CVE-2011-0346

Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to the DOM implementation and the BreakAASpecial and...

CVE-2011-0347

Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by crossfuzz...

Memory corruption

The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service heap memory corruption and panic or possibly have unspecified other impact via malformed 1 X25FACCALLINGAE or 2 X25FACCALLEDAE data, related t...

CVE-2010-4565

The bcmconnect function in net/can/bcm.c aka the Broadcast Manager in the Controller Area Network CAN implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensiti...

Design/Logic Flaw

Multiple integer signedness errors in the TIPC implementation in the Linux kernel before 2.6.36.2 allow local users to gain privileges via a crafted sendmsg call that triggers a heap-based buffer overflow, related to the tipcmsgbuild function in net/tipc/msg.c and the verifyiovec function in...

CVE-2010-3874

CVE-2010-3874: Heap-based buffer overflow in the bcm_connect function of net/can/bcm.c (Broadcast Manager) in the Linux kernel CAN implementation. Affects 64-bit kernels, before 2.6.36.2, enabling local attackers to cause memory corruption and a denial of service via a connect operation. The conn...

CVE-2010-3859

CVE-2010-3859 stems from multiple signedness errors in the Linux kernel’s TIPC implementation, allowing local privilege escalation via a crafted sendmsg that triggers a heap-based buffer overflow in tipc_msg_build and related iovec handling (verify_iovec). Public sources confirm affected historic...

CVE-2010-4565

The bcmconnect function in net/can/bcm.c aka the Broadcast Manager in the Controller Area Network CAN implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensiti...

CVE-2010-3859

Multiple integer signedness errors in the TIPC implementation in the Linux kernel before 2.6.36.2 allow local users to gain privileges via a crafted sendmsg call that triggers a heap-based buffer overflow, related to the tipcmsgbuild function in net/tipc/msg.c and the verifyiovec function in...

web Thunder remote arbitrary file reading vulnerability-vulnerability warning-the black bar safety net

web Thunderbolt in the design and implementation problems, leading to a malicious attacker can read the install web Thunder user on the machine any files web Thunderbolt in the present machine there is a webserver, and the binding at 0. 0. 0. 0, while for the web request processing is not...

Fedora Update for bind FEDORA-2010-18469

Check for the Version of bind OpenVAS Vulnerability Test Fedora Update for bind FEDORA-2010-18469 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

CVE-2009-2189

The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of 1 Router Advertisement and 2 Neighbor Discovery packets, which allows remote attackers to cause a denial of service resource...

CVE-2010-3769

The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted...

[SECURITY] Fedora 14 Update: bind-9.7.2-4.P3.fc14

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

[SECURITY] Fedora 13 Update: udev-153-5.fc13

The udev package contains an implementation of devfs in userspace using sysfs and netlink...

SuSE 11 / 11.1 Security Update : Linux kernel (SAT Patch Numbers 3144 / 3147 / 3148 / 3163 / 3171)

This security update of the SUSE Linux Enterprise 11 GA kernel fixes 3 critical security issues. Following security bugs were fixed : - Mismatch between 32bit and 64bit register usage in the system call entry path could be used by local attackers to gain root privileges. This problem only affects...

krb5 security update

CentOS Errata and Security Advisory CESA-2010:0926 Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVS...

Design/Logic Flaw

The KVM implementation in the Linux kernel before 2.6.36 does not properly reload the FS and GS segment registers, which allows host OS users to cause a denial of service host OS crash via a KVMRUN ioctl call in conjunction with a modified Local Descriptor Table LDT...

Mandriva Update for libalsa2 MDVA-2010:227 (libalsa2)

Check for the Version of libalsa2 OpenVAS Vulnerability Test Mandriva Update for libalsa2 MDVA-2010:227 libalsa2 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

CVE-2010-3804

The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a...