DEBIAN-CVE-2008-1672

OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service crash via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference...

[SECURITY] Fedora 9 Update: gnutls-2.0.4-3.fc9

GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implem ents the proposed standards by the IETF's TLS working group...

[SECURITY] Fedora 8 Update: gnutls-1.6.3-3.fc8

GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implem ents the proposed standards by the IETF's TLS working group...

SSL-VPN products vulnerable to cookie theft

Overview When using an SSL-VPN product, if a user selects a mode in which the user can log in with the username and password without using the SSL client authentication, a session hijacking could be conducted. Impact An attacker may be able to intercept a session ID stored in a cookie and hijack ...

Yayoi Kaikei improper handling of credential information

Overview Yayoi Kaikei Quick Navigator sends user credentials unencrypted. Yayoi Kaikei Quick Navigator makes the user log into the vendor's server, and sends the user credentials unencrypted. Impact By monitoring the communication between Quick Navigator and the vendor's server, an attacker can...

GNUTLS-SA-2008-1-2 GnuTLS null-pointer dereference

The gnutlsrecvclientkxmessage function in lib/gnutlskx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service NULL dereference and crash v...

GNUTLS-SA-2008-1-3 GnuTLS memory overread flaw

Integer signedness error in the gnutlsciphertext2compressed function in lib/gnutlscipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service buffer over-read and crash via a certain integer value in the Random field in an encrypted Client Hello message withi...

openssl sslv2 client code

The getserverhello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service client crash via unknown vectors that trigger a null pointer dereference...

Cisco Security Advisory: Cisco Content Switching Module Memory Leak Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Content Switching Module Memory Leak Vulnerability Advisory ID: cisco-sa-20080514-csm http://www.cisco.com/warp/public/707/cisco-sa-20080514-csm.shtml Revision 1.0 For Public Release 2008 May 14 1600 UTC GMT Summary...

Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability because it fails to adequately handle certain user-supplied data. Attackers can leverage this issue to execute arbitrary code with the privileges of the application. Successful exploits will compromise...

DEBIAN-CVE-2008-1531

The connectionstatemachine function connections.c in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service active SSL connection loss by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL...

Debian Security Advisory DSA 1493-2 (sdl-image1.2)

The remote host is missing an update to sdl-image1.2 announced via advisory DSA 1493-2. OpenVAS Vulnerability Test $Id: deb14932.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1493-2 sdl-image1.2 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft In...

[SECURITY] Fedora 8 Update: cups-1.3.6-2.fc8

The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces...

[SECURITY] Fedora 7 Update: SDL_image-1.2.5-7.fc7

Simple DirectMedia Layer SDL is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. This package contains a simple library for loading images of various formats BMP, PPM, PCX, GIF, JPEG, PNG as SDL surfaces...

wireshark SSL and OS/400 trace flaws

Multiple buffer overflows in Wireshark formerly Ethereal 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 the SSL dissector or 2 the iSeries OS/400 Communication trace file parser...

Debian Security Advisory DSA 530-1 (l2tpd)

The remote host is missing an update to l2tpd announced via advisory DSA 530-1. OpenVAS Vulnerability Test $Id: deb5301.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 530-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 881-1 (openssl096)

The remote host is missing an update to openssl096 announced via advisory DSA 881-1. OpenVAS Vulnerability Test $Id: deb8811.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 881-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 986-1 (gnutls11)

The remote host is missing an update to gnutls11 announced via advisory DSA 986-1. Evgeny Legerov discovered several out-of-bounds memory accesses in the DER decoding component component of the Tiny ASN.1 Library, which is also present and used in GnuTLS, the GNU implementation for Transport Laye...

Debian Security Advisory DSA 332-1 (kernel-source-2.4.17, kernel-patch-2.4.17-mips)

The remote host is missing an update to kernel-source-2.4.17, kernel-patch-2.4.17-mips announced via advisory DSA 332-1. OpenVAS Vulnerability Test $Id: deb3321.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 332-1 Authors: Thomas Reinke Copyright: Copyrigh...

Debian Security Advisory DSA 1379-1 (openssl)

The remote host is missing an update to openssl announced via advisory DSA 1379-1. OpenVAS Vulnerability Test $Id: deb13791.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1379-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...