What's New
VirtueMart Shopping Cart
Your Cart is currently empty.
Category Blog Security Bulletins - April20
| Security Bulletins - April20 |
 |
 |
 |
Page 3 of 9
April 20, 2010 T-352: iSCSI Enterprise Target and tgt Multiple Format String Vulnerabilities iSCSI Enterprise Target and tgt are prone to multiple format-string vulnerabilities because they fail to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. An attacker may exploit these issues to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. Other attacks may also be possible, including data loss or corruption. This risk is moderate. http://www.doecirc.energy.gov/bulletins/t-352.shtml
April 19, 2010 T-351: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability Multiple vendors' TLS protocol implementations are prone to a security vulnerability related to the session-renegotiation process. Successful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data. This risk is moderate. http://www.doecirc.energy.gov/bulletins/t-351.shtml
April 16, 2010 T-350: Adobe Acrobat and Reader Denial of Service Vulnerability Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Due to the nature of this issue, arbitrary code execution may also be possible but this has not been confirmed. This risk is high. http://www.doecirc.energy.gov/bulletins/t-350.shtml
April 16, 2010 2010-04-16: Oracle Java SE and Java for Business Unspecified Vulnerabilities Successful attacks may allow attackers to gain unauthorized access to a computer in the context of the user running the affected application. http://www.securityfocus.com/bid/39492
April 16, 2010 2010-04-16: Irssi Denial of Service and SSL Hostname Verification Security Bypass Vulnerabilities An attacker can exploit these issues to gain unauthorized access to the affected computer and to crash the affected application. http://www.securityfocus.com/bid/39377
April 16, 2010 2010-04-16: Adobe Acrobat and Reader CVE-2010-0193 Denial of Service Vulnerability Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Due to the nature of this issue arbitrary code execution may also be possible but this has not been confirmed. http://www.securityfocus.com/bid/39524
April 16, 2010 2010-04-16: Joomla! 'com_manager' Component 'Itemid' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/39519
April 15, 2010 T-349: [USN-928-1] Sudo vulnerability A Sudo security issue affects several Ubuntu releases and some corresponding versions of Kubuntu, Edubuntu, Xubuntu, and Mac OS. Valerio Costamagna discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command when the PATH contained only a dot ('.'). If secure_path and ignore_dot were disabled, a local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. By default, secure_path is used and the sudoedit pseudo-command is not used in Ubuntu. This risk is Moderate. http://www.doecirc.energy.gov/bulletins/t-349.shtml
April 15, 2010 2010-04-15: GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability Local attackers can exploit this issue to execute arbitrary code with superuser privileges. Successful exploits will result in the complete compromise of affected computers. http://www.securityfocus.com/bid/37128
April 15, 2010 2010-04-15: Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability Exploiting this issue allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable XML parsing library. http://www.securityfocus.com/bid/36097
April 15, 2010 2010-04-15: KDE KDM Insecure File Permission Local Privilege Escalation Vulnerability An attacker may exploit this issue to execute arbitrary code and gain elevated privileges. http://www.securityfocus.com/bid/39467
April 15, 2010 2010-04-15: Todd Miller Sudo 'sudoedit' Path Resolution Local Privilege Escalation Vulnerability Local attackers could exploit this issue to run arbitrary commands as the 'root' user. Successful exploits can completely compromise an affected computer. http://www.securityfocus.com/bid/39468
April 15, 2010 2010-04-15: Apple Mac OS X Apple Type Services Embedded Font Remote Code Execution Vulnerability Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. http://www.securityfocus.com/bid/38955
April 15, 2010 2010-04-15: VMware Remote Console 'connect' Method Remote Format String Vulnerability Successful exploits may allow an attacker to execute arbitrary code. Failed attacks may cause denial-of-service conditions. http://www.securityfocus.com/bid/39396
|