Oracle Siebel Option Pack for IE ActiveX控件内存初始化漏洞

CVE ID: CVE-2009-3737 Siebel Option Pack for IE是Oracle Siebel CRM软件所提供的ActiveX控件。 Siebel Option Pack for IE ActiveX控件没有正确地初始化由NewBusObj方式所使用的内存，用户受骗访问了恶意网页并用特制参数调用该方式就可能导致执行任意代码。 Oracle Siebel Option Pack for IE 7.x 临时解决方法： 将以下文本保存为.REG文件并导入： Windows Registry Editor Version 5.00...

Oracle Siebel Option Pack for IE ActiveX control memory initialization vulnerability

Overview The Oracle Siebel Option Pack for IE ActiveX control fails to properly initialize memory, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Siebel Option Pack for IE is an ActiveX control that is provided by Oracle Siebel...

Fedora 13 : gnupg2-2.0.14-4.fc13 (2010-11413)

Fri Jul 23 2010 Rex Dieter - 2.0.14-4 - gpgsm realloc patch - Fri Jun 18 2010 Tomas Mraz - 2.0.14-3 - initialize small amount of secmem for list of algorithms in help 598847 necessary in the FIPS mode of libgcrypt Note that Tenable Network Security has extracted the preceding description block...

MDVA-2010:017 : consolekit

A incorrect initialisation in consolekit daemon could prevent automount of removable media under GNOME or KDE environment. This package update fixes this issue it requires restarting the system to take effect. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patc...

DEBIAN-CVE-2010-0212

OpenLDAP 2.4.22 allows remote attackers to cause a denial of service crash via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smrnormalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schemainit.c, as...

openSUSE Security Update : ghostscript-devel (openSUSE-SU-2010:0425-1)

Specially crafted postscript .ps files could cause buffer overflows in ghostscript that could potentially be exploited to execute arbitrary code CVE-2010-1628, CVE-2010-1869, CVE-2009-4270 ghostscript by default read some initialization files from the current working directory. Local attackers...

DEBIAN-CVE-2010-2055

Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gsinit.ps, a different...

CVE-2010-2055

Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gsinit.ps, a different...

CVE-2010-2055

Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gsinit.ps, a different...

CVE-2010-2055

Ghostscript before 8.71 is vulnerable to an information/command execution flaw where initialization files are read from the current working directory, enabling local users to run arbitrary PostScript via a Trojan horse file. Affected: Ghostscript 8.71 and earlier. Impact: local code/command execu...

openldap: modrdn processing IA5StringNormalize NULL pointer dereference

OpenLDAP 2.4.22 allows remote attackers to cause a denial of service crash via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smrnormalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schemainit.c, as...

Fedora 13 : beanstalkd-1.4.6-1.fc13 (2010-9570)

Sat Jun 5 2010 Jeremy Hinegardner - 1.4.6-1 - update to upstream 1.4.6 - Mon Feb 22 2010 Jeremy Hinegardner - 1.4.3-2 - fix binlogdir location initialization for bug 55831 - Sun Feb 21 2010 Jeremy Hinegardner - 1.4.3-1 - update to upstream 1.4.3 - change default binlogdir in sysconfig file -...

Microsoft IE未初始化内存远程代码执行漏洞（MS10-018）

BUGTRAQ ID: 39023,39031 CVE ID: CVE-2010-0267,CVE-2010-0490 Internet Explorer是Windows操作系统中默认捆绑的web浏览器。 Internet Explorer访问尚未正确初始化或已被删除的对象的方式中存在多个远程执行代码漏洞。攻击者可以通过构建特制的网页来利用该漏洞，当用户查看网页时，该漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可以获得与登录用户相同的用户权限。 Microsoft Internet Explorer 8.0 Microsoft Internet Explorer 7.0...

Ubuntu Update for libpng vulnerabilities USN-913-1

Ubuntu Update for Linux kernel vulnerabilities USN-913-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9131.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for libpng vulnerabilities USN-913-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Ubuntu: Security Advisory (USN-913-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-913-1: libpng vulnerabilities

It was discovered that libpng did not properly initialize memory when decoding certain 1-bit interlaced images. If a user or automated system were tricked into processing crafted PNG images, an attacker could possibly use this flaw to read sensitive information stored in memory. This issue only...

CentOS 5 : sudo (CESA-2010:0122)

An updated sudo package that fixes two security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The sudo superuser do utility allows system administrators to give certain users the abilit...

RHEL 5 : sudo (RHSA-2010:0122)

An updated sudo package that fixes two security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The sudo superuser do utility allows system administrators to give certain users the abilit...

CVE-2010-0663

The ParamTraits::Read function in common/commonparamtraits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data,...

CVE-2010-0663

CVE-2010-0663 refers to Google Chrome prior to 4.0.249.78, where the ParamTraits::Read function in common/common_param_traits.cc does not initialize memory for bitmap data. This could allow remote attackers to obtain potentially sensitive information from process memory, related to use of a thumb...