search for: vulner

Displaying 20 results from an estimated 3038 matches for "vulner".

Did you mean: vulnera
1999 Nov 11
0
CERT Advisory CA-99.14 - Multiple Vulnerabilities in BIND (fwd)
...e. I haven't been told what these are. -- REW] ---------- Forwarded message ---------- Date: Wed, 10 Nov 1999 22:58:14 -0500 From: CERT Advisory <cert-advisory@cert.org> X-Reply-To: cert-advisory-request@cert.org To: cert-advisory@coal.cert.org Subject: CERT Advisory CA-99.14 - Multiple Vulnerabilities in BIND -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CERT Advisory CA-99-14 Multiple Vulnerabilities in BIND Original release date: November 10, 1999 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Systems Affected * Sy...
1997 Jan 29
5
evidence/timelines that show linux is "more secure"
...munity responds to security problems more quickly than other OS vendors, and thus might be considered "more secure". A number of fairly high profile corporations are starting to look for such information as they consider Linux as an alternative solution to other UNIXes. Something like: Vulnerability : foo has buffer overrun Affects : Linux, Solaris, etc Linux Fix Date : Oct 1, 1996 Other Fix Dates: Solaris: not yet fixed ... References : http://....... CERT Advisory XYZ Does anyone have any pointers, or information I can use to assemble dat...
1997 Oct 22
1
SNI-20: Telnetd tgetent vulnerability
[mod: Executive summary: SNI found recent linux-distributions not-vulnerable -- REW] -----BEGIN PGP SIGNED MESSAGE----- ###### ## ## ###### ## ### ## ## ###### ## # ## ## ## ## ### ## ###### . ## ## . ##...
2012 Sep 05
7
Xen Security Advisory 17 (CVE-2012-3515) - Qemu VT100 emulation vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-3515 / XSA-17 version 2 Qemu VT100 emulation vulnerability UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The device model used by fully virtualised (HVM) domains, qemu, does not properly handle escape VT100 sequences when emulating certain devices with a virtual console backend. IMPACT ====== An...
2012 Sep 05
7
Xen Security Advisory 17 (CVE-2012-3515) - Qemu VT100 emulation vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-3515 / XSA-17 version 2 Qemu VT100 emulation vulnerability UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The device model used by fully virtualised (HVM) domains, qemu, does not properly handle escape VT100 sequences when emulating certain devices with a virtual console backend. IMPACT ====== An...
2004 Jun 28
2
Security Vulnerability in Asterisk
The following is pasted from SecurityFocus Newsletter #254: ------------------------- Asterisk PBX Multiple Logging Format String Vulnerabilities BugTraq ID: 10569 Remote: Yes Date Published: Jun 18 2004 Relevant URL: http://www.securityfocus.com/bid/10569 Summary: It is reported that Asterisk is susceptible to format string vulnerabilities in its logging functions. An attacker may use these vulnerabilities to corrupt memory, and r...
2014 Apr 08
3
Heartbleed openssl vulnerability?
Do we know if dovecot is vulnerable to the heartbleed SSL problem? I'm running dovecot-2.0.9 and openssl-1.01, the latter being intrinsically vulnerable. An on-line tool says that my machine is not affected on port 993 but it would be nice to know for sure if we were vulnerable for a while. (Naturally I've blocked it any...
2005 Aug 28
1
Arcoread7 secutiry vulnerability
Hi! cc'd to freebsd-security@ as somebody there may correct me, cc'd to secteam@ as maintaner of security/portaudit. On Sun, 28 Aug 2005 10:14:21 +0930 Ian Moore wrote: > I've just updated my acroread port to 7.0.1 & was surprised when portaudit > still listed it as a vulnerability. I think it is portaudit problem. > According to http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/85093, the > upgrade to 7.0.1 is suppoed to fix the problem, but according to > http://www.freebsd.org/ports/portaudit/02bc9b7c-e019-11d9-a8bd-000cf18bbe54.html > and Adobe'...
2011 Oct 24
3
Important Security Announcement: AltNames Vulnerability [new version of puppet]
We have discovered a security vulnerability (“AltNames Vulnerability”) whereby a malicious attacker can impersonate the Puppet master using credentials from a Puppet agent node. This vulnerability cannot cross Puppet deployments, but it can allow an attacker with elevated privileges on one Puppet-managed node to gain control of any ot...
2014 Apr 09
1
FLASH NewsBites - Heartbleed Open SSL Vulnerability (fwd)
For even more information about "Heartbleed". -Connie Sieh ---------- Forwarded message ---------- Date: Wed, 9 Apr 2014 12:27:54 -0500 From: The SANS Institute <NewsBites at sans.org> Subject: FLASH NewsBites - Heartbleed Open SSL Vulnerability FLASH NewsBites - Heartbleed Open SSL Vulnerability FLASH NewsBites are issued only when a security event demands global and immediate action. The HeartBleed Open SSL vulnerability fits that description. Proof: More than 200 students at SANS 2014 in Orlando this week spent 2 hours in a b...
1996 Nov 25
0
LSF Update#14 v1.2 "lpr vulnerability"
-----BEGIN PGP SIGNED MESSAGE----- $Id: lpr-vulnerability-0.6-linux,v 1.2 1996/11/25 22:39:20 alex Exp $ Linux Security FAQ Update lpr Vulnerability Mon Nov 25 16:56:59 EST 1996 Copyright (C) 1995,1996 Alexander O. Yuriev (alex@bach.cis.temple.edu)...
2006 Jul 28
2
Ruby vulnerability?
Hi, FYI, Red Hat released an advisory today about a vulnerability in Ruby. So far it doesn't appear in the VuXML, but am I correct in presuming it will soon? https://rhn.redhat.com/errata/RHSA-2006-0604.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3694 cheers, -- Joel Hatton -- Infrastructure Manager | Hotline: +61 7 3365...
2015 Mar 31
2
OpenSSL vulnerability fix
just for my curiosity, How can we make sure that its not affected? Is there any script to check whether its vulnerable or not (as in bash shell shock vulnerability test)? On Tue, Mar 31, 2015 at 12:25 PM, Eero Volotinen <eero.volotinen at iki.fi> wrote: > Centos 5 is not affected by this bug, so fix is not available. > > Eero > 31.3.2015 9.48 ap. kirjoitti "Venkateswara Rao Dokku"...
1998 Dec 22
0
CERT Advisory CA-98.13 - TCP/IP Denial of Service (fwd)
...warding it to the appropriate FreeBSD mailing lists. We would like to thanks CERT for cooperation with the FreeBSD security officer on this subject. -----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-98-13-tcp-denial-of-service Original Issue Date: December 21, 1998 Last Revised Topic: Vulnerability in Certain TCP/IP Implementations Affected Systems Some systems with BSD-derived TCP/IP stacks. See Appendix A for a complete list of affected systems. Overview Intruders can disrupt service or crash systems with vulnerable TCP/IP stacks. No special access is required, and in...
2014 Oct 09
2
Bash still vulnerable
According to the vulnerability test script from shellshocker.net, the latest bash versions on CentOS5 and CentOS6, 3.2-33.el5_11.4 and 4.1.2-15.el6_5.2, resp., are still vulnerable to CVE-2014-6277. In fact, on CentOS6, abrtd will send you a nice report about it. Does anyone know if upstream is working on a fix? [roo...
2001 Feb 08
0
[CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector vulnerability
CORE SDI http://www.core-sdi.com SSH1 CRC-32 compensation attack detector vulnerability Date Published: 2001-02-08 Advisory ID: CORE-20010207 Bugtraq ID: 2347 CVE CAN: CAN-2001-0144 Title: SSH1 CRC-32 compensation attack detector vulnerability Class: Boundary Error Condition Remotely Exploitable: Yes Locally Exploitable: Yes Release Mode: FORCED RELEASE Vulnerability...
2020 May 18
0
Multiple vulnerabilities in Dovecot
Dear subscribers, we are sending notifications for three vulnerabilities, - CVE-2020-10957 - CVE-2020-10958 - CVE-2020-10967 Please find them below --- Aki Tuomi Open-Xchange Oy ------------------ Open-Xchange Security Advisory 2020-05-18 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-3784 Vulnerability type: NULL pointer dereferenc...
2020 May 18
0
Multiple vulnerabilities in Dovecot
Dear subscribers, we are sending notifications for three vulnerabilities, - CVE-2020-10957 - CVE-2020-10958 - CVE-2020-10967 Please find them below --- Aki Tuomi Open-Xchange Oy ------------------ Open-Xchange Security Advisory 2020-05-18 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-3784 Vulnerability type: NULL pointer dereferenc...
2016 Mar 08
4
Need Help to Fix CVE-2008-1483, CVE-2008-5161, CVE-2015-5600 and CVE-2015-6565
Hi All, Actually I am working with the OpenSSH version 6.2p which is vulnerable to above mentioned vulnerabilities. So am looking for some help how I can fix these vulnerabilities in my version. I need to fix it in the OpenSSH code. Regards Abhishek
2004 Sep 14
1
multiple vulnerabilities in the cvs server code
Hello! Port security/portaudit reports the following problem: Affected package: FreeBSD-491000 Type of problem: multiple vulnerabilities in the cvs server code. Reference: <http://www.FreeBSD.org/ports/portaudit/d2102505-f03d-11d8-81b0-000347a4fa7d.htm l> Note: To disable this check add the uuid to `portaudit_fixed' in /usr/local/etc/portaudit.conf I have 2 related questions: 1) What are current plans to fix the...