Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64

Multiple security flaws were discovered in RealPlayer. Helix Player and RealPlayer share a common source code base; therefore, some of the flaws discovered in RealPlayer may also affect Helix Player. Some of these flaws could, when opening, viewing, or playing a malicious media file or stream, le...

icedtea-web: getvalueforurl uninitialized instance pointer

The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instancetoidmap hash is empty, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted web page, which causes an...

Mozilla: Gecko memory corruption (MFSA 2012-44)

Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service heap memory...

BELL-CVE-2012-2845 CVE-2012-2845 does not affect BellSoft software

Bulletin has no description...

CVE-2012-1164

slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service assertion failure and daemon exit via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned...

update for strongswan (important)

Strongswan's gmp plugin could treat empty RSA signature as valid ones...

Mozilla: Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28) (MFSA 2012-19)

Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code...

Google Chrome < 17.0.963.56 Multiple Vulnerabilities

Binary data 6322.pasl...

CVE-2011-3024

Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service application crash via an empty X.509 certificate...

Code injection

Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service application crash via an empty X.509 certificate...

UBUNTU-CVE-2011-3024

Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service application crash via an empty X.509 certificate...

Mandriva Update for firefox MDVA-2012:014 (firefox)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

SquirrelMail: CSRF in the empty trash feature and in Index Order page

Multiple cross-site request forgery CSRF vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving 1 the empty trash implementation and 2 the Index Order aka optionsorder page, a different issue than...

CVE-2009-5028

Stack-based buffer overflow in Namazu before 2.0.20 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted request containing an empty uri field...

DEBIAN-CVE-2011-4079

Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service slapd crash via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry...

PYSEC-2011-2

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...

Google Chrome multiple vulnerabilities - September11 (Linux)

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulnsep11lin.nasl 7015 2017-08-28 11:51:24Z teissa $ Google Chrome multiple vulnerabilities - September11 Linux Authors: Rachana Shetty Copyright: Copyright c 2011 Greenbo...

Google Chrome multiple vulnerabilities - September11 (Mac OS X)

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulnsep11macosx.nasl 7019 2017-08-29 11:51:27Z teissa $ Google Chrome multiple vulnerabilities - September11 Mac OS X Authors: Rachana Shetty Copyright: Copyright c 2011...

Google Chrome < 13.0.782.215 Multiple Vulnerabilities (Sep 2011) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Chrome < 13.0.782.215 Multiple Vulnerabilities (Sep 2011) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...