Monthly Archive: June 2012

Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the layout of documents that use the Cascading...

Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to tables that have sections. Date published : 2012-06-27...

Google Chrome before 20.0.1132.43 on Windows does not properly isolate sandboxed processes, which might allow remote attackers to cause a denial of service (process interference) via unspecified vectors. Date published : 2012-06-27 http://code.google.com/p/chromium/issues/detail?id=119150 http://code.google.com/p/chromium/issues/detail?id=119250

Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different domain. Date published : 2012-06-27 http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact...

Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow local users to gain privileges via a Trojan horse Metro DLL in the current working directory. Date published : 2012-06-27 http://code.google.com/p/chromium/issues/detail?id=130276...

Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack. Date published : 2012-06-27 http://www.securityfocus.com/bid/54060...

Revelation 0.4.13-2 and earlier uses only the first 32 characters of a password followed by a sequence of zeros, which reduces the entropy and makes it easier for context-dependent attackers to crack passwords and...

Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop...

The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third...

The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability." Date published : 2012-06-27 http://www.securityfocus.com/bid/53752 http://www.strongswan.org/blog/2012/05/31/strongswan-4.6.4-released-%28cve-2012-2388%29.html

The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory. Date...

telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log). Date...

Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or...