Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution

Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution Felipe Andres Manzano [email protected] updates in http://felipe.andres.manzano.googlepages.com/home ''' Sumary: ======= The libpoppler pdf rendering library, can free uninitialized pointers, leading to arbitrary code...

fetchmail multiple security vulnerabilities

NULL pointer dereference, uninitialized pointer dereference...

XPDF / Poppler uninitialized pointer dereference

User-controlled pointer dereference...

Fedora 8 : krb5-1.6.2-14.fc8 (2008-2647)

This update incorporates fixes included in MITKRB5-SA-2008-001 use of uninitialized pointer / double-free in the KDC when v4 compatibility is enabled and MITKRB5-SA-2008-002 incorrect handling of high-numbered descriptors in the RPC library. This update also incorporates less-critical fixes for a...

krb5: uninitialized pointer use in krb5kdc

KDC in MIT Kerberos 5 krb5kdc does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free...

krb5: uninitialized pointer use in krb5kdc

KDC in MIT Kerberos 5 krb5kdc does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free...

krb5: uninitialized pointer use in krb5kdc

KDC in MIT Kerberos 5 krb5kdc does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free...

Critical: krb5 security update

1.2.7-68 - add preliminary patch to fix use of uninitialized pointer / double-free in KDC CVE-2008-0062,CVE-2008-0063 432620, 432621 - add preliminary patch to fix incorrect handling of high-numbered descriptors in the RPC library CVE-2008-0948 435087...

Critical: krb5 security update

1.3.4-54.el46.1 - add preliminary patch to fix use of uninitialized pointer / double-free in KDC CVE-2008-0062,CVE-2008-0063 432620, 432621 - add backported patch to fix double-free in libgssapikrb5 CVE-2007-5971 415351...

Mplayer / Xine multiple security vulnerabilities

Buffer overflow on FLAC data parsing, uninitilized pointer dereference on MOV parsing...

Netkit ftpd FTP server DoS

uninitialized pointer reference...

Microsoft Excel rtAFDesc record invalid pointer access

Added: 01/17/2008 CVE: CVE-2008-0081 BID: 27305 OSVDB: 40344 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms. Problem Microsoft Excel references an uninitialized pointer if a spreadsheet contains an improperly placed...

Microsoft Excel rtAFDesc record invalid pointer access

Added: 01/17/2008 CVE: CVE-2008-0081 BID: 27305 OSVDB: 40344 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms. Problem Microsoft Excel references an uninitialized pointer if a spreadsheet contains an improperly placed...

Heimdal RADIUS server memory corruption

free of uninitialized pointer on invalid user name...

PT-2007-5840 · Apple · Macos X

Name of the Vulnerable Software and Affected Versions: Apple Mac OS X versions 10.4 through 10.4.10 Description: The issue allows attackers to cause a denial of service, potentially leading to application crashes, and may also enable the execution of arbitrary code. This is achieved through craft...

openSUSE 10 Security Update : openssl (openssl-2162)

A previous openssl update CVE-2006-2940 introduced another bug that can lead to a crash by providing a large prime number. An uninitialized pointer is freed during error handling. This bug allows remote attackers to crash services that use openssl. %NASLMINLEVEL 70300 C Tenable Network Security,...

No title provided

EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbgcreatelistener, which allows remote authenticated users to cause a denial of service daemon crash and possibly execute arbitrary code via a SELECT statement that invokes a...

Mandrake Linux Security Advisory : krb5 (MDKSA-2007:174-1)

A stack-based buffer overflow vulnerability was discovered in the RPC library used by Kerberos' kadmind program by Tenable Network Security. A remote unauthenticated user who could access kadmind would be able to trigger the flaw and cause it to crash CVE-2007-3999. This issue is only applicable ...

Access Restriction Bypass

Overview Affected versions of this package are vulnerable to Access Restriction Bypass. The kadm5modifypolicyinternal function in lib/kadm5/srv/svrpolicy.c in the Kerberos administration daemon kadmind in MIT Kerberos 5 krb5 1.5 through 1.6.2 does not properly check return values when the policy...

DEBIAN-CVE-2007-4000

The kadm5modifypolicyinternal function in lib/kadm5/srv/svrpolicy.c in the Kerberos administration daemon kadmind in MIT Kerberos 5 krb5 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy"...