similar to: CVE-2012-5620

Displaying 20 results from an estimated 60000 matches similar to: "CVE-2012-5620"

2012 Nov 13
0
Xen Security Advisory 25 (CVE-2012-4544, CVE-2012-2625) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4544,CVE-2012-2625 / XSA-25 version 2 Xen domain builder Out-of-memory due to malicious kernel/ramdisk UPDATES IN VERSION 2 ==================== Clarify that XSA-25 is reporting, via the Xen.org security process, both CVE-2012-4544 and CVE-2012-2625. Also we would like to
2015 Apr 28
3
CVE-2015-3420
On 28 Apr 2015, at 11:35, Timo Sirainen <tss at iki.fi> wrote: > > On 28 Apr 2015, at 04:15, Edwardo Garcia <wdgarc88 at gmail.com> wrote: >> When can we expect 2.2.17 to resolve this? > > As far as I know this doesn't affect any of the major distributions where Dovecot is commonly used (Debian/Ubuntu/Redhat/CentOS). I've only heard it happening with some
2021 Jun 21
1
CVE-2021-33515: SMTP Submission service STARTTLS injection
Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4583 (Bug ID) Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection') Vulnerable version: 2.3.0-2.3.14 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification:
2021 Jun 21
1
CVE-2021-33515: SMTP Submission service STARTTLS injection
Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4583 (Bug ID) Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection') Vulnerable version: 2.3.0-2.3.14 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification:
2012 May 30
0
[CVE-2012-2944] NUT vulnerability: upsd can be remotely crashed
Dear NUT users, I recently came across a MAJOR potential flaw in the network server (upsd), that results, when exploited, in a crash of this server [1] This is the first security flaw in this software, since it's very beginning (~15 years)! It is still potential, and not actual, since Sebastian's report is a first-timer. But it should be very seriously considered, and you should take all
2013 Jan 03
1
Passing "allow_unsafe" appears not to workaround protection for CVE-2012-2934
Having finished a round of testing in my own lab, I''ve connected to my clients test lab, and reproduced my Xen Dom0. Upon trying a test creation of a DomU, I was intrigued to receive the message: ERROR POST operation failed: xend_post: error from xen daemon: (xend.err ''Error creating domain: Creating domain failed: name=snstest00'') Domain installation does not
2012 Oct 26
0
Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4544 / XSA-25 Xen domain builder Out-of-memory due to malicious kernel/ramdisk ISSUE DESCRIPTION ================= The Xen PV domain builder contained no validation of the size of the supplied kernel or ramdisk either before or after decompression. This could cause the toolstack to consume all available RAM
2015 Apr 28
3
CVE-2015-3420
When can we expect 2.2.17 to resolve this?
2012 Oct 25
0
[HEADS UP]: CVE-2012-4929 (CRIME)
I think there is nothing FreeBSD can do about this besides making sure our users are aware of it. The situation in which this is a problem is specific but one you should consider if you are using TLS with compression. TLS 1.2 and earlier are vulnerable to an attack commonly known as CRIME. The attack involves TLS sessions using compression where an attacker is able to inject known plaintext into
2014 Nov 21
0
Processed: retitle 770230 to xen: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595 CVE-2014-9030
Processing commands for control at bugs.debian.org: > retitle 770230 xen: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595 CVE-2014-9030 Bug #770230 [src:xen] CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595 Changed Bug title to 'xen: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595 CVE-2014-9030' from 'CVE-2014-5146 CVE-2014-5149 CVE-2014-8594
2003 Jan 08
3
Logging suggestions?
Any suggestions how user login/logouts should look like in log files? I was thinking: (connected to imaps port) Login: username [IP 1.2.3.4, imaps, compressed] Logout: username [IP 1.2.3.4, imaps, compressed] [1000/100000 bytes (50%), 00:00:12] Bytes being upload/download and the 50% meaning compression ratio for downloaded bytes, probably not worth it for upload. Or if uncompressed, it'd
2012 Sep 07
0
Xen Security Advisory 19 (CVE-2012-4411) - guest administrator can access qemu monitor console
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4411 / XSA-19 version 2 guest administrator can access qemu monitor console UPDATES IN VERSION 2 ==================== We have now been issued with a CVE number. ISSUE DESCRIPTION ================= A guest administrator who is granted access to the graphical console of a Xen guest
2023 Mar 21
2
Bug#1033297: xen: CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334
Source: xen Version: 4.17.0+46-gaaf74a532c-1 Severity: grave Tags: security upstream X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org> Hi, The following vulnerabilities were published for xen. CVE-2022-42331[0]: | x86: speculative vulnerability in 32bit SYSCALL path Due to an | oversight in the very original Spectre/Meltdown security work | (XSA-254),
2015 Apr 28
0
CVE-2015-3420
* Timo Sirainen schrieb am 28.04.15 um 11:35 Uhr: >On 28 Apr 2015, at 11:35, Timo Sirainen <tss at iki.fi> wrote: >> >> On 28 Apr 2015, at 04:15, Edwardo Garcia <wdgarc88 at gmail.com> wrote: >>> When can we expect 2.2.17 to resolve this? >> >> As far as I know this doesn't affect any of the major distributions where Dovecot is commonly used
2024 May 29
0
nginx security advisory (CVE-2024-31079, CVE-2024-32760, CVE-2024-34161, CVE-2024-35200)
Hello! Four security issues were identified in nginx HTTP/3 implementation, which might allow an attacker that uses a specially crafted QUIC session to cause a worker process crash (CVE-2024-31079, CVE-2024-32760, CVE-2024-35200), worker process memory disclosure on systems with MTU larger than 4096 bytes (CVE-2024-34161), or might have potential other impact (CVE-2024-31079, CVE-2024-32760).
2024 May 29
0
nginx security advisory (CVE-2024-31079, CVE-2024-32760, CVE-2024-34161, CVE-2024-35200)
Hello! В реализации HTTP/3 в nginx были обнаружены четыре проблемы, которые позволяют атакующему с помощью специально созданной QUIC-сессии вызвать падение рабочего процесса (CVE-2024-31079, CVE-2024-32760, CVE-2024-35200), отправку клиенту части содержимого памяти рабочего процесса на системах с MTU больше 4096 байт (CVE-2024-34161), а также потенциально могут иметь другие последствия
2014 Nov 21
0
Bug#770230: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595
On Wed, Nov 19, 2014 at 11:45:02PM +0100, Moritz Muehlenhoff wrote: > Source: xen > Severity: grave > Tags: security > > Hi, > the following security issues apply to Xen in jessie: > > CVE-2014-5146,CVE-2014-5149: > https://marc.info/?l=oss-security&m=140784877111813&w=2 > > CVE-2014-8594: >
2023 Nov 26
2
Bug#1056928: xen: CVE-2023-46835 CVE-2023-46836
Source: xen Version: 4.17.2+55-g0b56bed864-1 Severity: important Tags: security upstream X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org> Hi, The following vulnerabilities were published for xen. CVE-2023-46835[0]: | x86/AMD: mismatch in IOMMU quarantine page table levels CVE-2023-46836[1]: | x86: BTC/SRSO fixes not fully effective If you fix the
2012 Apr 17
1
CVE-2012-1182 patches
Hi, We are using Samba 3.4.2 on Oracle Solaris 10 UNIX server. I am looking at the samba site for patches for the CVE-2012-1182 vulnerability, but the closest patch versions I see are for samba 3.4.15 & 3.4.16. Is there a specific patch to fix samba 3.4.2? Also, since we are patching, is there a cluster of patches available specifically for samba 3.4.2? Can you please point me to the links
2007 May 14
0
Patched 3.0.24 tree for CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Folks, As a small means of community service, I've decided to provide an unofficial patched version of 3.0.24 (tagged as 3.0.24-gc-1) to address the CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447 security advisories. The bzr branch is hosted at http://people.samba.org/bzr/jerry/samba-3-0-24-gc.bzr/ The source tarball is available from