10121 matches found
Solaris Update for GNU Transport Layer Security Library 123939-02
Check for the Version of GNU Transport Layer Security Library OpenVAS Vulnerability Test Solaris Update for GNU Transport Layer Security Library 123939-02 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; y...
DSA-1888-1 openssl - cryptographic weakness
Bulletin has no description...
RedHat Security Advisory RHSA-2009:1335
The remote host is missing updates announced in advisory RHSA-2009:1335. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols, as well as a full-strength general purpose cryptography library. Datagram TLS DTLS is a protocol based on...
Microsoft Windows MP3 File Media Playback Memory Corruption (MS09-047; CVE-2009-2499)
MPEG-1 Audio Layer 3 MP3 is a file format which uses lossy compression to compress audio information. A remote code execution vulnerability has been reported in the way Microsoft Windows handles specially crafted MP3 media files. The vulnerability is due the Windows component responsible for...
OpenSSL: DTLS fragment handling memory DoS
Multiple memory leaks in the dtls1processoutofseqmessage function in ssl/d1both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service memory consumption via DTLS records that 1 are duplicates or 2 have sequence numbers much greater than current sequenc...
RedHat Security Advisory RHSA-2009:1232
The remote host is missing updates announced in advisory RHSA-2009:1232. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security TLS. A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates...
RedHat Security Advisory RHSA-2009:1232
The remote host is missing updates announced in advisory RHSA-2009:1232. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security TLS. A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates...
DEBIAN-CVE-2009-3026
protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption an...
CentOS 4 / 5 : gnutls (CESA-2009:1232)
Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library provides support for cryptographic algorithms and for protocols such as...
gnutls security update
CentOS Errata and Security Advisory CESA-2009:1232 Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library provides support for...
Moderate: Red Hat Security Advisory: gnutls security update
Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library provides support for cryptographic algorithms and for protocols such as...
TGS CMS 0.x SQL Injection / XSS / Disclosure
| | | / | | / | | | \ / | | | / / | |/ \ / / |/ | |/| | | ' \ / | / / | | alertdocument.cookie The Risk: By exploiting this vulnerability, an attacker can inject malicious code in the script and can stole cookies. Fix the vulnerability: Encode output...
TGS CMS 0.x (XSS/SQL/FD) Multiple Remote Vulnerabilities
No description provided by source. | | | / | | / | | | \ / | | | / / | |/ \ / / |/ | |/| | | ' \ / | / / | | | | | | | | | | | | | |/ / ||//\||| |||| ||,/| +-+-+-+-+ |C|r|e|w| +-+-+-+-+ TGS CMS Cross Site Scripting,SQL injection,Blind SQL/XPath injection,Source code disclosure, Multiple...
nss regexp heap overflow
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services NSS before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger AIM, allows remote SSL servers to cause a denial of service application crash or possibly...
Hitachi Web Server Vulnerability in SSL Client Authentication
Overview Hitachi Web Server contains a vulnerability in handling SSL client certificates, which could allow an attacker to manipulate environment variables and/or spoof the client to access Web servers. Impact An attacker could manipulate environment variables and/or spoof the client to access We...
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : linux, linux-source-2.6.15 vulnerabilities (USN-793-1)
Igor Zhbanov discovered that NFS clients were able to create device nodes even when rootsquash was enabled. An authenticated remote attacker could create device nodes with open permissions, leading to a loss of privacy or escalation of privileges. Only Ubuntu 8.10 and 9.04 were affected...
DSA-1807-1 cyrus-sasl2 cyrus-sasl2-heimdal - arbitrary code execution
Bulletin has no description...
[SECURITY] Fedora 10 Update: cups-1.3.10-1.fc10
The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces...
GLSA-200904-15 : mpg123: User-assisted execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-200904-15 mpg123: User-assisted execution of arbitrary code The vendor reported a signedness error in the storeid3text function in id3.c, allowing for out-of-bounds memory access. Impact : A remote attacker could entice a user to...
Preemptive Protection against Microsoft ISA Server Cross-Site Scripting (XSS) Vulnerability (MS09-016)
A cross-site scripting XSS vulnerability has been reported in the cookieauth.dll component in Microsoft Internet Security and Acceleration ISA Server. ISA Server, originating as Microsoft Proxy Server, is a Firewall & Security product that provides Application-Layer Firewalling, acts as a VPN...