[SECURITY] [DSA 2149-1] Security update for dbus

--------------------------------------------------------------------------- Debian Security Advisory DSA-2149-1 [email protected] http://www.debian.org/security/ Nico Golde January 20, 2011 http://www.debian.org/security/faq -...

MySQL: server hangs during JOIN query in stored procedures called twice in a row (MySQL Bug#53544)

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service infinite loop via multiple invocations of a 1 prepared statement or 2 stored procedure that creates a query with nested JOIN statements...

CVE-2010-3839

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service infinite loop via multiple invocations of a 1 prepared statement or 2 stored procedure that creates a query with nested JOIN statements...

Code injection

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service infinite loop via multiple invocations of a 1 prepared statement or 2 stored procedure that creates a query with nested JOIN statements...

DEBIAN-CVE-2010-1677

MHonArc 2.6.16 allows remote attackers to cause a denial of service CPU consumption via start tags that are placed within other start tags, as demonstrated by a dydydydy sequence, a different vulnerability than CVE-2010-4524...

CVE-2010-4352

Stack consumption vulnerability in D-Bus aka DBus before 1.4.1 allows local users to cause a denial of service daemon crash via a message containing many nested variants...

CVE-2010-4352

Stack consumption vulnerability in D-Bus aka DBus before 1.4.1 allows local users to cause a denial of service daemon crash via a message containing many nested variants...

Ruby on Rails Security Bypass Vulnerability (Nov 2010)

Ruby on Rails is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rubyonrails:rails";...

Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-1017-1)

It was discovered that MySQL incorrectly handled certain requests with the UPGRADE DATA DIRECTORY NAME command. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. CVE-2010-2008 It was discovered that MySQL...

Mandriva Linux Security Advisory : mysql (MDVSA-2010:223)

Multiple vulnerabilities were discovered and corrected in mysql : - During evaluation of arguments to extreme-value functions such as LEAST and GREATEST, type errors did not propagate properly, causing the server to crash CVE-2010-3833. - The server could crash after materializing a derived table...

CVE-2010-3839

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service infinite loop via multiple invocations of a 1 prepared statement or 2 stored procedure that creates a query with nested JOIN statements...

MySQL: server hangs during JOIN query in stored procedures called twice in a row (MySQL Bug#53544)

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service infinite loop via multiple invocations of a 1 prepared statement or 2 stored procedure that creates a query with nested JOIN statements...

CVE-2010-3933

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs...

CVE-2010-3933

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs...

CVE-2010-3933

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs...

CVE-2010-3933

CVE-2010-3933 affects Ruby on Rails 2.3.9 and 3.0.0, where nested attributes are not handled securely. The root cause is improper handling of nested attributes, enabling a remote attacker to modify arbitrary records by altering parameter names for form inputs. Reports in connected sources corrobo...

MySQL Community Server < 5.1.51 Multiple Vulnerabilities

The version of MySQL Community Server installed on the remote host is earlier than 5.1.51 and is, therefore, potentially affected by multiple vulnerabilities: - A privilege escalation vulnerability exists when using statement-based replication. Version specific comments used on a master server wi...

MySQL Community Server 5.1 < 5.1.51 Multiple Denial of Service Vulnerabilities

Binary data 5677.prm...

freetype: DoS via nested "seac" calls

Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character aka seac calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c...

freetype: DoS via nested "seac" calls

Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character aka seac calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c...