Debian Linux Security Advisory 2287-1 - The PNG library libpng has been affected by several vulnerabilities. The most critical one is the identified as CVE-2011-2690. Using this vulnerability, an attacker is able to overwrite memory with an arbitrary amount of data controlled by her via a crafted PNG image.
3e4ff8efb347ee8c838157bb520547cc9e35f8767d8e12ee5f0743289e6a2a10
Red Hat Security Advisory 2011-1105-01 - The libpng packages contain a library of functions for creating and manipulating PNG image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Note: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example.
a15792b3f1e80ca14608f17434901abad86b00e590ca41af294df19788e35990
HP Security Bulletin HPSBUX02689 SSRT100494 2 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.
410d172768a0ba4e161eff00917672425a62136388aa62870dd61928f6ac75a7
Ubuntu Security Notice 1180-1 - Eric Blake discovered an integer overflow flaw in libvirt. A remote authenticated attacker could exploit this by sending a crafted VCPU RPC call and cause a denial of service via application crash.
73488b7895c24ac8ac74d084316a22f34c14b187f20dc4e1f7217d106c0d496b
The PacSec 2011 Call For Papers has been announced. The PacSec meeting provides an opportunity for foreign specialists to be exposed to Japanese innovation and markets and collaborate on practical solutions to computer security issues. In an informal setting with a mixture of material bilingually translated in both English and Japanese the eminent technologists can socialize and attend training sessions. It will take place November 9th through the 10th, 2011 in Tokyo, Japan.
dca0f39b75814edf6679ea7e25c56ab736e16bbde5f2457e3596373f50b9883b
A vulnerability was discovered by Rocco Calvi and Steve Seeley which identifies unauthenticated time-based blind SQL injection in the "page" variable of the virtuemart component. This vulnerability allows an attacker to gain information from the database with specially crafted URLs taking advantage of the MySQL benchmark. This issue was patched in version 1.1.7a.
77bb79231bbb028fe492542d9e61d644cb065950ffe0899ea78eccb932223ecb
HP Security Bulletin HPSBMU02669 SSRT100346 3 - A potential security vulnerability has been identified with HP Data Protector's Media Management Daemon (mmd). The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 3 of this advisory.
023f9f0287071bd93ef56a2a9b53002c263f6c32acbfbdbfd8bb60c304c8288d
MyWebServer version 1.0.3 suffers from a remote denial of service vulnerability.
673ed7cfec26749b14ec4996ad07fbed7d17e304de1e91825849f7949f92e9ba
MyWebServer version 1.0.3 suffers from an arbitrary file download vulnerability.
d4996c4c733d4a5b035b5aae5c50a79599b51430fd59a050497f73d8eeff330f
Red Hat Security Advisory 2011-1104-01 - The libpng packages contain a library of functions for creating and manipulating PNG image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Note: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example.
092507d3038dfbf480768d784c2a9a2cdafa92eeddaa12ebcd38a530810d7ef6
HP Security Bulletin HPSBMU02691 SSRT100483 2 - A potential security vulnerability has been identified in HP Performance Agent and HP Operations Agent. The vulnerability can be exploited by remote unauthenticated users to delete arbitrary files. Revision 2 of this advisory.
d48b2413875cfdf36d816dcc286b9523aa1e735d9005430b43bc08b4467c992a
ICQ versions 7.5 and below for Windows remote denial of service exploit.
3a6a1153fe46b2a5d8f478cd4dbaf2afc905b2e7008deeedbe8ac9a11442f4d1
ManageEngine ServiceDesk Plus version 8.0 build 8013 suffers from multiple cross site scripting vulnerabilities.
4307cd7c0b9620083e36f686fe14e007f7ca64884c5ceaa83beff75b77a767ac
Ubuntu Security Notice 1179-1 - It was discovered that the hash processing code in libclamav improperly handled messages with certain hashes. This could allow a remote attacker to craft a document that could cause clamav to crash, resulting in a denial of service.
9ccd80cbdb629179bdb7f149238901f7768ec936dde8922f437227d26cddb7c8
Red Hat Security Advisory 2011-1103-01 - The libpng packages contain a library of functions for creating and manipulating PNG image format files. An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale extension. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash. Users of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.
9dc92fb24236ca66b3fa9371b984aa55e313f796547e3aad55237ae4d87a267b
HP Security Bulletin HPSBMU02693 SSRT100583 - Potential security vulnerabilities have been identified with HP Network Automation running on Linux, Solaris, and Windows. The vulnerabilities could be exploited remotely resulting in SQL injection and cross site scripting (XSS). Revision 1 of this advisory.
20cbc43130c1c87ccf95c28570cd3fa91cfef30974544441bbec0ad97014ac6b
A stack-based buffer overflow has been found in the Citrix XML Service of XenApp and XenDesktop which is installed on every server used for sharing applications. Successful exploitation allows arbitrary code execution on the server running the XML service.
8c2aad516fccebdeefca7b40556e1cfb18e6b22108f839a744c124db43130d39
Midori Browser version 0.3.2 suffers from a denial of service vulnerability.
deb589c219ec48802776ce4086a3f468b0a54ffa47bd8d8841912deec989fbad
Red Hat Security Advisory 2011-1102-01 - libsoup is an HTTP client/library implementation for GNOME. A directory traversal flaw was found in libsoup's SoupServer. If an application used SoupServer to implement an HTTP service, a remote attacker who is able to connect to that service could use this flaw to access any local files accessible to that application via a specially-crafted request. All users of libsoup should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using libsoup's SoupServer must be restarted for the update to take effect.
2d111ef0e64d2744457f6d7bec28ca03c7a869c7b009fdbc59b288e639888134
Multiple games using the Quake engine suffer from remote shell injection and code execution vulnerabilities.
40d5a0eda94f7c3b08a03211b96c36f7794a9900ae0eccda97964850b880b469