|
|
Colapse all |
Post message
[SECURITY] [DSA 1909-1] New postgresql-ocaml packages provide secure escaping 2009-10-15 white debian org (Steffen Joeris) [USN-848-1] Zope vulnerabilities 2009-10-14 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-848-1 October 14, 2009 zope3 vulnerabilities CVE-2009-0668, CVE-2009-0669 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 [ more ] [ reply ] Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities 2009-10-14 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities Advisory ID: cisco-sa-20091014-cup Revision 1.0 For Public Release 2009 October 14 1600 UTC (GMT) +-------------------------------------------------------------------- [ more ] [ reply ] DEFCON London - DC4420 October 2009 Meet - This Thursday 15th 2009-10-13 Major Malfunction (majormal pirate-radio org) Secunia Research: Microsoft Office BMP Image Colour Handling Integer Overflow 2009-10-14 Secunia Research (remove-vuln secunia com) [AntiSnatchOr] Eclipse BIRT <= 2.2.1 Reflected XSS 2009-10-13 Michele Orru (antisnatchor gmail com) Eclipse BIRT <= 2.2.1 Reflected XSS Vendor: Eclipse Advisory: http://antisnatchor.com/2008/12/18/eclipse-birt-reflected-xss/ Author: Michele "euronymous" Orrù (euronymous AT antisnatchor DOT com) Quite a common problem in a lot of Java based applications: reflected XSS in Java stack trace. A Ref [ more ] [ reply ] Windows GDI+ TIFF memory corruption 2009-10-14 Ivan Fratric (ifsecure gmail com) There is a memory corruption vulnerability in TIFF file processing in Microsoft GDI+ that can be used to crash a vulnerable application and also to execute arbitrary code. ################### #The vulnerability# ################### The vulnerability is caused due to errors in decompression of CCIT [ more ] [ reply ] Windows Media Audio Voice remote code execution 2009-10-14 Ivan Fratric (ifsecure gmail com) There is a vulnerability in Windows Media Audio Voice decoder distributed with Windows Media Player that allows remote code execution by opening a specially crafted web page. ################### #The vulnerability# ################### The cause of the vulnerability is a bound checking error in the [ more ] [ reply ] [SECURITY] [DSA 1908-1] New samba packages fix several vulnerabilities 2009-10-14 Nico Golde (nion debian org) [AntiSnatchOr] Pentaho Bi-server multiple vulnerabilities 2009-10-13 Michele Orru (antisnatchor gmail com) Pentaho 1.7.0.1062 Multiple Vulnerabilities Name Multiple Vulnerabilities in Pentaho Systems Affected Pentaho <= 1.7.0.1062 Severity High Impact (CVSSv2) High 7/10, vector: (AV:N/AC:L/Au:S/C:P/I:C/A:P) Vendor http://www.pentaho.com Advisory http://antisnatchor.com/2009/06/20/pentaho-1701062-m [ more ] [ reply ] iDefense Security Advisory 10.13.09: Microsoft Office Drawing Format Shape Properties Memory Corruption Vulnerability 2009-10-13 iDefense Labs (labs-no-reply idefense com) iDefense Security Advisory 10.13.09 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 13, 2009 I. BACKGROUND Microsoft Office is a suite of products used for document, spreadsheet, and presentation creation and viewing. Office Drawing Format is a binary file format developed by Microsoft. [ more ] [ reply ] iDefense Security Advisory 10.13.09: Microsoft Windows GDI+ TIFF File Parsing Buffer Overflow Vulnerability 2009-10-13 iDefense Labs (labs-no-reply idefense com) iDefense Security Advisory 10.13.09 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 13, 2009 I. BACKGROUND The GDI+ library 'GdiPlus.dll' provides access to a number of graphics methods, via a class based API. For more information on GDI+, please visit following URL. http://msdn2.micro [ more ] [ reply ] iDefense Security Advisory 10.13.09: Adobe Acrobat and Reader Firefox Plugin Use After Free Vulnerability 2009-10-13 iDefense Labs (labs-no-reply idefense com) iDefense Security Advisory 10.13.09 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 13, 2009 I. BACKGROUND Adobe Acrobat Reader/Acrobat are programs for viewing and editing Portable Document Format (PDF) documents. For more information, see the vendor's site found at the following link. [ more ] [ reply ] ZDI-09-073: Adobe Reader Compact Font Format Malformed Index Memory Corruption Vulnerability 2009-10-13 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-09-073: Adobe Reader Compact Font Format Malformed Index Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-073 October 13, 2009 -- CVE ID: CVE-2009-2985 -- Affected Vendors: Adobe -- Affected Products: Adobe Acrobat Adobe Reader -- TippingPoint(TM) IPS Custom [ more ] [ reply ] ZDI-09-070: Microsoft Internet Explorer Event Object Type Double-Free Vulnerability 2009-10-13 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-09-070: Microsoft Internet Explorer Event Object Type Double-Free Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-070 October 13, 2009 -- CVE ID: CVE-2009-2530 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Mic [ more ] [ reply ] iDefense Security Advisory 10.13.09: Adobe Acrobat and Reader U3D File Invalid Array Index Vulnerability 2009-10-13 iDefense Labs (labs-no-reply idefense com) iDefense Security Advisory 10.13.09 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 13, 2009 I. BACKGROUND Adobe Acrobat Reader/Acrobat are programs for viewing and editing Portable Document Format (PDF) documents. For more information, see the vendor's site found at the following link. [ more ] [ reply ] ZDI-09-072: Microsoft Windows GDI+ TIFF Parsing Code Execution Vulnerability 2009-10-13 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-09-072: Microsoft Windows GDI+ TIFF Parsing Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-072 October 13, 2009 -- CVE ID: CVE-2009-2503 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Windows Vista Microsoft Windows XP Microsoft Windows Server [ more ] [ reply ] ZDI-09-071: Microsoft Internet Explorer writing-mode Memory Corruption Vulnerability 2009-10-13 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-09-071: Microsoft Internet Explorer writing-mode Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-071 October 13, 2009 -- CVE ID: CVE-2009-2531 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Mi [ more ] [ reply ] ZDI-09-069: Microsoft Windows Media Player Audio Voice Sample Rate Memory Corruption Vulnerability 2009-10-13 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-09-069: Microsoft Windows Media Player Audio Voice Sample Rate Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-069 October 13, 2009 -- CVE ID: CVE-2009-0555 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Windows Media Player 11 Microsoft Wind [ more ] [ reply ] [BONSAI] XSS in Achievo - Customized XSS payload included 2009-10-13 Bonsai - Information Security (advisories bonsai-sec com) [BONSAI] SQL Injection in Achievo 2009-10-13 Bonsai - Information Security (advisories bonsai-sec com) [SECURITY] [DSA 1907-1] New kvm packages fix several vulnerabilities 2009-10-13 iuculano debian org (Giuseppe Iuculano) Palm Pre WebOS version <= 1.1 Floating Point Exception 2009-10-13 PalmPreHacker gmail com I. Description The Palm Pre WebOS version <= 1.1 suffers from a floating point exception vulnerability when attempting to view a specially crafted web page. This vulnerability has been addressed in the latest patch from Palm and all users are recommended to update to WebOS version 1.2+. II. Impa [ more ] [ reply ] Quick Heal Local Privilege Escalation Vulnerability 2009-10-13 ss_contacts hotmail com ShineShadow Security Report 13102009-11 TITLE Quick Heal Local Privilege Escalation Vulnerability BACKGROUND Quick Heal Technologies is leading provider of AntiVirus and Internet Security tools and is leader in Anti-Virus Technology in India. A privately held company, Quick Heal Technolo [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1909-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Steffen Joeris
October 14, 2009
[ more ] [ reply ]