Design/Logic Flaw

Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service application crash via a 1 font-fac...

CVE-2010-1788

Removed by vendor...

[SECURITY] [DSA 2077-1] New openldap packages fix potential code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-2077-1 [email protected] http://www.debian.org/security/ Florian Weimer July 29, 2010 http://www.debian.org/security/faq -...

CVE-2009-4962

Stack-based buffer overflow in Fat Player 0.6b allows remote attackers to execute arbitrary code via a long string in a .wav file. NOTE: some of these details are obtained from third party information...

Apple Releases Safari 5.0.1 and Safari 4.1.1

Apple has released Safari 5.0.1 and Safari 4.1.1 for Windows and Mac OS X to address multiple vulnerabilities in Safari and WebKit. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information. US-CERT encourages users...

CVE-2010-0211

The slapmodrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smrnormalize function, which allows remote attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a modrdn call with an RDN string containing...

Firefox Releases Firefox 3.6.8

The Mozilla Foundation has released Firefox 3.6.8 to address a critical vulnerability. This vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Mozilla Foundation security advisory MFSA 2010-48 and update to Firefox 3.6.8 to hel...

CVE-2010-1212

js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to 1 propagation of deep aborts in...

Ubuntu Update for ghostscript vulnerabilities USN-961-1

Ubuntu Update for Linux kernel vulnerabilities USN-961-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9611.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for ghostscript vulnerabilities USN-961-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

CVE-2010-0266

Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PRATTACHMETHOD property value of ATTACHBYREFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachme...

Mandriva Update for lftp MDVSA-2010:128 (lftp)

Check for the Version of lftp OpenVAS Vulnerability Test Mandriva Update for lftp MDVSA-2010:128 lftp Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

CVE-2010-2252

GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL wit...

CVE-2010-2251

The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted...

Input validation

tifgetimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG...

CVE-2010-2201

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content involving the 1 pushstring 0x2C operator, 2 debugfile 0xF1 operator, and an "invalid pointer vulnerability" that triggers...

CVE-2010-2202

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210,...

CVE-2010-2203

Adobe Reader and Acrobat 9.x before 9.3.3 on UNIX allow attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors...

Ubuntu Update for cups, cupsys vulnerabilities USN-952-1

Ubuntu Update for Linux kernel vulnerabilities USN-952-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9521.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for cups, cupsys vulnerabilities USN-952-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Design/Logic Flaw

Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances...

CVE-2010-2067

CVE-2010-2067 describes a stack-based buffer overflow in LibTIFF via a long EXIF SubjectDistance field in TIFF images, affecting LibTIFF up to version 3.9.4. The vulnerability allows remote attackers to trigger application crashes or possibly execute arbitrary code. Affected component: LibTIFF (t...