Code injection

The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen...

CVE-2012-3735

The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen...

libexif: "exif_convert_utf16_to_utf8()" off-by-one

Off-by-one error in the exifconvertutf16toutf8 function in exif-entry.c in the EXIF Tag Parsing Library aka libexif before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image...

Mandriva Linux Security Advisory : libotr (MDVSA-2012:131)

A vulnerability was found and corrected in libotr : Just Ferguson discovered that libotr, an off-the-record OTR messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted...

Fedora Update for libotr FEDORA-2012-11959

Check for the Version of libotr OpenVAS Vulnerability Test Fedora Update for libotr FEDORA-2012-11959 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

[SECURITY] Fedora 16 Update: libotr-3.2.1-1.fc16

Off-the-Record Messaging Library and Toolkit This is a library and toolkit which implements Off-the-Record OTR Messagi ng. OTR allows you to have private conversations over IM by providing Encryptio n, Authentication, Deniability and Perfect forward secrecy...

Scientific Linux Security Update : tetex on SL5.x i386/x86_64 (20120823)

teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent DVI file as output. teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code :...

Moderate: Red Hat Security Advisory: tetex security update

Updated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

As a JIRA System Administrator, I can instruct web browsers to not allow saving a user's password in the various login options, so that unauthorized users can not access the system.

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-29447. panel In some organisations, as part of a set of security requirements, it is required for compliant applications, to disallow users ...

[USN-1541-1] libotr vulnerability

========================================================================== Ubuntu Security Notice USN-1541-1 August 16, 2012 libotr vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Mandriva Update for libotr MDVSA-2012:131 (libotr)

Check for the Version of libotr OpenVAS Vulnerability Test Mandriva Update for libotr MDVSA-2012:131 libotr Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

FreeBSD : chromium -- multiple vulnerabilities (ce84e136-e2f6-11e1-a8ca-00262d5ed8ee)

Google Chrome Releases reports : Linux only 125225 Medium CVE-2012-2846: Cross-process interference in renderers. Credit to Google Chrome Security Team Julien Tinnes. 127522 Low CVE-2012-2847: Missing re-prompt to user upon excessive downloads. Credit to Matt Austin of Aspect Security. 127525...

Gentoo Security Advisory GLSA 201207-02 (libxml2)

The remote host is missing updates announced in advisory GLSA 201207-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

CVE-2012-2849

CVE-2012-2849 affects Google Chrome’s GIF decoder. An off-by-one read in the GIF decoder can be triggered by a crafted image, leading to a denial of service. Affected versions are Chrome before 21.0.1180.57 on macOS and Linux, and before 21.0.1180.60 on Windows and Chrome Frame. Public references...

Scientific Linux Security Update : php on SL4.x i386/x86_64 (20120130)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash...

Scientific Linux Security Update : apr-util on SL4.x, SL5.x i386/x86_64

An off-by-one overflow flaw was found in the way apr-util processed a variable list of arguments. An attacker could provide a specially crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive...

Scientific Linux Security Update : bind97 on SL5.x i386/x86_64

"The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character one with the...

Scientific Linux Security Update : httpd on SL3.x i386/x86_64

An off-by-one overflow flaw was found in the way apr-util processed a variable list of arguments. An attacker could provide a specially crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive...

Scientific Linux Security Update : libxml2 on SL4.x i386/x86_64 (20120111)

The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language XPath, which is a language for addressing parts of an XML document. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity...