4207 matches found
CVE-2009-1529
Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafte...
Memory corruption
Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafte...
Internet Explorer Multiple Events Improper Reference Counting (MS09-019; CVE-2009-1530)
Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. To...
Microsoft Internet Explorer (CVE-2009-1141) Uninitialized Memory Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks m...
cups: IPP_TAG_UNSUPPORTED handling NULL pointer dereference DoS
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a scheduler request with two consecutive IPPTAGUNSUPPORTED tags...
kernel: nfsv4 client can be crashed by stating a long filename
fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service OOPS via a long filename, related to the encodelookup function...
xpdf: Freeing of potentially uninitialized memory in JBIG2 decoder
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service crash via a crafted PDF file that triggers a free of uninitialized memory...
DSA-1794-1 linux-2.6 - multiple vulnerabilities
Bulletin has no description...
Debian DSA-1790-1 : xpdf - multiple vulnerabilities
Several vulnerabilities have been identified in xpdf, a suite of tools for viewing and converting Portable Document Format PDF files. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0146 Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2...
kernel: memory disclosure in SO_BSDCOMPAT gsopt
The sockgetsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SOBSDCOMPAT getsockopt request...
xpdf: Freeing of potentially uninitialized memory in JBIG2 decoder
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service crash via a crafted PDF file that triggers a free of uninitialized memory...
libvirt_proxy <= 0.5.1 Local Privilege Escalation Exploit
No description provided by source. / cve-2009-0036.c libvirtproxy = 0.5.1 Local Privilege Escalation Exploit Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0036 Buffer overflow in the proxyReadClientSocket function in...
CVE-2009-1436
The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file...
libvirt_proxy 0.5.1 - Local Privilege Escalation
libvirtproxy 0.5.1 - Local Privilege Escalation / cve-2009-0036.c libvirtproxy http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0036 Buffer overflow in the proxyReadClientSocket function in proxy/libvirtproxy.c in libvirtproxy 0.5.1 might allow local...
libvirt_proxy 0.5.1 - Local Privilege Escalation
/ cve-2009-0036.c libvirtproxy http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0036 Buffer overflow in the proxyReadClientSocket function in proxy/libvirtproxy.c in libvirtproxy 0.5.1 might allow local users to gain privileges by sending a portion of t...
FreeBSD libc Berkley DB接口未初始化内存本地信息泄露漏洞
BUGTRAQ ID: 34666 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 FreeBSD的C库(libc)包含有用于创建和访问Berkeley DB 1.85数据库文件的代码。由于Berkeley DB向数据库文件中写入了从malloc3获得的未初始化内存,使用db3接口创建Berkeley数据库文件的程序可能向数据库文件泄露敏感信息。如果其他用户可以读取这些文件,就会导致泄漏敏感信息,如登录凭据。 FreeBSD FreeBSD 7.1 FreeBSD FreeBSD 7.0 FreeBSD FreeBSD 6.4 FreeBSD...
DEBIAN-CVE-2009-0166
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service crash via a crafted PDF file that triggers a free of uninitialized memory...
CVE-2009-0166
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service crash via a crafted PDF file that triggers a free of uninitialized memory...
Design/Logic Flaw
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service crash via a crafted PDF file that triggers a free of uninitialized memory...
FreeBSD libc Berkley DB接口未初始化内存本地信息泄漏漏洞
BUGTRAQ ID: 34666 CNCAN ID:CNCAN-2009042302 FreeBSD是一款开放源代码的BSD操作系统。 FreeBSD libc Berkeley DB接口写malloc3中获得的未初始化内存到数据库文件,本地攻击者可以利用漏洞获得敏感信息。 FreeBSD FreeBSD 7.1-STABLE FreeBSD FreeBSD 7.1-RELEASE-p4 FreeBSD FreeBSD 7.1 -RELEASE-p2 FreeBSD FreeBSD 7.1 -RELEASE-p1 FreeBSD FreeBSD 7.1 -PRE-RELEASE...