JDK unspecified vulnerability in Java2D component

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Marc...

xen: emulator instruction decoding inconsistency

The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux RHEL 5 allows guest OS users to cause a denial of service 32-bit guest OS crash via vectors that trigger an unspecified instruction emulation...

Spammers Outsource CAPTCHA Decoding

Faced with stricter Internet security measures like CAPTCHAS, some spammers have begun borrowing a page from corporate America’s playbook: they are outsourcing. Read the full article. The New York Times...

Heap overflow

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Marc...

CVE-2010-0849

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Marc...

JDK unspecified vulnerability in Java2D component

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Marc...

Debian DSA-2025-1 : icedove - several vulnerabilities

Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2408 Dan Kaminsky and Moxie Marlinspike discovered that icedove does...

DSA-2025-1 icedove - several vulnerabilities

Bulletin has no description...

gnutls: gnutls_x509_crt_get_serial incorrect serial decoding from ASN1 (BE64) [GNUTLS-SA-2010-1]

The gnutlsx509crtgetserial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1readvalue with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list CRL check and cau...

Mozilla Base64 decoding crash

Multiple integer overflows in the 1 PLBase64Decode and 2 PLBase64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service memory corruption and application crash...

UPX Compressed PE Executable Files (CVE-2005-2920)

ClamAV AntiVirus is an open source product that provides anti-virus scanning utilities and an anti-virus library. The product is capable of decoding several archive formats in order to scan their internal items for viruses. One of such archive formats is the UPX Ultimate Packer for eXecutables fi...

libpng stalls on highly compressed ancillary chunks

Overview Libpng stalls and consumes large quantities of memory while processing certain Portable Network Graphics PNG files. Description When processing PNG files containing highly compressed ancillary chunks, the pngdecompresschunk function in libpng can consume large amounts of CPU time and...

Microsoft Paint JPEG Decoding Integer Overflow (MS10-005; CVE-2010-0028)

Microsoft Paint is a simple graphics painting program that has been included with all versions of Microsoft Windows. JPEG is a platform-independent image format that supports a high level of compression. A remote code execution vulnerability exists in the way that Microsoft Paint decodes JPEG...

Google Chrome < 4.0.249.78 Multiple Vulnerabilities

Binary data 5328.pasl...

openSUSE Security Update : gstreamer-0_10-plugins-good (gstreamer-0_10-plugins-good-1717)

Specially crafted files could cause integer overflows in the PNG decoding module of GStreamer CVE-2009-1932. if !definedfunc"nasllevel" || nasllevel = 70000 && nasllevel = 70200 && nasllevel = 80000 && nasllevel 80502 exit0; C Tenable Network Security, Inc. The descriptive text and package checks...

CentOS 5 : cups (CESA-2008:0192)

Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System CUPS provides a portable printing layer for UNIXR operatin...

Mandriva Linux Security Advisory : ghostscript (MDVSA-2009:311)

Multiple security vulnerabilities has been identified and fixed in ghostscript : A buffer underflow in Ghostscript's CCITTFax decoding filter allows remote attackers to cause denial of service and possibly to execute arbitrary by using a crafted PDF file CVE-2007-6725. Buffer overflow in...

Serv-U < 9.1.0.0

According to its banner, the installed version of Serv-U is earlier than 9.1.0.0, and therefore affected by the following issues : - A boundary error in the web administration interface when parsing session cookies can result in a stack-based buffer overflow. CVE-2009-4873 - A boundary error in t...

Stack overflow

Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string...

CVE-2009-4006

Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string...