Marcus OVAL Generator5.52012-08-30T04:04:57CVE-2001-1267SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unknown.
CVE-2002-0399SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer.Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms.DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop.Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (memory consumption).
CVE-2003-0020SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unknown.
CVE-2003-0190SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
CVE-2003-0856SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
iproute 2.4.7 and earlier allows local users to cause a denial of service via spoofed messages as other users to the kernel netlink interface.
CVE-2004-0110SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
CVE-2004-0452SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.
CVE-2004-0457SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2004-0494SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI.
CVE-2004-0504SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients.
CVE-2004-0505SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors.
CVE-2004-0506SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors that cause a null pointer dereference.
CVE-2004-0507SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
CVE-2004-0558SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The Internet Printing Protocol (IPP) implementation in CUPS before 1.1.21 allows remote attackers to cause a denial of service (service hang) via a certain UDP packet to the IPP port.
CVE-2004-0597SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.
CVE-2004-0598SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference.
CVE-2004-0599SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image.
CVE-2004-0600SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.
CVE-2004-0630SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for x86
The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via shell metacharacters ("`" or backtick) in the filename of the PDF file that is provided to the uudecode command.
CVE-2004-0631SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for x86
Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via a long filename for the PDF file that is provided to the uudecode command.
CVE-2004-0633SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.
CVE-2004-0634SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.
CVE-2004-0635SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.
CVE-2004-0656SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections.
CVE-2004-0686SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.
CVE-2004-0687SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
CVE-2004-0688SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
CVE-2004-0689SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.
CVE-2004-0690SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory.
CVE-2004-0691SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.
CVE-2004-0692SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693.
CVE-2004-0693SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0692.
CVE-2004-0700SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
CVE-2004-0718SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
CVE-2004-0721SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
CVE-2004-0722SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.
CVE-2004-0747SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
CVE-2004-0748SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
CVE-2004-0751SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
CVE-2004-0757SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.
CVE-2004-0758SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid.
CVE-2004-0759SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an <input type="file"> tag.
CVE-2004-0760SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI.
CVE-2004-0761SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.
CVE-2004-0762SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.
CVE-2004-0763SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.
CVE-2004-0764SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.
CVE-2004-0765SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.
CVE-2004-0771SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.
CVE-2004-0782SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).
CVE-2004-0783SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).
CVE-2004-0786SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
CVE-2004-0788SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file.
CVE-2004-0792SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.
CVE-2004-0794SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple signal handler race conditions in lukemftpd (aka tnftpd before 20040810) allow remote authenticated attackers to cause a denial of service or execute arbitrary code.
CVE-2004-0796SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to cause a denial of service via certain malformed messages.
CVE-2004-0801SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands.
CVE-2004-0803SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
CVE-2004-0804SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.
CVE-2004-0807SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.
CVE-2004-0808SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided.
CVE-2004-0809SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
CVE-2004-0814SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch.
CVE-2004-0817SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
CVE-2004-0832SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy.
CVE-2004-0835SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.
CVE-2004-0836SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).
CVE-2004-0837SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.
CVE-2004-0883SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function.
CVE-2004-0884SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.
CVE-2004-0885SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
CVE-2004-0886SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
CVE-2004-0888SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
CVE-2004-0889SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
CVE-2004-0902SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.
CVE-2004-0903SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
CVE-2004-0904SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
CVE-2004-0905SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
CVE-2004-0906SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.
CVE-2004-0908SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.
CVE-2004-0918SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.
CVE-2004-0929SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image.
CVE-2004-0930SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.
CVE-2004-0938SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet.
CVE-2004-0940SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
CVE-2004-0942SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
CVE-2004-0947SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.
CVE-2004-0949SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times.
CVE-2004-0956SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote.
CVE-2004-0957SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.
CVE-2004-0960SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.
CVE-2004-0961SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.
CVE-2004-0983SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
CVE-2004-0986SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers.
CVE-2004-0989SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
CVE-2004-0990SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.
CVE-2004-1004SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
CVE-2004-1005SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
CVE-2004-1010SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname.
CVE-2004-1016SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system hang) via crafted auxiliary messages that are passed to the sendmsg function, which causes a deadlock condition.
CVE-2004-1019SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.
CVE-2004-1025SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.
CVE-2004-1026SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.
CVE-2004-1029SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for x86
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
CVE-2004-1065SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.
CVE-2004-1068SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition.
CVE-2004-1070SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code.
CVE-2004-1071SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.
CVE-2004-1072SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code.
CVE-2004-1073SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.
CVE-2004-1074SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The binfmt functionality in the Linux kernel, when "memory overcommit" is enabled, allows local users to cause a denial of service (kernel oops) via a malformed a.out binary.
CVE-2004-1079SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs 2.2.4, and possibly other versions, may allow local users to gain privileges via a long -T option.
CVE-2004-1125SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.
CVE-2004-1137SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.
CVE-2004-1139SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash).
CVE-2004-1140SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (application hang) and possibly fill available disk space via an invalid RTP timestamp.
CVE-2004-1141SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote attackers to cause a denial of service (application crash) via a certain packet that causes the dissector to access previously-freed memory.
CVE-2004-1142SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.
CVE-2004-1145SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.
CVE-2004-1151SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in the (1) sys32_ni_syscall and (2) sys32_vm86_warning functions in sys_ia32.c for Linux 2.6.x may allow local attackers to modify kernel memory and gain privileges.
CVE-2004-1152SUSE CORE 9 for x86
Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary code via an e-mail message with a crafted PDF attachment.
CVE-2004-1154SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.
CVE-2004-1158SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
CVE-2004-1170SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
CVE-2004-1176SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
CVE-2004-1177SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.
CVE-2004-1183SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file.
CVE-2004-1184SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.
CVE-2004-1185SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.
CVE-2004-1186SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash).
CVE-2004-1235SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
CVE-2004-1267SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file.
CVE-2004-1268SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors.
CVE-2004-1304SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.
CVE-2004-1333SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.
CVE-2004-1456SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
filediff in CVStrac allows remote attackers to execute arbitrary commands via shell metacharacters in rcsinfo.
CVE-2004-1470SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions before 1.0b1, allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server.
CVE-2004-1487SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences.
CVE-2004-1488SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.
CVE-2004-1772SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.
CVE-2004-2652SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null dereference.
CVE-2004-2655SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen.
CVE-2004-2658SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types.
CVE-2004-2680SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
CVE-2005-0006SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (infinite loop).
CVE-2005-0007SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (application crash from assertion).
CVE-2005-0008SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through 0.10.8 allows remote attackers to cause "memory corruption."
CVE-2005-0009SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (application crash).
CVE-2005-0010SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through 0.10.8 allows remote attackers to cause a denial of service by triggering a free of statically allocated memory.
CVE-2005-0013SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
nwclient.c in ncpfs before 2.2.6 does not drop root privileges before executing utilities using the NetWare client functions, which allows local users to gain privileges.
CVE-2005-0014SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote malicious NetWare servers to execute arbitrary code on the NetWare client.
CVE-2005-0064SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.
CVE-2005-0077SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.
CVE-2005-0084SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 allows remote attackers to execute arbitrary code via a crafted packet.
CVE-2005-0085SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.
CVE-2005-0088SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL.
CVE-2005-0089SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.
CVE-2005-0094SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.
CVE-2005-0095SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.
CVE-2005-0096SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption).
CVE-2005-0097SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.
CVE-2005-0135SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for Itanium Processor Family
The unw_unwind_to_user function in unwind.c on Itanium (ia64) architectures in Linux kernel 2.6 allows local users to cause a denial of service (system crash).
CVE-2005-0136SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor Family
The Linux kernel before 2.6.11 on the Itanium IA64 platform has certain "ptrace corner cases" that allow local users to cause a denial of service (crash) via crafted syscalls, possibly related to MCA/INIT, a different vulnerability than CVE-2005-1761.
CVE-2005-0155SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.
CVE-2005-0156SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
CVE-2005-0160SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor Family
Multiple buffer overflows in unace 1.2b allow attackers to execute arbitrary code via (1) 2 overflows in ACE archives, (2) a long command line argument, or (3) certain "Ready for next volume" messages.
CVE-2005-0161SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor Family
Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing (1) ../ sequences or (2) absolute pathnames.
CVE-2005-0177SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, which allows attackers to cause a denial of service (kernel crash) via a buffer overflow.
CVE-2005-0179SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of service (CPU and memory consumption) and bypass RLIM_MEMLOCK limits via the mlockall call.
CVE-2005-0198SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.
CVE-2005-0202SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.
CVE-2005-0209SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via crafted IP packet fragments.
CVE-2005-0210SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a denial of service (memory consumption) via certain packet fragments that are reassembled twice, which causes a data structure to be allocated twice.
CVE-2005-0211SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.
CVE-2005-0227SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension.
CVE-2005-0241SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.
CVE-2005-0244SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command.
CVE-2005-0245SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function (gram.y), which leads to a heap-based buffer overflow, a different vulnerability than CVE-2005-0247.
CVE-2005-0246SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The intagg contrib module for PostgreSQL 8.0.0 and earlier allows attackers to cause a denial of service (crash) via crafted arrays.
CVE-2005-0247SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245.
CVE-2005-0366SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed.
CVE-2005-0373SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
CVE-2005-0384SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client.
CVE-2005-0400SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block.
CVE-2005-0446SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure.
CVE-2005-0449SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) or bypass firewall rules via crafted packets, which are not properly handled by the skb_checksum_help function.
CVE-2005-0468SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in the env_opt_add function in telnet.c for various BSD-based Telnet clients allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers more memory than allocated.
CVE-2005-0469SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.
CVE-2005-0488SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
CVE-2005-0504SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows local users to execute arbitrary code via a certain modified length value.
CVE-2005-0524SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a -8 size value.
CVE-2005-0525SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which causes a negative length value to be passed to php_stream_seek.
CVE-2005-0529SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset arguments to the proc_file_read and locks_read_proc functions, which leads to a heap-based buffer overflow when a signed comparison causes negative integers to be used in a positive context.
CVE-2005-0530SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Signedness error in the copy_from_read_buf function in n_tty.c for Linux kernel 2.6.10 and 2.6.11rc1 allows local users to read kernel memory via a negative argument.
CVE-2005-0532SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4, when running on 64-bit architectures, may allow local users to trigger a buffer overflow as a result of casting discrepancies between size_t and int data types.
CVE-2005-0605SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
CVE-2005-0626SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.
CVE-2005-0664SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a JPEG image with a crafted EXIF tag.
CVE-2005-0699SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values.
CVE-2005-0706SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected.
CVE-2005-0709SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.
CVE-2005-0710SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function.
CVE-2005-0711SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.
CVE-2005-0718SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.
CVE-2005-0739SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and pduval_to_str functions.
CVE-2005-0749SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to cause a denial of service (kernel crash) via a crafted ELF library or executable, which causes a free of an invalid pointer.
CVE-2005-0836SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file.
CVE-2005-0916SUSE CORE 9 for IBM POWER
AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with CONFIG_HUGETLB_PAGE enabled allows local users to cause a denial of service (system panic) via a process that executes the io_queue_init function but exits without running io_queue_release, which causes exit_aio and is_hugepage_only_range to fail.
CVE-2005-0961SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title.
CVE-2005-1041SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The fib_seq_start function in fib_hash.c in Linux kernel allows local users to cause a denial of service (system crash) via /proc/net/route.
CVE-2005-1042SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count.
CVE-2005-1043SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.
CVE-2005-1046SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file.
CVE-2005-1111SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
CVE-2005-1127SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.
CVE-2005-1151SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
qpopper 4.0.5 and earlier does not properly drop privileges before processing certain user-supplied files, which allows local users to overwrite or create arbitrary files as root.
CVE-2005-1152SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
popauth.c in qpopper 4.0.5 and earlier does not properly set the umask, which may cause qpopper to create files with group or world-writable permissions.
CVE-2005-1229SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.
CVE-2005-1260SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
CVE-2005-1263SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the create_elf_tables function, causes a negative length argument to pass a signed integer comparison, leading to a buffer overflow.
CVE-2005-1268SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
CVE-2005-1278SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet.
CVE-2005-1279SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function.
CVE-2005-1280SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4.
CVE-2005-1345SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.
CVE-2005-1349SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation.
CVE-2005-1409SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability."
CVE-2005-1410SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments.
CVE-2005-1431SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c.
CVE-2005-1454SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries.
CVE-2005-1455SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash).
CVE-2005-1519SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.
CVE-2005-1544SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag.
CVE-2005-1625SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for x86
Stack-based buffer overflow in the UnixAppOpenFilePerform function in Adobe Reader 5.0.9 and 5.0.10 for Unix allows remote attackers to execute arbitrary code via a PDF document with a long /Filespec tag.
CVE-2005-1686SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.
CVE-2005-1765SUSE CORE 9 for AMD64 and Intel EM64T
syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, when running in 32-bit compatibility mode, allows local users to cause a denial of service (kernel hang) via crafted arguments.
CVE-2005-1768SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor Family
Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow.
CVE-2005-1848SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors that cause an out-of-bounds memory read.
CVE-2005-1849SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.
CVE-2005-1918SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".
CVE-2005-1920SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information.
CVE-2005-1921SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
CVE-2005-1974SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 and 5.0 Update 1 and J2SE 1.4.2 up to 1.4.2_07, as used in multiple products and platforms including (1) HP-UX and (2) APC PowerChute, allows applications to assign permissions to themselves and gain privileges.
CVE-2005-1992SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.
CVE-2005-1993SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.
CVE-2005-2040SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in the getterminaltype function in telnetd for Heimdal before 0.6.5 may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2005-0468 and CVE-2005-0469.
CVE-2005-2069SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
CVE-2005-2088SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
CVE-2005-2090SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
CVE-2005-2096SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
CVE-2005-2177SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a TCP packet of length 1, which triggers an infinite loop.
CVE-2005-2231SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
High Availability Linux Project Heartbeat 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2005-2335SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier.
CVE-2005-2337SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).
CVE-2005-2360SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through 0.10.11 allows remote attackers to cause a denial of service (free static memory and application crash) via unknown attack vectors.
CVE-2005-2361SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector, (3) DOCSIS dissector, (4) SCTP graphs, (5) HTTP dissector, (6) DCERPC, (7) DHCP, (8) RADIUS dissector, (9) Telnet dissector, (10) IS-IS LSP dissector, or (11) NCP dissector in Ethereal 0.8.19 through 0.10.11 allows remote attackers to cause a denial of service (application crash or abort) via unknown attack vectors.
CVE-2005-2362SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unknown vulnerability several dissectors in Ethereal 0.9.0 through 0.10.11 allows remote attackers to cause a denial of service (application crash) by reassembling certain packets.
CVE-2005-2363SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector, (3) DHCP, (4) MEGACO dissector, or (5) H1 dissector in Ethereal 0.8.15 through 0.10.11 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.
CVE-2005-2364SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) CAMEL dissector in Ethereal 0.8.20 through 0.10.11 allows remote attackers to cause a denial of service (application crash) via certain packets that cause a null pointer dereference.
CVE-2005-2365SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through 0.10.11 allows remote attackers to cause a buffer overflow or a denial of service (memory consumption) via unknown attack vectors.
CVE-2005-2366SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows remote attackers to cause a denial of service (abort or infinite loop) via unknown attack vectors.
CVE-2005-2367SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Format string vulnerability in the proto_item_set_text function in Ethereal 0.9.4 through 0.10.11, as used in multiple dissectors, allows remote attackers to write to arbitrary memory locations and gain privileges via a crafted AFP packet.
CVE-2005-2456SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array.
CVE-2005-2457SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The driver for compressed ISO file systems (zisofs) in the Linux kernel before 2.6.12.5 allows local users and remote attackers to cause a denial of service (kernel crash) via a crafted compressed ISO file system.
CVE-2005-2458SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows remote attackers to cause a denial of service (kernel crash) via a compressed file with "improper tables".
CVE-2005-2459SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerbility than CVE-2005-2458.
CVE-2005-2470SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for x86
Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 through 7.0.2 and Acrobat 5.0 through 7.0.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
CVE-2005-2471SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands.
CVE-2005-2490SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the sendmsg function call in the Linux kernel 2.6 before 2.6.13.1 allows local users execute arbitrary code by calling sendmsg and modifying the message contents in another thread.
CVE-2005-2491SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
CVE-2005-2495SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image.
CVE-2005-2498SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.
CVE-2005-2555SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c.
CVE-2005-2558SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field.
CVE-2005-2700SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.
CVE-2005-2701SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.
CVE-2005-2702SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters.
CVE-2005-2703SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.
CVE-2005-2704SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface.
CVE-2005-2705SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.
CVE-2005-2706SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.
CVE-2005-2707SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.
CVE-2005-2728SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
CVE-2005-2794SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING.
CVE-2005-2796SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests.
CVE-2005-2797SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.
CVE-2005-2800SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Memory leak in the seq_file implemenetation in the SCSI procfs interface (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a denial of service (memory consumption) via certain repeated reads from the /proc/scsi/sg/devices file, which is not properly handled when the next() iterator returns NULL or an error.
CVE-2005-2872SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The ipt_recent kernel module (ipt_recent.c) in Linux kernel before 2.6.12, when running on 64-bit processors such as AMD64, allows remote attackers to cause a denial of service (kernel panic) via certain attacks such as SSH brute force, which leads to memset calls using a length based on the u_int32_t type, acting on an array of unsigned long elements, a different vulnerability than CVE-2005-2873.
CVE-2005-2876SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags.
CVE-2005-2917SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).
CVE-2005-2933SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely.
CVE-2005-2945SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by (1) arc (arc.c) or (2) marc (marc.c).
CVE-2005-2958SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary code.
CVE-2005-2969SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.
CVE-2005-2970SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
CVE-2005-2973SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows local users to cause a denial of service (infinite loop and crash).
CVE-2005-2974SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
libungif library before 4.1.0 allows attackers to cause a denial of service via a crafted GIF file that triggers a null dereference.
CVE-2005-2975SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.
CVE-2005-2976SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.
CVE-2005-2978SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack.
CVE-2005-2992SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945.
CVE-2005-3011SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2005-3013SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE Linux 9.3 allows local users to execute arbitrary code via a long Loc entry.
CVE-2005-3044SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local users to cause a denial of service (kernel OOPS from null dereference) via (1) fput in a 32-bit ioctl on 64-bit x86 systems or (2) sockfd_put in the 32-bit routing_ioctl function on 64-bit systems.
CVE-2005-3054SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory.
CVE-2005-3055SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference.
CVE-2005-3110SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, when running on an SMP system that is operating under a heavy load, might allow remote attackers to cause a denial of service (crash) via a series of packets that cause a value to be modified after it has been read but before it has been locked.
CVE-2005-3180SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, which allows remote attackers to obtain sensitive information.
CVE-2005-3184SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow vulnerability in the unicode_to_bytes in the Service Location Protocol (srvloc) dissector (packet-srvloc.c) in Ethereal allows remote attackers to execute arbitrary code via a srvloc packet with a modified length value.
CVE-2005-3185SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username.
CVE-2005-3186SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.
CVE-2005-3191SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index.
CVE-2005-3192SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.
CVE-2005-3239SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2_walk_property_tree function.
CVE-2005-3241SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors in the (1) ISAKMP, (2) FC-FCS, (3) RSVP, and (4) ISIS LSP dissector.
CVE-2005-3242SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (crash) via unknown vectors in (1) the IrDA dissector and (2) the SMB dissector when SMB transaction payload reassembly is enabled.
CVE-2005-3243SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in Ethereal 0.10.12 and earlier might allow remote attackers to execute arbitrary code via unknown vectors in the (1) SLIMP3 and (2) AgentX dissector.
CVE-2005-3244SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
CVE-2005-3245SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the ONC RPC dissector in Ethereal 0.10.3 to 0.10.12, when the "Dissect unknown RPC program numbers" option is enabled, allows remote attackers to cause a denial of service (memory consumption).
CVE-2005-3246SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (null dereference) via unknown vectors in the (1) SCSI, (2) sFlow, or (3) RTnet dissectors.
CVE-2005-3247SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
CVE-2005-3248SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the X11 dissector in Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (divide-by-zero) via unknown vectors.
CVE-2005-3249SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the WSP dissector in Ethereal 0.10.1 to 0.10.12 allows remote attackers to cause a denial of service or corrupt memory via unknown vectors that cause Ethereal to free an invalid pointer.
CVE-2005-3252SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet.
CVE-2005-3256SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message.
CVE-2005-3258SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses.
CVE-2005-3275SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly declares a variable to be static, which allows remote attackers to cause a denial of service (memory corruption) by causing two packets for the same protocol to be NATed at the same time, which leads to memory corruption.
CVE-2005-3303SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file.
CVE-2005-3313SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The IRC protocol dissector in Ethereal 0.10.13 allows remote attackers to cause a denial of service (infinite loop).
CVE-2005-3319SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
CVE-2005-3350SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write.
CVE-2005-3352SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
CVE-2005-3353SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image.
CVE-2005-3356SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The mq_open system call in Linux kernel 2.6.9, in certain situations, can decrement a counter twice ("double decrement") as a result of multiple calls to the mntput function when the dentry_open function call fails, which allows local users to cause a denial of service (panic) via unspecified attack vectors.
CVE-2005-3357SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
CVE-2005-3358SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Linux kernel before 2.6.15 allows local users to cause a denial of service (panic) via a set_mempolicy call with a 0 bitmask, which causes a panic when a page fault occurs.
CVE-2005-3389SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.
CVE-2005-3390SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.
CVE-2005-3391SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd.
CVE-2005-3392SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
CVE-2005-3500SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block.
CVE-2005-3501SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length.
CVE-2005-3510SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
CVE-2005-3570SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".
CVE-2005-3623SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems.
CVE-2005-3632SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow attackers to execute arbitrary code via a crafted PNM file.
CVE-2005-3651SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the dissect_ospf_v3_address_prefix function in the OSPF protocol dissector in Ethereal 0.10.12, and possibly other versions, allows remote attackers to execute arbitrary code via crafted packets.
CVE-2005-3662SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Off-by-one buffer overflow in pnmtopng before 2.39, when using the -alpha command line option (Alphas_Of_Color), allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM file with exactly 256 colors.
CVE-2005-3671SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
CVE-2005-3732SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in racoon in ipsec-tools before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
CVE-2005-3783SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The ptrace functionality (ptrace.c) in Linux kernel 2.6 before 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which allows local users to cause a denial of service (crash).
CVE-2005-3784SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 includes processes with ptrace attached, which leads to a dangling ptrace reference and allows local users to cause a denial of service (crash) and gain root privileges.
CVE-2005-3806SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels 2.4 up to 2.4.32 and 2.6 before 2.6.14 modifies the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a denial of service (crash) by triggering a free of non-allocated memory.
CVE-2005-3848SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Memory leak in the icmp_push_reply function in Linux 2.6 before 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted packets that cause the ip_append_data function to fail, aka "DST leak in icmp_push_reply."
CVE-2005-3858SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Memory leak in the ip6_input_finish function in ip6_input.c in Linux kernel 2.6.12 and earlier might allow attackers to cause a denial of service via malformed IPv6 packets with unspecified parameter problems, which prevents the SKB from being freed.
CVE-2005-3883SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.
CVE-2005-3904SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Java Management Extensions (JMX) in Java JDK and JRE 5.0 Update 3, 1.4.2 and later, 1.3.1 and later allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors.
CVE-2005-3905SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.1_15 and earlier, 1.4.2_08 and earlier, and JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors, a different vulnerability than CVE-2005-3906. NOTE: this is associated with the "first issue" identified in SUNALERT:102003.
CVE-2005-3906SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1.4.2_08 and earlier and JDK and JRE 5.0 Update 3 and earlier allow remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors, a different set of vulnerabilities than CVE-2005-3905. NOTE: this is associated with the "second and third issues" identified in SUNALERT:102003.
CVE-2005-3962SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
CVE-2005-4190SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.
CVE-2005-4268SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.
CVE-2005-4348SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.
CVE-2005-4585SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to 0.10.13 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.
CVE-2005-4772SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013.
CVE-2006-0019SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.
CVE-2006-0049SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.
CVE-2006-0052SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary.
CVE-2006-0058SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.
CVE-2006-0095SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key.
CVE-2006-0150SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
CVE-2006-0208SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.
CVE-2006-0225SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
CVE-2006-0455SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
CVE-2006-0554SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Linux kernel 2.6 before 2.6.15.5 allows local users to obtain sensitive information via a crafted XFS ftruncate call, which may return stale data.
CVE-2006-0555SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The Linux Kernel before 2.6.15.5 allows local users to cause a denial of service (NFS client panic) via unknown attack vectors related to the use of O_DIRECT (direct I/O).
CVE-2006-0557SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not sanity check the maxnod variable before making certain computations for the get_nodes function, which has unknown impact and attack vectors.
CVE-2006-0582SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors.
CVE-2006-0645SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.
CVE-2006-0646SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other users via by running an ld-linked application from the current directory, which could contain an attacker-controlled library file.
CVE-2006-0677SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows remote unauthenticated attackers to cause a denial of service (server crash) via unknown vectors that trigger a null dereference.
CVE-2006-0741SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Linux kernel before 2.6.15.5, when running on Intel processors, allows local users to cause a denial of service ("endless recursive fault") via unknown attack vectors related to a "bad elf entry address."
CVE-2006-0744SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS.
CVE-2006-0747SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values.
CVE-2006-0749SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption.
CVE-2006-0803SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used.
CVE-2006-0855SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code via a crafted ZOO file that causes the combine function to return a longer string than expected.
CVE-2006-0996SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.
CVE-2006-1014SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X arguments to sendmail. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE.
CVE-2006-1015SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE.
CVE-2006-1054SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-1861. Reason: This candidate is a reservation duplicate of CVE-2006-1861. Notes: All CVE users should reference CVE-2006-1861 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2006-1056SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processers in a security-relevant fashion that was not addressed by the kernels.
CVE-2006-1168SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.
CVE-2006-1173SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.
CVE-2006-1242SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to conduct an Idle Scan (nmap -sI) attack, which bypasses intended protections against such attacks.
CVE-2006-1260SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.
CVE-2006-1269SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation. NOTE: since this issue is local and not setuid, the set of attack scenarios is limited, although is reasonable to expect that there are some situations in which the zoo user might automatically list attacker-controlled filenames to add to the zoo archive.
CVE-2006-1342SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.
CVE-2006-1354SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.
CVE-2006-1490SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.
CVE-2006-1494SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function.
CVE-2006-1516SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.
CVE-2006-1517SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message.
CVE-2006-1518SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values.
CVE-2006-1523SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The __group_complete_signal function in the RCU signal handling (signal.c) in Linux kernel 2.6.16, and possibly other versions, has unknown impact and attack vectors related to improper use of BUG_ON.
CVE-2006-1524SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071.
CVE-2006-1525SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users to cause a denial of service (panic) via a request for a route for a multicast IP address, which triggers a null dereference.
CVE-2006-1527SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of service (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed by the for_each_sctp_chunk function.
CVE-2006-1528SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Linux kernel before 2.6.13 allows local users to cause a denial of service (crash) via a dio transfer from the sg driver to memory mapped (mmap) IO space.
CVE-2006-1614SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
CVE-2006-1615SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly.
CVE-2006-1630SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access."
CVE-2006-1721SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.
CVE-2006-1727SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview".
CVE-2006-1728SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.
CVE-2006-1729SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.
CVE-2006-1730SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.
CVE-2006-1731SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
CVE-2006-1732SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array.
CVE-2006-1733SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."
CVE-2006-1734SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function.
CVE-2006-1735SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges.
CVE-2006-1736SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename.
CVE-2006-1737SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression.
CVE-2006-1738SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles.
CVE-2006-1739SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow.
CVE-2006-1740SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site.
CVE-2006-1741SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".
CVE-2006-1742SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption.
CVE-2006-1790SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
CVE-2006-1857SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk.
CVE-2006-1858SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters.
CVE-2006-1861SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.
CVE-2006-1863SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1864.
CVE-2006-1864SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1863.
CVE-2006-1931SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data.
CVE-2006-1932SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Off-by-one error in the OID printing routine in Ethereal 0.10.x up to 0.10.14 has unknown impact and remote attack vectors.
CVE-2006-1933SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (large or infinite loops) viarafted packets to the (1) UMA and (2) BER dissectors.
CVE-2006-1934SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) ALCAP dissector, (2) Network Instruments file code, or (3) NetXray/Windows Sniffer file code.
CVE-2006-1935SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the COPS dissector.
CVE-2006-1936SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote attackers to execute arbitrary code via the telnet dissector.
CVE-2006-1937SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) multiple vectors in H.248, and the (2) X.509if, (3) SRVLOC, (4) H.245, (5) AIM, and (6) general packet dissectors; and (7) the statistics counter.
CVE-2006-1938SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via the (1) Sniffer capture or (2) SMB PIPE dissector.
CVE-2006-1939SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) an invalid display filter, or the (2) GSM SMS, (3) ASN.1-based, (4) DCERPC NT, (5) PER, (6) RPC, (7) DCERPC, and (8) ASN.1 dissectors.
CVE-2006-1940SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows remote attackers to cause a denial of service (abort) via the SNDCP dissector.
CVE-2006-1989SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.
CVE-2006-1990SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396.
CVE-2006-1991SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument.
CVE-2006-2024SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.
CVE-2006-2025SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.
CVE-2006-2026SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions."
CVE-2006-2162SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header.
CVE-2006-2191SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
** DISPUTED ** Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable."
CVE-2006-2195SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.
CVE-2006-2223SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.
CVE-2006-2224SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.
CVE-2006-2271SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via an unexpected chunk when the session is in CLOSED state.
CVE-2006-2272SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2) HEARTBEAT SCTP control chunks.
CVE-2006-2274SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function.
CVE-2006-2313SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection."
CVE-2006-2314SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem.
CVE-2006-2362SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.
CVE-2006-2444SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees of previously-freed memory (double-free) by snmp_trap_decode as well as its calling function, as demonstrated via certain test cases of the PROTOS SNMP test suite.
CVE-2006-2447SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
CVE-2006-2448SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required access_ok checks, which allows local users to read arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of service (crash) and possibly read kernel memory on 32-bit systems (signal_32.c).
CVE-2006-2449SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login.
CVE-2006-2451SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and possibly gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions.
CVE-2006-2452SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
CVE-2006-2493SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-1861. Reason: This candidate is a duplicate of CVE-2006-1861. Notes: All CVE users should reference CVE-2006-1861 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2006-2563SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters.
CVE-2006-2607SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf.
CVE-2006-2656SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
CVE-2006-2657SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-3017. Reason: This candidate is a reservation duplicate of CVE-2006-3017. Notes: All CVE users should reference CVE-2006-3017 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2006-2661SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference.
CVE-2006-2769SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass "uricontent" rules via a carriage return (\r) after the URL and before the HTTP declaration.
CVE-2006-2894SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
CVE-2006-2916SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.
CVE-2006-2934SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kernel 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer.
CVE-2006-2935SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow.
CVE-2006-2936SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued.
CVE-2006-2937SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.
CVE-2006-2940SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.
CVE-2006-2941SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers".
CVE-2006-3082SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.
CVE-2006-3085SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers to cause a denial of service (infinite loop) via an SCTP chunk with a 0 length.
CVE-2006-3121SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message.
CVE-2006-3242SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server.
CVE-2006-3334SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name".
CVE-2006-3403SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests.
CVE-2006-3459SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.
CVE-2006-3460SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize).
CVE-2006-3461SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors.
CVE-2006-3462SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images.
CVE-2006-3463SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop.
CVE-2006-3464SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations".
CVE-2006-3465SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors.
CVE-2006-3467SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861.
CVE-2006-3468SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only.
CVE-2006-3548SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen).
CVE-2006-3549SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server.
CVE-2006-3626SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.
CVE-2006-3627SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark (aka Ethereal) 0.10.11 to 0.99.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors.
CVE-2006-3628SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors.
CVE-2006-3629SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the MOUNT dissector in Wireshark (aka Ethereal) 0.9.4 to 0.99.0 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
CVE-2006-3630SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to 0.99.0 have unknown impact and remote attack vectors via the (1) NCP NMAS and (2) NDPS dissectors.
CVE-2006-3631SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the SSH dissector in Wireshark (aka Ethereal) 0.9.10 to 0.99.0 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.
CVE-2006-3632SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the NFS dissector.
CVE-2006-3636SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-3694SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".
CVE-2006-3738SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.
CVE-2006-3739SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow.
CVE-2006-3740SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections.
CVE-2006-3741SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and 2.6 before 2.6.18, when running on Itanium systems, does not properly track the reference count for file descriptors, which allows local users to cause a denial of service (file descriptor consumption).
CVE-2006-3745SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the sctp_make_abort_user function in the SCTP implementation in Linux 2.6.x before 2.6.17.10 and 2.4.23 up to 2.4.33 allows local users to cause a denial of service (panic) and possibly gain root privileges via unknown attack vectors.
CVE-2006-3746SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message.
CVE-2006-3747SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
CVE-2006-3815SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup.
CVE-2006-3835SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.
CVE-2006-3918SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
CVE-2006-4020SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read.
CVE-2006-4031SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.
CVE-2006-4093SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time."
CVE-2006-4145SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The Universal Disk Format (UDF) filesystem driver in Linux kernel 2.6.17 and earlier allows local users to cause a denial of service (hang and crash) via certain operations involving truncated files, as demonstrated via the dd command.
CVE-2006-4182SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected.
CVE-2006-4250SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag.
CVE-2006-4330SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the SCSI dissector in Wireshark (formerly Ethereal) 0.99.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors.
CVE-2006-4331SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors.
CVE-2006-4332SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the DHCP dissector in Wireshark (formerly Ethereal) 0.10.13 through 0.99.2, when run on Windows, allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a bug in Glib.
CVE-2006-4333SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory.
CVE-2006-4334SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.
CVE-2006-4335SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability."
CVE-2006-4336SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index.
CVE-2006-4337SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.
CVE-2006-4338SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive.
CVE-2006-4339SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.
CVE-2006-4343SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
CVE-2006-4434SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."
CVE-2006-4484SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.
CVE-2006-4514SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in the ole_info_read_metabat function in Gnome Structured File library (libgsf) 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large num_metabat value in an OLE document, which causes the ole_init_info function to allocate insufficient memory.
CVE-2006-4538SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platforms, allows local users to cause a denial of service (crash) via a malformed ELF file that triggers memory maps that cross region boundaries.
CVE-2006-4573SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.
CVE-2006-4574SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that tragger an assertion error related to unexpected length values.
CVE-2006-4600SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).
CVE-2006-4625SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
CVE-2006-4790SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.
CVE-2006-4805SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded.
CVE-2006-4810SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.
CVE-2006-4811SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image.
CVE-2006-4813SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6.x before 2.6.13 does not properly clear buffers during certain error conditions, which allows local users to read portions of files that have been unlinked.
CVE-2006-4924SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
CVE-2006-4925SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.
CVE-2006-4965SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.
CVE-2006-4980SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts.
CVE-2006-4997SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference).
CVE-2006-5051SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
CVE-2006-5052SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."
CVE-2006-5170SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.
CVE-2006-5174SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The copy_from_user function in the uaccess code in Linux kernel 2.6 before 2.6.19-rc1, when running on s390, does not properly clear a kernel buffer, which allows local user space programs to read portions of kernel memory by "appending to a file from a bad address," which triggers a fault that prevents the unused memory from being cleared in the kernel buffer.
CVE-2006-5295SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location."
CVE-2006-5465SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.
CVE-2006-5467SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID.
CVE-2006-5468SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors.
CVE-2006-5469SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the WBXML dissector in Wireshark (formerly Ethereal) 0.10.11 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger a null dereference.
CVE-2006-5540SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."
CVE-2006-5541SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0.x before 8.0.9, and 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via a coercion of an unknown element to ANYARRAY.
CVE-2006-5542SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) related to duration logging of V3-protocol Execute messages for (1) COMMIT and (2) ROLLBACK SQL statements.
CVE-2006-5601SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the eap_do_notify function in eap.c in xsupplicant before 1.2.6, and possibly other versions, allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2006-5648SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create processes that cannot be killed.
CVE-2006-5649SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified vectors.
CVE-2006-5740SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the LDAP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via a crafted LDAP packet.
CVE-2006-5749SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash.
CVE-2006-5752SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
CVE-2006-5753SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors.
CVE-2006-5754SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The aio_setup_ring function in Linux kernel does not properly initialize a variable, which allows local users to cause a denial of service (crash) via an unspecified error path that causes an incorrect free operation.
CVE-2006-5757SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures.
CVE-2006-5779SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.
CVE-2006-5793SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read.
CVE-2006-5794SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.
CVE-2006-5823SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using cramfs.
CVE-2006-5857SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for x86
Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering.
CVE-2006-5864SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.
CVE-2006-5867SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.
CVE-2006-5871SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings.
CVE-2006-5874SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference.
CVE-2006-5876SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values.
CVE-2006-5974SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions.
CVE-2006-6053SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 stream with malformed data structures.
CVE-2006-6054SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stream with malformed data structures that triggers an error in the ext2_check_page due to a length that is smaller than the minimum.
CVE-2006-6056SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux hooks are enabled, allows local users to cause a denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in the superblock_doinit function, as demonstrated using an HFS filesystem image.
CVE-2006-6060SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a malformed NTFS file stream that triggers an infinite loop in the __find_get_block_slow function.
CVE-2006-6077SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.
CVE-2006-6097SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.
CVE-2006-6101SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures.
CVE-2006-6102SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.
CVE-2006-6103SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.
CVE-2006-6106SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in the cmtp_recv_interopmsg function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via CAPI messages with a large value for the length of the (1) manu (manufacturer) or (2) serial (serial number) field.
CVE-2006-6169SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt.
CVE-2006-6235SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
CVE-2006-6297SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service (stack consumption) via a crafted EXIF section in a JPEG file, which results in an infinite recursion.
CVE-2006-6303SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467.
CVE-2006-6383SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path.
CVE-2006-6406SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.
CVE-2006-6481SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406.
CVE-2006-6535SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable.
CVE-2006-6731SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. NOTE: some of these details are obtained from third party information.
CVE-2006-6736SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The second issue."
CVE-2006-6737SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 5 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_10 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The first issue."
CVE-2006-6745SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE.
CVE-2006-6772SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL.
CVE-2006-7203SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The compat_sys_mount function in fs/compat.c in Linux kernel 2.6.20 and earlier allows local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode ("mount -t smbfs").
CVE-2006-7224SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7227, CVE-2005-4872, CVE-2006-7228. Reason: this candidate was SPLIT into other identifiers in order to reflect different affected versions and distinct vendor fixes. Notes: All CVE users should consult CVE-2006-7227, CVE-2005-4872, and CVE-2006-7228 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2006-7225SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a [[ sequence.
CVE-2006-7226SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of service (error or crash).
CVE-2006-7228SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
CVE-2006-7230SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions.
CVE-2006-7232SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.
CVE-2007-0008SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.
CVE-2007-0009SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.
CVE-2007-0010SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.
CVE-2007-0044SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for x86
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."
CVE-2007-0045SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for x86
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."
CVE-2007-0046SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for x86
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
CVE-2007-0047SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for x86
CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
CVE-2007-0048SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for x86
Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue."
CVE-2007-0062SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients.
CVE-2007-0104SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
CVE-2007-0234SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-0243. Reason: This candidate is a duplicate of CVE-2007-0243. Notes: All CVE users should reference CVE-2007-0243 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2007-0235SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which triggers the overflow in gnome-system-monitor.
CVE-2007-0242SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.
CVE-2007-0243SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.
CVE-2007-0247SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.
CVE-2007-0248SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.
CVE-2007-0450SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
CVE-2007-0452SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop.
CVE-2007-0537SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478.
CVE-2007-0555SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content.
CVE-2007-0556SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.
CVE-2007-0653SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption.
CVE-2007-0654SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow.
CVE-2007-0720SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted.
CVE-2007-0775SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors.
CVE-2007-0776SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.
CVE-2007-0777SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.
CVE-2007-0778SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache.
CVE-2007-0779SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor.
CVE-2007-0780SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.
CVE-2007-0800SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.
CVE-2007-0855SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted, password-protected archive.
CVE-2007-0897SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.
CVE-2007-0898SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.
CVE-2007-0906SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825).
CVE-2007-0907SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.
CVE-2007-0908SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.
CVE-2007-0909SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.
CVE-2007-0910SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.
CVE-2007-0911SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).
CVE-2007-0981SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
CVE-2007-0988SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.
CVE-2007-0995SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.
CVE-2007-0996SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
CVE-2007-1001SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values.
CVE-2007-1003SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.
CVE-2007-1095SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.
CVE-2007-1263SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.
CVE-2007-1285SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
CVE-2007-1349SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
CVE-2007-1351SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
CVE-2007-1352SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.
CVE-2007-1353SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copy_from_user function accessing an uninitialized stack buffer.
CVE-2007-1357SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before 2.6.21, and possibly 2.4.x, allows remote attackers to cause a denial of service (crash) via an AppleTalk frame that is shorter than the specified length, which triggers a BUG_ON call when an attempt is made to perform a checksum.
CVE-2007-1358SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
CVE-2007-1362SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."
CVE-2007-1375SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.
CVE-2007-1376SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.
CVE-2007-1380SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.
CVE-2007-1383SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286.
CVE-2007-1396SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address and Referer data, and have other unspecified impact. NOTE: it could be argued that this is a design limitation of PHP and that only the misuse of this feature, i.e. implementation bugs in applications, should be included in CVE. However, it has been fixed by the vendor.
CVE-2007-1461SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories.
CVE-2007-1473SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php.
CVE-2007-1484SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after array_user_key_compare has been called.
CVE-2007-1521SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation.
CVE-2007-1536SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
CVE-2007-1558SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
CVE-2007-1562SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
CVE-2007-1564SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
CVE-2007-1583SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.
CVE-2007-1592SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 inadvertently copies the ipv6_fl_socklist from a listening TCP socket to child sockets, which allows local users to cause a denial of service (OOPS) or double free by opening a listening IPv6 socket, attaching a flow label, and connecting to that socket.
CVE-2007-1659SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.
CVE-2007-1660SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.
CVE-2007-1667SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.
CVE-2007-1700SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable.
CVE-2007-1717SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases when the trailing contents of e-mail messages are important, such as logging information or if the message is expected to be well-formed.
CVE-2007-1718SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.
CVE-2007-1745SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.
CVE-2007-1841SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in Ipsec-tools before 0.6.7 allows remote attackers to cause a denial of service (tunnel crash) via crafted (1) DELETE (ISAKMP_NPTYPE_D) and (2) NOTIFY (ISAKMP_NPTYPE_N) messages.
CVE-2007-1858SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
CVE-2007-1859SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication.
CVE-2007-1860SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
CVE-2007-1863SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
CVE-2007-1864SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.
CVE-2007-1995SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.
CVE-2007-1997SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.
CVE-2007-2022SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.
CVE-2007-2028SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.
CVE-2007-2052SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.
CVE-2007-2292SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.
CVE-2007-2445SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.
CVE-2007-2446SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
CVE-2007-2447SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
CVE-2007-2449SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
CVE-2007-2450SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
CVE-2007-2509SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.
CVE-2007-2525SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized.
CVE-2007-2583SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.
CVE-2007-2645SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable.
CVE-2007-2650SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.
CVE-2007-2654SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.
CVE-2007-2691SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
CVE-2007-2692SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
CVE-2007-2727SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys.
CVE-2007-2741SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.
CVE-2007-2754SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.
CVE-2007-2756SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng.
CVE-2007-2788SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow.
CVE-2007-2789SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty.
CVE-2007-2833SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.
CVE-2007-2867SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues.
CVE-2007-2868SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption.
CVE-2007-2869SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form.
CVE-2007-2870SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site.
CVE-2007-2871SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks.
CVE-2007-2872SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
CVE-2007-2876SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference.
CVE-2007-2926SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.
CVE-2007-2953SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.
CVE-2007-3004SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-2788. Reason: This candidate is a duplicate of CVE-2007-2788. Notes: All CVE users should reference CVE-2007-2788 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2007-3005SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-2789. Reason: This candidate is a duplicate of CVE-2007-2789. Notes: All CVE users should reference CVE-2007-2789 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2007-3007SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function.
CVE-2007-3023SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.
CVE-2007-3024SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files.
CVE-2007-3025SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions.
CVE-2007-3089SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568.
CVE-2007-3105SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving "bound check ordering". NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root.
CVE-2007-3106SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors.
CVE-2007-3122SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR.
CVE-2007-3123SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.
CVE-2007-3285SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would.
CVE-2007-3304SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
CVE-2007-3377SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin.
CVE-2007-3382SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
CVE-2007-3385SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
CVE-2007-3387SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
CVE-2007-3388SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message.
CVE-2007-3389SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.
CVE-2007-3390SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain systems, allows remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP.
CVE-2007-3391SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop.
CVE-2007-3392SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop.
CVE-2007-3393SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets.
CVE-2007-3409SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.
CVE-2007-3472SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact.
CVE-2007-3475SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map.
CVE-2007-3476SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.
CVE-2007-3477SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.
CVE-2007-3478SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.
CVE-2007-3511SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.
CVE-2007-3655SUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file.
CVE-2007-3656SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.
CVE-2007-3670SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
CVE-2007-3698SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.
CVE-2007-3725SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.
CVE-2007-3734SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.
CVE-2007-3735SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.
CVE-2007-3736SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed.
CVE-2007-3737SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document."
CVE-2007-3738SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper.
CVE-2007-3798SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
CVE-2007-3799SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.
CVE-2007-3844SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.
CVE-2007-3845SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."
CVE-2007-3847SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
CVE-2007-3848SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG).
CVE-2007-3922SUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet.
CVE-2007-3996SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.
CVE-2007-3998SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.
CVE-2007-4029SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.
CVE-2007-4033SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.
CVE-2007-4065SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217.
CVE-2007-4066SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array.
CVE-2007-4091SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.
CVE-2007-4131SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
CVE-2007-4137SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable.
CVE-2007-4224SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
CVE-2007-4308SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges.
CVE-2007-4352SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.
CVE-2007-4381SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.
CVE-2007-4394SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors.
CVE-2007-4460SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged.
CVE-2007-4465SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
CVE-2007-4476SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
CVE-2007-4510SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information.
CVE-2007-4560SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
CVE-2007-4565SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
CVE-2007-4571SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.
CVE-2007-4572SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests.
CVE-2007-4573SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.
CVE-2007-4619SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
CVE-2007-4658SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
CVE-2007-4661SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is due to an incomplete fix for CVE-2007-2872.
CVE-2007-4752SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
CVE-2007-4769SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.
CVE-2007-4772SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
CVE-2007-4782SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
CVE-2007-4784SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution.
CVE-2007-4825SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.
CVE-2007-4840SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
CVE-2007-4841SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.
CVE-2007-4879SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.
CVE-2007-4965SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
CVE-2007-5000SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-5116SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
CVE-2007-5135SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
CVE-2007-5137SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. NOTE: this issue is due to an incorrect patch for CVE-2007-5378.
CVE-2007-5198SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location header responses (redirects) with a large number of leading "L" characters.
CVE-2007-5232SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack.
CVE-2007-5236SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted application.
CVE-2007-5237SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulnerabilities."
CVE-2007-5238SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities."
CVE-2007-5239SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.
CVE-2007-5240SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen.
CVE-2007-5269SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations.
CVE-2007-5273SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232.
CVE-2007-5274SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.
CVE-2007-5333SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
CVE-2007-5334SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute.
CVE-2007-5337SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server.
CVE-2007-5338SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed.
CVE-2007-5339SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption or assert errors.
CVE-2007-5340SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption.
CVE-2007-5392SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.
CVE-2007-5393SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.
CVE-2007-5398SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request.
CVE-2007-5461SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
CVE-2007-5497SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.
CVE-2007-5623SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies.
CVE-2007-5760SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index.
CVE-2007-5794SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
CVE-2007-5846SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.
CVE-2007-5848SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.
CVE-2007-5898SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.
CVE-2007-5904SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function.
CVE-2007-5925SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
CVE-2007-5939SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect.
CVE-2007-5947SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.
CVE-2007-5958SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.
CVE-2007-5959SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corruption.
CVE-2007-5960SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.
CVE-2007-5969SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
CVE-2007-6015SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.
CVE-2007-6067SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
CVE-2007-6111SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector.
CVE-2007-6112SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
CVE-2007-6113SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP3 packet.
CVE-2007-6114SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser.
CVE-2007-6115SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors.
CVE-2007-6116SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors.
CVE-2007-6117SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted chunked messages.
CVE-2007-6118SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.
CVE-2007-6119SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.
CVE-2007-6120SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
CVE-2007-6121SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet.
CVE-2007-6151SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which triggers a buffer overflow.
CVE-2007-6167SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory.
CVE-2007-6199SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.
CVE-2007-6200SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.
CVE-2007-6203SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
CVE-2007-6206SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.
CVE-2007-6239SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.
CVE-2007-6282SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV.
CVE-2007-6284SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.
CVE-2007-6303SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.
CVE-2007-6304SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.
CVE-2007-6335SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.
CVE-2007-6336SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file.
CVE-2007-6337SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors.
CVE-2007-6351SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags, possibly involving the exif_loader_write function in exif_loader.c.
CVE-2007-6352SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exif_data_load_data_thumbnail function in exif-data.c.
CVE-2007-6388SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-6427SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.
CVE-2007-6428SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index.
CVE-2007-6429SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension.
CVE-2007-6438SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111.
CVE-2007-6439SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite or large loop) via the (1) IPv6 or (2) USB dissector, which can trigger resource consumption or a crash. NOTE: this identifier originally included Firebird/Interbase, but it is already covered by CVE-2007-6116. The DCP ETSI issue is already covered by CVE-2007-6119.
CVE-2007-6441SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors related to "unaligned access on some platforms."
CVE-2007-6450SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
CVE-2007-6451SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory.
CVE-2007-6595SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled.
CVE-2007-6596SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file.
CVE-2007-6600SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.
CVE-2007-6601SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.
CVE-2007-6698SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability.
CVE-2007-6716SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test.
CVE-2007-6720SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels.
CVE-2007-6725SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function.
CVE-2007-6733SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on an NFS filesystem and then changing this file's permissions, a related issue to CVE-2010-0727.
CVE-2008-0005SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
CVE-2008-0006SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.
CVE-2008-0007SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset.
CVE-2008-0016SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.
CVE-2008-0017SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.
CVE-2008-0053SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file.
CVE-2008-0122SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
CVE-2008-0128SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
CVE-2008-0314SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.
CVE-2008-0318SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.
CVE-2008-0411SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.
CVE-2008-0412SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors.
CVE-2008-0413SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors.
CVE-2008-0414SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing."
CVE-2008-0415SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs."
CVE-2008-0417SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password.
CVE-2008-0418SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.
CVE-2008-0419SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.
CVE-2008-0553SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
CVE-2008-0554SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
CVE-2008-0564SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636.
CVE-2008-0591SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka the "dialog refocus bug" or "ffclick2".
CVE-2008-0592SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Firefox from rendering future plain text files within the browser.
CVE-2008-0593SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.
CVE-2008-0594SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.
CVE-2008-0596SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers.
CVE-2008-0597SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.
CVE-2008-0598SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the 32-bit and 64-bit emulation in the Linux kernel 2.6.9, 2.6.18, and probably other versions allows local users to read uninitialized memory via unknown vectors involving a crafted binary.
CVE-2008-0657SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
CVE-2008-0658SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.
CVE-2008-0728SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption."
CVE-2008-0882SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted UDP Browse packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer. NOTE: some of these details are obtained from third party information.
CVE-2008-0960SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.
CVE-2008-1070SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.
CVE-2008-1071SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.
CVE-2008-1072SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug.
CVE-2008-1100SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file.
CVE-2008-1105SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.
CVE-2008-1145SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
CVE-2008-1185SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186, aka "the first issue."
CVE-2008-1186SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185, aka "the second issue."
CVE-2008-1187SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.
CVE-2008-1188SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues."
CVE-2008-1189SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the "third" issue.
CVE-2008-1190SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the "fourth" issue.
CVE-2008-1191SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190, aka "The fifth issue."
CVE-2008-1192SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors.
CVE-2008-1193SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.
CVE-2008-1194SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors.
CVE-2008-1195SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs.
CVE-2008-1196SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file.
CVE-2008-1232SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
CVE-2008-1233SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution."
CVE-2008-1234SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers."
CVE-2008-1235SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals."
CVE-2008-1236SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.
CVE-2008-1237SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine.
CVE-2008-1238SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms.
CVE-2008-1240SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195.
CVE-2008-1241SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab.
CVE-2008-1367SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.
CVE-2008-1372SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
CVE-2008-1373SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.
CVE-2008-1375SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.
CVE-2008-1377SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
CVE-2008-1379SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height.
CVE-2008-1382SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
CVE-2008-1387SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
CVE-2008-1389SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."
CVE-2008-1391SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.
CVE-2008-1419SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.
CVE-2008-1420SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
CVE-2008-1423SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.
CVE-2008-1447SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
CVE-2008-1483SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
CVE-2008-1612SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.
CVE-2008-1615SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls.
CVE-2008-1673SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding.
CVE-2008-1679SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.
CVE-2008-1683SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-0887. Reason: This candidate is a duplicate of CVE-2008-0887. Notes: All CVE users should reference CVE-2008-0887 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2008-1693SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.
CVE-2008-1767SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.
CVE-2008-1806SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.
CVE-2008-1807SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.
CVE-2008-1808SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow.
CVE-2008-1833SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary.
CVE-2008-1835SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar.
CVE-2008-1836SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read.
CVE-2008-1837SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats.
CVE-2008-1887SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.
CVE-2008-1891SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option.
CVE-2008-1927SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.
CVE-2008-1948SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.
CVE-2008-1949SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
CVE-2008-1950SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.
CVE-2008-2079SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
CVE-2008-2086SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892.
CVE-2008-2142SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code.
CVE-2008-2235SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.
CVE-2008-2292SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).
CVE-2008-2315SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.
CVE-2008-2316SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB."
CVE-2008-2327SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.
CVE-2008-2360SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow.
CVE-2008-2361SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory.
CVE-2008-2362SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.
CVE-2008-2370SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
CVE-2008-2375SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962.
CVE-2008-2383SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
CVE-2008-2641SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for x86
Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."
CVE-2008-2662SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.
CVE-2008-2663SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
CVE-2008-2664SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
CVE-2008-2712SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.
CVE-2008-2713SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read.
CVE-2008-2725SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
CVE-2008-2726SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
CVE-2008-2727SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-2725. Reason: This candidate is a duplicate of CVE-2008-2725. Notes: All CVE users should reference CVE-2008-2725 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2008-2728SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-2726. Reason: This candidate is a duplicate of CVE-2008-2726. Notes: All CVE users should reference CVE-2008-2726 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2008-2729SUSE CORE 9 for AMD64 and Intel EM64T
arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information.
CVE-2008-2812SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
CVE-2008-2936SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.
CVE-2008-2937SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.
CVE-2008-2938SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
CVE-2008-2939SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
CVE-2008-2952SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.
CVE-2008-3103SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors.
CVE-2008-3104SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet.
CVE-2008-3106SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105.
CVE-2008-3107SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
CVE-2008-3108SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing.
CVE-2008-3111SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.
CVE-2008-3112SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909.
CVE-2008-3113SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077.
CVE-2008-3114SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074.
CVE-2008-3137SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
CVE-2008-3138SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors.
CVE-2008-3139SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error.
CVE-2008-3140SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet."
CVE-2008-3141SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors.
CVE-2008-3142SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro.
CVE-2008-3143SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google."
CVE-2008-3144SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error.
CVE-2008-3145SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read.
CVE-2008-3146SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used.
CVE-2008-3271SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
CVE-2008-3272SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information.
CVE-2008-3275SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories.
CVE-2008-3281SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.
CVE-2008-3443SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.
CVE-2008-3520SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.
CVE-2008-3521SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.
CVE-2008-3522SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.
CVE-2008-3525SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions.
CVE-2008-3528SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries.
CVE-2008-3529SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
CVE-2008-3639SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.
CVE-2008-3640SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow.
CVE-2008-3641SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.
CVE-2008-3651SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals.
CVE-2008-3652SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption).
CVE-2008-3655SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.
CVE-2008-3656SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.
CVE-2008-3657SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.
CVE-2008-3658SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
CVE-2008-3659SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible.
CVE-2008-3790SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."
CVE-2008-3835SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.
CVE-2008-3836SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the (1) elem.doCommand, (2) elem.dispatchEvent, (3) _setTitleText, (4) _setTitleImage, and (5) _initSubscriptionUI functions.
CVE-2008-3837SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823.
CVE-2008-3863SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename command.
CVE-2008-3905SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
CVE-2008-3912SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition.
CVE-2008-3913SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic".
CVE-2008-3914SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c.
CVE-2008-3933SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function.
CVE-2008-3972SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.
CVE-2008-4058SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS.
CVE-2008-4059SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.
CVE-2008-4060SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT.
CVE-2008-4061SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine.
CVE-2008-4062SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.
CVE-2008-4063SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames.
CVE-2008-4064SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp.
CVE-2008-4065SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug."
CVE-2008-4066SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav�ascript" sequence, aka "HTML escaped low surrogates bug."
CVE-2008-4067SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI.
CVE-2008-4068SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.
CVE-2008-4069SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file.
CVE-2008-4097SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.
CVE-2008-4098SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
CVE-2008-4101SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.
CVE-2008-4109SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.
CVE-2008-4210SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.
CVE-2008-4225SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.
CVE-2008-4226SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
CVE-2008-4309SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.
CVE-2008-4395SUSE CORE 9 for x86
Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs.
CVE-2008-4456SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
CVE-2008-4552SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.
CVE-2008-4636SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process.
CVE-2008-4677SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating "I'm assuming that they're using the same id and password on that unchanged hostname, deliberately."
CVE-2008-4680SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB).
CVE-2008-4681SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets.
CVE-2008-4683SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call.
CVE-2008-4685SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception.
CVE-2008-4864SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.
CVE-2008-5012SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.
CVE-2008-5013SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address.
CVE-2008-5014SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.
CVE-2008-5016SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences.
CVE-2008-5017SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.
CVE-2008-5018SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class.
CVE-2008-5021SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.
CVE-2008-5022SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.
CVE-2008-5023SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.
CVE-2008-5024SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.
CVE-2008-5029SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors.
CVE-2008-5031SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.
CVE-2008-5050SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow.
CVE-2008-5052SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js.
CVE-2008-5077SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
CVE-2008-5078SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in the (1) recognize_eps_file function (src/psgen.c) and (2) tilde_subst function (src/util.c) in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename.
CVE-2008-5138SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
passwdehd in libpam-mount 0.43 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/passwdehd.##### temporary file.
CVE-2008-5286SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.
CVE-2008-5314SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions.
CVE-2008-5339SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka CR 6727079.
CVE-2008-5340SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081.
CVE-2008-5341SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071.
CVE-2008-5342SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668.
CVE-2008-5343SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR" and CR 6707535.
CVE-2008-5344SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading, aka 6716217.
CVE-2008-5345SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Java Runtime Environment (JRE) with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier allows code that is loaded from a local filesystem to read arbitrary files and make unauthorized connections to localhost via unknown vectors.
CVE-2008-5346SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file.
CVE-2008-5347SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages.
CVE-2008-5348SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors.
CVE-2008-5349SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key.
CVE-2008-5350SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors.
CVE-2008-5351SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings.
CVE-2008-5352SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.
CVE-2008-5353SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects".
CVE-2008-5354SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry.
CVE-2008-5355SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks.
CVE-2008-5356SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file.
CVE-2008-5357SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow.
CVE-2008-5358SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll.
CVE-2008-5359SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the Java AWT library.
CVE-2008-5360SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors.
CVE-2008-5500SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow.
CVE-2008-5503SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings.
CVE-2008-5506SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."
CVE-2008-5507SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.
CVE-2008-5508SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks.
CVE-2008-5510SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines.
CVE-2008-5511SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document."
CVE-2008-5512SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers."
CVE-2008-5515SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
CVE-2008-5557SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.
CVE-2008-5824SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WAV file.
CVE-2008-5907SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.
CVE-2008-6123SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."
CVE-2008-6218SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file.
CVE-2008-6680SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error.
CVE-2008-7247SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.
CVE-2009-0021SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
CVE-2009-0025SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
CVE-2009-0028SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit.
CVE-2009-0033SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
CVE-2009-0037SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.
CVE-2009-0040SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
CVE-2009-0065SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID.
CVE-2009-0115SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
CVE-2009-0146SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.
CVE-2009-0147SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
CVE-2009-0159SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
CVE-2009-0163SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow.
CVE-2009-0165SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."
CVE-2009-0166SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.
CVE-2009-0179SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file.
CVE-2009-0196SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.
CVE-2009-0322SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/.
CVE-2009-0580SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
CVE-2009-0581SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.
CVE-2009-0583SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
CVE-2009-0584SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
CVE-2009-0585SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation.
CVE-2009-0590SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
CVE-2009-0642SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.
CVE-2009-0675SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue.
CVE-2009-0676SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.
CVE-2009-0688SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.
CVE-2009-0689SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
CVE-2009-0692SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.
CVE-2009-0696SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.
CVE-2009-0723SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
CVE-2009-0733SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.
CVE-2009-0781SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
CVE-2009-0783SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
CVE-2009-0789SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.
CVE-2009-0791SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179.
CVE-2009-0792SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583.
CVE-2009-0799SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.
CVE-2009-0800SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2009-0859SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel before 2.6.28.5, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_INFO shmctl call, as demonstrated by running the ipcs program.
CVE-2009-0922SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.
CVE-2009-0946SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.
CVE-2009-0949SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.
CVE-2009-1072SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.
CVE-2009-1093SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).
CVE-2009-1094SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.
CVE-2009-1095SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.
CVE-2009-1096SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.
CVE-2009-1098SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.
CVE-2009-1099SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow.
CVE-2009-1100SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) "limits on Font creation," aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.
CVE-2009-1103SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "deserializing applets," aka CR 6646860.
CVE-2009-1104SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.
CVE-2009-1107SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871.
CVE-2009-1179SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2009-1180SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.
CVE-2009-1181SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.
CVE-2009-1182SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2009-1183SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.
CVE-2009-1192SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages.
CVE-2009-1194SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.
CVE-2009-1210SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information.
CVE-2009-1241SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive.
CVE-2009-1252SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.
CVE-2009-1265SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel 2.6.24.4, and other versions before 2.6.30-rc1, might allow remote attackers to obtain sensitive information via a large length value, which causes "garbage" memory to be sent.
CVE-2009-1266SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Wireshark before 1.0.7-0.1-1 has unknown impact and attack vectors.
CVE-2009-1267SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors.
CVE-2009-1268SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet.
CVE-2009-1269SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.
CVE-2009-1270SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.
CVE-2009-1307SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
CVE-2009-1311SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame.
CVE-2009-1337SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.
CVE-2009-1385SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size.
CVE-2009-1389SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet.
CVE-2009-1392SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors.
CVE-2009-1439SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect response to an SMB mount request.
CVE-2009-1572SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.
CVE-2009-1632SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c.
CVE-2009-1633SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.
CVE-2009-1758SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges."
CVE-2009-1829SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets.
CVE-2009-1832SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction."
CVE-2009-1833SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors.
CVE-2009-1835SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning.
CVE-2009-1836SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
CVE-2009-1838SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.
CVE-2009-1841SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter.
CVE-2009-1883SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The z90crypt_unlocked_ioctl function in the z90crypt driver in the Linux kernel 2.6.9 does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage.
CVE-2009-1890SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
CVE-2009-1891SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
CVE-2009-1904SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.
CVE-2009-1955SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
CVE-2009-2042SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.
CVE-2009-2185SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.
CVE-2009-2210SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type.
CVE-2009-2285SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
CVE-2009-2347SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.
CVE-2009-2404SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
CVE-2009-2408SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.
CVE-2009-2412SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.
CVE-2009-2414SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.
CVE-2009-2416SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.
CVE-2009-2417SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2009-2446SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
CVE-2009-2463SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows.
CVE-2009-2493SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
CVE-2009-2560SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace and is processed by the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissector. NOTE: it was later reported that the RADIUS issue also affects 0.10.13 through 1.0.9.
CVE-2009-2562SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors.
CVE-2009-2563SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors.
CVE-2009-2621SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.
CVE-2009-2622SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.
CVE-2009-2625SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
CVE-2009-2632SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
CVE-2009-2661SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185.
CVE-2009-2663SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.
CVE-2009-2666SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2009-2670SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.
CVE-2009-2671SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.
CVE-2009-2672SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2009-2673SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.
CVE-2009-2675SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression.
CVE-2009-2692SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
CVE-2009-2693SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
CVE-2009-2698SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
CVE-2009-2730SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
CVE-2009-2813SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.
CVE-2009-2848SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.
CVE-2009-2855SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.
CVE-2009-2901SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
CVE-2009-2902SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
CVE-2009-2903SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp modules are loaded but the ipddp"N" device is not found, allows remote attackers to cause a denial of service (memory consumption) via IP-DDP datagrams.
CVE-2009-2906SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.
CVE-2009-2909SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer signedness error in the ax25_setsockopt function in net/ax25/af_ax25.c in the ax25 subsystem in the Linux kernel before 2.6.31.2 allows local users to cause a denial of service (OOPS) via a crafted optlen value in an SO_BINDTODEVICE operation.
CVE-2009-2910SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.
CVE-2009-2948SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.
CVE-2009-3002SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c.
CVE-2009-3072SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors.
CVE-2009-3075SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors.
CVE-2009-3077SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability."
CVE-2009-3080SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
CVE-2009-3094SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
CVE-2009-3095SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
CVE-2009-3111SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967.
CVE-2009-3229SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by "re-LOAD-ing" libraries from a certain plugins directory.
CVE-2009-3230SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.
CVE-2009-3231SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
CVE-2009-3235SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
CVE-2009-3245SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.
CVE-2009-3376SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
CVE-2009-3385SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash object that sends arbitrary local files during a reply or forward operation.
CVE-2009-3547SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
CVE-2009-3549SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace.
CVE-2009-3550SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.
CVE-2009-3551SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.
CVE-2009-3553SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.
CVE-2009-3555SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
CVE-2009-3560SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
CVE-2009-3563SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
CVE-2009-3609SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.
CVE-2009-3620SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.
CVE-2009-3621SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.
CVE-2009-3720SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
CVE-2009-3726SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.
CVE-2009-3736SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
CVE-2009-3867SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.
CVE-2009-3868SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970.
CVE-2009-3869SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.
CVE-2009-3871SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.
CVE-2009-3872SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969.
CVE-2009-3873SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968.
CVE-2009-3874SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.
CVE-2009-3875SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.
CVE-2009-3876SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.
CVE-2009-3877SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.
CVE-2009-3889SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file.
CVE-2009-3983SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.
CVE-2009-4005SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read.
CVE-2009-4020SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.
CVE-2009-4030SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
CVE-2009-4034SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2009-4136SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.
CVE-2009-4274SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value.
CVE-2009-4376SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
CVE-2009-4377SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap.
CVE-2009-4536SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.
CVE-2009-4537SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.
CVE-2009-4565SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2009-5063SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244.
CVE-2010-0001SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
CVE-2010-0007SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application.
CVE-2010-0010SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor Family
Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
CVE-2010-0084SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors.
CVE-2010-0085SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2010-0087SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2010-0088SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2010-0089SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors.
CVE-2010-0091SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors.
CVE-2010-0092SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2010-0094SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.
CVE-2010-0095SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2010-0098SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities.
CVE-2010-0161SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via crafted data in a session that uses SSPI.
CVE-2010-0163SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing.
CVE-2010-0205SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.
CVE-2010-0211SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.
CVE-2010-0212SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.
CVE-2010-0296SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.
CVE-2010-0304SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.
CVE-2010-0308SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.
CVE-2010-0405SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
CVE-2010-0421SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.
CVE-2010-0542SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file.
CVE-2010-0547SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.
CVE-2010-0624SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.
CVE-2010-0727SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions.
CVE-2010-0731SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM zSeries 64bit
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.
CVE-2010-0830SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.
CVE-2010-0837SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2010-0838SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM.
CVE-2010-0839SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2010-0840SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."
CVE-2010-0841SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contains subsample dimensions with large values, related to JPEGImageReader and "stepX".
CVE-2010-0842SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.
CVE-2010-0843SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code.
CVE-2010-0844SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory.
CVE-2010-0846SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows remote attackers to execute arbitrary code, related to an "invalid assignment" and inconsistent length values in a JPEG image encoder (JPEGImageEncoderImpl).
CVE-2010-0847SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows arbitrary code execution via a crafted image.
CVE-2010-0848SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2010-0849SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image.
CVE-2010-0926SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.
CVE-2010-1083SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory).
CVE-2010-1088SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follow NFS automount "symlinks," which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW.
CVE-2010-1157SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
CVE-2010-1166SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition.
CVE-2010-1168SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods."
CVE-2010-1188SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20, when IPV6_RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is in a listening (TCP_LISTEN) state, which is not properly handled and causes the skb structure to be freed.
CVE-2010-1205SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
CVE-2010-1311SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information.
CVE-2010-1321SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.
CVE-2010-1411SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow.
CVE-2010-1447SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.
CVE-2010-1626SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.
CVE-2010-1639SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length.
CVE-2010-1640SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling.
CVE-2010-1674SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute.
CVE-2010-1675SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute.
CVE-2010-1748SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.
CVE-2010-1797SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.
CVE-2010-1848SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.
CVE-2010-1849SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.
CVE-2010-2063SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.
CVE-2010-2077SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1640. Reason: This candidate is a duplicate of CVE-2010-1640. Notes: All CVE users should reference CVE-2010-1640 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2010-2226SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file.
CVE-2010-2227SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
CVE-2010-2240SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server.
CVE-2010-2248SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel before 2.6.34-rc4 allows remote attackers to cause a denial of service (panic) via an SMB response packet with an invalid CountHigh value, as demonstrated by a response from an OS/2 server, related to the CIFSSMBWrite and CIFSSMBWrite2 functions.
CVE-2010-2249SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
CVE-2010-2497SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
CVE-2010-2498SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation.
CVE-2010-2499SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment.
CVE-2010-2500SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
CVE-2010-2519SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file.
CVE-2010-2520SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
CVE-2010-2521SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the read_buf and nfsd4_decode_compound functions.
CVE-2010-2527SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
CVE-2010-2541SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
CVE-2010-2805SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
CVE-2010-2806SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.
CVE-2010-2807SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
CVE-2010-2808SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.
CVE-2010-2942SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.
CVE-2010-2946SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name.
CVE-2010-2948SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message.
CVE-2010-2949SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message.
CVE-2010-2955SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size.
CVE-2010-3053SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string.
CVE-2010-3054SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c.
CVE-2010-3067SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call.
CVE-2010-3069SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.
CVE-2010-3078SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.
CVE-2010-3081SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.
CVE-2010-3297SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call.
CVE-2010-3310SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions.
CVE-2010-3311SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797.
CVE-2010-3434SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. NOTE: some of these details are obtained from third party information.
CVE-2010-3442SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call.
CVE-2010-3541SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.
CVE-2010-3548SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names."
CVE-2010-3549SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class.
CVE-2010-3550SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2010-3551SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.
CVE-2010-3553SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class.
CVE-2010-3556SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2010-3557SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static."
CVE-2010-3559SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow.
CVE-2010-3562SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.
CVE-2010-3565SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API.
CVE-2010-3566SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile.
CVE-2010-3568SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization.
CVE-2010-3569SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times.
CVE-2010-3571SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile.
CVE-2010-3572SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2010-3573SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.
CVE-2010-3574SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
CVE-2010-3681SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.
CVE-2010-3683SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.
CVE-2010-3702SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
CVE-2010-3703SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference.
CVE-2010-3718SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
CVE-2010-3848SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures.
CVE-2010-3849SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field.
CVE-2010-3850SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call.
CVE-2010-3873SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed (1) X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE data, related to net/x25/x25_facilities.c and net/x25/x25_in.c, a different vulnerability than CVE-2010-4164.
CVE-2010-4072SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."
CVE-2010-4073SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c.
CVE-2010-4081SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call.
CVE-2010-4083SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The copy_semid_to_user function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a semctl system call.
CVE-2010-4157SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the ioc_general function in drivers/scsi/gdth.c in the Linux kernel before 2.6.36.1 on 64-bit platforms allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large argument in an ioctl call.
CVE-2010-4158SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter.
CVE-2010-4160SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (heap memory corruption and panic) or possibly gain privileges via a crafted sendto call.
CVE-2010-4164SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B, (3) X25_FAC_CLASS_C, or (4) X25_FAC_CLASS_D facility data, a different vulnerability than CVE-2010-3873.
CVE-2010-4180SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
CVE-2010-4242SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The hci_uart_tty_open function in the HCI UART driver (drivers/bluetooth/hci_ldisc.c) in the Linux kernel 2.6.36, and possibly other versions, does not verify whether the tty has a write operation, which allows local users to cause a denial of service (NULL pointer dereference) via vectors related to the Bluetooth driver.
CVE-2010-4258SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call.
CVE-2010-4260SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396."
CVE-2010-4261SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2010-4342SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The aun_incoming function in net/econet/af_econet.c in the Linux kernel before 2.6.37-rc6, when Econet is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending an Acorn Universal Networking (AUN) packet over UDP.
CVE-2010-4447SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.
CVE-2010-4448SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets."
CVE-2010-4450SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable.
CVE-2010-4454SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs.
CVE-2010-4462SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs.
CVE-2010-4465SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets."
CVE-2010-4466SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.
CVE-2010-4468SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC.
CVE-2010-4471SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text.
CVE-2010-4473SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs.
CVE-2010-4475SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.
CVE-2010-4476SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
CVE-2010-4527SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl call.
CVE-2010-4529SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockopt call.
CVE-2010-4665SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries.
CVE-2011-0013SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
CVE-2011-0191SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.
CVE-2011-0192SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.
CVE-2011-0311SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read.
CVE-2011-0411SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
CVE-2011-0465SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.
CVE-2011-0534SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
CVE-2011-0536SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.
CVE-2011-0719SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.
CVE-2011-0762SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
CVE-2011-0786SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0788.
CVE-2011-0802SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0814.
CVE-2011-0814SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802.
CVE-2011-0815SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT.
CVE-2011-0862SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CVE-2011-0865SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization.
CVE-2011-0866SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment.
CVE-2011-0867SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.
CVE-2011-0871SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
CVE-2011-0872SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO.
CVE-2011-0873SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for x86
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CVE-2011-0996SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
dhcpcd before 5.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.
CVE-2011-0997SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.
CVE-2011-1071SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.
CVE-2011-1095SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.
CVE-2011-1167SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.
CVE-2011-1590SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file.
CVE-2011-1659SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071.
CVE-2011-1720SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
CVE-2011-1926SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
CVE-2011-2483SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
CVE-2011-2501SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.
CVE-2011-2522SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
CVE-2011-2690SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.
CVE-2011-2691SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.
CVE-2011-2692SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.
CVE-2011-2694SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).
CVE-2011-2697SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.
CVE-2011-2721SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations.
CVE-2011-2964SUSE CORE 9 for AMD64 and Intel EM64TSUSE CORE 9 for IBM POWERSUSE CORE 9 for IBM S/390 31bitSUSE CORE 9 for IBM zSeries 64bitSUSE CORE 9 for Itanium Processor FamilySUSE CORE 9 for x86
foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697.
sles-releasetarapache2-develapache2-docapache2-example-pagesapache2-preforkapache2-workerapache2libapr0opensshiproute2libxml2-32bitlibxml2-64bitlibxml2-devellibxml2-x86libxml2libxml-32bitlibxml-64bitlibxml-devellibxml-x86libxmlperl-32bitperl-64bitperl-x86perlmysqlmcgnome-vfsgnome-vfs2-32bitgnome-vfs2-64bitgnome-vfs2-docgnome-vfs2etherealcups-clientcups-develcups-libs-32bitcups-libs-64bitcups-libs-x86cups-libscupsfoomatic-filterslibpng-32bitlibpng-64bitlibpng-x86libpnglibsmbclient-32bitlibsmbclient-64bitlibsmbclient-devellibsmbclientsamba-clientsamba-pdbsamba-pythonsamba-winbindsambaacroreadpure-ftpdopenmotif-devel-32bitopenmotif-devel-64bitopenmotif-developenmotifXFree86-libs-32bitXFree86-libs-64bitXFree86-libs-x86XFree86-libsopenmotif-libs-32bitopenmotif-libs-64bitopenmotif-libsopenmotif21-libsarts-32bitarts-64bitarts-x86artskdebase3-32bitkdebase3-64bitkdebase3-develkdebase3-x86kdebase3kdelibs3-32bitkdelibs3-64bitkdelibs3-develkdelibs3-x86kdelibs3qt3-32bitqt3-64bitqt3-non-mtqt3-x86qt3mod_sslmozilla-calendarmozilla-dom-inspectormozilla-ircmozilla-mailmozilla-venkmanmozillalhagdk-pixbuf-develgdk-pixbuf-x86gdk-pixbufgtk2-32bitgtk2-64bitgtk2-develgtk2-x86gtk2gdk-pixbuf-gnomersyncheimdalspamassassinkdegraphics3-faxlibtiff-32bitlibtiff-64bitlibtiff-x86libtiffsamba-vscanmod_davdrbdkm_drbdkernel-defaultkernel-smpkernel-sourcekernel-symskernel-64k-pagesizekernel-debugkernel-sn2kernel-bigsmpkernel-umum-host-install-initrdum-host-kernelkernel-s390kernel-s390xkernel-iseries64kernel-pmac64kernel-pseries64imlib-32bitimlib-64bitimlib-develimlib-x86imlibsquidmysql-Maxcyrus-sasl-32bitcyrus-sasl-64bitcyrus-sasl-devel-32bitcyrus-sasl-devel-64bitcyrus-sasl-develcyrus-sasl-x86cyrus-saslapachefreeradiusunarjrubyiptablesgd-develgdzipapache-mod_php4apache2-mod_php4mod_php4-corephp4-imapphp4-mysqlphp4-sessionphp4-develphp4-exifphp4-fastcgiphp4-pearphp4-sysvshmmod_php4-servletjava2-jrejava2ncpfs-develncpfssamba-doca2psmailmantiffenscriptfile-32bitfile-64bitfile-x86filewgetsharutilssnortxscreensaverresmgr-32bitresmgr-64bitresmgr-x86resmgrapache2-mod_pythonperl-DBIhtdigmod_pythonpython-32bitpython-64bitpython-x86pythonunaceimappostgresql-contribpostgresql-develpostgresql-docspostgresql-libs-32bitpostgresql-libs-64bitpostgresql-libs-x86postgresql-libspostgresql-plpostgresql-serverpostgresqlgpgtelnetheimdal-devel-32bitheimdal-devel-64bitheimdal-develheimdal-lib-32bitheimdal-lib-64bitheimdal-lib-x86heimdal-liblibexifhordecpioperl-Net-Serverqpopperbzip2-32bitbzip2-64bitbzip2-x86bzip2tcpdumpperl-Convert-UUliblibredcarpet-pythonlibredcarpet-toolslibredcarpetlibsoup-devellibsouprcd-develrcd-modules-develrcd-modulesrcdred-carpetruggnutls-develgnutlscurl-32bitglibc-locale-32bitatk-32bitatk-docatkglib2-32bitglib2pango-32bitpangogeditdhcpcdzlib-32bitzlib-64bitzlib-devel-32bitzlib-devel-64bitzlib-develzlib-x86zlibsudoopenldap2-client-32bitopenldap2-client-64bitopenldap2-client-x86openldap2-clientopenldap2-devel-32bitopenldap2-devel-64bitopenldap2-develpam_ldap-32bitpam_ldap-64bitpam_ldap-x86pam_ldapapache-jakarta-tomcat-connectorsapache2-jakarta-tomcat-connectorsjakarta-tomcat-docjakarta-tomcat-examplesjakarta-tomcatperl-Compress-Zlibnet-snmpheartbeat-ldirectordheartbeat-pilsheartbeat-stonithheartbeatfetchmaillibnetpbmnetpbmpython-cursespython-demopython-develpython-doc-pdfpython-docpython-gdbmpython-idlepython-mpzpython-tkpython-xmlpcre-32bitpcre-64bitpcre-develpcre-x86pcreXFree86-XvncXFree86-servermysql-develmozilla-csmozilla-deatmozilla-develmozilla-humozilla-jamozilla-koopenssh-askpassutil-linuximap-develimap-libarclibgda-devellibgdaopenssl-32bitopenssl-64bitopenssl-devel-32bitopenssl-devel-64bitopenssl-developenssl-x86openssllibungif-32bitlibungif-64bitlibungif-x86libungiftexinfoliby2util-develliby2utilcurl-develcurlclamavapache-develphp4-mbstringphp4-recodefreeswanipsec-toolsIBMJava2-JREIBMJava2-SDKsendmailauthldapbinutils-32bitbinutils-64bitbinutils-x86binutilsfreetype2-32bitfreetype2-64bitfreetype2-devel-32bitfreetype2-devel-64bitfreetype2-develfreetype2-x86freetype2zooncompresscyrus-sasl-digestmd5php4-gdnagios-wwwquaggaperl-spamassassinkdebase3-kdmgdmphp4-curlphp4-pgsqlphp4-wddxcronmuttlibpng-develapache-docapache-example-pagesmangzipbind-utils-32bitbind-utils-64bitbind-utils-x86bind-utilsbindperl-Tklibgsfscreenopenldap2qt3-devel-32bitqt3-devel-64bitqt3-devel-docqt3-develxsupplicantgvpython-opensslxmlrpc-c-develxmlrpc-ckdegraphics3php4-mhashphp4-unixODBCw3mmod_php4-apache2php4-bcmathphp4-bz2php4-calendarphp4-ctypephp4-dbaphp4-dbasephp4-domxmlphp4-fileprophp4-ftpphp4-gettextphp4-gmpphp4-iconvphp4-ldapphp4-mcalphp4-mcryptphp4-mime_magicphp4-qtdomphp4-readlinephp4-shmopphp4-snmpphp4-socketsphp4-swfphp4-sysvsemphp4-xsltphp4-ypphp4-zlibmysql-clientmysql-sharedgtk2-docdhcp-clientdhcp-develdhcp-relaydhcp-serverdhcplibgtop-devellibgtopxmms-32bitxmms-64bitxmms-develxmms-x86xmmsunrarXFree86-XnestXFree86-XprtXFree86-Xvfbmod_perlfreeradius-develkernel-s390x-debugkernel-s390-debugxfsdumpliblcms-32bitliblcms-64bitliblcms-develliblcms-x86liblcmsemacs-elemacs-infoemacs-noxemacs-x11emacsbind-develgvimlibvorbis-32bitlibvorbis-64bitlibvorbis-devellibvorbis-x86libvorbisperl-Net-DNSIBMJava5-JREIBMJava5-SDKkernel-xenkernel-xenpaet1lib-develt1libqt3-devel-toolskdelibs3-devel-docfindutils-locateid3lib-develid3lib-examplesid3libfetchmailconfsamba-32bitsamba-client-32bitsamba-winbind-32bitflac-32bitflac-64bitflac-develflac-x86flac-xmmsflacopenssl-doctk-32bittk-64bittk-develtk-x86tknagios-plugins-extrasnagios-pluginse2fsprogs-32bite2fsprogs-64bite2fsprogs-devel-32bite2fsprogs-devel-64bite2fsprogs-devele2fsprogs-x86e2fsprogsnss_ldap-32bitnss_ldap-64bitnss_ldap-x86nss_ldapnet-snmp-32bitnet-snmp-develperl-SNMPheimdal-toolsyast2-core-develyast2-corexen-kmpopenldap2-back-ldapopenldap2-back-metaopenldap2-back-monitoropenldap2-back-perllibmikmod-32bitlibmikmod-64bitlibmikmod-x86libmikmodghostscript-fonts-otherghostscript-fonts-rusghostscript-fonts-stdghostscript-libraryghostscript-servghostscript-x11libgimpprint-devellibgimpprintlibpng-devel-64bitglibc-32bitglibc-64bitglibc-devel-32bitglibc-devel-64bitglibc-develglibc-htmlglibc-i18ndataglibc-infoglibc-locale-64bitglibc-locale-x86glibc-localeglibc-profile-64bitglibc-profileglibc-x86glibcnscdtimezonexscreensaver-gnomelibxslt-32bitlibxslt-64bitlibxslt-devellibxslt-x86libxsltopensc-developenscvsftpdXFree86postfixjasperlibjasper-32bitlibjasper-64bitlibjasper-x86libjasperkm_ndiswrappernfs-utilsyast2-backuppam_mount-32bitpam_mount-64bitpam_mountaudiofile-32bitaudiofile-64bitaudiofile-x86audiofilexntp-docxntpmultipath-toolscyrus-sasl-crammd5cyrus-sasl-gssapicyrus-sasl-otpcyrus-sasl-plainpango-64bitpango-devel-64bitpango-develpango-docpango-x86cyrus-imapd-develcyrus-imapdperl-Cyrus-IMAPperl-Cyrus-SIEVE-managesieveexpat-32bitexpat-64bitexpat-x86expatlibtool-32bitlibtool-64bitlibtool-x86libtoolsendmail-develuucpXFree86-Mesa-32bitXFree86-Mesa-64bitXFree86-Mesa-devel-32bitXFree86-Mesa-devel-64bitXFree86-Mesa-develXFree86-Mesa-x86XFree86-MesaXFree86-devel-32bitXFree86-devel-64bitXFree86-develXFree86-docXFree86-driver-optionsXFree86-fonts-100dpiXFree86-fonts-75dpiXFree86-fonts-cyrillicXFree86-fonts-scalableXFree86-fonts-syriacXFree86-manXFree86-server-glxkm_drmdhcp6libxcrypt-32bitlibxcrypt-64bitlibxcrypt-devellibxcrypt-x86libxcryptpam-modules-32bitpam-modules-64bitpam-modules-x86pam-modulespwdutils90:1.13.25-325.100:1.13.25-325.60:2.0.59-1.10:3.8p1-37.170:2.4.7-866.80:9-2004122020490:9-2004122022050:9-2004122021130:2.6.7-28.70:9-2004122022140:1.8.17-366.40:9-2005020519550:9-2005020603480:9-2005020604200:9-2005020519450:5.8.3-32.40:4.0.18-32.40:4.6.0-324.70:1.0.5-806.70:9-2005041316580:9-2005041320310:9-2005041315290:2.4.2-68.90:1.0.5-806.40:0.10.3-15.90:1.1.20-108.80:9-2004083117580:9-2004083119520:9-2004083120180:9-2004083117470:3.0.1-41.60:9-2004071922040:9-2004071923290:9-2004072112280:9-2004071923280:1.2.5-182.70:9-2004072111170:9-2004072111550:3.0.4-1.270:5.09-4.20:0.10.3-15.60:1.0.18-39.40:9-2004100316170:9-2004100319280:9-2004100316190:2.2.2-519.40:9-2004111001090:9-2004111007040:9-2004111005280:9-2004111003180:4.3.99.902-43.35.30:9-2004100818510:9-2004100822010:9-2004100821050:2.1.30MLI4-119.40:9-2004091519520:9-2004091616340:9-2004091520300:9-2004091520350:4.3.99.902-43.310:9-2004072710380:9-2004072711180:9-2004072711220:9-2004072710360:1.2.1-35.40:9-2004081110360:9-2004081111190:9-2004081110510:3.2.1-68.230:9-2004081110260:3.2.1-44.280:9-2004081406210:9-2004081620470:9-2004081409120:3.3.1-41.140:3.3.1-36.160:2.8.16-71.120:1.6-74.80:2.0.49-27.140:2.0.49-27.110:1.14i-547.100:0.22.0-62.40:9-2004090916580:9-2004090917010:9-2004090917100:9-2004090916460:2.2.4-125.40:0.22.0-62.70:0.22.0-62.80:9-2004091615020:2.6.2-8.90:0.6.1rc3-55.60:2.64-3.20:3.2.1-67.120:9-2004102021500:9-2004102120270:9-2004102100070:9-2004102021390:3.6.1-38.120:3.0.4-1.320:0.3.4-83.350:1.0.3-377.40:2.0.49-27.160:0.7.5-0.160:2.6.5-7.1510:1.0-48.60:9-2004090211370:9-2004090213300:9-2004090211350:1.9.14-180.80:9-2004090213290:2.5.STABLE5-42.180:4.0.18-32.90:4.0.18-32.130:2.6.5-7.111.50:1.0-48.20:2.1.18-33.40:9-2004100818420:2.0.49-27.18.30:1.3.29-71.150:2.8.16-71.150:1.1.20-108.130:9-2004110823380:9-2004110904340:9-2004110903370:9-2004110823290:3.0.1-41.70:1.6-74.140:2.5.STABLE5-42.210:3.0.4-1.34.30:0.9.3-106.60:2.65-131.60:1.8.1-42.40:1.2.9-95.90:9-2004102818100:9-2004102914290:9-2004102916490:2.6.7-28.40:9-2004102914210:2.0.22-65.90:4.6.0-324.100:2.3-732.40:2.6.5-7.111.190:1.0-48.2.10:4.3.4-43.220:4.3.4-43.440:4.3.4-43.410:4.3.4-43.360:4.3.4-43.310:4.3.4-43.250:4.3.4-43.280:9-2004112217400:9-2004112219260:9-2004112218190:1.9.14-180.110:9-2004112219140:1.4.2-129.100:2.2.4-25.40:1.1.20-108.220:9-2005012806100:9-2005012815130:9-2005012806480:9-2005012805580:0.10.3-15.150:0.10.3-15.120:9-2005012420290:9-2005012500470:9-2005012421520:9-2005012420180:3.2.1-44.390:5.010-4.20:9-2004121720260:9-2004121723500:9-2004121722570:3.0.9-2.1.50:0.3.5-11.7.50:3.2.1-68.360:4.13-1046.40:2.1.4-83.16.30:9-2005010417130:9-2005010422550:9-2005010418340:9-2005010417050:3.6.1-38.140:1.6.2-814.60:2.6.5-7.111.300:1.0-48.2.20:9-2004120713540:9-2004120713550:9-2004120714010:9-2004120713530:4.07-48.80:0.10.11-1.1.40:1.9.1-45.10.40:1.9.1-45.160:4.2c-710.100:2.3.2-0.40:4.16-2.240:0.9.8-47.60:3.1.3-37.90:2.2.4-25.70:1.41-28.40:3.1.6-402.40:2.7.10-83.60:3.1.3-37.60:2.3.3-88.90:2.5.STABLE5-42.240:1.2b-621.40:2002e-92.40:2.1.4-83.130:2.5.STABLE5-42.270:7.4.8-0.60:9-2005060619330:9-2005060621510:9-2005060620570:9-2005060619180:7.4.7-0.50:9-2005041316360:2.5.STABLE5-42.300:1.2.4-68.70:9-2005021821290:9-2005021821580:9-2005021822260:9-2005021821190:2.1.18-33.80:2.6.5-7.155.290:1.0-48.70:1.1-38.60:9-2005040718090:9-2005040720000:9-2005040719060:0.6.1rc3-55.150:9-2005040717570:1.1-38.90:9-2005040209020:9-2005040209220:9-2005040203240:9-2005040214010:4.3.99.902-43.42.50:2.5.STABLE5-42.380:0.5.12-118.70:2.5.STABLE5-42.330:1.4.2-129.140:2.6.5-7.2010:2.2.5-63.40:2.6.5-7.202.70:2.6.5-7.202.50:1.0-48.12.10:9-2005042221040:9-2005042222080:9-2005042221250:9-2005042220500:3.2.1-44.490:2.5-324.120:0.87-29.40:4.0.5-175.40:9-2005060508330:9-2005060510440:9-2005060505080:9-2005060510120:1.0.2-346.60:2.0.49-27.290:3.8.1-49.40:1.0-25.40:2.4.8-0.40:2.2.3-0.110:2.4.8-0.80:2.4.8-0.20:2.4.4-1.90:1.0.8-26.40:0.9.3-106.90:9-2005051103320:9-2005051104250:9-2005051101560:9-2005051105260:3.6.1-38.170:7.0.0-5.40:9-2005071214540:1.4.1-128.20:2.2.3-117.20:2.2.4-125.50:1.2.5-174.40:2.4.1-52.40:2.6.5-7.1930:1.3.22pl4-193.40:9-2005072309210:9-2005072313560:9-2005072304460:1.2.1-70.120:9-2005072316030:3.2.1-44.550:1.8.1-42.70:1.6.7p5-117.40:0.6.1rc3-55.180:9-2005082602560:9-2005082608200:9-2005082523290:9-2005082615180:2.2.24-4.80:169-28.40:1.3.29-71.180:2.8.16-71.180:5.0.19-29.110:9-2005070422220:9-2005070423270:9-2005070422000:1.2.1-70.90:9-2005070422030:1.33-30.40:5.1-80.220:1.2.5-0.30:6.2.5-49.90:1.8.1-42.100:0.10.12-2.20:1.0-48.100:7.0.1-2.20:1.0.0-618.40:10.11.4-172.40:9-2007121100290:9-2007121100300:9-2007121100330:2.3.3-88.180:4.4-109.40:2.0.49-27.340:4.3.99.902-43.50.30:4.0.18-32.200:2.0.49-27.590:1.7.8-5.130:1.7.5-4.50:1.7.6-0.50:1.78-0.60:1.7.7-0.60:1.75-0.60:2.5.STABLE5-42.410:4.1p1-11.380:2.12-72.39.30:2.5.STABLE5-42.440:2002e-92.70:5.21e-653.40:1.0.3-54.40:9-2005101419470:9-2005101712540:9-2005101519540:0.9.7d-15.15.30:9-2005101513540:2.0.49-27.36.30:9-2005110218580:9-2005110223150:9-2005110219220:9-2005110218450:4.1.0b1-585.40:0.22.0-62.130:2.2.4-125.100:10.11.4-172.6.30:4.6-61.40:2.9.27-0.2.30:4.3.4-43.46.30:0.10.13-2.40:7.11.0-39.90:9-2005101712470:1.1.20-108.310:0.87.1-0.20:2.3.2-0.70:1.7.8-5.160:0.10.13-2.120:2.0.49-27.450:1.3.29-71.240:2.8.16-71.240:2.0.49-27.510:4.3.4-43.46.80:2.6.5-7.2520:1.0-48.160:5.0.19-29.200:2.2.5-63.70:1.0.0-618.140:10.11.4-172.140:10.11.4-172.6.60:0.10.13-2.90:2.04_1.5.4-1.230:0.3.3-1.90:1.4.2-129.190:1.4.2-0.680:9-2005121719500:9-2005121808090:9-2005121801270:9-2005121800030:5.8.3-32.90:2.2.5-63.130:6.2.5-49.150:9-2006011304340:9-2006011407510:9-2006011409160:3.2.1-44.650:9-2006011305050:1.2.4-68.130:2.1.4-83.240:8.12.11-2.20:2.6.5-7.2570:1.0-48.170:1.6.0-882.40:4.3.4-43.500:4.1p1-11.160:1.2.4-68.100:9-2006022104300:9-2006022109460:9-2006022105470:0.6.1rc3-55.210:9-2006022105370:1.0.8-26.70:9-2006012108020:9-2006012201160:9-2006012109200:9-2006012109260:2.15.90.0.1.1-32.130:2.6.5-7.2760:1.0-48.190:9-2006061323440:9-2006061406450:9-2006061400260:2.1.7-53.90:9-2006061403120:1.7.8-5.200:1.7.5-4.60:1.7.6-0.60:1.78-0.70:1.7.7-0.70:1.75-0.70:2.9.27-0.70:2.10-851.40:4.3.4-43.530:4.2.4-1.50:8.12.11-2.70:2.2.5-63.100:2.10-851.70:1.0.5-2.140:4.0.18-32.230:4.0.18-32.260:0.88.1-0.40:2.1.18-33.110:4.3.99.902-43.760:1.8.1-42.130:0.10.13-2.150:0.88.2-2.20:4.3.4-43.580:9-2006042404150:9-2006042407300:9-2006042407040:9-2006042405120:3.6.1-38.260:1.2-73.40:2.1.4-83.270:0.96.4-31.140:7.4.13-0.20:9-2006052919100:9-2006052922020:9-2006052919540:9-2006052918420:9-2006103022190:9-2006103102040:9-2006103023060:9-2006103022200:2.15.90.0.1.1-32.170:2.64-3.70:3.2.1-68.530:2.4.4.7-35.40:4.3.4-43.660:3.0.1-920.120:3.6.1-38.300:4.3.4-43.610:2.3.2-0.100:1.8_seamonkey_1.0.9-1.60:1.8_seamonkey_1.0.4-0.70:1.80_seamonkey_1.0.4-50:9-2006062118020:9-2006062118260:9-2006062118200:9-2006062118460:1.2.1-35.70:2.6.5-7.2860:1.0-48.220:9-2006092706540:9-2006092708430:9-2006092708420:0.9.7d-15.290:9-2006092711040:9-2006101323250:9-2006101413140:9-2006101512410:0.9.7d-15.320:9-2006101402530:1.2.4-68.160:1.5.6i-64.90:9-2006120101140:9-2006120101150:9-2006120100550:1.2.5-182.120:3.0.20b-3.110:9-2006072712000:9-2006072720390:9-2006072707230:9-2006072713360:3.6.1-38.330:9-2006072820270:9-2006073001480:9-2006072820530:2.1.7-53.120:9-2006072822000:2.6.5-7.2820:1.0-48.200:2.2.5-63.160:0.10.13-2.180:1.8.1-42.160:4.3.99.902-43.780:2.6.5-7.2830:1.0-48.210:1.2.4-68.190:1.3.29-71.210:2.8.16-71.210:1.3.29-71.260:2.8.16-71.260:4.0.18-32.280:0.88.5-0.20:2.4.1-214.70:0.10.13-2.210:1.3.5-136.130:9-2006111405250:9-2006111421570:9-2006111408520:9-2006111405530:9.2.3-76.280:9-2006091405290:9-2006091422420:9-2006091407360:0.9.7d-15.260:9-2006091412080:8.12.11-2.100:800.024-429.40:1.8.2-164.30:4.0.2-41.40:0.10.13-2.240:2.2.24-4.190:4.3.4-43.690:1.0.8-26.100:1.4.2-0.760:4.6-61.70:9-2006102307410:9-2006102316290:9-2006102307170:3.3.1-36.240:3.3.1-41.220:9-2006102310480:4.1p1-11.280:2.3.3-88.130:9-2006102415030:9-2006102416330:9-2006102416080:9-2006102414520:169-28.70:4.3.4-43.720:1.8.1-42.190:7.4.13-0.70:9-2006111520430:9-2006111601180:9-2006111518280:9-2006111601100:1.2.8-14.20:2.0.59-1.40:9-2006111718280:9-2006111803150:9-2006111718430:9-2006111719100:2.2.24-4.220:4.1p1-11.340:7.0.9-2.50:3.5.8-1129.100:3.5.8-1129.80:0.88.7-1.10:2.4.9-1.90:0.6-3.50:2.4.9-1.180:2.4.9-1.60:2.4.9-1.150:2.4.9-1.140:0.9.10-21.30:2.2.3-0.200:2.4.9-1.170:1.8_seamonkey_1.0.8-0.10:1.8_seamonkey_1.0.4-0.40:1.80_seamonkey_1.0.4-20:1.13.25-325.80:4.3.99.902-43.820:1.2.4-68.220:3.2.1-67.180:1.8.1-42.220:4.3.4-43.750:1.3.1-216.20:1.4.2-129.270:1.4.2-0.900:0.4.1_m17n_20030308-201.30:9-2007111502290:9-2007111502300:9-2007111502310:4.4-109.80:4.3.4-43.850:2.0.59-1.60:9-2007112700330:9-2007112700350:9-2007112700340:4.4-109.120:9-2007111923430:9-2007111923440:9-2007111923380:4.4-109.100:4.0.18-32.350:9-2007011816480:9-2007011817190:9-2007011817290:2.2.4-125.170:9-2007011818050:3.0.1rc13-28.240:1.1.20-108.350:9-2007012620000:9-2007012620200:9-2007012622250:9-2007012621170:2.0.8-57.40:9-2007040316030:9-2007040318350:9-2007040318150:3.3.1-36.270:3.3.1-41.250:9-2007040319290:1.4.2-129.300:2.5.STABLE5-42.500:5.0.19-29.50:3.0.20b-3.140:3.2.1-44.690:7.4.17-0.10:9-2007042717190:9-2007042718460:9-2007042717460:9-2007042719020:9-2007040521110:9-2007040521430:9-2007040523130:1.2.10-44.60:9-2007040521400:1.1.20-108.370:9-2007042102240:9-2007042104550:9-2007042103470:9-2007042104100:1.1.20-108.390:9-2007060900050:9-2007060901440:9-2007060823560:3.3.6-28.40:0.90-0.10:4.3.4-43.770:4.3.99.902-43.850:1.2.4-68.250:4.3.4-43.790:1.29-36.40:2.1.7-53.150:1.8_seamonkey_1.0.9-1.20:1.8_seamonkey_1.0.4-0.50:1.80_seamonkey_1.0.4-30:2.2.5-63.190:9-2007032615180:9-2007032615210:9-2007032615280:9-2007032615190:4.09-3.50:0.90.2-0.10:0.3.3-1.120:5.0.19-29.130:4.16-2.280:0.96.4-31.190:9-2007052212530:9-2007052213490:9-2007052212290:9-2007052212420:3.2.1-68.590:1.0.5-2.170:9-2007052520360:9-2007052601100:9-2007052523300:2.3.3-88.160:9-2007052602470:1.2.5-182.140:9-2007051812320:9-2007051812490:9-2007051812420:3.0.20b-3.170:0.3.6b-0.210:9-2007062517150:9-2007062517370:9-2007062517540:3.0.20b-3.210:0.3.6b-0.250:2.6.5-7.287.30:1.0-48.24.10:4.0.18-32.320:0.5.12-118.100:0.90.3-2.10:2.2.25-0.130:4.3.4-43.820:9-2007110601150:9-2007110605170:1.12-55.50:9-2007061602410:9-2007061823420:9-2007061618290:2.1.7-53.170:9-2007061823330:2.0.22-65.120:1.4.2-0.92.50:1.4.2-0.92.60:21.3-185.90:9.2.3-76.340:9-2007073013590:9-2007073014470:9-2007073014010:6.2-235.40:1.8_seamonkey_1.0.9-1.40:1.8_seamonkey_1.0.4-0.60:1.80_seamonkey_1.0.4-40:9-2007070914220:9-2007070916330:9-2007070915360:1.0.1-56.40:9-2007070916290:0.46-27.40:1.1.20-108.410:9-2007080715490:9-2007080715520:9-2007080715480:9-2007071620500:9-2007071702210:9-2007071621270:3.3.1-36.290:3.3.1-41.270:9-2007071702580:0.10.13-2.270:2.0.22-65.140:1.4.2-0.1140:1.4.2-0.1120:1.5.0-0.150:0.91.1-2.10:3.8.1-49.100:2.6.5-7.3110:1.0-48.260:9-2007102214370:9-2007102214400:9-2007102214410:1.0.1-56.60:1.3.1-569.40:2.6.2-8.23.20:9-2007091913420:9-2007091913590:9-2007091913360:3.3.1-36.310:3.3.1-35.240:3.3.1-41.290:9-2007092515490:9-2007092516190:3.2.1-44.71.20:1.1.20-108.440:9-2007110804390:9-2007110807050:9-2007110806400:1.5.0-0.220:4.1.7-860.40:3.8.3-86.40:2.5-324.15.20:0.91.2-0.10:6.2.5-49.170:9-2007112318280:9-2007112318290:9-2007112400340:3.0.20b-3.240:0.3.6b-0.26.30:9-2007101823570:9-2007101823590:9-2007101900010:1.1.0-387.40:4.1p1-11.400:7.4.19-0.10:9-2008013121000:9-2008013122260:9-2008020105110:1.8_seamonkey_1.0.9-1.130:1.8_seamonkey_1.0.4-0.100:1.80_seamonkey_1.0.4-80:9-2008011017090:9-2008011017100:9-2008011017110:2.3.3-88.200:2.0.59-1.80:9-2007110800560:9-2007110802360:5.8.3-32.120:9-2007100314570:9-2007100315000:9-2007100315130:0.9.7d-15.350:9-2007100314410:9-2007100314470:9-2007100314520:8.4.6-41.50:1.3.1-270.130:1.4.2-129.320:1.4.2-129.330:1.4.2-0.1220:1.4.2-0.1230:9-2007110601130:9-2007110605140:1.2.5-182.160:9-2007112316150:9-2007112316220:9-2007112316170:1.38-4.23.20:9-2008010620030:9-2008010620300:4.3.99.902-43.940:9-2007120415450:9-2007120415460:9-2007120415440:215-59.190:9-2007112715220:5.1.3.1-0.17.20:1.1.20-108.460:9-2007121116500:9-2007121116510:9-2007121116550:9-2007121116560:9-2007121116590:9-2007121117050:0.6.1rc3-55.270:1.8_seamonkey_1.0.9-1.80:1.8_seamonkey_1.0.4-0.80:1.80_seamonkey_1.0.4-60:9-2007120417290:9-2007120417310:9-2007120417300:3.0.20b-3.260:0.3.6b-0.26.50:0.10.13-2.300:2.9.98.1-0.10:2.6.8-53.70:2.6.5-7.3230:1.0-48.360:3.0.4_2.6.5_7.323-0.20:2.5.STABLE5-42.520:2.6.5-7.3120:1.0-48.270:9-2007121912190:9-2007121912200:9-2007121912220:2.6.7-28.110:0.92-0.10:0.5.12-118.120:0.93-0.60:2.2.24-4.250:9-2008021101380:9-2008021101390:2.6.5-7.3140:1.0-48.280:9-2009022715520:9-2009022715580:9-2009022807190:3.1.10-662.50:7.07.1rc1-195.180:4.2.6-46.170:1.8_seamonkey_1.0.9-1.150:1.8_seamonkey_1.0.4-0.110:1.80_seamonkey_1.0.4-90:1.8_seamonkey_1.0.9-1.170:1.8_seamonkey_1.0.4-0.120:1.80_seamonkey_1.0.4-100:1.1.20-108.500:9-2008032018380:9-2008032018480:9-2008032101440:9.3.4-4.60:9-2008012115310:9-2008012115340:9-2008012115460:0.92.1-0.10:7.07.1rc1-195.110:4.2.6-46.100:1.8_seamonkey_1.0.9-1.100:1.8_seamonkey_1.0.4-0.90:1.80_seamonkey_1.0.4-70:9-2008020601280:9-2008020601270:8.4.6-41.70:1.0.0-618.160:10.11.4-172.160:2.1.4-83.300:1.1.20-108.480:9-2008030400150:9-2008030400180:9-2008030400130:9-2008071120210:5.1.3.1-0.220:0.10.13-2.320:9-2008052821420:9-2008052821450:9-2008052821490:3.0.26a-0.90:0.3.6b-0.370:1.8.1-42.240:1.4.2-129.400:5.0.19-29.160:9-2008032015350:9-2008032015360:1.0.2-346.90:4.3.99.902-43.960:9-2008041516180:9-2008041516290:1.2.5-182.180:0.94-0.10:9-2010082513430:9-2010082519110:9-2010082517030:9-2010082513040:2.3.3-98.1140:9-2008052016230:9-2008052016250:1.0.1-56.80:9.3.4-4.80:9-2008061717540:9-2008061723500:9-2008061722160:4.1p1-11.420:2.5.STABLE5-42.540:9-2008080100090:9-2008080100120:9-2008080100150:2.3.3-88.240:4.16-2.310:1.1.20-108.520:9-2008041722360:9-2008041722370:9-2008052016320:1.1.2-58.110:9-2008061618150:9-2008061703420:9-2008061623140:2.1.7-53.190:9-2008071114570:9-2008071115060:9-2008071114540:5.8.3-32.140:1.0.8-26.150:1.5.0-0.560:1.5.0-0.570:1.4.2-0.1330:1.4.2-0.1390:1.4.2-129.480:21.3-185.150:0.8.0-194.40:0.8.0-194.60:9-2008082014120:9-2008082014170:9-2008082014140:3.6.1-38.380:2.0.4-0.50:4.3.99.902-43.980:7.0.9-2.60:6.2-235.80:0.93.1-0.10:0.93.3-0.10:2.1.1-1.240:2.0.59-1.100:2.2.24-4.290:9-2008081300090:9-2008081300180:9-2008081300110:1.5.0-0.500:1.4.2-0.1260:1.4.2-0.1290:1.4.2-0.1310:1.5.0-0.430:1.4.2-129.430:1.5.0-0.360:0.10.13-2.340:5.0.19-29.180:9-2008090513090:9-2008090513120:9-2008090513100:2.6.7-28.140:1.8.1-42.270:1.701.0-1.100:9-2008111414580:9-2008111415020:9-2008111414560:2.6.5-7.3150:1.0-48.290:1.1.20-108.540:9-2008100215050:9-2008100215490:9-2008100215070:1.1.20-108.560:9-2008120301480:9-2008120301520:0.3.3-1.150:4.3.4-43.870:1.6.2-814.90:0.10.13-2.380:4.0.18-32.370:4.1p1-11.440:9-2008112013490:9-2008112013570:9-2008112013510:2.6.7-28.180:9-2008110716180:9-2008110716330:9-2008110716290:2.6.7-28.160:9-2008112014090:5.1.3.1-0.240:1.1-4.70:4.0.18-32.390:1.0.6-103.330:2.9.22-0.10:9-2008120117260:9-2008120117280:9-2008120117330:2.3.3-88.260:0.94.1-2.10:9-2009012113320:9-2009012113400:9-2009012113380:0.9.7d-15.370:1.6.2-814.110:9-2009011318070:9-2009011318140:9-2009011318090:0.9.22-1.50:0.94.2-1.10:1.4.2-0.1440:1.4.2-0.1460:1.8_seamonkey_1.0.9-1.190:1.8_seamonkey_1.0.4-0.130:1.80_seamonkey_1.0.4-110:5.0.19-29.230:5.0.19-29.250:4.3.4-43.910:9-2009012113270:9-2009012113340:9-2009012114300:0.2.5-37.40:9-2009012023530:9-2009012023550:1.2.5-182.200:9-2009061614090:5.1.3.1-0.280:9-2011080216330:9-2011080216340:9-2011080216360:1.2.5-182.320:0.95-1.20:4.0.18-32.410:4.2.0a-23.170:9.3.4-4.100:9-2009011201160:9-2009011201200:9-2009011201190:2.6.5-7.3160:1.0-48.300:9-2009022015530:9-2009022015540:7.11.0-39.180:9-2009021710450:9-2009021710460:1.2.5-182.220:9-2009022517130:9-2009022517150:9-2009022517120:1.2.5-182.240:0.4.7-75.210:1.1.20-108.580:9-2009041614490:9-2009041615060:9-2009041619240:4.2.0a-23.200:9-2009030912040:9-2009030912060:1.12-55.70:7.07.1rc1-195.140:4.2.6-46.130:2.2.3-0.230:9-2009041515440:9-2009041515490:9-2009041515530:0.9.7d-15.390:9-2009051416430:9-2009051416490:9-2009051416480:2.1.18-33.140:1.8_seamonkey_1.1.19-0.10:9-2009121600150:9-2009121600220:9-2009121600500:3.2.1-44.770:3.0.1rc13-28.260:9.3.4-4.120:9-2009072917200:9-2009072917230:1.1.20-108.610:9-2009060223300:9-2009060223310:2.6.5-7.3170:1.0-48.310:7.4.25-0.10:9-2009032415190:9-2009032415220:9-2009032415300:9-2009041623460:9-2009041700040:9-2009041700540:2.1.7-53.210:1.5.0-0.640:1.4.2_sr13.2-0.70:2.6.5-7.3210:1.0-48.340:3.0.4_2.6.5_7.321-0.20:9-2010012715370:9-2010012715390:9-2010012715490:1.2.5-174.70:0.10.13-2.410:1.8_seamonkey_1.1.17-0.60:2.6.5-7.3220:1.0-48.350:3.0.4_2.6.5_7.322-0.20:2.6.5-7.3180:1.0-48.320:0.99.7-11.80:0.3.3-1.170:2.0.59-1.140:2.0.59-1.170:9-2009062320310:9-2009062320320:9-2009062320290:1.2.5-182.260:2.04_1.5.4-1.260:9-2009040611390:9-2009040619000:9-2009040616200:3.6.1-38.390:9-2009080715060:9-2009080715170:3.6.1-38.410:1.8_seamonkey_1.1.18-0.10:2.2.24-4.310:9-2009090911060:9-2009090911290:9-2009090911070:1.5.6i-64.120:9-2009090816130:9-2009090816140:1.8.17-366.80:9-2009080714040:9-2009080714090:9-2009080714070:2.6.7-28.220:9-2009080714030:9-2009080714080:7.11.0-39.200:1.5.0-0.760:1.5.0-0.780:0.10.13-2.450:0.10.13-2.430:0.10.13-2.470:2.5.STABLE5-42.560:9-2010032313210:9-2010032315570:9-2010032323140:2.3.3-88.280:1.5.0-0.700:1.5.0-0.710:0.9.10-21.50:2.2.3-83.400:2.04_1.5.4-1.280:9-2010052810060:9-2010052810100:9-2010052810080:1.0.1-56.100:6.2.5-49.190:2.6.5-7.3190:1.0-48.330:1.0.8-26.190:9-2009100209320:9-2009100209340:9-2009100209350:3.0.26a-0.110:0.3.6b-0.390:1.0.5-2.210:7.4.26-0.10:9-2009092100110:9-2009092101450:9-2009092104090:2.2.3-83.420:9-2010032915340:9-2010032915380:9-2010032915470:0.9.7d-15.430:1.1.20-108.630:9-2009120119280:9-2009120200560:9-2009120204350:1.0.8-26.280:1.4.2_sr13.4-0.100:1.4.2_sr13.4-0.70:1.4.2_sr13.6-0.70:1.5.0_sr11.2-0.10:1.5.0_sr11.2-0.60:9-2009111309410:9-2009111309430:9-2009111309480:0.9.7d-15.410:1.5.0_sr12.2-0.60:9-2010010816240:9-2010010816260:9-2010010816410:1.95.7-37.80:9-2009120700590:9-2009120701000:1.95.7-37.60:4.2.0a-23.220:9-2009103009460:9-2009103009490:1.95.7-37.40:9-2009120117100:9-2009120117110:9-2009120117150:1.5.2-56.50:1.4.2_sr13.3-0.70:7.4.27-0.10:9-2010010817160:9-2010010819420:9-2010010822420:1.0.0-618.180:10.11.4-172.180:8.12.11-2.130:8.12.11-2.160:1.07-225.190:1.3.5-136.160:1.3.29-71.280:2.8.16-71.280:1.4.2_sr13.5-0.70:0.96-2.10:9-2010031802130:9-2010031802170:9-2010031802200:1.2.5-182.280:2.2.24-4.330:9-2010063011030:9-2010063011110:9-2010063011150:9-2010091521080:9-2010091521090:9-2010091521110:1.0.2-346.110:9-2010043012530:9-2010043012540:9-2010043013000:1.2.5-174.90:1.1.20-108.650:9-2010102713530:9-2010031201180:9-2010031201320:3.0.26a-0.130:0.3.6b-0.410:2.6-70.50:1.13.25-325.120:1.0.8-26.230:5.0.19-29.270:9-2010042014520:9-2010042015400:9-2010042015430:4.3.99.902-43.1000:4.3.99.902-43.1040:9-2010072923560:9-2010073000020:9-2010073000070:5.8.3-32.160:9-2010090110270:9-2010090110280:9-2010090110330:1.2.5-182.300:1.4.2_sr13.8-0.10:1.4.2_sr13.8-0.70:1.4.2_sr13.8-0.150:9-2010052514280:9-2010052514300:9-2010052514310:3.6.1-38.430:0.96.1-0.10:0.99.7-11.100:9-2010081212570:9-2010081212590:9-2010081213020:2.1.7-53.230:9-2010061322310:9-2010061322320:9-2010061322370:3.0.26a-0.150:0.3.6b-0.430:2.6.5-7.3240:3.0.4_2.6.5_7.324-0.20:1.0-48.370:2.6.5-7.3250:3.0.4_2.6.5_7.325-0.20:1.0-48.380:9-2010100621140:9-2010100621160:9-2010100621150:2.1.7-53.250:9-2010091410400:9-2010091410430:9-2010091411060:3.0.26a-0.170:0.3.6b-0.450:0.96.4-0.10:1.5.0_sr12.3-0.110:1.5.0_sr12.3-0.120:5.0.19-29.290:9-2011041114360:9-2011041114410:9-2011041114450:0.9.7d-15.460:2.3.3-88.290:0.96.5-0.10:1.4.2_sr13.9-0.60:1.4.2_sr13.9-0.70:1.5.0_sr12.4-0.60:9-2011041515220:9-2011041515240:9-2011041515270:3.6.1-38.480:9-2011022816440:9-2011022816460:9-2011022816480:3.6.1-38.450:2.1.1-1.260:9-2011040808570:9-2011040809010:9-2011040809370:4.3.99.902-43.1050:9-2011061616490:9-2011061619500:9-2011061617250:9-2011061616060:2.3.3-98.1210:9-2011072920070:9-2011073020560:9-2011073002520:3.0.26a-0.190:0.3.6b-0.470:2.0.4-0.110:1.4.2_sr13.10-0.70:1.5.0_sr12.5-0.60:3.0.1rc13-28.290:0.10-18.80:1.3.22pl4-193.190:1.3.22pl4-193.170:0.10.13-2.490:2.2.3-83.440:9-2011072917570:9-2011080110050:9-2011072918120:9-2011072916510:2.3.3-98.1230:9-2011072917330:9-2011072921360:9-2011072920590:2.1.90-61.60:9-2011072918300:9-2011073106560:9-2011073008590:9-18.210:2.6.4-2.340:3.0.1-41.130:0.97.2-1.1