VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error within the "DocumentViewerImpl::Show()" function, which could allow remote attackers to execute arbitrary code via a specially crafted web page.
5a8e530f261da8290d43f4bfe0c239292f5ff8d72f3e1b7040beafbd9b701dff
Secunia Security Advisory - SUSE has issued an update for icedtea-web. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
8b11b2967d13e3ded26849ef210ba513392094241eb9abed528937a8aed5e852
Secunia Security Advisory - A vulnerability has been reported in Tor, which can be exploited by malicious people to cause a DoS (Denial of Service).
ba2da04da292ff0dacb00c4df8fec6951c9f28253e4bc3dd88f6b1d54d01bad8
Secunia Security Advisory - Vulnerability lab has reported two vulnerabilities in ManageEngine ServiceDesk Plus, which can be exploited by malicious people to conduct script insertion attacks.
f2c8ad4820af79432ab9ae3955e7ac0789beda59c53668e1c6c9b6908ab08caf
Secunia Security Advisory - Julien Cayssol has reported a vulnerability in Synology Photo Station, which can be exploited by malicious people to disclose sensitive information.
3be5b46d5361090d126ad0adbf7704a61d183dd5ce049b6472644228c0f6ed78
Secunia Security Advisory - A vulnerability has been discovered in WibuKey Runtime for Windows, which can be exploited by malicious people to compromise a user's system.
45ef6e56dd3a165aa40e9befd41b7be705f8ba498a83106e031dcb9af4344f15
Secunia Security Advisory - Ingress Security has discovered a vulnerability in jBilling, which can be exploited by malicious people to conduct cross-site request forgery attacks.
dc243ca9371074e2d2e4ec396a8c616c2dbe8a77e54384eca9ab28cfe113fafa
Secunia Security Advisory - A vulnerability has been discovered in OpenBSD, which can be exploited by malicious people to cause a DoS (Denial of Service).
52a834674389e78d1d6edad3245c756ad34424fb5d62c4beea2c53c998123ca2
A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms. The issue is similar to the one reported in oCERT-2011-003 and concerns the MurmurHash algorithm family. The condition for predictable collisions in the hashing functions has been reported for the following language implementations: JRuby (MurmurHash2), Ruby (MurmurHash2), Rubinius (MurmurHash3), Oracle JDK (MurmurHash), OpenJDK (MurmurHash). In the case of Java OpenJDK the hash function affected by the reported issue is not enabled by default, the default function is however reported vulnerable to oCERT-2011-003.
6158aaf285af06ef9ef0b5c3fb1ac4513de61a3ac22d037a2d66fa0654d3a613
FreeBSD Security Advisory - FreeBSD is binary-compatible with the Linux operating system through a loadable kernel module/optional kernel component. A programming error in the handling of some Linux system calls may result in memory locations being accessed without proper validation. It is possible for a local attacker to overwrite portions of kernel memory, which may result in a privilege escalation or cause a system panic.
6702f60b55d6453bd757f5c5f78ebb7b3615928a68a5c006f536a774870013bf
FreeBSD Security Advisory - The internal authentication server of hostapd does not sufficiently validate the message length field of EAP-TLS messages. A remote attacker could cause the hostapd daemon to abort by sending specially crafted EAP-TLS messages, resulting in a Denial of Service.
2e64da0ea32a2dac049fee64d2e2a83e329082a4961e1f7560ffefb7f8cc5160
FreeBSD Security Advisory - The BIND daemon would crash when a query is made on a resource record with RDATA that exceeds 65535 bytes. The BIND daemon would lock up when a query is made on specific combinations of RDATA. A remote attacker can query a resolving name server to retrieve a record whose RDATA is known to be larger than 65535 bytes, thereby causing the resolving server to crash via an assertion failure in named. An attacker who is in a position to add a record with RDATA larger than 65535 bytes to an authoritative name server can cause that server to crash by later querying for that record. The attacker can also cause the server to lock up with specific combinations of RDATA.
06e1aee7809f7e8aa741e07c76a29eb43443068d25922ef3f329e9890d2bf998
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues.
adf8111d665f3a46a324885a6c9a7d02bae0571ab36a5bde6b53d6b571145526
Debian Linux Security Advisory 2576-1 - Andy Lutomirski discovered that tcsd (the TPM userspace daemon) was missing a of input validation. Using carefully crafted input, it can lead to a denial of service by making the daemon crash with a segmentation fault.
800af7d0630c558f72202a51ab53232166e3ed09332a713e3e5689149fd3c4f5
Red Hat Security Advisory 2012-1485-01 - IBM J2SE version 1.4.2 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
5800d65e57ad9bb4e73df7eaa0bf267ac6bcb62d0f916aca821a78511a0157d9
Ubuntu Security Notice 1639-1 - It was discovered that unity-firefox-extension incorrectly handled certain callbacks. A remote attacker could use this issue to cause unity-firefox-extension to crash, resulting in a denial of service, or possibly execute arbitrary code.
725ac6c165fe02ee10a51066b105b9aea48d1b95568665478b3c69d1c88f5843
Secunia Security Advisory - ReVuln has reported a vulnerability in Call of Duty Modern Warfare 3, which can be exploited by malicious people to cause a DoS (Denial of Service).
74ae4696c1690a30b0918055fc1a5eb30c489119c5e4523dc2362020cf1e00ca
Secunia Security Advisory - Ubuntu has issued an update for tomcat6. This fixes a weakness and a vulnerability, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
7cb59ea2e45d8333ddd3b466f12449c124b01db49e998b327743b090a28cfb0c
Secunia Security Advisory - High-Tech Bridge has discovered a vulnerability in dotProject, which can be exploited by malicious people to conduct cross-site scripting attacks.
9254f30b6bc9e99898900c97f26701aeede9c5d8b3800b5e3810b05450eeab14
Secunia Security Advisory - Avaya has acknowledged a vulnerability in Avaya Call Management System, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
7e289a6e4af084024ca3b3175510fcf37297a5b6d02e08fed1a3d4c1de4d0048
Secunia Security Advisory - High-Tech Bridge has discovered multiple vulnerabilities in dotProject, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
eeea1944294076d423641a51cc2075fc77766ddab9325f5699f12aef28bab64c
Secunia Security Advisory - Two vulnerabilities have been reported in Feng Office, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks.
033c24c702e8b144736cb6bf26738d0caca812541fa1d03e1cd442f12b0388a8
Secunia Security Advisory - SUSE has issued an update for java-1.7.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
5916af721afbab5dc6b13fe9a2a4ce94c3a911d2d68f7e1c03282a8abbb29eca
Secunia Security Advisory - Ubuntu has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system.
072dd70eed54a592832d4588a549e408d601ebb51dc0c48d38fec0072b372619
Secunia Security Advisory - Ubuntu has issued an update for firefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system.
74a413a72b87d02f434300b001cca1f8c74a546e8b2b4f58a788f62b513f185c