OpenJDK: integer overflows in JPEGImageReader and font SunLayoutEngine (2D, 7013519)

Multiple unspecified vulnerabilities in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.231 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

Wireshark: Malformed LDAP filter string causes Denial of Service via excessive memory consumption

epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service memory consumption via 1 a long LDAP filter string or 2 an LDAP filter string containing many elements...

flash-plugin: multiple code execution flaws (APSB11-02)

Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors related to a constructor for an unspecified ActionScript3 object and improper type checking, a different vulnerability than CVE-2011-0559,...

JDK unspecified vulnerability in Sound component

Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.229 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and...

python: rgbimg: multiple security issues

Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12...

openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack

OpenSSL before 0.9.8j, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a...

proftpd -- Compromised source packages backdoor

The ProFTPD Project team reports: The security issue is caused due to the distribution of compromised ProFTPD 1.3.3c source code packages via the project's main FTP server and all of the mirror servers, which contain a backdoor allowing remote root access...

OpenJDK Swing mutable static (6938813)

Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Octobe...

OpenJDK DNS server IP address information leak (6957564)

Unspecified vulnerability in the Java Naming and Directory Interface JNDI component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.227 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October...

OpenJDK ICC Profile remote code execution (6963489)

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle ha...

OpenJDK ICU Opentype layout engine crash (6963285)

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle ha...

acroread: multiple code execution flaws (APSB10-21)

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622,...

flash-plugin: multiple security flaws (APSB10-16)

Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2010-2213, CVE-2010-2214, and CVE-2010-2216...

[SECURITY] Fedora 14 Update: freeciv-2.2.2-1.fc14

Freeciv is a turn-based, multi-player, X based strategy game. Freeciv is generally comparable to, and has compatible rules with, the Civilization IIR game by MicroproseR. In Freeciv, each player is the leader of a civilization, and is competing with the other players in order to become the leader...

tomcat directory listing issue

Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon ; preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do...

tomcat accept-language xss flaw

Cross-site scripting XSS vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616"...

tomcat: unexpected file deletion and/or alteration

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. dot dot in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry...

Apache Httpd < 2.2.10 : Timeout detection flaw (mod_proxy_http)

An information disclosure flaw was found in modproxyhttp in version 2.2.9 only, on Unix platforms. Under certain timeout conditions, the server could return a response intended for another user. Only those configurations which trigger the use of proxy worker pools are affected. There was no...

Mozilla miscellaneous memory safety hazards

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service memory corruption and application crash o...

flash-plugin: "possible player crash" affects also v9.x versions of Adobe Flash Player

Adobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms allows attackers to cause a denial of service via unknown vectors...