CVE-2008-4609

The TCP implementation in 1 Linux, 2 platforms based on BSD Unix, 3 Microsoft Windows, 4 Cisco products, and probably other operating systems allows remote attackers to cause a denial of service connection queue exhaustion via multiple vectors that manipulate information in the TCP state table, a...

CVE-2008-4609

The TCP implementation in 1 Linux, 2 platforms based on BSD Unix, 3 Microsoft Windows, 4 Cisco products, and probably other operating systems allows remote attackers to cause a denial of service connection queue exhaustion via multiple vectors that manipulate information in the TCP state table, a...

CVE-2008-4609

The TCP implementation in 1 Linux, 2 platforms based on BSD Unix, 3 Microsoft Windows, 4 Cisco products, and probably other operating systems allows remote attackers to cause a denial of service connection queue exhaustion via multiple vectors that manipulate information in the TCP state table, a...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise MRG 1.0. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

Design/Logic Flaw

The IPv6 Neighbor Discovery Protocol NDP implementation in 1 FreeBSD 6.3 through 7.1, 2 OpenBSD 4.2 and 4.3, 3 NetBSD, 4 Force10 FTOS before E7.7.1.1, 5 Juniper JUNOS, and 6 Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attacke...

Gentoo Security Advisory GLSA 200507-08 (phpgroupware egroupware)

The remote host is missing updates announced in advisory GLSA 200507-08. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200512-04 (openswan ipsec-tools)

The remote host is missing updates announced in advisory GLSA 200512-04. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200512-04 (openswan ipsec-tools)

The remote host is missing updates announced in advisory GLSA 200512-04. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-4160

Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local users to cause a denial of service NULL pointer dereference and kernel panic via unknown vectors related to the Solaris Access Control List ACL implementation...

CVE-2008-4160

CVE-2008-4160 affects the UFS module in Solaris 8–10 and OpenSolaris. The vulnerability is a local denial of service caused by a NULL pointer dereference in the Solaris ACL implementation, leading to a kernel panic. Connected advisories reference Solaris patch updates: 139483-05 (SunOS 5.10 SPARC...

InstallShield Update Agent - Downloads and executes "Rule Scripts" insecurely.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUMMARY InstallShield Update Agent - Remote "Rule Script" Code Execution Vulnerability. OVERVIEW InstallShield Update Agent uses insecure methods of retrieving operational script code from unauthenticated, unverified external sources over HTTP...

Null pointer dereference

net/sctp/socket.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service NULL pointer dereferenc...

Integer overflow

Integer overflow in the sctpsetsockoptauthkey function in net/sctp/socket.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service panic or possibly have unspecified other impact via a...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise MRG 1.0. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

USN-636-1: Postfix vulnerability

Sebastian Krahmer discovered that Postfix was not correctly handling mailbox ownership when dealing with Linux's implementation of hardlinking to symlinks. In certain mail spool configurations, a local attacker could exploit this to append data to arbitrary files as the root user. The default...

CVE-2008-2940

The alert-mailing implementation in HP Linux Imaging and Printing HPLIP 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message...

Design/Logic Flaw

The 1 reallookup and 2 lookuphash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted aka SDEAD directory, which allows local users to cause a denial of service "overflow" of the UBIFS orphan area via a...

CVE-2008-3534

The shmemdeleteinode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service system crash via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to...

CVE-2008-3534

The shmemdeleteinode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service system crash via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to...

Nokia series 40 phones multiple security vulnerabilities

Multiple J2ME implementation vulnerabilities allow complete device compromization...