Exodus v0.10 uri handler arbitrary parameter injection

-------------------------------------------------------------------------------- Exodus v0.10 uri handler arbitrary parameter injection by Nine:Situations:Group::strawdog tested against IE8b/xpsp3 may not work against non-English systems because of an installation bug...

Code injection

sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service OOPS via an INIT-ACK that states the peer does not support AUTH, which causes the sctpprocessinit function to clean up active transports and triggers the OOPS when the T1-Init timer expires...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise MRG 1.0. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

openSUSE 10 Security Update : kernel (kernel-5339)

This kernel update fixes the following security problems: CVE-2008-2136: A problem in SIT IPv6 tunnel handling could be used by remote attackers to immediately crash the machine. CVE-2008-1615: On x8664 a denial of service attack could be used by local attackers to immediately panic / crash the...

GLSA-200805-18 : Mozilla products: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200805-18 Mozilla products: Multiple vulnerabilities The following vulnerabilities were reported in all mentioned Mozilla products: Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul Nickerson reported browser...

kernel security update

CentOS Errata and Security Advisory CESA-2008:0275 Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

kernel: infinite loop in highres timers (kernel hang)

Integer overflow in the hrtimerforward function hrtimer.c in Linux kernel 2.6.21-rc4, when running on 64-bit systems, allows local users to cause a denial of service infinite loop via a timer with a large expiry value, which causes the timer to always be expired...

RHEL 5 : kernel (RHSA-2008:0275)

Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

Debian DSA-1484-1 : xulrunner - several vulnerabilities

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0412 Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discover...

Debian DSA-1485-2 : icedove - several vulnerabilities

Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0412 Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul...

Mozilla Foundation Security Advisory 2008-08

Mozilla Foundation Security Advisory 2008-08 Title: File action dialog tampering Impact: Moderate Announced: February 7, 2008 Reporter: Michal Zalewski Products: Firefox, Thunderbird Fixed in: Firefox 2.0.0.12 Thunderbird 2.0.0.12 Description Security researcher Michal Zalewski demonstrated that...

CVE-2008-0591

Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka...

CVE-2008-0591

Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka...

CVE-2008-0591

Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka...

Mozilla information disclosure flaw

Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka...

Mozilla information disclosure flaw

Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka...

SuSE 10 Security Update : xen (ZYPP Patch Number 4766)

This update fixes various Xen issues. Two security problems were fixed: CVE-2007-5906: Xen allowed virtual guest system users to cause a denial of service hypervisor crash by using a debug register DR7 to set certain breakpoints. - Xen 3.1.1 does not prevent modification of the CR4 TSC from...

Linux Kernel 'hrtimers'本地拒绝服务漏洞

Linux是一款开放源代码的操作系统。 Linux不正确处理部分'hrtimers'相对超时值，本地攻击者可以利用漏洞对系统进行拒绝服务攻击。 使用超大超时值的相对'hrtimers'，当hrtimerstart中当前时间增加时可导致出现负timer值，最后引起clockeventssetnext函数设置一个超大超时并睡眠很长的一段时间，造成拒绝服务攻击。 Linux kernel 2.6.23 .7 Linux kernel 2.6.23 .6 Linux kernel 2.6.23 .5 Linux kernel 2.6.23 .4 Linux kernel 2.6.23 .3...

Fedora Core 6 : kernel-2.6.22.1-32.fc6 (2007-655)

Rebase kernel to 2.6.22.1: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.1 Includes the CFS scheduler from upstream kernel 2.6.23. Fixes since initial 2.6.22 test kernel was released: Fix timer problems and failure to boo...