(Feb 12) Two vulnerabilities were discovered in Ruby on Rails, a Ruby framework for web application development. CVE-2013-0276 [More…]
(Jan 5) Two security issues have been discovered in Weechat a, fast, light and extensible chat client: CVE-2011-1428 [More…]
(Dec 16) Multiple vulnerabilities have been found in Icedove, Debian’s version of the Mozilla Thunderbird mail and news client. CVE-2012-4201 [More…]
(Dec 11) Two vulnerabilities were discovered in the implementation of the Perl programming language: CVE-2012-5195 [More…]
(Dec 7) Multiple denial of service vulnerabilities have been discovered in the xen hypervisor. One of the issue (CVE-2012-5513) could even lead to privilege escalation from guest to host. [More…]
(Oct 26) Several vulnerabilities were discovered in Request Tracker, an issue tracking system. CVE-2012-4730 [More…]
(Oct 23) Several vulnerabilities were found in ViewVC, a web interface for CVS and Subversion repositories. CVE-2009-5024: remote attackers can bypass the cvsdb row_limit [More…]
(Oct 17) Several vulnerabilities were found in libexif, a library used to parse EXIF meta-data on camera files. CVE-2012-2812: A heap-based out-of-bounds array read in the [More…]
(Sep 13) Severel vulnerabilities have been discovered in Tor, an online privacy tool. CVE-2012-3518 [More…]
(Aug 30) Several vulnerabilities were discovered in TYPO3, a content management system. CVE-2012-3527 [More…]
(Aug 25) Two vulnerabilities related to XML processing were discovered in PostgreSQL, an SQL database. CVE-2012-3488 [More…]
(Aug 23) It was discovered that Performance Co-Pilot (pcp), a framework for performance monitoring, contains several vulnerabilites. CVE-2012-3418 [More…]
(Aug 14) Several vulnerabilities were discovered in Icedove, Debian’s version of the Mozilla Thunderbird mail and news client. CVE-2012-1948 [More…]
(Aug 1) Several security vulnerabilities affecting ISC dhcpd, a server for automatic IP address assignment, have been discovered. Additionally, the latest security update for isc-dhcp, DSA-2516-1, did not properly apply the patches for CVE-2012-3571 and CVE-2012-3954. This has been addressed [More…]
(Jul 31) Emmanuel Bouillon from NCI Agency discovered multiple vulnerabilities in MIT Kerberos, a daemon implementing the network authentication protocol. CVE-2012-1014 [More…]
(Jul 4) Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform. CVE-2012-1711 CVE-2012-1719 [More…]
(Dec 7) CVE-2009-1298 null ptr deref in ipv4 ip_frag_reasm.
(Dec 7) CVE-2009-1298 null ptr deref in ipv4 ip_frag_reasm.
(Jul 12) Several security vulnerabilities have been found in Puppet, a centralized configuration management: CVE-2012-3864 [More…]
(Dec 9) Two security issues are found on activepack shipped on Fedora 10. One bug is
that there is a weakness in the strip_tags function in ruby on rails (bug
542786, CVE-2009-4214). Another one is a possibility to circumvent protection
against cross-site request forgery (CSRF) attacks (bug 544329). This new rpm
will fix these issues.
(Dec 9) Update to 3.12.5 This update fixes the following security flaw:
CVE-2009-3555 TLS: MITM attacks via session renegotiation
(Jul 26) Two security vulnerabilities affecting ISC dhcpd, a server for automatic IP address assignment, in Debian have been discovered. CVE-2012-3571 [More…]
(Dec 9) This update contains the latest stable release of Apache httpd. Three security
fixes are included, along with several minor bug fixes. A flaw was found in
the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols
handle session renegotiation. A man-in-the-middle attacker could use this flaw
to prefix arbitrary plain text to a client’s session (for example, an HTTPS
connection to a website). This could force the server to process an attacker’s
request as if authenticated using the victim’s credentials. This update
partially mitigates this flaw for SSL sessions to HTTP servers using mod_ssl by
rejecting client-requested renegotiation. (CVE-2009-3555) Note: This update
does not fully resolve the issue for HTTPS servers. An attack is still possible
in configurations that require a server-initiated renegotiation A NULL
pointer dereference flaw was found in the Apache mod_proxy_ftp module. A
malicious FTP server to which requests are being proxied could use this flaw to
crash an httpd child process via a malformed reply to the EPSV or PASV commands,
resulting in a limited denial of service. (CVE-2009-3094) A second flaw was
found in the Apache mod_proxy_ftp module. In a reverse proxy configuration, a
remote attacker could use this flaw to bypass intended access restrictions by
creating a carefully-crafted HTTP Authorization header, allowing the attacker to
send arbitrary commands to the FTP server. (CVE-2009-3095) See the upstream
changes file for further information:
http://www.apache.org/dist/httpd/CHANGES_2.2.14
(Dec 11) Update to 1.8.6 p368 This package also fixes the build failure on arm
-gnueabi systems (bug 506233), and DOS vulnerability issue on BigDecimal method
(bug 504958, CVE-2009-1904)
(Dec 11) This update fixes possible DoS with mode 7 packets. (CVE-2009-3563)
The following bug have been fixed:
[-] Critical vulnerabilities found during internal audit
[-] Vulnerability in SSO relay has been fixed (CVE-2011-4776)
[-] Plesk 10.4.4 loses connection to MySQL on statistics run – MySQL server has gone away
[-] Wrong validation in RuCenter’s domain registration form
The following bug have been fixed:
[-] Vulnerability has been fixed in Apache with SNI for CentOS 5. Apache has been upgraded to version 2.2.22. (CVE-2012-2110, CVE-2012-2333)
[-] Imported subscription linked with not-active plan variant price.
[-] Encryption key value is transferred by URL
[-] Ability to change administrative group must be removed from “Edit My Profile” screen
[-] Subscription price is displayed without discounts/taxes/add-ons
[-] Invoices are not generated for imported subscriptions
[+] MySQL ODBC 5.1.11 driver support has been added
The following bug have been fixed:
[-] XSS vulnerability in Horde IMP has been fixed (CVE-2012-0791)
[-] When admin’s password changing via ch_admin_passwd utility mysqld is running with –skip-grant-tables option
[-] Migration via rsync may fails with “pipe: Too many open files” error
[-] 10.4.4 MU#28 does not set SELinux contexts on /usr/local/psa/handlers/hooks/check-quota handler which causes mail system to go down
[+] BIND version has been upgraded to 9.8.1-P1, that also fixes CVE-2011-4313 not exploitable in Plesk configurations. (90473)
The following bug have been fixed:
[-] Incorporated Plesk Panel security fix from the update http://kb.parallels.com/en/113321 (106355)
[-] Automatic key update failures aren’t logged (105476)
[-] XSS vulnerability in Horde IMP has been fixed (CVE-2012-0791) (105744)
[-] Minor security vulnerability in Plesk Panel has been addressed
[+] BIND version has been upgraded to 9.8.1-P1, that also fixes CVE-2011-4313 not exploitable in Plesk configurations. (90473)
The following bug have been fixed:
[-] Incorporated Plesk Panel security fix from the update http://kb.parallels.com/en/113321 (106355)
[-] Automatic key update failures aren’t logged (105476)
[-] XSS vulnerability in Horde IMP has been fixed (CVE-2012-0791) (105744)
[-] Minor security vulnerability in Plesk Panel has been addressed
60 queries. 8.75 mb Memory usage. 0.601 seconds.