[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 6585 Download | Alert*

Tomas Hoger, Red Hat, discovered that the fix for CVE-2012-2110 for the 0.9.8 series of OpenSSL was incomplete. It has been assigned the CVE-2012-2131 identifier. For reference, the original description of CVE-2012-2110 from DSA-2454-1 is quoted below: CVE-2012-2110 Tavis Ormandy, Google Security Team, discovered a vulnerability in the way DER-encoded ASN.1 data is parsed that can result in a heap ...

It was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 1.1, 1.2, and DTLS. An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.63, which includes additional changes, such as performance improvements and corrections for data loss defects. The packages in Debian stable are not known to be affected by this vulnerability. It is addressed in this update nonetheless, so future re ...

Timo Warns discovered that the EAP-TLS handling of freeradius, a high-performance and highly configurable RADIUS server, is not properly performing length checks on user-supplied input before copying to a local stack buffer. As a result, an unauthenticated attacker can exploit this flaw to crash the daemon or execute arbitrary code via crafted certificates.

A vulnerability has been found in the Apache HTTPD Server: CVE-2012-4557 A flaw was found when mod_proxy_ajp connects to a backend server that takes too long to respond. Given a specific configuration, a remote attacker could send certain requests, putting a backend server into an error state until the retry timeout expired. This could lead to a temporary denial of service. In addition, this updat ...

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.66, which includes additional changes, such as performance improvements and corrections for data loss defects. Additionally, CVE-2012-5611 has been fixed in this upload. The vulnerability is a stack-based buffer overflow in acl_get when checking use ...

Multiple denial of service vulnerabilities have been discovered in the xen hypervisor. One of the issue could even lead to privilege escalation from guest to host. Some of the recently published Xen Security Advisories are not fixed by this update and should be fixed in a future release. CVE-2011-3131 : DoS using I/OMMU faults from PCI-passthrough guest A VM that controls a PCI[E] device directl ...

Two vulnerabilities were discovered in the implementation of the Perl programming language: CVE-2012-5195 The "x" operator could cause the Perl interpreter to crash if very long strings were created. CVE-2012-5526 The CGI module does not properly escape LF characters in the Set-Cookie and P3P headers. In addition, this update adds a warning to the Storable documentation that this package ...

It was discovered that the CGI module for Perl does not filter LF characters in the Set-Cookie and P3P headers, potentially allowing attackers to inject HTTP headers.

Marko Myllynen discovered that elinks, a powerful text-mode browser, incorrectly delegates user credentials during GSS-Negotiate.


Pages:      Start    299    300    301    302    303    304    305    306    307    308    309    310    311    312    ..   658

© SecPod Technologies