DSA-2239-1 libmojolicious-perl - several

Bulletin has no description...

CVE-2011-1575

The STARTTLS implementation in ftpparser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext...

CVE-2011-1407

The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity...

CVE-2011-1407

The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity...

CVE-2011-0419

Stack consumption vulnerability in the fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows...

CVE-2011-1407

The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity...

RHEL 6 : kernel (RHSA-2011:0498)

Updated kernel packages that fix several security issues, various bugs, and add an enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, whic...

SuSE9 Security Update : Postfix (YOU Patch Number 12707)

The following bugs have been fixed : - Remote attackers could potentially exploit a memory corruption issue in postfix' SASL implementation to execute arbitrary code. CVE-2011-1720 - Also Postfix did not clear the receive buffer after the STARTTLS command. A man-in-the middle could therefore inje...

CVE-2010-4803

Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors...

CVE-2009-5074

The CVE-2009-5074 entry concerns Mojolicious, specifically the MojoX::Dispatcher::Static implementation, before version 0.991250. The vulnerability is described as unspecified with unknown impact and attack vectors. Affected component: MojoX::Dispatcher::Static in Mojolicious prior to 0.991250. I...

Google Chrome 'Webkit' CSS Implementation DoS Vulnerability (Linux)

The host is install with Google Chrome and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: gbgooglechromecssimpdosvulnlin.nasl 7024 2017-08-30 11:51:43Z teissa $ Google Chrome 'Webkit' CSS Implementation DoS Vulnerability Linux Authors: Madhuri D Copyright: Copyright ...

CVE-2011-1822

The CVE concerns IBM Tivoli Directory Server (TDS) 5.2.x (up to 5.2.0.5-TIV-ITDS-IF0009). The change log records a cleartext SHA password, exposing sensitive credentials to local read access. Affected component is LDAP_ADD, and the underlying issue is storing passwords in logs. The impact is that...

USN-1119-1: Linux kernel (OMAP4) vulnerabilities

Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters. A local attacker could exploit this gain root privileges. CVE-2010-3904 Nelson Elhage discovered several problems with the Acorn Econet protocol driver. A local user could cause a denial of service...

Null pointer dereference

The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets CSS implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the 1 counterIncrement and 2 counterReset...

OpenText FirstClass Client 11.005 - Code Execution

OpenText FirstClass Client 11.005 - Code Execution Exploit Title: OpenText FirstClass Client Delayed Code Executiion Date: Discovered 11/16/2010, Contacted OpenText 2/1/11 and 2/7/11, Released 4/11/2011 Author: Kyle Ossinger www.k0ss.net Email: [email protected] Software Link:...

Privilege escalation

The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service CPU consumption via a crafted application that makes epollcreate and epollctl system calls...

CVE-2011-1083

The CVE-2011-1083 issue affects the Linux kernel epoll implementation (epoll_ctl/epoll_create) as shipped in 2.6.37.2 and earlier. Local attackers can cause CPU denial of service by crafting a user-space application that creates and manages epoll file descriptors, exploiting improper traversal of...

IBM WebSphere Application Server未验证访问漏洞

CVE ID: CVE-2010-4476 IBM WebSphere Application Server WAS是由IBM遵照开放标准，例如Java EE, XML 还有Web Services，开发并发行的一种应用服务器。与其兼容的Web服务器包括：Apache HTTP Server，Netscape Enterprise Server，Microsoft Internet Information Services IIS以及IBM HTTP Server。 运行z/OS的IBM WAS在实现上存在安全漏洞，未授权用户可利用此漏洞访问WebSphere应用程序。...

Google Chrome < 10.0.648.204 Multiple Vulnerabilities (Mar 2011) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...