CVE-2009-1935

Integer overflow in the pipebuildwritebuffer function sys/kern/syspipe.c in the direct write optimization feature in the pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4 allows local users to bypass virtual-to-physical address lookups and read sensitive information in memory pag...

FreeBSD information leak

Integer overflow on pipe implementation allows reading data from another process' memory...

Design/Logic Flaw

The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document...

CVE-2009-1700

The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document...

Cross site scripting

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of 1 an embedded document or ...

CVE-2009-1685

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of 1 an embedded document or ...

CVE-2009-1685

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of 1 an embedded document or ...

CVE-2009-1375

CVE-2009-1375 concerns the PurpleCircBuffer expansion in Pidgin (formerly Gaim) up to 2.5.6. When the buffer is full, data can be corrupted, potentially causing a crash or misleading UI. Connected advisories indicate pidgin updates (e.g., to version 2.6.x) fix this and related issues (XMPP/Sameti...

Microsoft IIS WebDAV Remote Authentication Bypass Vulnerability

Microsoft IIS Webserver with WebDAV Module is prone to remote authentication bypass vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Microsoft confirms flaw in WebDAV in IIS

Microsoft has confirmed the reported vulnerability in the WebDAV implementation in IIS 5.0, 5.1 and 6.0, saying that the flaw could be used to bypass the authentication mechanism on the Web server. However, the company said that there are a number of mitigating factors involved and that company...

Design/Logic Flaw

Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service memory consumption via vectors involving 1 signature verification during user authentication with X.509 certificates, related to the eaycheckx509sign function in src/racoon/cryptoopenssl.c; and 2...

Debian DSA-1794-1 : linux-2.6 - denial of service/privilege escalation/information leak

Several vulnerabilities have been discovered in the Linux kernel that may lead to denial of service, privilege escalation, or information leak. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-4307 Bryn M. Reeves reported a denial of service in the N...

Debian: Security Advisory (DSA-1794-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

DSA-1794-1 linux-2.6 - multiple vulnerabilities

Bulletin has no description...

Debian DSA-1787-1 : linux-2.6.24 - denial of service/privilege escalation/information leak

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-4307 Bryn M. Reeves reported a denial of service in the NFS filesystem...

[SECURITY] [DSA 1787-1] New Linux 2.6.24 packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-1787-1 [email protected] http://www.debian.org/security/ Dann Frazier May 2, 2009 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1787-1] New Linux 2.6.24 packages fix several vulnerabilities

---------------------------------------------------------------------- Debian Security Advisory DSA-1787-1 [email protected] http://www.debian.org/security/ Dann Frazier May 2, 2009 http://www.debian.org/security/faq - ----------------------------------------------------------------------...

DSA-1787-1 linux-2.6.24 - several vulnerabilities

Bulletin has no description...

Fedora 10 2008-10000

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...