openSUSE Security Update : acroread (openSUSE-SU-2010:1030-1)

This update of acroread fixes two critical vulnerabilities. The first one in referenced by CVE-2010-3654 and exists in the integrated authplay component that may allow remote attackers to take control over a victims system. CVE-2010-3654: CVSS v2 Base Score: 6.8 critical AV:N/AC:M/Au:N/C:P/I:P/A:...

openSUSE Security Update : ed (openSUSE-SU-2010:1084-1)

This update fixes a heap-based buffer overflow in ed which can be exploited remotely only with user-assistance. CVE-2008-3916: CVSS v2 Base Score: 9.3 HIGH AV:N/AC:M/Au:N/C:C/I:C/A:C: Buffer Errors CWE-119 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package check...

openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0146-1)

This tomcat6 update fixes : - CVE-2010-3718: CVSS v2 Base Score: 4.0 AV:N/AC:H/Au:N/C:P/I:P/A:N: Design Error CWE-DesignError - CVE-2011-0013: CVSS v2 Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N: XSS CWE-79 - CVE-2011-0534: CVSS v2 Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P: Resource Management...

libvirt: error reporting in libvirtd is not thread safe

libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service crash by causing multiple threads to report errors at the same time...

Firefox 3.6 < 3.6.17 Multiple Vulnerabilities

The installed version of Firefox 3.6 is earlier than 3.6.17. Such versions are potentially affected by the following security issues : - Multiple use-after-free errors exist in the handling of the object attributes 'mChannel', 'mObserverList' and 'nsTreeRange'. CVE-2011-0065, CVE-2011-0066,...

Firefox < 3.5.19 Multiple Vulnerabilities

The installed version of Firefox is earlier than 3.5.19. Such versions are potentially affected by the following security issues : - Multiple use-after-free errors exist in the handling of the object attributes 'mChannel', 'mObserverList' and 'nsTreeRange'. CVE-2011-0065, CVE-2011-0066,...

Google's Chrome 11 fixes $16,500 worth of bugs !!

Google's Chrome web browser is now at version 11, and its release is marked by a record payout for security fixes as well as a speech translation feature. A total of 27 security vulnerabilities are fixed in the latest stable release for Windows, Mac, Linux and Chrome Frame. Individual rewards wer...

Google Chrome < 11.0.696.57 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 11.0.696.57. Such versions of Chrome are affected by multiple vulnerabilities: - A stale pointer exists in floating object handling. Issue 61502 - It may be possible to bypass the pop-up blocker via plug-ins. Issue 70538 -...

Microsoft discloses vulnerabilities in Chrome and Opera

Microsoft discloses vulnerabilities in Chrome and Opera Microsoft has issued two advisories on Chrome and Opera, detailing remote code execution and information disclosure vulnerabilities. The disclosure is the result of the Microsoft Vulnerability Research MSVR system going live, which is one of...

SuSE 10 Security Update : quagga (ZYPP Patch Number 7355)

This security update of quagga fixes : - Direct BGP peers can send malformed extended communities which lead to a NULL pointer dereference. CVE-2010-1674 - A malformed ASPATHLIMIT path attribute will cause a session reset in Quagga. This malformed package is forwarded by other routers and can be...

SuSE9 Security Update : quagga (YOU Patch Number 12685)

This security update of quagga fixes : - Direct BGP peers can send malformed extended communities which lead to a NULL pointer dereference. CVE-2010-1674 - A malformed ASPATHLIMIT path attribute will cause a session reset in Quagga. This malformed package is forwarded by other routers and can be...

Google Chrome multiple vulnerabilities - March 11 (Windows)

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodgooglechromemultvulnmar11win.nasl 7024 2017-08-30 11:51:43Z teissa $ Google Chrome multiple vulnerabilities - March 11 Windows Authors: Sooraj KS Copyright: Copyright c 2011 SecPod,...

Mandriva Linux Security Advisory : php (MDVSA-2011:052)

Multiple vulnerabilities has been identified and fixed in php : The zipnamelocate function in zipnamelocate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FLUNCHANGED argument, which might allow context-dependent attackers to cause a denial of service applicatio...

New Analysis Shows Pushdo Botnet Sent Trillions of Spam Emails, Generated Millions in Profits

A new, detailed analysis of the operations of the infamous Cutwail/Pushdo botnet shows that the network, which had been he target of several takedown attempts in the last couple of years, is not only amazingly resilient, but also is incredibly prolific, with one section of the botnet sending more...

krb5 security update

1.8.2-3.6 - add revised upstream patch to fix double-free in KDC while returning typed-data with errors CVE-2011-0284, 681564 1.8.2-3.5 - add upstream patches to fix double-free in KDC while returning typed-data with errors CVE-2011-0284, 681564...

MediaWiki < 1.16.1 'Frames Processing Clickjacking' Information Disclosure Vulnerability

MediaWiki is prone to a clickjacking information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Google Chrome multiple vulnerabilities - March 11 (Linux)

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulnmar11lin.nasl 7024 2017-08-30 11:51:43Z teissa $ Google Chrome multiple vulnerabilities - March 11 Linux Authors: Sooraj KS Copyright: Copyright c 2011 Greenbone...

Cross-site Scripting (XSS) Vulnerabilities in Sodahead Polls

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Sodahead Polls which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in Sodahead Polls 1.1 The vulnerability exists due to input sanitation errors in the...

Ubuntu 9.10 : linux, linux-ec2 vulnerabilities (USN-1073-1)

Gleb Napatov discovered that KVM did not correctly check certain privileged operations. A local attacker with access to a guest kernel could exploit this to crash the host system, leading to a denial of service. CVE-2010-0435 Dan Jacobson discovered that ThinkPad video output was not correctly...

VLC Media Player USF and Text Subtitles Decoders BOF Vulnerabilities (Windows)

The host is installed with VLC Media Player and is prone to buffer overflow vulnerabilities. OpenVAS Vulnerability Test $Id: secpodvlcmediaplayerbofvulnfeb11win.nasl 8174 2017-12-19 12:23:25Z cfischer $ VLC Media Player USF and Text Subtitles Decoders BOF Vulnerabilities Windows Authors: Madhuri ...