 |
|
|
|
| gnutls multiple security vulnerabilities | | Published: |  | 19.05.2009 | | Source: |  | FULL-DISCLOSURE | | SecurityVulns ID: |  | 9913 | | Type: |  | library | | Level: |  | 6/10 | | Description: |  | DoS, certificate validation vulnerabilities. |
| Affected: |  | GNU : GnuTLS 2.6 | | | | GNU : GnuTLS 2.5 | | CVE: |  | CVE-2009-1417 (gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.) | | | | CVE-2009-1416 (lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.) | | | | CVE-2009-1415 (lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.) |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 19.05.2009 | | Source: | | | | SecurityVulns ID: | | 9914 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| HP Data Protector Express privilege escalation | | Published: | | 19.05.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9915 | | Type: | | local | | Level: | | 5/10 |
| CVE: | | CVE-2009-0714 (Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers cause a denial of service (application crash) or read portions of memory via one or more crafted packets.) |
ipsec-tools DoS
updated since 14.05.2009 | | Published: | | 19.05.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9909 | | Type: | | remote | | Level: | | 6/10 | | Description: | | NULL pointer dereference on fragmented empty packet, multiple memory leaks. |
| Affected: | | IPSECTOOLS : ipsec-tools 0.7 | | CVE: | | CVE-2009-1632 (Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c.) | | | | CVE-2009-1574 (racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.) |
|
|
|
|
|
|
|
|
