 |
|
|
|
| Многочисленные уязвимости безопасности в OpenJDK | | Опубликовано: |  | 28 марта 2009 г. | | Источник: |  | BUGTRAQ | | SecurityVulns ID: |  | 9777 | | Тип: |  | библиотека | | Опасность: |  | 6/10 | | Описание: |  | Многочисленные DoS-условия, повреждения памяти при разборе различных форматов и запросов LDAP. |
| Затронутые продукты: |  | OPENJDK : OpenJDK 6.0 | | CVE: |  | CVE-2009-1102 (Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation.") | | | | CVE-2009-1101 (Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak.") | | | | CVE-2009-1100 (Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) "limits on Font creation," aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.) | | | | CVE-2009-1098 (Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.) | | | | CVE-2009-1097 (Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation during display on the splash screen, aka CR 6804996, and (2) a crafted GIF image, aka CR 6804997.) | | | | CVE-2009-1096 (Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.) | | | | CVE-2009-1095 (Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.) | | | | CVE-2009-1094 (Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.) | | | | CVE-2009-1093 (LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).) | | | | CVE-2006-2426 (Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory.) |
| Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl) | | Опубликовано: | | 28 марта 2009 г. | | Источник: | | | | SecurityVulns ID: | | 9778 | | Тип: | | удаленная | | Опасность: | | 5/10 | | Описание: | | Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д. |
| Многочисленные уязвимости безопасности в Sun Java (JRE / JWS) | | Опубликовано: | | 28 марта 2009 г. | | Источник: | | BUGTRAQ | | SecurityVulns ID: | | 9776 | | Тип: | | библиотека | | Опасность: | | 7/10 | | Описание: | | Многочисленные целочисленные переполнения и повреждения памяти при разборе различных форматов данных. |
| Исчерпание памяти в squid | | Опубликовано: | | 28 марта 2009 г. | | Источник: | | BUGTRAQ | | SecurityVulns ID: | | 9779 | | Тип: | | удаленная | | Опасность: | | 5/10 | | Описание: | | Исчерпание памяти при работе с сервером по протоколу ICAP. |
|
|
|
|
|
|
|
|
