CVE-2012-2100

The ext4fillflexinfo function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem...

Methods For Measuring Botnet Threat Woefully Inadequate

Current methods for measuring the size of botnets are flawed and may be hampering efforts to fight back against the networks of zombie computers, according to a new report from The European Network and Information Security Agency ENISA. The agency issued a 150 page report, “Botnets: Measurement,...

Mozilla Foundation Security Advisory 2011-02

Mozilla Foundation Security Advisory 2011-02 Title: Recursive eval call causes confirm dialogs to evaluate to true Impact: Critical Announced: March 1, 2011 Reporter: Zach Hoffman Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.14 Firefox 3.5.17 SeaMonkey 2.0.12 Description Security researcher...

Recursive eval call causes confirm dialogs to evaluate to true — Mozilla

Security researcher Zach Hoffman reported that a recursive call to eval wrapped in a try/catch statement places the browser into a inconsistent state. Any dialog box opened in this state is displayed without text and with non-functioning buttons. Closing the window causes the dialog to evaluate t...

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7280)

Mozilla Firefox 3.5 was updated to update 3.5.16 fixing several security issues. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain...

Use-after-free error with nsDOMAttribute MutationObserver — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a nsDOMAttribute node can be modified without informing the iterator object responsible for various DOM traversals. This flaw could lead to a inconsistent state where the iterator points to an object it believes i...

Inconsistent Hostname and IP Address

The name of this machine either does not resolve or resolves to a different IP address. This may come from a badly configured reverse DNS or from a host file in use on the Nessus scanning host. As a result, URLs in plugin output may not be directly usable in a web browser and some web tests may b...

Buffer overflow

CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to inconsistent length fields, related to QDCA...

CVE-2010-0059

CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to inconsistent length fields, related to QDCA...

Custom fileds inconsistently escaped in view and edit screens

Steps to replicate: Create a custom field and name it Hithere On view issue screens, the field appears as Hithere On edit issue screen, the field appears as Hithere on red font I guess we need to make a decision on which one is the desired functionality allow HTML or not and make it consistent...

Potential XSS vectors due to inconsistent encodings

More info at https://framework.zend.com/security/advisory/ZF2010-01...

DEBIAN-CVE-2009-3727

Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error message...

Stack overflow

Multiple stack-based buffer overflows in the PowerPoint 95 importer PP7X32.DLL in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 PPT95 native file...

Memory corruption

The rbstrformat function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662,...

CVE-2008-2664

The rbstrformat function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662,...

CVE-2006-4662

Heap-based buffer overflow in the MCRegExSearch function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value TLV type...

CVE-2006-1319

chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little endian i386 machines against dietlibc, does not properly handle when multiple groups are specified in the -u option, which causes chpst to assign permissions for the root group due to inconsistent bit sizes for the gidt type...

CVE-2006-0197

The XClientMessageEvent struct used in certain components of X.Org 6.8.2 and earlier, possibly including 1 the X server and 2 Xlib, uses a "long" specifier for elements of the l array, which results in inconsistent sizes in the struct on 32-bit versus 64-bit platforms, and might allow attackers t...

squid -- DoS on failed PUT/POST requests vulnerability

The squid patches page notes: An inconsistent state is entered on a failed PUT/POST request making a high risk for segmentation faults or other strange errors...