 |
|
|
|
| Dovecot insufficient SSL certificates validation | | Published: |  | 12.12.2011 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 12084 | | Type: |  | m-i-t-m | | Level: |  | 4/10 | | Description: |  | Insuficcient certificate validation if used as an SSL proxy. |
| ACPI scripts privilege escalation | | Published: | | 12.12.2011 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12085 | | Type: | | local | | Level: | | 5/10 | | Description: | | invalid power button events processing, invalid umsk handling. |
| Linux kernel multiple security vulnerabilities | | Published: | | 12.12.2011 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12086 | | Type: | | local | | Level: | | 5/10 | | Description: | | Multiple vulnerabilities in file systems implementations. |
| CVE: |  | CVE-2011-4330 (Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field.) | | | | CVE-2011-4330 (Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field.) | | | | CVE-2011-4326 (The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv6 UDP packets to a bridge device.) | | | | CVE-2011-4132 (The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value.") | | | | CVE-2011-4081 (crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.) | | | | CVE-2011-4077 (Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.) |
| colord SQL injection | | Published: | | 12.12.2011 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12087 | | Type: | | local | | Level: | | 4/10 | | Description: | | |
| WinAmp integer overflows | | Published: | | 12.12.2011 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12089 | | Type: | | local | | Level: | | 4/10 | | Description: | | Different integer overflows in AVI parsing. |
| Affected: |  | WINAMP : Winamp 5.622 | | CVE: | | CVE-2011-3834 (Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow.) |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 12.12.2011 | | Source: | | | | SecurityVulns ID: | | 12088 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
|
|
|
|
|
|
|
|
