(Jan 5) Several vulnerabilities have been discovered in uscan, a tool to scan upstream sits for new releases of packages, which is part of the devscripts package. An attacker controlling a website from which uscan would attempt to download a source tarball could execute arbitrary code [More…]
(Jan 3) Several security issues were fixed in the kernel.
(Jan 3) Several security issues were fixed in the kernel.
(Jan 3) Several security issues were fixed in the kernel.
(Jan 3) Several security issues were fixed in the kernel.
(Jan 1) Multiple vulnerabilities have been found in memcached, a high-performance memory object caching system. The Common Vulnerabilities and Exposures project identifies the following issues: [More…]
(Jan 3) Several security issues were fixed in the kernel.
(Jan 3) Several security issues were fixed in the kernel.
(Dec 31) An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system. [More…]
(Jan 1) Several vulnerabilities were discovered in TYPO3, a content management system. This update addresses cross-site scripting, information disclosure, mass assignment, open redirection and insecure unserialize vulnerabilities and corresponds to TYPO3-CORE-SA-2013-004. [More…]
(Jan 1) Multiple security issues have been fixed in OpenSSL: The TLS 1.2 support was susceptible to denial of service and retransmission of DTLS messages was fixed. In addition this updates disables the insecure Dual_EC_DRBG algorithm (which was unused anyway, see [More…]
(Dec 28) Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework: vulnerabilities due to optimistic cross-site request forgery protection, insecure pseudo random number generation, code execution and incorrect security token validation. [More…]
(Dec 30) Peter McLarnan discovered that the internationalization component of Ruby on Rails does not properly encode parameters in generated HTML code, resulting in a cross-site scripting vulnerability. This update corrects the underlying vulnerability in the i18n gem, as provided by [More…]
(Dec 28) Multiple vulnerabilities have been found in the HP Linux Printing and Imaging System: Insecure temporary files, insufficient permission checks in PackageKit and the insecure hp-upgrade service has been disabled. [More…]
(Dec 24) It was discovered that Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications, incorrectly handled file names with NULL bytes in serialized instances. A remote attacker able to supply a serialized [More…]
(Dec 20) Fraudulent security certificates could allow sensitive information tobe exposed when accessing the Internet.
(Dec 22) Helmut Grohne discovered that denyhosts, a tool preventing SSH brute-force attacks, could be used to perform remote denial of service against the SSH daemon. Incorrectly specified regular expressions used to detect brute force attacks in authentication logs could be exploited [More…]
(Dec 19) Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5.9 Extended Update Support. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Dec 19) libjpeg and libjpeg-turbo could be made to expose sensitive information.
(Dec 19) Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Dec 19) An updated ca-certificates package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Dec 19) Marc Deslauriers discovered that curl, a file retrieval tool, would mistakenly skip verifying the CN and SAN name fields when digital signature verification was disabled in the libcurl GnuTLS backend. [More…]
(Dec 19) Keystone access controls could be circumvented via EC2-style tokens.
(Dec 19) Horizon could be made to expose sensitive information over the network.
(Dec 20) Laurent Butti and Garming Sam discored multiple vulnerabilities in the dissectors for NTLMSSPv2 and BSSGP, which could lead to denial of service or the execution of arbitrary code. [More…]
(Dec 20) Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More…]
(Dec 20) Updated pixman packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More…]
(Dec 18) Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts. [More…]
(Dec 17) Qt could be made to consume resources and hang if it processed XML data.
(Dec 12) Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following issues: [More…]
53 queries. 9.25 mb Memory usage. 0.484 seconds.