MGASA-2015-0246 Updated openssl package fixes security vulnerabilities

A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam CVE-2015-4000. When processing an ECParameters structure OpenSSL...

Google Chrome < 43.0.2357.124 Multiple Vulnerabilities

Binary data 8783.pasl...

Google Chrome < 43.0.2357.65 Multiple Vulnerabilities

Binary data 8782.pasl...

Fedora 20 : armacycles-ad-0.2.8.3.3-1.fc20 (2015-9527)

Changes since 0.2.8.3.2 : - security fix: do not read ahead of the beginning of network buffer. - security fix: don't attribute network errors from processing random packets to the connection to the server - security fix: while at it, don't process random packets unless they may be important - fi...

Adobe AIR <= 17.0.0.144 Multiple Vulnerabilities (APSB15-06)

According to its version, the installation of Adobe AIR on the remote Windows host is equal or prior to 17.0.0.144. It is, therefore, affected by multiple vulnerabilities : - Multiple double-free errors exist that allow an attacker to execute arbitrary code. CVE-2015-0346, CVE-2015-0359 - Multipl...

Adobe AIR for Mac <= 17.0.0.172 Multiple Vulnerabilities (APSB15-11)

According to its version, the installation of Adobe AIR on the remote Mac OS X host is equal or prior to 17.0.0.172. It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability exists that allows an attacker to bypass the fix for CVE-2014-5333. CVE-2015-3096 - Multiple...

Adobe AIR for Mac <= 17.0.0.124 Multiple Vulnerabilities (APSB15-05)

According to its version, the installation of Adobe AIR on the remote Mac OS X host is equal or prior to 17.0.0.124. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption flaws exist due to improper validation of user-supplied input. An attacker can exploit these...

VMware Workstation/Player/Fusion Custom RPC Command Denial of Service Vulnerability

VMware is a vendor of desktop to datacenter virtualization solutions. A security vulnerability exists in VMware Workstation/Player/Fusion that allows a remote attacker on Guest to send specially crafted RPC commands to trigger input validation errors and conduct denial of service attacks...

cups: multiple issues

CVE-2015-1158 arbitrary code execution, privilege escalation An issue with how localized strings are handled in cupsd allows a reference counter to over-decrement when handling certain print job request errors. As a result, an attacker can prematurely free an arbitrary string of global scope,...

The vulnerability of Google Chrome browser allows a perpetrator to bypass the sandboxing mechanism or trigger a service failure.

The common/partialcircularbuffer.cc file in Google Chrome’s browser contains errors when dealing with pointers. As a result, attackers may bypass the sandbox mechanism or cause failures in the processing of large data writes using the PartialCircularBuffer::Write and PartialCircularBuffer::DoWrit...

The vulnerability of Google Chrome browser allows a perpetrator to inject commands into the executed script.

The core/html/parser/HTMLConstructionSite.cpp file of the Google Chrome browser contains errors related to inheritance. Exploiting this vulnerability allows a malicious actor to inject commands into the script executed by remotely controlling the system, using a specially crafted Java script...

DEBIAN-CVE-2015-4105

Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service host disk consumption via certain invalid operations...

UBUNTU-CVE-2015-4105

Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service host disk consumption via certain invalid operations...

Backup Copy Job Failures when using ExaGrid de-duplicating storage

Challenge Backup Copy Jobs can fail when writing to ExaGrid storage. Cause De-duplicating storage can incorrectly update existing backup files during Veeam "merge" operation. Solution Make sure your ExaGrid Storage firmware version is 4.7.0 P52 or newer. For additional information please contact...

FreeBSD : PostgreSQL -- minor security problems. (fc38cd83-00b3-11e5-8ebd-0026551a22dc)

PostgreSQL project reports : This update fixes three security vulnerabilities reported in PostgreSQL over the past few months. Nether of these issues is seen as particularly urgent. However, users should examine them in case their installations are vulnerable:. - CVE-2015-3165 Double 'free' after...

USN-2621-1 postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities

Benkocs Norbert Attila discovered that PostgreSQL incorrectly handled authentication timeouts. A remote attacker could use this flaw to cause the unauthenticated session to crash, possibly leading to a security issue. CVE-2015-3165 Noah Misch discovered that PostgreSQL incorrectly handled certain...

Debian Security Advisory DSA 3269-1 (postgresql-9.1 - security update)

Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2015-3165 Remote crash SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 Information exposure The replacement implementation of snprintf failed...

Windows Registry Check: Errors

List registry entries from the registry policy check which contain errors. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Vulnerability in core server (CVE-2015-3166)

Unanticipated errors from the standard library...

Debian Security Advisory DSA 3270-1 (postgresql-9.4 - security update)

Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2015-3165 Remote crash SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 Information exposure The replacement implementation of snprintf failed...