Race condition in IBM Web Content Manager (WCM) 7.0.0.1 before CF003 allows remote authenticated users to cause a denial of service (infinite recursive query) via unspecified vectors, related to a StackOverflowError exception. Date published...
The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain resource editor privileges. Date published...
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large...
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending...
feh before 1.8, when the –wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL. Date published : 2011-05-26 http://www.securityfocus.com/bid/41161 http://derf.homelinux.org/git/feh/plain/ChangeLog
The implementation of OutputMediator objects in IBM WebSphere Portal 6.0.1.7, and 7.0.0.1 before CF002, allows remote authenticated users to cause a denial of service (memory consumption) via requests. Date published : 2011-05-26 http://www-01.ibm.com/support/docview.wss?uid=swg1PM33432 http://www.ibm.com/support/docview.wss?uid=swg24029452
Cross-site scripting (XSS) vulnerability in the search center in IBM WebSphere Portal 7.0.0.1 before CF004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2011-05-26 http://www-01.ibm.com/support/docview.wss?uid=swg1PM36644 http://www-01.ibm.com/support/docview.wss?uid=swg1PM37009
Google Chrome before 11.0.696.71 does not properly handle blobs, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger an out-of-bounds write. Date published : 2011-05-26 http://www.securityfocus.com/bid/47963 http://code.google.com/p/chromium/issues/detail?id=82903
Google Chrome before 11.0.696.71 does not properly implement the GPU command buffer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Date published :...
rendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in Google Chrome before 11.0.696.71, does not properly render floats, which allows remote attackers to cause a denial of service or possibly have unspecified other...
Unspecified vulnerability in Google Chrome before 11.0.696.71 allows remote attackers to bypass the pop-up blocker via unknown vectors. Date published : 2011-05-26 http://www.securityfocus.com/bid/47966 http://code.google.com/p/chromium/issues/detail?id=72189
The CSecurityTLS::processMsg function in common/rfb/CSecurityTLS.cxx in the vncviewer component in TigerVNC 1.1beta1 does not properly verify the server’s X.509 certificate, which allows man-in-the-middle attackers to spoof a TLS VNC server via an arbitrary certificate....
The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users...
The bond_select_queue function in drivers/net/bonding/bond_main.c in the Linux kernel before 2.6.39, when a network device with a large number of receive queues is installed but the default tx_queues setting is used, does not properly...