Heap overflow

The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that...

CVE-2012-3961

Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service heap...

CVE-2012-3972

The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Debian Security Advisory DSA 2507-1 (openjdk-6)

The remote host is missing an update to openjdk-6 announced via advisory DSA 2507-1. OpenVAS Vulnerability Test $Id: deb25071.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2507-1 openjdk-6 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Researcher Finds Technique to Bypass Microsoft's EMET Protections

A security researchers has discovered a pair of methods that enable him to bypass the protections offered by Microsoft’s EMET anti-exploit technology. The Enhanced Mitigation Experience Toolkit, which Microsoft updated late last month to include one of the three technologies that were finalists i...

Design/Logic Flaw

Use-after-free vulnerability in the Cascading Style Sheets CSS DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a...

Fedora 17 : maniadrive-1.2-43.fc17 / php-5.4.5-1.fc17 (2012-10936)

The PHP development team would like to announce the immediate availability of PHP 5.4.5. This release fixes over 30 bugs and includes a fix for a security related overflow issue in the stream implementation CVE-2012-2688. All users of PHP are encouraged to upgrade to PHP 5.4.5. Full changelog:...

Mandriva Update for openssl MDVSA-2012:007 (openssl)

Check for the Version of openssl OpenVAS Vulnerability Test Mandriva Update for openssl MDVSA-2012:007 openssl Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Mandriva Update for php MDVSA-2012:093 (php)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20120110)

The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names. A local, unprivileged...

Scientific Linux Security Update : kernel on SL4.x i386/x86_64

CVE-2009-1439 kernel: cifs: memory overwrite when saving nativeFileSystem field during mount CVE-2009-1633 kernel: cifs: fix potential buffer overruns when converting unicode strings sent by server CVE-2009-1389 kernel: r8169: fix crash when large packets are received These updated packages fix t...

Scientific Linux Security Update : kernel on SL4.x i386/x86_64

Security fixes : - A flaw in sctppacketconfig in the Linux kernel's Stream Control Transmission Protocol SCTP implementation could allow a remote attacker to cause a denial of service. CVE-2010-3432, Important - A missing integer overflow check in sndctlnew in the Linux kernel's sound subsystem...

Scientific Linux Security Update : kernel on SL6.x i386/x86_64

This update fixes the following security issues : - Missing sanity checks in the Intel i915 driver in the Linux kernel could allow a local, unprivileged user to escalate their privileges. CVE-2010-2962, Important - compatallocuserspace in the Linux kernel 32/64-bit compatibility layer...

Scientific Linux Security Update : kernel on SL6.x i386/x86_64

The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - Multiple buffer overflow flaws were found in the Linux kernel's Management Module Support for Message Passing Technology MPT based controllers. A local,...

Scientific Linux Security Update : glibc on SL4.x i386/x86_64 (20120213)

The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer...

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64 (20120221)

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could u...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20120529)

The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : - It was found that the datalen parameter of the sockallocsendpskb function in the Linux kernel's networking implementation was not validated before use. A local...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64

Security fixes : - NULL pointer dereference flaws in the r128 driver. Checks to test if the Concurrent Command Engine state was initialized were missing in private IOCTL functions. An attacker could use these flaws to cause a local denial of service or escalate their privileges. CVE-2009-3620,...

Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20120213)

The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer...