8688 matches found
PYSEC-2012-13
Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...
UBUNTU-CVE-2012-2146
Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...
CVE-2012-2146
Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...
CVE-2012-2146
CVE-2012-2146 affects Elixir up to at least 0.8.0, where Blowfish in CFB mode is used without a unique initialization vector (IV). This weak IV construction can enable context-dependent users to obtain sensitive information and potentially decrypt the database. The connected documents confirm the...
CVE-2012-2146
Removed by vendor...
py39-Elixir -- weak use of cryptography
Red Hat Security Response Team reports: Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...
libvirt security and bug fix update
libvirt-0.9.10-21.0.1.el63.4 - Replace docs/et.png in tarball with blank image libvirt-0.9.10-21.el63.4 - daemon: Fix crash in virTypedParameterArrayClear rhbz844735 - remote: Fix locking in stream APIs rhbz847946 - Using virOnce for global initialization is desirable rhbz847959 - json: Fix...
Scientific Linux Security Update : kernel on SL5.x i386/x86_64
These new kernel packages contain fixes for the following security issues : - a flaw in the handling of IPv6 type 0 routing headers that allowed remote users to cause a denial of service that led to a network amplification between two routers CVE-2007-2242, Important. - a flaw in the nfnetlinklog...
Scientific Linux Security Update : kernel on SL4.x i386/x86_64
This update fixes the following security issues : - A heap overflow flaw was found in the Linux kernel's Transparent Inter-Process Communication protocol TIPC implementation. A local, unprivileged user could use this flaw to escalate their privileges. CVE-2010-3859, Important - Missing sanity...
Scientific Linux Security Update : conga on SL5.x i386/x86_64
A flaw was found in ricci during a code audit. A remote attacker who is able to connect to ricci could cause ricci to temporarily refuse additional connections, a denial of service CVE-2007-4136. Fixes in this updated package include : - The nodename is now set for manual fencing. - The node log ...
Scientific Linux Security Update : kernel on SL4.x i386/x86_64
CVE-2005-4881 kernel: netlink: fix numerous padding memleaks CVE-2009-3228 kernel: tc: uninitialised kernel memory leak This update fixes the following security issues : - multiple, missing initialization flaws were found in the Linux kernel. Padding data in several core network structures was no...
Scientific Linux Security Update : aide on SL5.x i386/x86_64
A flaw was discovered in the way file checksums were stored in the AIDE database. A packaging flaw in the Red Hat AIDE rpm resulted in the file database not containing any file checksum information. This could prevent AIDE from detecting certain file modifications. CVE-2007-3849 This update also...
Scientific Linux Security Update : kernel on SL4.x i386/x86_64
This update fixes the following security issues : - A buffer overflow flaw was found in the loadmixervolumes function in the Linux kernel's Open Sound System OSS sound driver. On 64-bit PowerPC systems, a local, unprivileged user could use this flaw to cause a denial of service or escalate their...
Scientific Linux Security Update : kernel on SL4.x i386/x86_64
These updated packages fix the following security issue : - a possible kernel memory leak was found in the Linux kernel Simple Internet Transition SIT INET6 implementation. This could allow a local unprivileged user to cause a denial of service. CVE-2008-2136, Important As well, these updated...
CentOS Update for ghostscript CESA-2012:0095 centos5
Check for the Version of ghostscript OpenVAS Vulnerability Test CentOS Update for ghostscript CESA-2012:0095 centos5 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...
Race condition
The insertmodule function in runtime/staprun/staprunfuncs.c in the systemtap runtime tool staprun in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module...
CVE-2011-2503
CVE-2011-2503 affects SystemTap's runtime staprun on Linux, where the insert_module path allows a local user to escalate privileges due to a race between signature validation and module initialization in versions before 1.6. The vulnerability arises from improper module validation during loading,...
CVE-2011-2503
The insertmodule function in runtime/staprun/staprunfuncs.c in the systemtap runtime tool staprun in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module...
Important: Red Hat Security Advisory: kernel security and bug fix update
Updated kernel packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score,...
PHP 5.3.x < 5.3.14 Multiple Vulnerabilities
According to its banner, the version of PHP installed on the remote host is 5.3.x earlier than 5.3.14, and is, therefore, potentially affected the following vulnerabilities : - An integer overflow error exists in the function 'pharparsetarfile' in the file 'ext/phar/tar.c'. This error can lead to...