Dado que la información es extraida directamente de sus fuentes, la misma está disponible únicamente en Inglés. Haciendo click sobre el título de cada vulnerabilidad, es posible obtener más información sobre la misma.

 

Miércoles 4 de Enero de 2012

FFmpeg Prior to 0.7.8 and 0.8.7 Multiple Remote Code Execution Vulnerabilities

FFmpeg is prone to multiple remote code-execution vulnerabilities. An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Versions prior to FFmpeg 0.7.8 and 0.8.7 are vulnerable.

FFmpeg libavcodec 'vmd decode()' Heap Based Buffer Overflow Vulnerability

FFmpeg is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.Attackers can leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

 

Viernes 23 de Diciembre de 2011

Microsoft Windows 'Win32k.sys' TrueType Font Handling Remote Code Execution Vulnerability

Microsoft Windows kernel is prone to a remote code-execution vulnerability.An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially malformed TrueType font.Successful exploits can allow attackers to execute arbitrary code with kernel-level privileges. Failed exploit attempts may result in a denial-of-service condition.

 

Viernes 16 de Diciembre de 2011

Linux Kernel Generic Receive Offload (GRO) CVE-2011-2723 Denial of Service Vulnerability

The Linux kernel is prone to a denial-of-service vulnerability.Attackers can exploit this issue to trigger a denial-of-service condition.

Linux Kernel FBIOGET_VBLANK 'drivers/video/sis/sis_main.c' Information Disclosure Vulnerability

The Linux kernel is prone to an information-disclosure vulnerability.Successful exploits may allow attackers to obtain potentially sensitive information from the stack that may aid in other attacks.Linux kernel 2.6.11 up to but not including 2.6.36-rc6 are vulnerable.

Linux Kernel SCTP Local Race Condition Vulnerability

The Linux kernel is prone to a local race-condition vulnerability that affects the SCTP subsystem.A local attacker may exploit this issue to cause a kernel panic, denying service to legitimate users.

ISC BIND 9 Recursive Queries Remote Denial of Service Vulnerability

ISC BIND is prone to a remote denial-of-service vulnerability.An attacker can exploit this issue to cause the 'named' process to crash, denying service to legitimate users.

OpenSSL Internal Certificate Verification Routine Security Bypass Vulnerability

OpenSSL is prone to a security-bypass vulnerability. A successful exploit will allow attackers to bypass the certificate validation mechanism. This may aid in further attacks. OpenSSL versions 1.0.0 through 1.0.0d.

Linux Kernel 'hfs_mac2asc()' Local Privilege Escalation Vulnerability

The Linux kernel is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

 

Miércoles 14 de Diciembre de 2011

Netpbm XPM File Remote Stack Buffer Overflow Vulnerability

Netpbm is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.Successful exploits may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.Versions prior to Netpbm 10.47.07 are vulnerable.

OpenIPMI 'ipmievd' Daemon PID Files Insecure File Permissions Vulnerability

OpenIPMI is prone to an insecure-file-permissions vulnerability that affects the IPMI event daemon ('ipmievd').An attacker may exploit this vulnerability to terminate other processes and deny service to legitimate users.

 

Sábado 3 de Diciembre de 2011

rpm-python RPM File Handling Remote Memory Corruption Vulnerability

rpm-python is prone to a remote memory corruption vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition.

 

Martes 22 de Noviembre de 2011

SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

The SSL and TLS protocols are prone to an information disclosure vulnerability. A man-in-the-middle attacker can exploit this issue to decrypt encrypted traffic. This will result in a false sense of security, and potentially result in the disclosure of sensitive information.

 

Viernes 18 de Noviembre de 2011

Mozilla Firefox/Thunderbird CVE-2011-3653 Information Disclosure Vulnerability

Mozilla Firefox and Thunderbird are prone to an information-disclosure vulnerability.Attackers can exploit this issue to obtain potentially sensitive information.These issues are fixed in:Firefox 8.0Thunderbird 8.0

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2011-2999 Cross Domain Scripting Vulnerability

Mozilla Firefox, SeaMonkey, and Thunderbird are prone to a cross-domain scripting vulnerability.A remote attacker can exploit this vulnerability to bypass the same-origin policy, execute arbitrary script code, obtain potentially sensitive information, or launch spoofing attacks against other sites.NOTE: This issue was previously covered in BID 49800 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2011-36 through -45 Multiple Vulnerabilities) but has been given its own record for better documentation.These issues are fixed in:Firefox 6.0Firefox 3.6.23Thunderbird 6.0SeaMonkey 2.3

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2011-3000 HTTP Response Splitting Vulnerability

Mozilla Firefox, SeaMonkey, and Thunderbird are prone to a remote HTTP response-splitting vulnerability. Attackers can leverage this issue to influence or misrepresent how Web content is served, cached, or interpreted. This could aid in various attacks that try to instill client users with a false sense of trust.This issue is fixed in:Firefox 7.0Firefox 3.6.23Thunderbird 7.0SeaMonkey 2.4

Mozilla Firefox/Thunderbird/SeaMonkey Enter Key Dialog Bypass Vulnerability

Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a vulnerability that may result in the installation of an arbitrary add-on.An attacker may be able to exploit this issue to bypass a confirmation dialog and install an arbitrary add-on. This may aid in further attacks.Versions prior to the following are vulnerable: Firefox 7.0Thunderbird 7.0SeaMonkey 2.4NOTE: This issue was previously covered in BID 49800 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2011-36 through -45 Multiple Vulnerabilities)

 

Jueves 17 de Noviembre de 2011

Oracle Java SE CVE-2011-3553 Remote Java Runtime Environment Vulnerability

Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the 'JAXWS' sub-component. This vulnerability affects the following supported versions:JDK and JRE 7, 6 Update 27, JRockit R28.1.4