Microsoft Releases August Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, SQL Server, Server Software, Developer Tools, and Exchange Server as part of the Microsoft Security Bulletin summary for August 2012. These vulnerabilities may allow an attacker to execute...

Ubuntu: Security Advisory (USN-1526-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 201206-04 (argyllcms)

The remote host is missing updates announced in advisory GLSA 201206-04. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

CVE-2012-3422

The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instancetoidmap hash is empty, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted web page, which causes an...

CVE-2012-3422

The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instancetoidmap hash is empty, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted web page, which causes an...

CVE-2012-3422

The provided data confirms CVE-2012-3422 affects the IcedTea-Web plugin prior to 1.2.1, where getFirstInTableInstance returns an uninitialized pointer if the instance_to_id_map is empty. This can cause a denial of service (crash) and may enable arbitrary code execution via a crafted web page. Sev...

CVE-2012-3422

The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instancetoidmap hash is empty, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted web page, which causes an...

CVE-2012-2665

Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text .odt file with 1 a child tag within...

CVE-2012-1910

Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted...

CVE-2012-1014

The processasreq function in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service uninitialized pointer dereference and daemon crash or possibly execute arbitrary...

Scientific Linux Security Update : poppler on SL6.x i386/x86_64

Two uninitialized pointer use flaws were discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler such as Evince to crash or, potentially, execute arbitrary code. CVE-2010-3702, CVE-2010-3703 An array index error was found i...

Scientific Linux Security Update : libsoup on SL4.x, SL5.x i386/x86_64

An integer overflow flaw which caused a heap-based buffer overflow was discovered in libsoup's Base64 encoding routine. An attacker could use this flaw to crash, or, possibly, execute arbitrary code. This arbitrary code would execute with the privileges of the application using libsoup's Base64...

Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20120202)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 released via in a previous update for php53 introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause th...

Scientific Linux Security Update : cpio on on SL4 i386/x86_64

A buffer overflow was found in cpio on 64-bit platforms. By tricking a user into adding a specially crafted large file to a cpio archive, a local attacker may be able to exploit this flaw to execute arbitrary code with the target user's privileges. CVE-2005-4268 %NASLMINLEVEL 70300 C Tenable...

CVE-2012-1014

The processasreq function in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service uninitialized pointer dereference and daemon crash or possibly execute arbitrary...

CentOS Update for php53 CESA-2012:0092 centos5

Check for the Version of php53 OpenVAS Vulnerability Test CentOS Update for php53 CESA-2012:0092 centos5 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

CVE-2012-2152

Stack-based buffer overflow in the getpacket method in socket.c in dhcpcd 3.2.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long packet...

Stack overflow

Stack-based buffer overflow in the getpacket method in socket.c in dhcpcd 3.2.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long packet...

CVE-2012-2152

Stack-based buffer overflow in the getpacket method in socket.c in dhcpcd 3.2.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long packet...

CVE-2012-2152

Stack-based buffer overflow in the getpacket method in socket.c in dhcpcd 3.2.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long packet...