Scientific Linux Security Update : gnome-vfs2 on SL5.x i386/x86_64 (20130108)

A denial of service flaw was found in the neon Extensible Markup Language XML parser. Visiting a malicious DAV server with an application using gnome-vfs2 such as Nautilus could possibly cause the application to consume an excessive amount of CPU and memory. CVE-2009-2473 This update also fixes t...

[SECURITY] [DSA 2602-1] zendframework security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2602-1 [email protected] http://www.debian.org/security/ Florian Weimer January 08, 2013 http://www.debian.org/security/faq -...

DSA-2602-1 zendframework - XML external entity inclusion

Bulletin has no description...

SAP NetWeaver PI SDK - XXE and XXE Tunneling

Application: SAP PI SDK Versions Affected: SAP PI SDK Vendor URL: http://www.sap.com Bugs: Security Bypass Exploits: YES Reported: 12.03.2012 Vendor response: 13.03.2012 Date of Public Advisory: 22.10.2012 Reference: SAP Security Note 1723641 Authors: Alexander Polyakov, Alexey Tyurin, Alexandr...

Microsoft XML Parser (MSXML) and XML Core Services Unsupported

The remote host contains one or more unsupported versions of the Microsoft XML Parser MSXML or XML Core Services. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. Note that support f...

Ektron CMS 8.5.0 - Multiple Vulnerabilities

Ektron CMS 8.5.0 - Multiple Vulnerabilities Sense of Security - Security Advisory - SOS-12-009 Release Date. 05-Sep-2012 Last Update. - Vendor Notification Date. 07-May-2012 Product. Ektron CMS Platform. ASP.NET Affected versions. Ektron CMS version 8.5.0 and possibly others Severity Rating. High...

Fedora Update for ocaml-xml-light FEDORA-2012-12500

Check for the Version of ocaml-xml-light OpenVAS Vulnerability Test Fedora Update for ocaml-xml-light FEDORA-2012-12500 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

USN-1505-2: IcedTea-Web regression

USN-1505-1 fixed vulnerabilities in OpenJDK 6. As part of the update, IcedTea-Web packages were upgraded to a new version. That upgrade introduced a regression which prevented the IcedTea-Web plugin from working with the Chromium web browser in Ubuntu 11.04 and Ubuntu 11.10. This update fixes the...

Debian Security Advisory DSA 2507-1 (openjdk-6)

The remote host is missing an update to openjdk-6 announced via advisory DSA 2507-1. OpenVAS Vulnerability Test $Id: deb25071.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2507-1 openjdk-6 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Scientific Linux Security Update : xerces-j2 on SL6.x i386/x86_64

The xerces-j2 packages provide the Apache Xerces2 Java Parser, a high-performance XML parser. A Document Type Definition DTD defines the legal syntax and also which elements can be used for certain types of files, such as XML files. A flaw was found in the way the Apache Xerces2 Java Parser...

Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64 (20120613)

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the CORBA Common Object Request Broker Architecture implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandb...

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64 (20120613)

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the CORBA Common Object Request Broker Architecture implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandb...

Scientific Linux Security Update : httpd on SL3.x i386/x86_64

An off-by-one overflow flaw was found in the way apr-util processed a variable list of arguments. An attacker could provide a specially crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive...

Scientific Linux Security Update : tomcat on SL5.x i386/x86_64

It was discovered that a prior security errata for Tomcat version tomcat5-5.5.23-0jpp.3.0.2.el5 did not address all possible flaws in the way Tomcat handles certain characters and character sequences in cookie values. A remote attacker could use this flaw to obtain sensitive information, such as...

Scientific Linux Security Update : libxml2 on SL3.x, SL4.x, SL5.x i386/x86_64

An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. CVE-2008-4226 A denial of service...

Scientific Linux Security Update : neon on SL4.x, SL5.x i386/x86_64

CVE-2009-2473 neon, gnome-vfs2 embedded neon: billion laughs DoS attack CVE-2009-2474 neon: Improper verification of x509v3 certificate with NULL zero byte in certain fields It was discovered that neon is affected by the previously published 'null prefix attack', caused by incorrect handling of...

CentOS Update for expat CESA-2012:0731 centos6

Check for the Version of expat OpenVAS Vulnerability Test CentOS Update for expat CESA-2012:0731 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Ubuntu: Security Advisory (USN-1505-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1505-1: OpenJDK 6 vulnerabilities

It was discovered that multiple flaws existed in the CORBA Common Object Request Broker Architecture implementation in OpenJDK. An attacker could create a Java application or applet that used these flaws to bypass Java sandbox restrictions or modify immutable object data. CVE-2012-1711,...

CentOS 6 : java-1.7.0-openjdk (CESA-2012:1009)

Updated java-1.7.0-openjdk packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detaile...