OCIPasswordChange API leaks information of password hash (CVE-2012-0511)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory OCIPasswordChange API leaks information of password hash. Risk Level: High Affected versions: Oracle Database Server version 10gR1, 10gR2 10.2.0.4 and previous patchsets and 11gR1 11.1.0.7 and previous patchset...

CVE-2011-3062

Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file...

CVE-2011-3062

Removed by vendor...

pidgin OTR information leakage

Pidgin transmits OTR off-the-record conversations over DBUS in plaintext. This makes it possible for attackers that have gained user-level access on a host, to listen in on private conversations associated with the victim account. Pidgin is a popular Instant Messenger application that runs on a...

NSA Develops New, Super-Secure Android Phone

The U.S. National Security Agency NSA released the specifications for a new, super-secure smartphone for use by government officials and based on Google’s widely-used Android operating system, inviting the public to make use of its research. The intelligence agency produced a limited run of about...

kernel: xfs: potential buffer overflow in xfs_readlink()

Buffer overflow in the xfsreadlink function in fs/xfs/xfsvnodeops.c in XFS in the Linux kernel 2.6, when CONFIGXFSDEBUG is disabled, allows local users to cause a denial of service memory corruption and crash and possibly execute arbitrary code via an XFS image containing a symbolic link with a...

Fedora 16 : java-1.7.0-openjdk-1.7.0.3-2.1.fc16 (2012-1690)

Updated to OpenJDK7u3/IcedTea7 2.1 - Security fixes : - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object - S7082299, CVE-2011-3571: AtomicReferenceArray insufficient array type check - S7110687, CVE-2012-0503: Unrestricted use of TimeZone.setDefault - S7110700,...

Moderate: Red Hat Security Advisory: texlive security update

Updated texlive packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

t1lib: Off-by-one via crafted Type 1 font

Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service application crash via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid...

VMWare Power Off Virtual Machine

This module will log into the Web API of VMWare and try to power off a specified Virtual Machine. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMWare Power Off Virtual Machine', 'Description...

Critical: java-1.6.0-openjdk

Issue Overview: It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine JVM, or bypass Java sandbox restrictions...

OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors...

Debian Security Advisory DSA 2394-1 (libxml2)

The remote host is missing an update to libxml2 announced via advisory DSA 2394-1. OpenVAS Vulnerability Test $Id: deb23941.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2394-1 libxml2 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Debian: Security Advisory (DSA-2394-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ghostscript: TrueType bytecode intepreter integer overflow or wraparound

Off-by-one error in the InsMINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via a malformed TrueType font in a document that trigger an integer overflow and a...

Medium: t1lib

Issue Overview: Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics AFM files. If a specially-crafted font file was opened by an application linked against t1lib, it could cause the application to crash or, potentially, execute arbitrary code with the...

RedHat Update for php RHSA-2012:0071-01

Check for the Version of php OpenVAS Vulnerability Test RedHat Update for php RHSA-2012:0071-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

Debian DSA-2394-1 : libxml2 - several vulnerabilities

Many security problems have been fixed in libxml2, a popular library to handle XML data files. - CVE-2011-3919 : Juri Aedla discovered a heap-based buffer overflow that allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. -...

DSA-2394-1 libxml2 - several

Bulletin has no description...

perl security vulnerabilities

It's possible to inject eval expression into digest module constructor. Off-by-one overflow in decodexs...