Mandriva Linux Security Advisory 2009-220 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.
62f8f56d89a553e41588d5db5b6e8c8c6bedd5ba9eb955c6afe0df7daf55c476Ubuntu Security Notice USN-825-1 - It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges. USN-682-1 provided updated libvorbis packages to fix multiple security vulnerabilities. The upstream security patch to fix CVE-2008-1420 introduced a regression when reading sound files encoded with libvorbis 1.0beta1. This update corrects the problem. It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges.
8bef4480933a4d21cc6a8770649ffc4e16083884235f172f738cc95a2f1421f3Ubuntu Security Notice USN-824-1 - It was discovered that PHP did not properly handle certain malformed JPEG images when being parsed by the Exif module. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service.
195c0917b3abed3aff85bd3d440817381c52c2259560eb04cae7aa6dfcf973d2Ubuntu Security Notice USN-823-1 - It was discovered that KDE-Graphics did not properly handle certain malformed SVG images. If a user were tricked into opening a specially crafted SVG image, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.
9ad5ad4f06b6206c5337b67d4d4971f218779f9b4358f5487aa62eafcd991d98Mandriva Linux Security Advisory 2009-219 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Additionally on 2009.0 a patch was added to prevent kompozer from crashing (#44830), on 2009.1 a format string patch was added to make it build with the -Wformat -Werror=format-security gcc optimization switch added in 2009.1 This update fixes these issues.
c43b5b9412c80498d951f5aab3e7d44ddd1b71cdb3cda1b23ea0aa4f7d67b0fcUbuntu Security Notice USN-822-1 - It was discovered that KDE-Libs did not properly handle certain malformed SVG images. If a user were tricked into opening a specially crafted SVG image, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 9.04. It was discovered that the KDE JavaScript garbage collector did not properly handle memory allocation failures. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that KDE-Libs did not properly handle HTML content in the head element. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that KDE-Libs did not properly handle the Cascading Style Sheets (CSS) attr function call. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.
e04d87eb0947023e41cabcb09990834aafcabc0d2554fb17c2ab973da27d010dMandriva Linux Security Advisory 2009-218 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.
940574ed34e91952ce7c4208a6ef290ecd054124708ad5e6e7a4b5377e08e20bDebian Security Advisory 1872-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to denial of service, privilege escalation or a leak of sensitive memory.
cf39db21b853f2de19fa7441b737a0a470a70d17a10d2adf60f45715f7040e1eMandriva Linux Security Advisory 2009-217 - A number of security vulnerabilities have been discovered in Mozilla Thunderbird. Security issues in thunderbird could lead to a man-in-the-middle attack via a spoofed X.509 certificate. A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.
9d01bf4018ef272796f802e7b69bf36d94eabb3f0d7d7fb3c6e573ebfc24366aMandriva Linux Security Advisory 2009-216 - A number of security vulnerabilities have been discovered in the NSS and NSPR libraries and in Mozilla Thunderbird.
e8e619c27abfa1ea866f6d756a974aa55669f6f2b6b85c33173163bb95017751Mandriva Linux Security Advisory 2009-215 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.
ce2329ccd328b819f4a1a50965d05b35b19115fd980af077c798363ee77ad560Mandriva Linux Security Advisory 2009-214 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.
8baa30d1ae51b2aee60f255fb0bd84170f9ca0c145d62c2ac452aed9110c5983Mandriva Linux Security Advisory 2009-213 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.
111fda230c0d060c1db1fe458067d6dcf3b80aa0be55bee39174cc106791fe7dMandriva Linux Security Advisory 2009-212 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.
72b925d3e0a240c46928b20b6fc7e1e32e82593cc0b1fa34698fc90cb3e7167cMandriva Linux Security Advisory 2009-211 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.
5b61601e33e11594211de303a61c8e1b2463eb8687e98e63a81dd0577061bd5dDebian Security Advisory 1871-1 - Several vulnerabilities have been discovered in wordpress, weblog manager.
6af8225de9c2ad14b5d9a8665a5efa8f8b2bde9a73d41b32acb094faf63cf6c8VMware Security Advisory - Several flaws were discovered in the way third party library libpng handled uninitialized pointers. An attacker could create a PNG image file in such a way, that when loaded by an application linked to libpng, it could cause the application to crash or execute arbitrary code at the privilege level of the user that runs the application. The new version of ACE updates the Apache HTTP Server on Windows hosts to version 2.0.63 which addresses multiple security issues that existed in the previous versions of this server.
fa25255a1fe8dc51e8b60d69060b437dd5c2bb2ea3ba80fcabeb503621483800Ubuntu Security Notice USN-802-2 - USN-802-1 fixed vulnerabilities in Apache. The upstream fix for CVE-2009-1891 introduced a regression that would cause Apache children to occasionally segfault when mod_deflate is used. This update fixes the problem. It was discovered that mod_proxy_http did not properly handle a large amount of streamed data when used as a reverse proxy. A remote attacker could exploit this and cause a denial of service via memory resource consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. It was discovered that mod_deflate did not abort compressing large files when the connection was closed. A remote attacker could exploit this and cause a denial of service via CPU resource consumption.
82e1048c58f6bb0269a91f5ef596b82cd31b537d10588dce4ebd63d94ab1528eDebian Security Advisory 1869-1 - It was discovered that curl, a client and library to get files from servers using HTTP, HTTPS or FTP, is vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field.
c45c48146168e478adfa63db5c46235df689797cd68f3563a28b197ba2668b26Subdreamer version 2.5.3.2 hotfix#5 suffers from SQL injection vulnerabilities due to the embedding of vulnerable Invision Power Board 2 and phpBB3 modules.
7b4bec39033aaebc234421eca70130735ece872362a0900ffd11de68eabd92f9Mandriva Linux Security Advisory 2009-208 - libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read. This update provides a solution to this vulnerability.
83a5ca9356239d87e4ee7b67aae57b4f6ad8215675c0a25f01e285653678684eA priorly discovered denial of service vulnerability discovered in Mozilla Firefox also appears to affect Microsoft Internet Explorer and Google Chrome.
7277b13091eb3553c7da2530db4737b3d0b5253256270e22c23d401ccea3d267CA HIPS is a Host Based Intrusion Prevention System in which managed agents are deployed on individual hosts to be protected by the HIPS and controlled by the centralized console. It is possible to trigger faults in the kernel driver (kmxids.sys) used by the protection agent by sending certain malformed IP packets.
23841421c5001f9dc9ee18df624a55e0b47662b59340b4152f572bc4ada45613Cisco Security Advisory - A vulnerability exists in the Cisco Firewall Services Module (FWSM) for the Catalyst 6500 Series Switches and Cisco 7600 Series Routers. The vulnerability may cause the FWSM to stop forwarding traffic and may be triggered while processing multiple, crafted ICMP messages.
713281e09eed7d4b3cb6bce52be62e03b55db7f8b28a6b682d83aee938aef8b6Facebook suffered from a cross site request forgery vulnerability.
7f02ac72318135f6300fd96d932348f416039da38ac4c866eded589974d11a20
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed