Sergey Nizovtsev discovered that Aptdaemon incorrectly filtered certain arguments when using its D-Bus interface. A local attacker could use this flaw to bypass security restrictions and view sensitive information by reading arbitrary files. [More...]
It was discovered that Gabble did not verify the from field of google jingleinfo updates. This could allow a remote attacker to perform man in the middle attacks (MITM) on streamed media.
It was discovered that Django did not properly validate HTTP requests that contain an X-Requested-With header. An attacker could exploit this vulnerability to perform cross-site request forgery (CSRF) attacks. (CVE-2011-0696) [More...]
Kees Cook discovered that some shadow utilities did not correctly validateuser input. A local attacker could exploit this flaw to inject newlines intothe /etc/passwd file. If the system was configured to use NIS, this couldlead to existing NIS groups or users gaining or losing access to the system,resulting in a denial of service or unauthorized access. [More...]
Neel Mehta discovered that incorrectly formatted ClientHello handshakemessages could cause OpenSSL to parse past the end of the message.This could allow a remote attacker to cause a crash and denial ofservice by triggering invalid memory accesses. [More...]
Keiichi Mori discovered that the MIT krb5 KDC database propagationdaemon (kpropd) is vulnerable to a denial of service attack dueto improper logic when a worker child process exited becauseof invalid network input. This could only occur when kpropd isrunning in standalone mode; kpropd was not affected when running in [More...]
Neil Wilson discovered that if VNC passwords were blank in QEMUconfigurations, access to VNC sessions was allowed without a passwordinstead of being disabled. A remote attacker could connect to runningVNC sessions of QEMU and directly control the system. By default, QEMUdoes not start VNC sessions. [More...]
Stéphane Graber discovered that the iTALC private keys shipped with the Edubuntu Live DVD were not correctly regenerated once Edubuntu was installed. If an iTALC client was installed with the vulnerable keys, a remote attacker could gain control of the system. Only systems using keys from the Edubuntu Live DVD were affected. [More...]
It was discovered that Exim contained a design flaw in the way it processed alternate configuration files. An attacker that obtained privileges of the "Debian-exim" user could use an alternate configuration file to obtain root privileges. (CVE-2010-4345) [More...]
It was discovered that the ACL plugin in Dovecot would incorrectly propagate ACLs to new mailboxes. A remote authenticated user could possibly read new mailboxes that were created with the wrong ACL. (CVE-2010-3304) [More...]
Geoff Keating reported that a buffer overflow exists in the intarraymodule's input function for the query_int type. This could allow anattacker to cause a denial of service or possibly execute arbitrarycode as the postgres user. [More...]
Dave Chinner discovered that the XFS filesystem did not correctly orderinode lookups when exported by NFS. A remote attacker could exploit this toread or write disk blocks that had changed file assignment or had becomeunlinked, leading to a loss of privacy. (CVE-2010-2943) [More...]
Charlie Miller discovered several heap overflows in PPT processing. Ifa user or automated system were tricked into opening a specially craftedPPT document, a remote attacker could execute arbitrary code with userprivileges. Ubuntu 10.10 was not affected. (CVE-2010-2935, CVE-2010-2936) [More...]
Gleb Napatov discovered that KVM did not correctly check certainprivileged operations. A local attacker with access to a guest kernelcould exploit this to crash the host system, leading to a denial ofservice. (CVE-2010-0435) [More...]
It was discovered that IcedTea for Java did not properly verify signatures when handling multiply signed or partially signed JAR files, allowing an attacker to cause code to execute that appeared to come from a verified source. (CVE-2011-0025) [More...]
It was discovered that Subversion incorrectly handled certain 'partial access' privileges in rare scenarios. Remote authenticated users could use this flaw to obtain sensitive information (revision properties). This issue only applied to Ubuntu 6.06 LTS. (CVE-2007-2448) [More...]
It was discovered that the JNLP SecurityManager in IcedTea for JavaOpenJDK in some instances failed to properly apply the intendedscurity policy in its checkPermission method. This could allow anattacker execute code with privileges that should have been prevented.(CVE-2010-4351) [More...]
Sebastian Krahmer discovered that HPLIP incorrectly handled certain long SNMP responses. A remote attacker could send malicious SNMP replies to certain HPLIP tools and cause them to crash or possibly execute arbitrary code. [More...]
It was discovered that Tomcat did not properly escape certain parameters in the Manager application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit [More...]
It was discovered that AWStats did not correctly filter the LoadPlugin configuration option. A local attacker on a shared system could use this to inject arbitrary code into AWStats.
