[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 116062 Download | Alert*

The security fix applied to the perl package due to CVE-2013-1667 introduced a test failure in libapache2-mod-perl2 source package specific to the rehash mechanism in Perl. See Debian Bug #702821 for details. This update fixes that problem. For reference, the original advisory text for perl follows. Yves Orton discovered a flaw in the rehashing code of Perl. This flaw could be exploited to carry o ...

Several cross-site-scripting and denial of service vulnerabilities were discovered in Ruby on Rails, a Ruby framework for web application development.

Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1917 The SYSENTER instruction can be used by PV guests to accelerate system call processing. This instruction, however, leaves the EFLAGS register mostly unmodified. This can be used by malicious or buggy user space to cause the entire ho ...

Kevin Wojtysiak discovered a vulnerability in strongSwan, an IPsec based VPN solution. When using the openssl plugin for ECDSA based authentication, an empty, zeroed or otherwise invalid signature is handled as a legitimate one. An attacker could use a forged signature to authenticate like a legitimate user and gain access to the VPN . While the issue looks like CVE-2012-2388 , it is unrelated.

Stunnel, a program designed to work as an universal SSL tunnel for network daemons, is prone to a buffer overflow vulnerability when using the Microsoft NT LAN Manager authentication together with the "connect" protocol method . With these prerequisites and using stunnel4 in SSL client mode on a 64bit host, an attacker could possibly execute arbitrary code with the privileges of the stunnel pro ...

A vulnerability has been discovered in the Open Ticket Request System, which can be exploited by malicious users to disclose potentially sensitive information. An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets and they are not permitted to see. The oldstable distribution , is not affected by this issue.

Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, missing input sanitising vulnerabilities, use-after-free vulnerabilities, buffer overflows and other programming errors may lead to the execution of arbitrary code, privilege escalation, information leaks or cross-site-scripting. We"re changing the approach for ...

Alexandru Cornea discovered a vulnerability in libdbus caused by an implementation bug in _dbus_printf_string_upper_bound. This vulnerability can be exploited by a local user to crash system services that use libdbus, causing denial of service. Depending on the dbus services running, it could lead to complete system crash. The oldstable distribution is not affected by this problem.

It was discovered that users with a valid agent login could use crafted URLs to bypass access control restrictions and read tickets to which they should not have access. The oldstable distribution is not affected by this problem.

Several vulnerabilities have been discovered in the Chromium web browser. CVE-2013-2853 The HTTPS implementation does not ensure that headers are terminated by \r\n\r\n . CVE-2013-2867 Chrome does not properly prevent pop-under windows. CVE-2013-2868 common/extensions/sync_helper.cc proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting. CVE-201 ...

Pages:      Start    9626    9627    9628    9629    9630    9631    9632    9633    9634    9635    9636    9637    9638    9639    ..   11606

© SecPod Technologies