721 matches found
[oss-security] CVE question: Return of POODLE
Hi All, Before i ask my question: It seems some TLS implementations may be vulnerable to POODLE like attack if they use SSL 3.0 type padding and the padding bytes are not checked by the implementation. https://www.imperialviolet.org/2014/12/08/poodleagain.html...
krb5 security update
CentOS Errata and Security Advisory CESA-2014:1389 Updated krb5 packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS...
[SECURITY] [DLA 52-1] ia32-libs security update
Package : ia32-libs, ia32-libs-gtk Version : 20140911 The ia32-libs and ia32-libs-gtk packages contain 32 bit versions of various libraries for use on 64 bit systems. This update rolls in all security fixes made to these libraries since the start of Squeeze LTS...
GLSA-201408-07 : ModPlug XMMS Plugin: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201408-07 ModPlug XMMS Plugin: Multiple vulnerabilities Multiple vulnerabilities have been discovered in ModPlug XMMS Plugin. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibl...
ModPlug XMMS Plugin: Multiple vulnerabilities
Background ModPlug XMMS Plugin is a library for playing MOD-like music files Description Multiple vulnerabilities have been discovered in ModPlug XMMS Plugin. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the...
Ubuntu 14.04 LTS : KDE-Libs vulnerability (USN-2304-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2304-1 advisory. It was discovered that kauth was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations. Tenabl...
USN-2304-1: KDE-Libs vulnerability
It was discovered that kauth was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations...
GLSA-201406-22 : Network Audio System: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201406-22 Network Audio System: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Network Audio System. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker...
GnuTLS: Multiple vulnerabilities
Background GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 protocols. Description Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. Impact A remote attacker could utilize multiple vectors to spoof arbitrary...
openSUSE Security Update : postgresql / postgresql-libs (openSUSE-SU-2012:1288-1)
Security and bugfix release 9.1.5 : - Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler CVE-2012-2655 bnc765069 - Fix incorrect password transformation in 'contrib/pgcrypto''s DES crypt function CVE-2012-2143 bnc766799 - Prevent access to external files/URLs via...
openSUSE Security Update : bind (openSUSE-SU-2011:0135-1)
This bind update fixes a remote denial of service vulnerability that can be triggered using an IXFR or DDNS update. CVE-2011-0414: CVSS v2 Base Score: 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
SuSE 11.3 Security Update : xorg-x11-libs (SAT Patch Number 9272)
xorg-x11-libs was patched to fix the following security issues : - Integer overflow of allocations in font metadata file parsing. CVE-2014-0209 - libxfont not validating length fields when parsing xfs protocol replies. CVE-2014-0210 - Integer overflows causing miscalculating memory needs for xfs...
D-Bus, GLib: Privilege escalation
Background D-Bus is a daemon providing a framework for applications to communicate with one another. GLib is a library providing a number of GNOME’s core objects and functions. Description When libdbus is used in a setuid program, a user can gain escalated privileges by leveraging the...
CVE-2012-4915
Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the file parameter to libs/pdf.php...
Directory traversal
Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the file parameter to libs/pdf.php...
GLSA-201405-20 : JBIG-KIT: Denial of Service
The remote host is affected by the vulnerability described in GLSA-201405-20 JBIG-KIT: Denial of Service JBIG-KIT contains a stack-based buffer overflow in the jbgdecin function in libjbig/jbig.c. Impact : A remote attacker could possibly cause a Denial of Service condition via a specially crafte...
SUSE-SU-2015:0674-1 Security update for xorg-x11-libs
xorg-x11-libs was patched to fix the following security issues: Integer overflow of allocations in font metadata file parsing. CVE-2014-0209 libxfont not validating length fields when parsing xfs protocol replies. CVE-2014-0210 Integer overflows causing miscalculating memory needs for xfs replies...
java-1.7.0-openjdk security update
1.7.0.51-2.4.7.1.0.1.el65 - Update DISTRONAME in specfile 1.7.0.51-2.4.7.1.el6 - regenerated sources to fix TCK failure - Resolves: rhbz1085002 1.7.0.51-2.4.7.0.el6 - bumped to future icedtea-forest 2.4.7 - updatever set to 55, buildver se to 13, release reset to 0 - removed upstreamed patch402...
libssh: Arbitrary code execution
Background libssh is a C library providing SSHv2 and SSHv1. Description Multiple buffer overflow, double free, and integer overflow vulnerabilities have been discovered in libssh. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial o...
mysql55 security update
CentOS Errata and Security Advisory CESA-2014:0186 Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVS...