CVE-2011-3671

Use-after-free vulnerability in the nsHTMLSelectElement function in nsHTMLSelectElement.cpp in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allows remote attackers to execute arbitrary code via vectors involving removal of the parent node of an element...

CVE-2012-2090

Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to 1...

CVE-2012-2091

Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service crash and possibly execute arbitrary code via a 1 long string in a rotor tag of an aircraft xml model to the Rotor::getValueforFGSet function in...

CVE-2012-0212

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument...

CVE-2011-3193

Heap-based buffer overflow in the LookupMarkMarkPos function in the HarfBuzz module harfbuzz-gpos.c, as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted font file...

CVE-2012-0210

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a 1 .dsc or 2 .changes file...

CVE-2011-3193

Heap-based buffer overflow in the LookupMarkMarkPos function in the HarfBuzz module harfbuzz-gpos.c, as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted font file...

CVE-2012-0211

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original .orig source tarball of a source package...

Mandriva Update for nut MDVSA-2012:087 (nut)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CVE-2011-2912

Stack-based buffer overflow in the CSoundFile::ReadS3M function in src/loads3m.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted S3M file with an invalid offset...

CVE-2011-2915

Off-by-one error in the CSoundFile::ReadAMS2 function in src/loadams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via a crafted AMS file with a large number of instruments...

Memory corruption

Off-by-one error in the CSoundFile::ReadAMS2 function in src/loadams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via a crafted AMS file with a large number of instruments...

Integer overflow

Integer overflow in the CSoundFile::ReadWav function in src/loadwav.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted WAV file, which triggers a heap-based buffer overflow...

CVE-2011-2914

Off-by-one error in the CSoundFile::ReadDSM function in src/loaddms.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via a crafted DSM file with a large number of samples...

CVE-2012-0985

The CVE-2012-0985 issue affects Sony VAIO Wireless Manager components (ActiveX control in WifiMan.dll and related VAIO utilities). Multiple buffer overflows in SetTmpProfileOption() and ConnectToNetwork() allow a remote attacker to crash the application and potentially execute arbitrary code via ...

CVE-2011-2915

Off-by-one error in the CSoundFile::ReadAMS2 function in src/loadams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via a crafted AMS file with a large number of instruments...

CVE-2011-2914

Off-by-one error in the CSoundFile::ReadDSM function in src/loaddms.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via a crafted DSM file with a large number of samples...

DEBIAN-CVE-2012-0920

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels...

Hardcoded credentials

The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large region size in a package header...

Hardcoded credentials

The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison...