Security fix for the ALT Linux 7 package kernel-src-kvm version 3.10.21-alt1

3.10.21-alt1 built Dec. 20, 2013 Led in task 110736 Dec. 19, 2013 Led - 3.10.21 - updates from linux-3.10.25: + CVE-2013-4587 + CVE-2013-6367 + CVE-2013-6368 + CVE-2013-6376...

Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : qt4-x11, qtbase-opensource-src vulnerability (USN-2057-1)

It was discovered that QXmlSimpleReader in Qt incorrectly handled XML entity expansion. An attacker could use this flaw to cause Qt applications to consume large amounts of resources, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description bloc...

Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2013-1505)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-1505 advisory. 1:1.6.0.0-1.68.1.11.14 - updated to icedtea6-1.11.14.tar.gz - added and applied 1.11.14-fixes.patch, patch10 to fix build issues - adapted patch8...

Low: python-crypto

Issue Overview: The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator PRNG before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race...

Debian DSA-2772-1 : typo3-src - XSS

Markus Pieton and Vytautas Paulikas discovered that the embedded video and audio player in the TYPO3 web content management system is suspectible to cross-site-scripting. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fro...

[SECURITY] [DSA 2772-1] typo3-src security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2772-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 10, 2013 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2772-1 (typo3-src - cross-site scripting)

Markus Pieton and Vytautas Paulikas discovered that the embedded video and audio player in the TYPO3 web content management system is suspectible to cross-site-scripting. OpenVAS Vulnerability Test $Id: deb2772.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2772-1 usin...

Debian: Security Advisory (DSA-2772-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

http-referer-checker NSE Script

Informs about cross-domain include of scripts. Websites that include external javascript scripts are delegating part of their security to third-party entities. Script Arguments slaxml.debug See the documentation for the slaxml library. httpspider.doscraping, httpspider.maxdepth,...

[SECURITY] [DSA 2646-1] typo3-src security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2646-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez March 15, 2013 http://www.debian.org/security/faq -...

Debian DSA-2646-1 : typo3-src - several vulnerabilities

TYPO3, a PHP-based content management system, was found vulnerable to several vulnerabilities. - CVE-2013-1842 Helmut Hummel and Markus Opahle discovered that the Extbase database layer was not correctly sanitizing user input when using the Query object model. This can lead to SQL injection by a...

Microsoft Internet Explorer Domain Policy Bypass Vulnerability

Microsoft Internet Explorer is prone to domain policy bypass vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-6502

Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a...

Debian Security Advisory DSA 2574-1 (typo3-src)

The remote host is missing an update to typo3-src announced via advisory DSA 2574-1. OpenVAS Vulnerability Test $Id: deb25741.nasl 8972 2018-02-28 07:02:10Z cfischer $ Description: Auto-generated from advisory DSA 2574-1 typo3-src Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

[SECURITY] [DSA 2537-1] typo3-src security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2537-1 [email protected] http://www.debian.org/security/ Florian Weimer August 30, 2012 http://www.debian.org/security/faq -...

CVE-2012-2330

The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information request header contents and possibly spoof HTTP headers via a zero length string...

AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution

AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution tested against: Microsoft Windows Vista sp2 Microsoft Windows Server 2003 r2 sp2 Mozilla Firefox 14.0.1 download url: http://client.web.aol.com/toolbarfiles/Prod/downloads/downloadupdater/dnupdatersetup.exe this was the upda...

CVE-2011-1761

CVE-2011-1761 affects libmodplug prior to 0.8.8.3, with multiple stack-based buffer overflows in the ABC loader paths (abc_new_macro and abc_new_umacro) in src/load_abc.cpp. The vulnerability allows remote attackers to crash the application and potentially execute arbitrary code via a crafted ABC...

CVE-2011-3083

browser/profiles/profileimpliodata.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted web page...

CVE-2011-3083

browser/profiles/profileimpliodata.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted web page...