Transport Layer Security Renegotiation Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

CVE-2009-3725

The connector layer in the Linux kernel before 2.6.31.5 does not require the CAPSYSADMIN capability for certain interaction with the 1 uvesafb, 2 pohmelfs, 3 dst, or 4 dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these...

CVE-2009-3725

CVE-2009-3725 affects the Linux kernel prior to 2.6.31.5 and relates to the connector layer not requiring CAP_SYS_ADMIN for certain interactions with uvesafb, pohmelfs, dst, or dm, enabling local users to bypass access restrictions and escalate privileges. Public references corroborate a local-pr...

New TLS/SSL3. 0 middle attack has been published-vulnerability warning-the black bar safety net

Just have the researchers published a method for the TLS/SSL man in the middle attack, the attack 1. exploitable operable relatively strong 2. Currently there is no solution, wait for the manufacturers of the patches. 3. The affected upper-layer protocols including HTTPS,IMAP, SIP, etc. Someone...

Implementations of IPv6 may be vulnerable to denial of service (DoS) attacks

Overview Implementations of Internet Protocol version 6 IPv6 may be vulnerable to denial of service DoS attacks. Implementations of IPv6 contain an issue in the processing of packets related to the Neighbor Discovery Protocol RFC4861, which may lead to a denial of service vulnerablility. For more...

Design/Logic Flaw

Unspecified vulnerability in the Net Foundation Layer component in Oracle Database 9.2.0.8 and 10.1.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

CVE-2009-1965

Unspecified vulnerability in the Net Foundation Layer component in Oracle Database 9.2.0.8 and 10.1.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

CVE-2009-1965

CVE-2009-1965 affects Oracle Database Net Foundation Layer in 9.2.0.8 and 10.1.0.5. The vulnerability can be exploited remotely over the network via adjacent access, leading to partial confidentiality, integrity, and availability impacts. The Oracle October 2009 Critical Patch Update provides fix...

[SECURITY] Fedora 11 Update: rubygem-actionmailer-2.3.2-3.fc11

Makes it trivial to test and deliver emails sent from a single service laye r...

DEBIAN-CVE-2009-3490

GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issu...

Solaris Update for GNU Transport Layer Security Library 123939-02

Check for the Version of GNU Transport Layer Security Library OpenVAS Vulnerability Test Solaris Update for GNU Transport Layer Security Library 123939-02 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; y...

Solaris Update for GNU Transport Layer Security Library 123939-02

Check for the Version of GNU Transport Layer Security Library OpenVAS Vulnerability Test Solaris Update for GNU Transport Layer Security Library 123939-02 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; y...

DSA-1888-1 openssl - cryptographic weakness

Bulletin has no description...

RedHat Security Advisory RHSA-2009:1335

The remote host is missing updates announced in advisory RHSA-2009:1335. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols, as well as a full-strength general purpose cryptography library. Datagram TLS DTLS is a protocol based on...

Microsoft Windows MP3 File Media Playback Memory Corruption (MS09-047; CVE-2009-2499)

MPEG-1 Audio Layer 3 MP3 is a file format which uses lossy compression to compress audio information. A remote code execution vulnerability has been reported in the way Microsoft Windows handles specially crafted MP3 media files. The vulnerability is due the Windows component responsible for...

OpenSSL: DTLS fragment handling memory DoS

Multiple memory leaks in the dtls1processoutofseqmessage function in ssl/d1both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service memory consumption via DTLS records that 1 are duplicates or 2 have sequence numbers much greater than current sequenc...

RedHat Security Advisory RHSA-2009:1232

The remote host is missing updates announced in advisory RHSA-2009:1232. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security TLS. A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates...

RedHat Security Advisory RHSA-2009:1232

The remote host is missing updates announced in advisory RHSA-2009:1232. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security TLS. A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates...

DEBIAN-CVE-2009-3026

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption an...

CentOS 4 / 5 : gnutls (CESA-2009:1232)

Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library provides support for cryptographic algorithms and for protocols such as...