kernel: nfsd4: bug in read_buf

Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service panic or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the readbuf and...

CVE-2010-3764

The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in graphs/, which allows remote attackers to obtain sensitive information via a modified URL...

[SECURITY] Fedora 12 Update: pyftpdlib-0.5.2-1.fc12

Python FTP server library provides a high-level portable interface to easily write asynchronous FTP servers with Python. Based on asyncore framework pyftpdlib is currently the most complete RFC-959 FTP server implementation available for Python programming language...

Mandriva Update for mozilla-thunderbird MDVSA-2010:211 (mozilla-thunderbird)

Check for the Version of mozilla-thunderbird OpenVAS Vulnerability Test Mandriva Update for mozilla-thunderbird MDVSA-2010:211 mozilla-thunderbird Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

Mandriva Update for mozilla-thunderbird MDVSA-2010:211 (mozilla-thunderbird)

Check for the Version of mozilla-thunderbird OpenVAS Vulnerability Test Mandriva Update for mozilla-thunderbird MDVSA-2010:211 mozilla-thunderbird Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:211)

Security issues were identified and fixed in mozilla-thunderbird : The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral...

CVE-2010-3173

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral DHE mode, which makes it easier for remote attackers to defeat...

CVE-2010-3173

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral DHE mode, which makes it easier for remote attackers to defeat...

CVE-2010-3173

CVE-2010-3173 affects Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9. Root cause: the SSL DHE (Diffie-Hellman Ephemeral) implementation does not properly enforce a safe minimum DH key length, enabling brute-force ...

RedHat Update for java-1.6.0-openjdk RHSA-2010:0768-01

Check for the Version of java-1.6.0-openjdk OpenVAS Vulnerability Test RedHat Update for java-1.6.0-openjdk RHSA-2010:0768-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

CentOS 5 : java-1.6.0-openjdk (CESA-2010:0768)

Updated java-1.6.0-openjdk packages that fix several security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detail...

CVE-2010-3192

Certain run-time memory protection mechanisms in the GNU C Library aka glibc or libc6 print argv0 and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program tha...

Oracle Sun Java ICC Profile Unicode Description Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the implementation of t...

CVE-2010-2938

arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure VMCS implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux RHEL 5, when an Intel platform without Extended Page Tables EPT functionality is used, accesses VMCS fields without verifying hardware support for these...

ZDI-10-189: Novell eDirectory Server Malformed Index Denial of Service Vulnerability

ZDI-10-189: Novell eDirectory Server Malformed Index Denial of Service Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-189 October 1, 2010 -- CVSS: 7.8, AV:N/AC:L/Au:N/C:N/I:N/A:C -- Affected Vendors: Novell -- Affected Products: Novell eDirectory -- TippingPointTM IPS Customer...

Novell eDirectory Server Malformed Index Denial of Service Vulnerability

This vulnerability allows attackers to deny services on vulnerable installations of Novell eDirectory. Authentication is not required in order to trigger this vulnerability. The flaw exists within Novell's eDirectory Server's NCP implementation which binds, by default, to TCP port 524. While...

RedHat Update for kernel RHSA-2010:0723-01

Check for the Version of kernel OpenVAS Vulnerability Test RedHat Update for kernel RHSA-2010:0723-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

kernel security update

CentOS Errata and Security Advisory CESA-2010:0723 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scorin...

CVE-2010-2943

The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assign...

iSCSI target Multiple Implementations iSNS Stack Buffer Overflow (CVE-2010-2221)

A stack buffer overflow vulnerability has been reported in iscsitarget, an open implementation of iSCSI Enterprise Target. The vulnerability is caused by missing boundary checks when handling SCN messages. Remote attacker can exploit this vulnerability by sending a malicious message to an iSCSI...