Gentoo Linux Security Advisory GLSA 200712-25 - The HSQLDB engine, as used in Openoffice.org, does not properly enforce restrictions to SQL statements. Versions less than 2.3.1 are affected.
1e53e32e33582247af57b2f25aa112d8a309e06fb922229c61f1d6eb821cf84f
Gentoo Linux Security Advisory GLSA 200712-24 - The Cairo versions used by the AMD64 x86 emulation GTK+ libraries were vulnerable to integer overflow vulnerabilities (GLSA 200712-04). Versions less than 20071214 are affected.
5fa89f604687472d61e96c6bdaf4f50c7dd46ebd2b06a0042eceb8af108a3683
Gentoo Linux Security Advisory GLSA 200712-23 - Multiple buffer overflows and infinite loops were discovered in multiple dissector and parser components, including those for MP3 and NCP (CVE-2007-6111), PPP (CVE-2007-6112), DNP (CVE-2007-6113), SSL and iSeries (OS/400) Communication traces (CVE-2007-6114), ANSI MAP (CVE-2007-6115), Firebird/Interbase (CVE-2007-6116), HTTP (CVE-2007-6117), MEGACO (CVE-2007-6118), DCP ETSI (CVE-2007-6119), Bluetooth SDP (CVE-2007-6120), RPC Portmap (CVE-2007-6121), SMB (CVE-2007-6438), IPv6 amd USB (CVE-2007-6439), WiMAX (CVE-2007-6441), RPL (CVE-2007-6450), CIP (CVE-2007-6451). The vulnerabilities were discovered by Stefan Esser, Beyond Security, Fabiodds, Peter Leeming, Steve and ainsley. Versions less than 0.99.7 are affected.
bf36ff899c761e97a5f00149bcd4e716d1df66512c8fe7cd63197ace44cec7f7
Gentoo Linux Security Advisory GLSA 200712-22 - David Bloom reported two vulnerabilities where plug-ins (CVE-2007-6520) and Rich text editing (CVE-2007-6522) could be used to allow cross domain scripting. Alexander Klink (Cynops GmbH) discovered an issue with TLS certificates (CVE-2007-6521). Gynvael Coldwind reported that bitmaps might reveal random data from memory (CVE-2007-6524). Versions less than 9.25 are affected.
530363e74b05a9c0cab7ab3ccbe4e38646d82e728737b3b36e700bc1f9db60fc
TK53 Advisory 2 - Multiple vulnerabilities exist in ClamAV version 0.92 including a race condition and bypass flaws.
60f282650db36b99a8714bd90bc91b916c65759e7573026b8b48aaf66bad3ad2
Fingerprints in Astaro Security Gateway version 7.1 could allow a remote attacker to create malicious payloads.
2f9ea311b09010ad3e8ad33024368042b35a137bbdea00e122e1fe24cf6ed200
Gentoo Linux Security Advisory GLSA 200712-21 - Jesse Ruderman and Petko D. Petkov reported that the jar protocol handler in Mozilla Firefox and Seamonkey does not properly check MIME types (CVE-2007-5947). Gregory Fleischer reported that the window.location property can be used to generate a fake HTTP Referer (CVE-2007-5960). Multiple memory errors have also been reported (CVE-2007-5959). Versions less than 2.0.0.11 are affected.
244d0fd277ba8fac81e13a718b0d70f27593de6f68f4ffcc21be93c9017b2b37
Gentoo Linux Security Advisory GLSA 200712-20 - iDefense reported an integer overflow vulnerability in the cli_scanpe() function when parsing Portable Executable (PE) files packed in the MEW format, that could be exploited to cause a heap-based buffer overflow (CVE-2007-6335). Toeroek Edwin reported an off-by-one error when decompressing MS-ZIP compressed CAB files (CVE-2007-6336). An unspecified vulnerability related to the bzip2 decompression algorithm has also been discovered (CVE-2007-6337). Versions less than 0.91.2-r1 are affected.
e3b7501c28f682a4dae876bbf5d70640402854f24b4eafc3f39148e015a7fbba
Gentoo Linux Security Advisory GLSA 200712-19 - Oriol Carreras reported a NULL pointer dereference in the log_msg_parse() function when processing timestamps without a terminating whitespace character. Versions less than 2.0.6 are affected.
af2a73ce617ca3e2591566523a16dc39a1f737309c21751694645e09489caf12
Gentoo Linux Security Advisory GLSA 200712-18 - nnp discovered multiple vulnerabilities in the XML-RPC handler in the file webserver.c. The ws_addarg() function contains a format string vulnerability, as it does not properly sanitize username and password data from the Authorization: Basic HTTP header line (CVE-2007-5825). The ws_decodepassword() and ws_getheaders() functions do not correctly handle empty Authorization header lines, or header lines without a ':' character, leading to NULL pointer dereferences (CVE-2007-5824). Versions less than 0.2.4.1 are affected.
f6dc6d5291323beb2d64c29038b1d0c5f7ed88fdf9ce6318f7c6354fb9927501
Gentoo Linux Security Advisory GLSA 200712-17 - Meder Kydyraliev (Google Security) discovered that Exif metadata is not properly sanitized before being processed, resulting in illegal memory access in the postprop() and other functions (CVE-2007-6354). He also discovered integer overflow vulnerabilities in the parsetag() and other functions (CVE-2007-6355) and an infinite recursion in the readifds() function caused by recursive IFD references (CVE-2007-6356). Versions less than 1.01 are affected.
f30846d92920feb64cca0600f08f57d830e4f7c5ad70f386131e9e96d25cbe72
Gentoo Linux Security Advisory GLSA 200712-16 - Meder Kydyraliev (Google Security) discovered an integer overflow vulnerability in the JpegThumbnail::setDataArea() method leading to a heap-based buffer overflow. Versions less than 0.13-r1 are affected.
0838f951a07633804d7f72dd5eb43d96f4126b11750c435467e868103e40c792
Gentoo Linux Security Advisory GLSA 200712-15 - Meder Kydyraliev (Google Security) discovered an integer overflow vulnerability in the exif_data_load_data_thumbnail() function leading to a memory corruption (CVE-2007-6352) and an infinite recursion in the exif_loader_write() function (CVE-2007-6351). Versions less than 0.6.16-r1 are affected.
548c9365116cd57441912256c386abd5de38d4e909eeeb81d347df3bf442698a
Debian Security Advisory 1442-1 - Rubert Buchholz discovered that libsndfile, a library for reading / writing audio files performs insufficient boundary checks when processing FLAC files, which might lead to the execution of arbitrary code.
62cfe9ae74d16a5aab70897bf8b2abb6d67747b06cb8f5bd3fba49913d6e685e
CoolPlayer versions 217 and below suffer from a buffer overflow vulnerability in CPLI_Readtag_OGG.
66d3dadb5060e1f3cc0214890a623a21f31de96d30f8f1d23645f759ad9e7d5d
Debian Security Advisory 1441-1 - Luigi Auriemma discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a heap overflow in the HTTP server code, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
cef02df841d0e0ba4f8993f029faa88f08ee953355da568361615eb6b6162f13
Debian Security Advisory 1440-1 - It was discovered that a buffer overflow in the filename processing of the inotify-tools, a command-line interface to inotify, may lead to the execution of arbitrary code. This only affects the internal library and none of the frontend tools shipped in Debian.
c0807820bbc047f24c6961c701a657264d69fe62c7a0dd11c5dfabc0fdc7710b
Debian Security Advisory 1439-1 - Henning Pingel discovered that TYPO3, a web content management framework, performs insufficient input sanitising, making it vulnerable to SQL injection by logged-in backend users.
ce580dc6399b167f7d677f0988c8fc1bf688e4ac1d63898af524add50e100dd3
Debian Security Advisory 1438-1 - Several vulnerabilities have been discovered in GNU Tar. A directory traversal vulnerability enables attackers using specially crafted archives to extract contents outside the directory tree created by tar. A stack-based buffer overflow in the file name checking code may lead to arbitrary code execution when processing maliciously crafted archives.
cdb091cdc7a22e2e70fc77812d2d98bb673e8958c2eb906c42c3d283d52a525e
The HP Photosmart C6280 network printer ships with unchangeable insecure default settings.
3f8d822d389123e6a71204604895e1acf082a7d436552de278b7e6c6e771cd87
Debian Security Advisory 1405-3 - The Plone developers discovered that their hotfix, released as DSA 1405, introduced two regressions. This update corrects these flaws. It was discovered that Plone, a web content management system, allows remote attackers to execute arbitrary code via specially crafted web browser cookies.
f8c4cb7b087f9f2293e88fb37d88e5ff7d90d653a0b0d0fe36cda51d032dbfb8
Multiple cross site request forgery vulnerabilities may exist in all versions of Joomla!.
67af246ade54bf269330420e99b6454ead1c811c69b2b4e83ed1299524d0690f
libnemesi versions 0.6.4-rc1 and below suffer from multiple buffer overflow vulnerabilities.
bd6793c0b74339d1048640fcab984245bc6341a27ff418d695e6758a405bef9b
Feng versions 0.1.15 and below suffer from buffer overflow and denial of service vulnerabilities.
6d66f08551e8a361293d57f93f34f6363a461dfe29986834e42b8b0d57bb9541
Extended Module Player (XMP) versions 2.5.1 and below suffer from multiple buffer overflow vulnerabilities.
3ca0c94e973e5be492405539f40455938cdbd7b00bbe9896d3e1f187ec83dc91