Mandriva Linux Security Advisory : pidgin (MDVSA-2011:050)

Multiple vulnerabilities has been identified and fixed in pidgin : It was discovered that libpurple versions prior to 2.7.10 do not properly clear certain data structures used in libpurple/cipher.c prior to freeing. An attacker could potentially extract partial information from memory regions fre...

Ubuntu Update for linux-ec2 vulnerabilities USN-1080-2

Ubuntu Update for Linux kernel vulnerabilities USN-1080-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN10802.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for linux-ec2 vulnerabilities USN-1080-2 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...

[SECURITY] [DSA 2174-1] avahi security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2174-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst February 26, 2011 http://www.debian.org/security/faq -...

DSA-2174-1 avahi - denial of service

Bulletin has no description...

Ubuntu Fixes Kerberos Bug With New Packages

There’s a vulnerability in the Kerberos implementation in several versions of Ubuntu, which could allow an attacker to cause a denial-of-service on vulnerable servers. The bug is in Ubuntu 8.04, Ubuntu 9.10, Ubuntu 10.04 and Ubuntu 10.10. The bug is in the Ubuntu implementation of the Kerberos...

Fedora Update for dhcp FEDORA-2011-0862

Check for the Version of dhcp OpenVAS Vulnerability Test Fedora Update for dhcp FEDORA-2011-0862 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

[SECURITY] Fedora 14 Update: dhcp-4.2.0-19.P2.fc14

DHCP Dynamic Host Configuration Protocol is a protocol which allows individual devices on an IP network to get their own network configuration information IP address, subnetmask, broadcast address, etc. from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large...

Microsoft Internet Explorer MHTML Content Blocks Information Disclosure (CVE-2011-0096; CVE-2011-1894)

MHTML MIME Encapsulation of Aggregate HTML is an Internet standard that defines the MIME structure that is used to wrap HTML content. An information disclosure vulnerability has been reported in Microsoft Windows MHTML protocol. The vulnerability is due to the way MHTML interprets MIME-formatted...

Mandriva Linux Security Advisory : hplip (MDVSA-2011:013)

A vulnerability has been found and corrected in hplip : A flaw was found in the way certain HPLIP tools discovered devices using the SNMP protocol. If a user ran certain HPLIP tools that search for supported devices using SNMP, and a malicious user is able to send specially crafted SNMP responses...

SuSE 10 Security Update : pidgin (ZYPP Patch Number 6861)

This update of pidgin fixes various security vulnerabilities : - Remote file disclosure vulnerability by using the MSN protocol. CVE-2010-0277: CVSS v2 Base Score: 4.9: Resource Management Errors CWE-399 MSN protocol plugin in libpurple allowed remote attackers to cause a denial of service memory...

CVE-2011-0637

The FC SCSI protocol driver in IBM AIX 6.1 does not verify that a timer is unused before deallocating this timer, which might allow attackers to cause a denial of service system crash via unspecified vectors...

Debian DSA-2141-1 : openssl - SSL/TLS insecure renegotiation protocol design flaw

DSA-2141 consists of three individual parts, which can be viewed in the mailing list archive: DSA 2141-1 openssl, DSA 2141-2 nss, DSA 2141-3 apache2, and DSA 2141-4 lighttpd. This page only covers the first part, openssl. - CVE-2009-3555 Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw...

Code injection

The Neighbor Discovery ND protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service CPU consumption and system hang by sending many Router Advertisement RA messages...

[SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw

------------------------------------------------------------------------ Debian Security Advisory DSA-2141-2 [email protected] http://www.debian.org/security/ Stefan Fritsch January 06, 2011 http://www.debian.org/security/faq -...

Fedora Update for tor FEDORA-2010-19159

Check for the Version of tor OpenVAS Vulnerability Test Fedora Update for tor FEDORA-2010-19159 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

Security Best Practice: Blocking Citrix ICA Session Sharing (Seamless Window) Vulnerabilities

Independent Computing Architecture ICA is a proprietary protocol for an application server system, designed by Citrix Systems. The protocol lays down a specification for passing data between server and clients. ICA is broadly similar in purpose to window servers such as the X Window System. It al...

SNMP Enumeration Module

This module allows enumeration of any devices with SNMP protocol support. It supports hardware, software, and network information. The default community used is "public". This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewor...

[SECURITY] Fedora 14 Update: dhcp-4.2.0-16.P2.fc14

DHCP Dynamic Host Configuration Protocol is a protocol which allows individual devices on an IP network to get their own network configuration information IP address, subnetmask, broadcast address, etc. from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large...

Mozilla Disables WebSockets in Firefox 4 Over Security Concerns

Officials at Mozilla have decided to disable support for Web Sockets in future versions of Firefox because of concerns over the security of the the current version of the protocol.The group said that demonstrations of serious attacks against WebSockets have spurred the move. Mozilla said that the...

Design/Logic Flaw

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a...