POP3 Service STLS Plaintext Command Injection

The remote POP3 service contains a software flaw in its STLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could allow an attacker to ste...

CVE-2011-1321

The CVE concerns IBM WebSphere Application Server (WAS) where the AuthCache purge in the Security component fails to purge a user from the PlatformCredential cache. Affected products/versions are WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15. Root cause: the purge does not remove the user f...

USN-1080-2: Linux kernel vulnerabilities

Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. CVE-2010-3865 Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not...

CVE-2010-4754

The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service CPU and memory consumption via crafted glob expressions that do not match any pathnames, as...

CVE-2010-4754

The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service CPU and memory consumption via crafted glob expressions that do not match any pathnames, as...

USN-1081-1: Linux kernel vulnerabilities

It was discovered that KVM did not correctly initialize certain CPU registers. A local attacker could exploit this to crash the system, leading to a denial of service. CVE-2010-3698 Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could...

Ubuntu 10.10 : linux vulnerabilities (USN-1081-1)

It was discovered that KVM did not correctly initialize certain CPU registers. A local attacker could exploit this to crash the system, leading to a denial of service. CVE-2010-3698 Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could...

CVE-2011-1111

Google Chrome before 9.0.597.107 does not properly implement forms controls, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via unknown vectors...

USN-1080-1: Linux kernel vulnerabilities

Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. CVE-2010-3865 Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not...

Ubuntu 9.10 : linux, linux-ec2 vulnerabilities (USN-1073-1)

Gleb Napatov discovered that KVM did not correctly check certain privileged operations. A local attacker with access to a guest kernel could exploit this to crash the host system, leading to a denial of service. CVE-2010-0435 Dan Jacobson discovered that ThinkPad video output was not correctly...

Ubuntu 8.04 LTS : linux vulnerabilities (USN-1072-1)

Gleb Napatov discovered that KVM did not correctly check certain privileged operations. A local attacker with access to a guest kernel could exploit this to crash the host system, leading to a denial of service. CVE-2010-0435 Dave Chinner discovered that the XFS filesystem did not correctly order...

CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System

CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System Issued: February 23, 2011 Updated: February 24, 2011 CA Technologies support is alerting customers to a security risk associated with CA Host-Based Intrusion Prevention System HIPS. A vulnerability exists that can allow ...

Ubuntu Update for linux vulnerabilities USN-1072-1

Ubuntu Update for Linux kernel vulnerabilities USN-1072-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10721.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for linux vulnerabilities USN-1072-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...

DSA-2174-1 avahi - denial of service

Bulletin has no description...

USN-1073-1: Linux kernel vulnerabilities

Gleb Napatov discovered that KVM did not correctly check certain privileged operations. A local attacker with access to a guest kernel could exploit this to crash the host system, leading to a denial of service. CVE-2010-0435 Dan Jacobson discovered that ThinkPad video output was not correctly...

USN-1071-1: Linux kernel vulnerabilities

Tavis Ormandy discovered that the Linux kernel did not properly implement exception fixup. A local attacker could exploit this to crash the kernel, leading to a denial of service. CVE-2010-3086 Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signednes...

CVE-2011-0375

The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCth24671...

CVE-2011-0372

The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31640...

CVE-2011-0375

Cisco TelePresence endpoint devices running software 1.2.x–1.6.x are affected by a CGI Command Injection vulnerability (CVE-2011-0375) in the CGI implementation, requiring a remote, authenticated attacker to submit a malformed request to impact the device. The Cisco advisory lists multiple concur...

CVE-2011-0376

Cisco TelePresence endpoint devices running 1.2.x–1.6.1 are affected by CVE-2011-0376 (TFTP Information Disclosure). An unauthenticated remote attacker could retrieve sensitive authentication/config data via a TFTP GET request. The Cisco advisory assigns CSCte43876 to this issue and fixes are ava...