Mandriva Linux Security Advisory 2009-220 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.
62f8f56d89a553e41588d5db5b6e8c8c6bedd5ba9eb955c6afe0df7daf55c476
Ubuntu Security Notice USN-825-1 - It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges. USN-682-1 provided updated libvorbis packages to fix multiple security vulnerabilities. The upstream security patch to fix CVE-2008-1420 introduced a regression when reading sound files encoded with libvorbis 1.0beta1. This update corrects the problem. It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges.
8bef4480933a4d21cc6a8770649ffc4e16083884235f172f738cc95a2f1421f3
Ubuntu Security Notice USN-824-1 - It was discovered that PHP did not properly handle certain malformed JPEG images when being parsed by the Exif module. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service.
195c0917b3abed3aff85bd3d440817381c52c2259560eb04cae7aa6dfcf973d2
Ubuntu Security Notice USN-823-1 - It was discovered that KDE-Graphics did not properly handle certain malformed SVG images. If a user were tricked into opening a specially crafted SVG image, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.
9ad5ad4f06b6206c5337b67d4d4971f218779f9b4358f5487aa62eafcd991d98
Mandriva Linux Security Advisory 2009-219 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Additionally on 2009.0 a patch was added to prevent kompozer from crashing (#44830), on 2009.1 a format string patch was added to make it build with the -Wformat -Werror=format-security gcc optimization switch added in 2009.1 This update fixes these issues.
c43b5b9412c80498d951f5aab3e7d44ddd1b71cdb3cda1b23ea0aa4f7d67b0fc
Ubuntu Security Notice USN-822-1 - It was discovered that KDE-Libs did not properly handle certain malformed SVG images. If a user were tricked into opening a specially crafted SVG image, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 9.04. It was discovered that the KDE JavaScript garbage collector did not properly handle memory allocation failures. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that KDE-Libs did not properly handle HTML content in the head element. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that KDE-Libs did not properly handle the Cascading Style Sheets (CSS) attr function call. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.
e04d87eb0947023e41cabcb09990834aafcabc0d2554fb17c2ab973da27d010d
Mandriva Linux Security Advisory 2009-218 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.
940574ed34e91952ce7c4208a6ef290ecd054124708ad5e6e7a4b5377e08e20b
Debian Security Advisory 1872-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to denial of service, privilege escalation or a leak of sensitive memory.
cf39db21b853f2de19fa7441b737a0a470a70d17a10d2adf60f45715f7040e1e
Mandriva Linux Security Advisory 2009-217 - A number of security vulnerabilities have been discovered in Mozilla Thunderbird. Security issues in thunderbird could lead to a man-in-the-middle attack via a spoofed X.509 certificate. A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.
9d01bf4018ef272796f802e7b69bf36d94eabb3f0d7d7fb3c6e573ebfc24366a
Mandriva Linux Security Advisory 2009-216 - A number of security vulnerabilities have been discovered in the NSS and NSPR libraries and in Mozilla Thunderbird.
e8e619c27abfa1ea866f6d756a974aa55669f6f2b6b85c33173163bb95017751
Mandriva Linux Security Advisory 2009-215 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.
ce2329ccd328b819f4a1a50965d05b35b19115fd980af077c798363ee77ad560
Mandriva Linux Security Advisory 2009-214 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.
8baa30d1ae51b2aee60f255fb0bd84170f9ca0c145d62c2ac452aed9110c5983
Mandriva Linux Security Advisory 2009-213 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.
111fda230c0d060c1db1fe458067d6dcf3b80aa0be55bee39174cc106791fe7d
Mandriva Linux Security Advisory 2009-212 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.
72b925d3e0a240c46928b20b6fc7e1e32e82593cc0b1fa34698fc90cb3e7167c
Mandriva Linux Security Advisory 2009-211 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.
5b61601e33e11594211de303a61c8e1b2463eb8687e98e63a81dd0577061bd5d
Debian Security Advisory 1871-1 - Several vulnerabilities have been discovered in wordpress, weblog manager.
6af8225de9c2ad14b5d9a8665a5efa8f8b2bde9a73d41b32acb094faf63cf6c8
VMware Security Advisory - Several flaws were discovered in the way third party library libpng handled uninitialized pointers. An attacker could create a PNG image file in such a way, that when loaded by an application linked to libpng, it could cause the application to crash or execute arbitrary code at the privilege level of the user that runs the application. The new version of ACE updates the Apache HTTP Server on Windows hosts to version 2.0.63 which addresses multiple security issues that existed in the previous versions of this server.
fa25255a1fe8dc51e8b60d69060b437dd5c2bb2ea3ba80fcabeb503621483800
Ubuntu Security Notice USN-802-2 - USN-802-1 fixed vulnerabilities in Apache. The upstream fix for CVE-2009-1891 introduced a regression that would cause Apache children to occasionally segfault when mod_deflate is used. This update fixes the problem. It was discovered that mod_proxy_http did not properly handle a large amount of streamed data when used as a reverse proxy. A remote attacker could exploit this and cause a denial of service via memory resource consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. It was discovered that mod_deflate did not abort compressing large files when the connection was closed. A remote attacker could exploit this and cause a denial of service via CPU resource consumption.
82e1048c58f6bb0269a91f5ef596b82cd31b537d10588dce4ebd63d94ab1528e
Debian Security Advisory 1869-1 - It was discovered that curl, a client and library to get files from servers using HTTP, HTTPS or FTP, is vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field.
c45c48146168e478adfa63db5c46235df689797cd68f3563a28b197ba2668b26
Subdreamer version 2.5.3.2 hotfix#5 suffers from SQL injection vulnerabilities due to the embedding of vulnerable Invision Power Board 2 and phpBB3 modules.
7b4bec39033aaebc234421eca70130735ece872362a0900ffd11de68eabd92f9
Mandriva Linux Security Advisory 2009-208 - libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read. This update provides a solution to this vulnerability.
83a5ca9356239d87e4ee7b67aae57b4f6ad8215675c0a25f01e285653678684e
A priorly discovered denial of service vulnerability discovered in Mozilla Firefox also appears to affect Microsoft Internet Explorer and Google Chrome.
7277b13091eb3553c7da2530db4737b3d0b5253256270e22c23d401ccea3d267
CA HIPS is a Host Based Intrusion Prevention System in which managed agents are deployed on individual hosts to be protected by the HIPS and controlled by the centralized console. It is possible to trigger faults in the kernel driver (kmxids.sys) used by the protection agent by sending certain malformed IP packets.
23841421c5001f9dc9ee18df624a55e0b47662b59340b4152f572bc4ada45613
Cisco Security Advisory - A vulnerability exists in the Cisco Firewall Services Module (FWSM) for the Catalyst 6500 Series Switches and Cisco 7600 Series Routers. The vulnerability may cause the FWSM to stop forwarding traffic and may be triggered while processing multiple, crafted ICMP messages.
713281e09eed7d4b3cb6bce52be62e03b55db7f8b28a6b682d83aee938aef8b6
Facebook suffered from a cross site request forgery vulnerability.
7f02ac72318135f6300fd96d932348f416039da38ac4c866eded589974d11a20