|Paid content will be excluded from the download.
| Matches : 2952
|Google, Inc. discovered that the TurkTrust certification authority included in the Network Security Service libraries mis-issued two intermediate CA"s which could be used to generate rogue end-entity certificates. This update explicitly distrusts those two intermediate CA"s. The two existing TurkTrust root CA"s remain active.
Multiple vulnerabilities were discovered in the dissectors for DVB-CI, GSM A Common and ASN.1 PER and in the Netmon file parser.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1059 Chanam Park reported an issue in the Ceph distributed storage system. Remote users can cause a denial of service by sending a specially crafted auth_reply me ...
The update of librack-ruby in DSA-2783-1 also addressed CVE-2013-0183. The patch applied breaks rails applications like redmine . Updated packages are available to address this problem. For reference, the original advisory text follows: Several vulnerabilities were discovered in Rack, a modular Ruby webserver interface. The Common Vulnerabilites and Exposures project identifies the following vulne ...
Anton Johannson discovered that an invalid TLS handshake package could crash OpenSSL with a NULL pointer dereference. The oldstable distribution is not affected.
Various vulnerabilities were discovered in PostgreSQL: * Shore up GRANT ... WITH ADMIN OPTION restrictions Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the w ...
Sean Griffin discovered two vulnerabilities in the PostgreSQL adapter for Active Record which could lead to SQL injection.
Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library
Andrew Drake discovered that missing input sanitising in the icns decoder of the Python Imaging Library could result in denial of service if a malformed image is processed.
Mancha discovered a vulnerability in rsyslog, a system for log processing. This vulnerability is an integer overflow that can be triggered by malformed messages to a server, if this one accepts data from untrusted sources, provoking message loss. This vulnerability can be seen as an incomplete fix of CVE-2014-3634 .
Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   295
© 2013 SecPod Technologies