Section: .. / 1002-advisories /
| /// File Name: |
dsa-1987-1.txt |
Description:
|
Debian Linux Security Advisory 1987-1 - Li Ming discovered that lighttpd, a small and fast webserver with minimal memory footprint, is vulnerable to a denial of service attack due to bad memory handling. Slowly sending very small chunks of request data causes lighttpd to allocate new buffers for each read instead of appending to old ones. An attacker can abuse this behaviour to cause denial of service conditions due to memory exhaustion.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 26105 | | Related CVE(s): | CVE-2010-0295 | | Last Modified: | Feb 2 22:28:58 2010 |
| MD5 Checksum: | b596d4c67fe9e1ab32c065db6a8fdce0 |
|
| /// File Name: |
dsa-1988-1.txt |
Description:
|
Debian Linux Security Advisory 1988-1 - Several vulnerabilities have been discovered in qt4-x11, a cross-platform C++ application framework.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 65441 | | Related CVE(s): | CVE-2009-0945, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1699, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1725, CVE-2009-2700 | | Last Modified: | Feb 4 01:11:28 2010 |
| MD5 Checksum: | 0fadcfbd4ac0cef554418c9945fd3bb0 |
|
| /// File Name: |
dsa-1989-1.txt |
Description:
|
Debian Linux Security Advisory 1989-1 - Dan Rosenberg discovered a race condition in FUSE, a Filesystem in USErspace. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 14547 | | Related CVE(s): | CVE-2009-3297 | | Last Modified: | Feb 4 01:12:07 2010 |
| MD5 Checksum: | 0b544879650be317a980053b30aee4fa |
|
| /// File Name: |
dsa-1990-1.txt |
Description:
|
Debian Linux Security Advisory 1990-1 - Stefan Goebel discovered that the Debian version of trac-git, the Git add-on for the Trac issue tracking system, contains a flaw which enables attackers to execute code on the web server running trac-git by sending crafted HTTP queries.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 3548 | | Related CVE(s): | CVE-2010-0394 | | Last Modified: | Feb 4 01:12:54 2010 |
| MD5 Checksum: | 1bf01f60060ecfed6d59bc59620b1749 |
|
| /// File Name: |
dsa-1990-2.txt |
Description:
|
Debian Linux Security Advisory 1990-2 - The trac-git package released in DSA-1990-1 had a wrong dependency that could not be satisfied in Debian stable. This update corrects this problem.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 3221 | | Related CVE(s): | CVE-2010-0394 | | Last Modified: | Feb 5 11:09:27 2010 |
| MD5 Checksum: | 533adc6743fc6572a9eba84649e17600 |
|
| /// File Name: |
dsa-1992-1.txt |
Description:
|
Debian Linux Security Advisory 1992-1 - Several vulnerabilities have been discovered in chrony, a pair of programs which are used to maintain the accuracy of the system clock on a computer. This issues are similar to the NTP security flaw CVE-2009-3563.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 8764 | | Related CVE(s): | CVE-2010-0292, CVE-2010-0293, CVE-2010-0294 | | Last Modified: | Feb 5 11:11:47 2010 |
| MD5 Checksum: | 0520f83e39b6ac4499225e657541b1df |
|
| /// File Name: |
dsa-1993-1.txt |
Description:
|
Debian Linux Security Advisory 1993-1 - It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise input data that is used on SQL queries, which might be used to inject arbitrary SQL to, for example, escalate privileges on a system that uses otrs2.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 3075 | | Related CVE(s): | CVE-2010-0438 | | Last Modified: | Feb 11 19:29:06 2010 |
| MD5 Checksum: | 0a0744bc0be10812c8e51256781832bb |
|
| /// File Name: |
dsa-1994-1.txt |
Description:
|
Debian Linux Security Advisory 1994-1 - It was discovered that ajaxterm, a web-based terminal, generates weak and predictable session IDs, which might be used to hijack a session or cause a denial of service attack on a system that uses ajaxterm.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 3875 | | Related CVE(s): | CVE-2009-1629 | | Last Modified: | Feb 12 02:28:38 2010 |
| MD5 Checksum: | f051fb08a354f3a5c1d8b7538e913302 |
|
| /// File Name: |
dsa-1996-1.txt |
Description:
|
Debian Linux Security Advisory 1996-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 79384 | | Related CVE(s): | CVE-2009-3939, CVE-2009-4027, CVE-2009-4536, CVE-2009-4538, CVE-2010-0003, CVE-2010-0007, CVE-2010-0291, CVE-2010-0298, CVE-2010-0306, CVE-2010-0307, CVE-2010-0309, CVE-2010-0410, CVE-2010-0415 | | Last Modified: | Feb 15 15:31:13 2010 |
| MD5 Checksum: | fbdc26403ae55b8522f95a30964c1ce5 |
|
| /// File Name: |
dsa-1998-1.txt |
Description:
|
Debian Linux Security Advisory 1998-1 - Maksymilian Arciemowicz discovered a buffer overflow in the internal string routines of the KDE core libraries, which could lead to the execution of arbitrary code.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 9894 | | Related CVE(s): | CVE-2009-0689 | | Last Modified: | Feb 17 19:26:15 2010 |
| MD5 Checksum: | 34ea792d974643bb25688f9287a8d238 |
|
| /// File Name: |
dsa-2000-1.txt |
Description:
|
Debian Linux Security Advisory 2000-1 - Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder, which also provides a range of multimedia libraries used in applications like MPlayer.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 33350 | | Related CVE(s): | CVE-2009-4631, CVE-2009-4632, CVE-2009-4633, CVE-2009-4634, CVE-2009-4635, CVE-2009-4636, CVE-2009-4637, CVE-2009-4638, CVE-2009-4640 | | Last Modified: | Feb 20 12:41:56 2010 |
| MD5 Checksum: | a06a795f5b0d1d282286beb2cb1f1fd6 |
|
| /// File Name: |
DSECRG-09-039.txt |
Description:
|
An Active-X component in CLIproxy.dll from Symantec Antivirus Client Proxy suffers from a buffer overflow vulnerability.
| | Author: | Sh2kerr | | Homepage: | http://www.dsec.ru/ | | File Size: | 2987 | | Related CVE(s): | CVE-2010-0108 | | Last Modified: | Feb 20 14:23:04 2010 |
| MD5 Checksum: | 1f68c2a86a81e38c5322e4127c8446d8 |
|
| /// File Name: |
enomalyecp-exec.txt |
Description:
|
Enomaly ECP versions up to and including 3.0.4 are believed to contain an insecure silent update mechanism that could allow a remote attacker to execute arbitrary code as root, and to inject or modify VM workloads for execution within user environment or to replay older, insecure workloads. Both the Enomaly ECP implementation and the VMcasting protocol itself are believed to be vulnerable.
| | Author: | Sam Johnston | | File Size: | 3625 | | Last Modified: | Feb 16 16:49:12 2010 |
| MD5 Checksum: | 6a6fc506406c2a03fb5fad834aaa3131 |
|
| /// File Name: |
ESA-2010-003.txt |
Description:
|
EMC HomeBase Server contains a vulnerability that may allow an unauthenticated remote user to upload arbitrary files on the affected HomeBase Server. Versions 6.2.x and 6.3.x are affected.
| | Homepage: | http://www.emc.com/ | | File Size: | 4001 | | Related CVE(s): | CVE-2010-0620 | | Last Modified: | Feb 25 01:37:50 2010 |
| MD5 Checksum: | c94e1940d368dcf825d56994dc9bfc65 |
|
| /// File Name: |
getplus-validation.txt |
Description:
|
getPlus suffers from an insufficient domain name validation vulnerability. A new Adobe Download Manager was released that resolves this issue.
| | Author: | Yorick Koster | | Homepage: | http://www.akitasecurity.nl/ | | File Size: | 10829 | | Related CVE(s): | CVE-2010-0189 | | Last Modified: | Feb 26 14:30:00 2010 |
| MD5 Checksum: | 3fdb375f69fdba6afb5d299261d069a8 |
|
| /// File Name: |
googlebuzz-xsrf.txt |
Description:
|
Google Buzz is reported to have cross site request forgery vulnerabilities.
| | Author: | Kristian Hermansen | | File Size: | 1171 | | Last Modified: | Feb 12 14:28:18 2010 |
| MD5 Checksum: | 6e905c52fa90664aa2a16d2f25c9e1e8 |
|
| /// File Name: |
HPSBMA02484-SSRT090076.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP Network Node Manager (NNM). The vulnerability could be exploited remotely to execute arbitrary commands.
| | Homepage: | http://www.hp.com/ | | File Size: | 6508 | | Related CVE(s): | CVE-2010-0445 | | Last Modified: | Feb 10 16:04:55 2010 |
| MD5 Checksum: | f35417b55767afa4db82b83b7b6aab69 |
|
| /// File Name: |
HPSBMA02486-SSRT090049.txt |
Description:
|
HP Security Bulletin - Potential security vulnerabilities have been identified with the Java Runtime Environment (JRE) and Java Developer Kit (JDK) delivered with HP OpenView Network Node Manager (OV NNM). These vulnerabilities may allow remote unauthorized access, privilege escalation, execution of arbitrary code, and creation of a Denial of Service (DoS) .
| | Homepage: | http://www.hp.com/ | | File Size: | 8362 | | Related CVE(s): | CVE-2008-2086, CVE-2008-5339, CVE-2008-5340, CVE-2008-5341, CVE-2008-5342, CVE-2008-5343, CVE-2008-5344, CVE-2008-5345, CVE-2008-5347, CVE-2008-5348, CVE-2008-5350, CVE-2008-5351, CVE-2008-5353, CVE-2008-5354, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358, CVE-2008-5359, CVE-2008-5360 | | Last Modified: | Feb 10 18:01:12 2010 |
| MD5 Checksum: | 26fbe55685c0e4f416222b29c66f86de |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
