Excel Buffer Overrun in ToolbarDef Buffer Overflow - Ver2 (CVE-2011-0097)
A buffer overflow vulnerability has been reported in Microsoft Excel. An attacker could exploit this vulnerability a crafted 400h substream in an Excel file, which triggers a stack-based buffer overflow. Successful exploitation of this vulnerability could allow a remote attacker to execute...
Microsoft Windows GDI+ VML Gradient Buffer Overflow (MS08-052) - Ver2 (CVE-2007-5348)
Vector Markup Language VML is a set of XML tags used for exchange, editing, and delivery of vector graphics on the web. A remote code execution vulnerability has been reported in the way that GDI+ handles VML files. The vulnerability is due to a heap-based buffer overrun when GDI+ fails to proper...
SuSE 11.3 Security Update : PostgreSQL 9.1 (SAT Patch Number 8970)
The PostgreSQL database server was updated to version 9.1.12 to fix various security issues : - Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The...
Microsoft Windows GDI JPEG Processing Buffer Overrun (MS04-028) - Ver2 (CVE-2004-0200)
JPEG is a very popular image file format. Specially crafted JPEG files may be used to create a DoS condition and in some cases, arbitrary code execution...
Mandriva Linux Security Advisory : postgresql (MDVSA-2014:047)
Multiple vulnerabilities has been discovered and corrected in postgresql : Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly...
Debian DSA-2864-1 : postgresql-8.4 - several vulnerabilities
Various vulnerabilities were discovered in PostgreSQL : - CVE-2014-0060 Shore up GRANT ... WITH ADMIN OPTION restrictions Noah Misch Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily...
[SECURITY] [DSA 2865-1] postgresql-9.1 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2865-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 20, 2014 http://www.debian.org/security/faq -...
CVE-2013-4532
Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process...
Debian Security Advisory DSA 2864-1 (postgresql-8.4 - several vulnerabilities)
Various vulnerabilities were discovered in PostgreSQL: CVE-2014-0060 Shore up GRANT ... WITH ADMIN OPTION restrictions Noah Misch Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed...
UBUNTU-CVE-2013-4532
Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process...
DSA-2865-1 postgresql-9.1 - several
Bulletin has no description...
DSA-2864-1 postgresql-8.4 - several
Bulletin has no description...
Debian: Security Advisory (DSA-2865-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2014-0070 Updated socat package fixes security vulnerability
Due to a missing check in socat before 2.0.0-b7 during assembly of the HTTP request line, a long target server name in the documentation in the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name to the...
Updated socat package fixes security vulnerability
Due to a missing check in socat before 2.0.0-b7 during assembly of the HTTP request line, a long target server name in the documentation in the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name to the...
kernel: security and bugfix update (important)
The Linux kernel was updated to fix various bugs and security issues: - mm/page-writeback.c: do not count anon pages as dirtyable memory reclaim stalls. - mm/page-writeback.c: fix dirtybalancereserve subtraction from dirtyable memory reclaim stalls. - compatsysrecvmmsg X32 fix bnc860993...
socat -- buffer overflow with data from command line
Florian Weimer of the Red Hat Product Security Team reports: Due to a missing check during assembly of the HTTP request line a long target server name in the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name t...