Смотрите также связанные темы
15.01.2018 CVE-2009-0125
** DISPUTED ** NOTE: this issue has been disputed by the upstream vendor. nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: the upstream vendor has disputed this issue, stating "while we do misuse this function (this is a bug), it has absolutely no security ramification."
27.01.2018 CVE-2009-0304
The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficient validation security vulnerability," as demonstrated by SunOSipv6.c.
08.11.2018 CVE-2015-1989
SQL injection vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
15.12.2018 Kerio Control 9.0 streamlines network security deployment for small and mid-sized businesses
New release of network security solution introduces zero-touch provisioning, shared definitions and extends two-step verification to MyKerio.
11.08.2018 Русский физик атаковал "залатанный" DNS
Евгению Полякову удалось произвести успешную атаку на последнюю версию BIND за 10 часов. Далее
05.09.2018 Achieving Enterprise Compliance Validation with SCAP
McAfee achieved a milestone last week when Policy Auditor received its Secure Content Automation Protocol (SCAP) Certification as a Federal Desktop Core Configuration (FDCC) Scanner, an Authenticated Configuration Scanner and an Authenticated Vulnerability and Patch Scanner.
What is SCAP and why was achieving a NIST SCAP certification a milestone? First the NIST Security Content Automation Protocol [...]
10.09.2018 CVE-2008-3012
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corrupt...
06.10.2018 CVE-2008-4279
Unspecified vulnerability in the CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges via unknown vectors that cause "the virtual CPU to jump to an incorrect memory address."
24.10.2018 Corporate News: Kaspersky Lab strongly recommends installing new Windows update
Kaspersky Lab, a leading developer of secure content management solutions, is notifying computer users about the need to install the Windows operating system update MS08-067 (http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx). The vulnerability that this new update patches is a...
27.10.2018 CVE-2008-4765
SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth Add-On 2.0 allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results operation. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
|
