Design/Logic Flaw

The dovideosetspupalette function in fs/compatioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEOSETSPUPALETTE ioctl call on a /dev/dvb device...

UBUNTU-CVE-2013-1928

The dovideosetspupalette function in fs/compatioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEOSETSPUPALETTE ioctl call on a /dev/dvb device...

UBUNTU-CVE-2013-3301

The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact by leveraging the CAPSYSADMIN capability for write access to the 1 setftracepid or 2 setgraphfunction file...

Mandriva Linux Security Advisory : bogofilter (MDVSA-2013:064)

Updated bogofilter package fixes security vulnerability : In bogofilter before 1.2.3, bogofilter's/bogolexer's base64 could overwrite heap memory in the character set conversion in certain pathological cases of invalid base64 code that decodes to incomplete multibyte characters CVE-2012-5468...

CVE-2013-3210

Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain...

Information disclosure

Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain...

CVE-2013-3210

Opera before 12.15 is vulnerable due to improper blocking of top‑level domains in Set‑Cookie headers, enabling a remote attacker to access sensitive information by controlling a different site in the same TLD. This is documented across multiple feeds (NVD and Red Hat/SUSE/OpenVAS entries referenc...

CVE-2013-3210

Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain...

Oracle WebCenter Sites Satellite Server - HTTP Header Injection

Oracle WebCenter Sites Satellite Server - HTTP Header Injection SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: HTTP header injection/Cache poisoning in Oracle WebCenter Sites Satellite Server product: Oracle WebCenter...

CVE-2013-2832

The Buffer::Set function in core/cross/buffer.cc in the O3D plug-in in Google Chrome OS before 26.0.1410.57 does not prevent uninitialized data from remaining in a buffer, which might allow remote attackers to obtain sensitive information via unspecified vectors...

Cross site scripting

The Buffer::Set function in core/cross/buffer.cc in the O3D plug-in in Google Chrome OS before 26.0.1410.57 does not prevent uninitialized data from remaining in a buffer, which might allow remote attackers to obtain sensitive information via unspecified vectors...

CVE-2013-2832

CVE-2013-2832 affects Google Chrome OS before 26.0.1410.57, specifically the O3D plug-in’s Buffer::Set in core/cross/buffer.cc, where uninitialized data could remain in a buffer and allow remote attackers to obtain sensitive information via unspecified vectors. The fix was delivered in Chrome OS ...

CVE-2013-2832

The Buffer::Set function in core/cross/buffer.cc in the O3D plug-in in Google Chrome OS before 26.0.1410.57 does not prevent uninitialized data from remaining in a buffer, which might allow remote attackers to obtain sensitive information via unspecified vectors...

perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers

CGI.pm module before 3.63 for Perl does not properly escape newlines in 1 Set-Cookie or 2 P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm...

kernel: race condition with PTRACE_SETREGS

Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACESETREGS ptrace system call in a crafted application, as demonstrated by ptracedeath...

nss-pam-ldapd: FD_SET array index error, leading to stack-based buffer overflow

nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service application crash and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer...

hplip security, bug fix and enhancement update

3.12.4-4 - Applied patch to fix CVE-2013-0200, temporary file vulnerability bug 902163. - Fixed hpijs-marker-supply patch. 3.12.4-3 - Make 'hp-check' check for hpaio set-up correctly bug 683007. 3.12.4-2 - Added more fixes from Fedora bug 731900. 3.12.4-1 - Re-based to 3.12.4 with fixes from Fedo...

PT-2013-1100 · Debian +2 · Debian +2

Name of the Vulnerable Software and Affected Versions: Debian GNU/Linux versions prior to 3.8.11 Linux kernel versions prior to 3.8.11 Description: The issue concerns multiple vulnerabilities in the Linux package of the Debian GNU/Linux operating system, which can be exploited by a local attacker...

PT-2013-1113 · Debian +4 · Debian +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.8.8 Debian GNU/Linux affected versions not specified Description: The issue affects the Linux kernel, specifically the ftrace implementation, allowing local users to cause a denial of service or possibly have...

kernel: kvm: invalid opcode oops on SET_SREGS with OSXSAVE bit set

The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service kernel OOPS by using the KVMSETSREGS ioctl to set the X86CR4OSXSAVE bit in the guest cr4 register, then calling the KVMRUN ioctl...