Deeply Flawed Apple-Owned Fingerprint Reader Software a Tough Fix

Now that word is out on a serious password bug in the ubiquitous UPEK Protector Suite fingerprint readers found in most new laptops today, Apple-owned Authentec surely will be able to fix the issue on the double. Not so fast, says one of the researchers looking at the problem. “It’s a system that...

Design/Logic Flaw

Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors,...

CVE-2012-3993

The Chrome Object Wrapper COW implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to...

Null pointer dereference

The SCTP implementation in FreeBSD 8.2 allows remote attackers to cause a denial of service NULL pointer dereference and kernel panic via a crafted ASCONF chunk...

CVE-2012-3549

The CVE-2012-3549 entry involves the SCTP implementation in FreeBSD 8.2, where remote attackers can trigger a denial of service (NULL pointer dereference and kernel panic) by sending a crafted ASCONF chunk. The vulnerability is rooted in the FreeBSD 8.2 SCTP stack handling of ASCONF, leading to a...

CVE-2012-4184

The Chrome Object Wrapper COW implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote...

DEBIAN-CVE-2012-3552

Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service slab corruption and system crash by sending packets to an application that sets socket options during the handling of network traffic...

Race condition

Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service slab corruption and system crash by sending packets to an application that sets socket options during the handling of network traffic...

UBUNTU-CVE-2012-3552

Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service slab corruption and system crash by sending packets to an application that sets socket options during the handling of network traffic...

CVE-2012-3520

The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCMCREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to 1 Avahi or 2 NetworkManager...

CVE-2012-3520

CVE-2012-3520 concerns the Netlink implementation in the Linux kernel prior to 3.2.30, where Netlink messages missing SCM_CREDENTIALS data could be spoofed by a local attacker via crafted messages (notably affecting services such as Avahi or NetworkManager). The vulnerability enables a local user...

CVE-2012-3552

Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service slab corruption and system crash by sending packets to an application that sets socket options during the handling of network traffic...

CVE-2012-3520

The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCMCREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to 1 Avahi or 2 NetworkManager...

Mandriva Linux Security Advisory : inn (MDVSA-2012:156)

A security issue was identified and fixed in ISC INN : The STARTTLS implementation in INN's NNTP server for readers, nnrpd, before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command tha...

Code injection

The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service device reload via transit IP packets, aka Bug ID CSCtr46123...

CVE-2012-4617

The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service multiple connection resets by leveraging a peer relationship and sending a malformed attribute, aka Bug IDs CSCtt35379, CSCty58300, CSCtz63248...

CVE-2012-4618

The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service device reload via transit IP packets, aka Bug ID CSCtn76183...

Design/Logic Flaw

The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service device reload via transit IP packets, aka Bug ID CSCtn76183...

CVE-2012-4618

The CVE-2012-4618 issue affects Cisco IOS Software Network Address Translation NAT with the SIP ALG feature. The vulnerability arises when SIP payloads are translated for in-transit packets, causing a denial of service that can trigger a device reload. Affected IOS versions noted in the sources i...

CVE-2012-4617

The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service multiple connection resets by leveraging a peer relationship and sending a malformed attribute, aka Bug IDs CSCtt35379, CSCty58300, CSCtz63248...