Monthly Archive: May 2011

Google Chrome before 11.0.696.57 on Linux does not properly interact with the X Window System, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. Date published : 2011-05-03...

Google Chrome before 11.0.696.57 does not properly implement the tabs permission for extensions, which allows remote attackers to read local files via a crafted extension. Date published : 2011-05-03 http://code.google.com/p/chromium/issues/detail?id=72523 http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html

Google Chrome before 11.0.696.57 does not ensure thread safety during handling of MIME data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Date...

Race condition in Google Chrome before 11.0.696.57 on Linux and Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to linked lists...

Unspecified vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to bypass the pop-up blocker via vectors related to plug-ins. Date published : 2011-05-03 http://code.google.com/p/chromium/issues/detail?id=70538 http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html

Google Chrome before 11.0.696.57 does not properly handle floating objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale...

Array index error in the asihpi_hpi_ioctl function in sound/pci/asihpi/hpioctl.c in the AudioScience HPI driver in the Linux kernel before 2.6.38.1 might allow local users to cause a denial of service (memory corruption) or possibly...

Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that...

The CoolType library in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4...

Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors. Date published : 2011-05-02 http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes

Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors. Date published : 2011-05-02 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952 http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes

Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors. Date published : 2011-05-02 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952 http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes

Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remote attackers to bypass intended access restrictions in opportunistic circumstances via a TCP connection, related to improper handling of invalid port numbers. Date published...

dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the (1) SetSystemDefaultLangEnv and (2) SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a...