Secunia Security Advisory - SirGod has discovered a vulnerability in PaoLink, PaoBacheca, and PaoLiber, which can be exploited by malicious people to bypass certain security restrictions.
fc2259512e58d97bce73ea29882cf8ab3bd618bfe18e24994858005dd5893be8Secunia Security Advisory - NetBSD has issued an update for ISC DHCP. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
4eaf35d637bf6bee76cd7cad4fa2fe2eac787cda0622fb27e2f2a230e9721062Secunia Security Advisory - Fedora has issued an update for kdelibs. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
7cfd9a5f77312964c6a990696d09f12a060528fcbaed4bf54fa4889e367668b4Secunia Security Advisory - Debian has issued an update for squid3. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
e94d53cf8e4e781f178ae69292efc7b7b6d78a40dfbc080ce5499427996002ffSecunia Security Advisory - Two vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious people to potentially compromise a user's system.
39723d722b55ffc9de9cf6a6611530aaf3326d033b4785915d4fba0ba38b3cc3Secunia Security Advisory - Slackware has issued an update for mozilla-firefox. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system.
836524267863753b70d23497ffdbd01491b1d9d16fd2462aa0c6ac9da862c425Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or bypass certain security restrictions, and by malicious people to cause a DoS (Denial of Service) or potentially compromise a user's system.
c09519165b35189beacbcdebbf4fe4e7589b8c75ec6c54030bb8f21068fae4bdSecunia Security Advisory - Fedora has issued an update for bugzilla. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.
35cf2b9a9a1a3c2dd4c09d421ccfcd430e532bfd967bed65a2afb5291c37d5ddSecunia Security Advisory - A vulnerability has been discovered in Ajax IM, which can be exploited by malicious users to conduct script insertion attacks.
df734e5b0016b035309bb331db83d088c33bfae18d0bd67ba9fa0fdb13333714Secunia Security Advisory - Debian has issued an update for kvm. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
015ae269507e112e541eb7220531c0dc9e22c7fb3c4b6cc13e62baea25975230Mandriva Linux Security Advisory 2009-177 - The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type. This update corrects the problem.
0fd98c4ebc36f2cd2987b88dc0bb1f02ad698ffd6f931d8903d8e2f37cd345eeMandriva Linux Security Advisory 2009-176 - git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments. This update provides fixes for this vulnerability.
8e6d8e09960d48b01040ac3367fd7b20b5a9b2dfe8356f578a79e6c45a70a746Mandriva Linux Security Advisory 2009-175 - Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow. This update corrects the issue.
4e780c1e782e5ecde92c1ce83219f27bf2da9d87929572324bedf3d1cad1b37eMandriva Linux Security Advisory 2009-174 - Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009. This update provides fixes for this vulnerability.
8a5c2997c6caac6c46e1dac877a304bdafdc0dd8e5243223b58c435f4e7ca6c5Mandriva Linux Security Advisory 2009-173 - Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet. The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol. Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows.
2b59c2d42635d453fe9cfa37545cf630aad2deaed3ed8ca7ed76ad685147da46Debian Security Advisory 1847-1 - It was discovered that the BIND DNS server terminates when processing a specially crafted dynamic DNS update. This vulnerability affects all BIND servers which serve at least one DNS zone authoritatively, as a master, even if dynamic updates are not enabled. The default Debian configuration for resolvers includes several authoritative zones, too, so resolvers are also affected by this issue unless these zones have been removed.
d960652c458b82724cffc42f08caf5a2da1661b518fb338a1238b9264835e4e6Ubuntu Security Notice USN-808-1 - Micha Krause discovered that Bind did not correctly validate certain dynamic DNS update packets. An unauthenticated remote attacker could send specially crafted traffic to crash the DNS server, leading to a denial of service.
321adf8642de15d5ade0593a9fc17f483a670db20ed3b6b6722571deb78f5934Debian Security Advisory 1846-1 - Matt T. Yourst discovered an issue in the kvm subsystem. Local users with permission to manipulate /dev/kvm can cause a denial of service (hang) by providing an invalid cr3 value to the KVM_SET_SREGS call.
b94adbef572be3d44e0873584f7f7586c9c04d22eb8bc147d2906e2ff0190454Debian Security Advisory 1845-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, or privilege escalation.
ddce2a1f54158deb8c3002cf6fd5f7f63349871281f4dfeaa4907542189e2839Debian Security Advisory 1844-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
3e4337776a6b1affbc02de5ed8349b5fee27fdcee9cda24ab22b8932ebc72584FreeBSD Security Advisory - When named(8) receives a specially crafted dynamic update message an internal assertion check is triggered which causes named(8) to exit. To trigger the problem, the dynamic update message must contains a record of type "ANY" and at least one resource record set (RRset) for this fully qualified domain name (FQDN) must exist on the server.
63f6e9c33b817f0e2995a59692b493e8ec93d0332cc4781442f1c4b5e3d35798Ubuntu Security Notice USN-807-1 - Michael Tokarev discovered that the RTL8169 network driver did not correctly validate buffer sizes. A remote attacker on the local network could send specially traffic traffic that would crash the system or potentially grant elevated privileges. Julien Tinnes and Tavis Ormandy discovered that when executing setuid processes the kernel did not clear certain personality flags. A local attacker could exploit this to map the NULL memory page, causing other vulnerabilities to become exploitable. Ubuntu 6.06 was not affected. Matt T. Yourst discovered that KVM did not correctly validate the page table root. A local attacker could exploit this to crash the system, leading to a denial of service. Ubuntu 6.06 was not affected. Ramon de Carvalho Valle discovered that eCryptfs did not correctly validate certain buffer sizes. A local attacker could create specially crafted eCryptfs files to crash the system or gain elevated privileges. Ubuntu 6.06 was not affected.
76e56d56aac365a9fbbf33f82d67fb4d45dbf243bfe856e1d294cc57021817a8Secunia Security Advisory - A vulnerability has been discovered in the UIajaxIM component for Joomla, which can be exploited by malicious users to conduct script insertion attacks.
d5ce9ebc360eefe888e4221ca46afea031caacc3de6689e287131ff280ac9ef7Secunia Security Advisory - A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service).
351fdfe6331db0306b4d160e5fdddbfc029d764b04d92ee6a6b4244c98445dc7Secunia Security Advisory - tixxDZ has reported a vulnerability in MPlayer, which can be exploited by malicious people to potentially compromise a user's system.
79c5903edd8c62db16325465ff24170307457e643353197873c1421bed582a7b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed