 |
|
|
|
| Google Chrome DoS | | Published: |  | 25.08.2009 | | Source: |  | MustLive | | SecurityVulns ID: |  | 10174 | | Type: |  | remote | | Level: |  | 4/10 | | Description: |  | Hang on chromehtml: URL handling. |
| PHP DoS | | Published: | | 25.08.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10176 | | Type: | | library | | Level: | | 5/10 | | Description: | | Crash on JPEG Exif data parsing. |
| Affected: |  | PHP : PHP 5.2 | | CVE: |  | CVE-2009-2687 (The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.) |
| Linux kernel multiple security vulnerabilities | | Published: | | 25.08.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10177 | | Type: | | local | | Level: | | 5/10 | | Description: | | Multiple DoS conditions, information leaks. |
| CVE: | | CVE-2009-2849 (The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 might allow local users to cause a denial of service (NULL pointer dereference) via vectors related to "suspend_* sysfs attributes" and the (1) suspend_lo_store or (2) suspend_hi_store functions. NOTE: this is only a vulnerability when sysfs is writable by an attacker.) | | | | CVE-2009-2848 (The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.) | | | | CVE-2009-2847 (The do_sigaltstack function in kernel/signal.c in Linux kernel 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack function.) | | | | CVE-2009-2846 (The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes that ppos is positive and causes an out-of-bounds read in the readb function.) | | | | CVE-2009-2698 (The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.) |
| Avast Antivirus buffer overflow | | Published: | | 25.08.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10179 | | Type: | | local | | Level: | | 5/10 | | Description: | | Buffer overflow in File System Filter driver. |
| Mozilla Firefox extensions multiple security vulnerabilities | | Published: | | 25.08.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10181 | | Type: | | client | | Level: | | 6/10 | | Description: | | Different exntensions allow code execution. |
| WM Downloader buffer overflow | | Published: | | 25.08.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10182 | | Type: | | local | | Level: | | 5/10 | | Description: | | Buffer overflows on different playlist formats parsing. |
| DoS in multiple browsers | | Published: | | 25.08.2009 | | Source: | | MILW0RM | | SecurityVulns ID: | | 10175 | | Type: | | client | | Level: | | 5/10 | | Description: | | Hang or crash on oversized location.hash |
| Cisco CS-MARS information leak | | Published: | | 25.08.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10178 | | Type: | | remote | | Level: | | 5/10 | | Description: | | User's password may be stored in server logs. |
| libneon certificate spoofing | | Published: | | 25.08.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10183 | | Type: | | library | | Level: | | 5/10 | | Description: | | Invalid NULL character processing in CN field. |
| CVE: | | CVE-2009-2474 (neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.) | | | | CVE-2009-2473 (neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.) |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 25.08.2009 | | Source: | | | | SecurityVulns ID: | | 10180 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
libvorbis multiple security vulnerabilities
updated since 04.06.2008 | | Published: | | 25.08.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9045 | | Type: | | library | | Level: | | 6/10 | | Description: | | Multiple integer overflows and denial of service. |
| Affected: | | LIBVORBIS : libvorbis 1.1 | | CVE: | | CVE-2009-2663 (libvorbis before r16182, as used in Mozilla Firefox before 3.0.13 and 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.) | | | | CVE-2008-1423 | | | | CVE-2008-1420 | | | | CVE-2008-1419 |
|
|
|
|
|
|
|
|
