kernel: cifs: fix potential buffer overruns when converting unicode strings sent by server

Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service memory corruption and possibly have unspecified other impact via 1 a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or ...

PT-2009-4831 · Scmpx · Scmpx

Name of the Vulnerable Software and Affected Versions: SCMPX version 1.5.1 Description: The issue allows remote attackers to cause a denial of service, resulting in an application crash, or execute arbitrary code via a long string in a .m3u playlist file. Recommendations: For SCMPX version 1.5.1,...

RedHat Security Advisory RHSA-2009:1106

The remote host is missing updates to the Linux kernel announced in advisory RHSA-2009:1106. Security fixes: several flaws were found in the way the Linux kernel CIFS implementation handles Unicode strings. CIFS clients convert Unicode strings sent by a server to their local character sets, and...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

kernel: cifs: fix potential buffer overruns when converting unicode strings sent by server

Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service memory corruption and possibly have unspecified other impact via 1 a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or ...

Debian DSA-1813-1 : evolution-data-server - Several vulnerabilities

Several vulnerabilities have been found in evolution-data-server, the database backend server for the evolution groupware suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0587 It was discovered that evolution-data-server is prone to integer...

[SECURITY] [DSA 1813-1] New evolution-data-server packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-1813-1 [email protected] http://www.debian.org/security/ Steffen Joeris June 08, 2009 http://www.debian.org/security/faq -...

DSA-1813-1 evolution-data-server - several vulnerabilities

Bulletin has no description...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 certain encrypted strings in e-mail headers, related to contrib/decryptheaders.php; 2 PHPSELF; and 3 the que...

CVE-2009-1578

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 certain encrypted strings in e-mail headers, related to contrib/decryptheaders.php; 2 PHPSELF; and 3 the que...

CVE-2009-1578

CVE-2009-1578 affects SquirrelMail < 1.4.18 and NaSMail

PT-2009-3742 · Mozilla +1 · Firefox +1

Name of the Vulnerable Software and Affected Versions: Pango versions prior to 1.24 Description: The issue is related to an integer overflow in the pango glyph string set size function, which can be triggered by a long glyph string. This can cause a denial of service, resulting in an application...

UBUNTU-CVE-2009-1553

Multiple cross-site scripting XSS vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to 1 applications/applications.jsf, 2 configuration/configuration.jsf, 3 customMBeans/customMBeans.jsf, ...

DEBIAN-CVE-2009-0148

Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as 1 source-code tokens and 2 pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541...

[20090603] - Core - Frontend XSS

Some values were output from the database without being properly escaped. Most strings in question were sourced from the administrator panel...

Mandriva Update for qt MDKSA-2007:183 (qt)

Check for the Version of qt OpenVAS Vulnerability Test Mandriva Update for qt MDKSA-2007:183 qt Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

Mandriva Update for vinagre MDVSA-2008:240 (vinagre)

Check for the Version of vinagre OpenVAS Vulnerability Test Mandriva Update for vinagre MDVSA-2008:240 vinagre Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Directory traversal

Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. dot dot in a URI that matches the Exclude-Strings list, as demonstrated by a /setup/setup-/...

Ubuntu: Security Advisory (USN-638-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-438-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...