It was discovered that PHP did not properly handle certain malformed JPEG images when being parsed by the Exif module. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service. [More...]
It was discovered that KDE-Graphics did not properly handle certain malformed SVG images. If a user were tricked into opening a specially crafted SVG image, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. [More...]
It was discovered that KDE-Libs did not properly handle certain malformed SVG images. If a user were tricked into opening a specially crafted SVG image, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 9.04. (CVE-2009-0945) [More...]
Several flaws were discovered in the rendering engine of Thunderbird. IfJavascript were enabled, an attacker could exploit these flaws to crashThunderbird.
Federico Muttis discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. [More...]
Moxie Marlinspike and Dan Kaminsky independently discovered that GnuTLS didnot properly handle certificates with NULL characters in the certificatename. An attacker could exploit this to perform a man in the middle attackto view sensitive information or alter encrypted communications.(CVE-2009-2730) [More...]
USN-802-1 fixed vulnerabilities in Apache. The upstream fix for CVE-2009-1891 introduced a regression that would cause Apache children to occasionally segfault when mod_deflate is used. This update fixes the problem. [More...]
Tavis Ormandy and Julien Tinnes discovered that Linux did not correctlyinitialize certain socket operation function pointers. A local attackercould exploit this to gain root privileges. By default, Ubuntu 8.04and later with a non-zero /proc/sys/vm/mmap_min_addr setting were notvulnerable. [More...]
Scott Cantor discovered that Curl did not correctly handle SSLcertificates with zero bytes in the Common Name. A remote attacker couldexploit this to perform a man in the middle attack to view sensitiveinformation or alter encrypted communications. [More...]
Moxie Marlinspike discovered that fetchmail did not properly handlecertificates with NULL characters in the certificate name. A remoteattacker could exploit this to perform a man in the middle attack toview sensitive information or alter encrypted communications. [More...]
It was discovered that libxml2 did not correctly handle root XML document element DTD definitions. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. (CVE-2009-2414) [More...]
It was discovered that the XML HMAC signature system did notcorrectly check certain lengths. If an attacker sent a truncatedHMAC, it could bypass authentication, leading to potential privilegeescalation. (CVE-2009-0217) [More...]
Matt Lewis discovered that apr did not properly sanitize its input whenallocating memory. If an application using apr processed crafted input, aremote attacker could cause a denial of service or potentially executearbitrary code as the user invoking the application. [More...]
Matt Lewis discovered that Subversion did not properly sanitize its inputwhen processing svndiff streams, leading to various integer and heapoverflows. If a user or automated system processed crafted input, a remoteattacker could cause a denial of service or potentially execute arbitrarycode as the user processing the input. [More...]
Juan Pablo Lopez Yacubian discovered that Firefox did not properly displayinvalid URLs. If a user were tricked into accessing a malicious website, anattacker could exploit this to spoof the location bar, such as in aphishing attack. Furthermore, if the malicious website had a valid SSLcertificate, Firefox would display the spoofed page as trusted. [More...]
Moxie Marlinspike discovered that NSS did not properly handle regularexpressions in certificate names. A remote attacker could create aspecially crafted certificate to cause a denial of service (via applicationcrash) or execute arbitrary code as the user invoking the program.(CVE-2009-2404) [More...]
Micha Krause discovered that Bind did not correctly validate certaindynamic DNS update packets. An unauthenticated remote attacker couldsend specially crafted traffic to crash the DNS server, leading to adenial of service. [More...]
