I4L: fix isdn_ioctl memory issue

The isdnioctl function in isdncommon.c in Linux kernel 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which triggers a buffer overflow...

DEBIAN-CVE-2006-0294

Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory...

CVE-2005-3534

Buffer overflow in the Network Block Device nbd server 2.7.5 and earlier, and 2.8.0 through 2.8.2, allows remote attackers to execute arbitrary code via a large request, which is written past the end of the buffer because nbd does not account for memory taken by the reply header...

CVE-2004-1093

Midnight commander mc 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."...

CVE-2004-1007

The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows remote attackers to cause a denial of service application crash via mail headers that cause a line feed LF to be replaced by a null byte that is written to an incorrect memory address...

Mandrake Linux Security Advisory : cvs (MDKSA-2004:058)

Another vulnerability was discovered related to 'Entry' lines in cvs, by the development team CVE-2004-0414. As well, Stefan Esser and Sebastian Krahmer performed an audit on the cvs source code and discovered a number of other problems, including : A double-free condition in the server code is...

Mandrake Linux Security Advisory : fetchmail (MDKSA-2002:036)

A problem was discovered with versions of fetchmail prior to 5.9.10 that was triggered by retreiving mail from an IMAP server. The fetchmail client will allocate an array to store the sizes of the messages it is attempting to retrieve. This array size is determined by the number of messages the...

SUSE-SA:2002:046: pine

The remote host is missing the patch for the advisory SUSE-SA:2002:046 pine. Pine, Program for Internet News and Email, is a well known and widely used eMail client. While parsing and escaping characters of eMail addresses pine does not allocate enough memory for storing the escaped mailbox part ...

CVE-2003-0660

The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers to execute arbitrary code without user approval...

DoS in PureFTPd

PureFTPd all versions vulnerability. I. Entry. Vuln are all version deamons PureFTP. There is DoS bug. II. Vulnerability details. Vulnerability function is displayrate. There is simple overflow bug DoS: "in file src/ftpd.c" static void displayrateconst char word, offt size, const double started,...

CVE-2002-0847

tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice double-free...

[SECURITY] [DSA 145-1] New tinyproxy packages fix security vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 145-1 [email protected] http://www.debian.org/security/ Martin Schulze August 7th, 2002 - -------------------------------------------------------------------------- Package : tinyproxy...

Bug in mnogosearch-3.1.19

qitest1 security advisory 003 Bug in mnogosearch-3.1.19 and prior ----------------------------------------------- PROGRAM DESCRIPTION mnoGoSearch is a full-featured SQL based web search engine, available from http://www.mnogosearch.org. PROBLEM DESCRIPTION When receiving a too long query string q...

Linux news 3.07.00

WU-FTPD 2.6.1 Вышла новая версия популярного FTP сервера WU-FTPD - WU-FTPD 2.6.1. В данной версии появилась поддержка virtual passwd/virtual shadow как в BeroFTPD. Кроме того пофиксен серьезный security баг, благодаря которому пользователь мог получить права root-а. Также пофиксен баг с возможной...

CVE-1999-0880

CVE-1999-0880 corresponds to a memory exhaustion DoS in WU-FTPD caused by the SITE NEWER command not freeing memory. Multiple connected sources confirm the issue and reference affected software as WU-FTPD, with a specific note that versions prior to 2.6.0 are vulnerable (Nessus plugin title indic...

FreeBSD 3.0/3.1/3.2 - 'vfs_cache' Denial of Service

// source: https://www.securityfocus.com/bid/653/info A vulnerability exists in FreeBSD's new VFS cache introduced in version 3.0 that allows a local and possibly remote user to force the kernel to consume large quantities of wired memory thus creating a denial of service condition. The new VFS...