CVE-2011-1293

Removed by vendor...

CVE-2011-1506

The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a...

Design/Logic Flaw

Unspecified vulnerability in the docnote string handling implementation in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allows remote attackers to cause a denial of service daemon crash via unknown vectors, aka SPR JFLD7GZT25...

Command injection

The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a...

Design/Logic Flaw

The SPDY implementation in net/http/httpnetworktransaction.cc in Google Chrome before 11.0.696.14 drains the bodies from SPDY responses, which might allow remote SPDY servers to cause a denial of service application exit by canceling a stream...

CVE-2011-1465

Removed by vendor...

CVE-2011-1465

The SPDY implementation in net/http/httpnetworktransaction.cc in Google Chrome before 11.0.696.14 drains the bodies from SPDY responses, which might allow remote SPDY servers to cause a denial of service application exit by canceling a stream...

CVE-2011-1431

The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TL...

CVE-2011-0411

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...

CVE-2011-1432

The STARTTLS implementation in SCO SCOoffice Server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...

Google Chrome Multiple Vulnerabilities - March 11(Windows)

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultdosvulnmar11win.nasl 7052 2017-09-04 11:50:51Z teissa $ Google Chrome Multiple Denial of Service Vulnerabilities - March 11Windows Authors: Madhuri D Copyright: Copyright ...

CVE-2011-0411

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...

CVE-2011-1094

kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate...

CVE-2011-1418

The stateless address autoconfiguration aka SLAAC functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses...

Debian DSA-2189-1 : chromium-browser - several vulnerabilities

Several vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-1108 Google Chrome before 9.0.597.107 does not properly implement JavaScript dialogs, which allows remote attackers to cause a denial of...

Debian DSA-2187-1 : icedove - several vulnerabilities

Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. - CVE-2010-1585 Roberto Suggi Liverani discovered that the sanitising performed by ParanoidFragmentSink was incomplete. - CVE-2011-0051 Zach Hoffmann discovered that incorrect parsin...

Debian DSA-2186-1 : iceweasel - several vulnerabilities

Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. - CVE-2010-1585 Roberto Suggi Liverani discovered that the sanitising performed by...

[SECURITY] [DSA 2189-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2189-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano March 10, 2011 http://www.debian.org/security/faq -...

POP3 Service STLS Plaintext Command Injection

The remote POP3 service contains a software flaw in its STLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could allow an attacker to ste...

CVE-2011-1321

The CVE concerns IBM WebSphere Application Server (WAS) where the AuthCache purge in the Security component fails to purge a user from the PlatformCredential cache. Affected products/versions are WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15. Root cause: the purge does not remove the user f...