Microsoft Outlook mailto URL Handling Vulnerability
A vulnerability in the way Outlook 2002 interprets a "mailto:" URL
could allow an attacker to execute arbitrary code of their choosing on
the system running the vulnerable version of Outlook.
VU#114070: NetScreen
Instant Virtual Extranet (IVE) platform contains cross-site scripting
vulnerability in delhomepage.cgi
NetScreen Instant Virtual Extranet (IVE) platform contains a
cross-site scripting vulnerability in the row parameter of
delhomepage.cgi, which could allow an attacker to mount a cross-site
scripting attack.
VU#197318: IBM
Net.Data db2www CGI interpreter fails to properly validate requested
macro filenames
IBM Net.Data fails to properly validate user input passed to the
db2www CGI interpreter which could allow an attacker to mount a
cross-site scripting attack against a vulnerable system.
VU#363374: Cisco CSS
11000 Series Content Services Switch vulnerable to DoS via malformed
UDP packets
Several models of the Cisco Content Services Switch contain a
vulnerability in their management interface that allows an attacker to
restart the switch, resulting in a denial of service attack.
VU#395670: FreeBSD
fails to limit number of TCP segments held in reassembly queue
FreeBSD fails to limit the number of TCP segments held in a reassembly
queue which could allow an attacker to exhaust all available memory
buffers (mbufs) on the destination system resulting in a
denial-of-service condition.
VU#412566: Solaris
conv_fix insecure file handling vulnerability
A vulnerability in a program supplied with the Solaris printing system
could allow a local attacker to gain elevated privileges on the
system.
VU#490620: Linux
kernel do_mremap() call creates virtual memory area of 0 bytes in
length
There is a vulnerability in the Linux kernel memory management
routines that allows local users to gain superuser privileges.
VU#493966: Libxml2
URI parsing errors in nanohttp and nanoftp
Libxml is the XML parser for Gnome, a desktop suite and development
platform for Linux systems. Libxml2, the latest version of the library
as of this writing, has a buffer overflow vulnerability which may
allow execution of arbitrary code.
VU#584606: NTP
service vulnerable to internal overflow if date / time offset is
greater than 34 years
NTP (Network TIme Protocol) contains an integer overflow vulnerability
that may lead to clients receiving an incorrect date/time offset.
VU#688094: Microsoft
MSN Messenger fails to properly validate file requests
Microsoft MSN Messenger fails to properly validate file requests which
could allow an attacker to view the contents of files on the victim's
system.
VU#694782: Sun
Solaris passwd command allows for privilege escalation
Sun Solaris contains a vulnerability in the passwd(1) command which
could allow for privilege escalation.
VU#831534: cPanel
fails to verify input passed to the "user" parameter
A remotely exploitable vulnerability in CPanel's password reset and login
scripts may allow a remote attacker to gain control of the vulnerable
system.
VU#878526: Apple Mac
OS X "cd9660.util" buffer overflow
A component utility in Apple's Mac OS X operating system suffers from
a buffer overflow vulnerability in its handling of command-line
arguments. This vulnerability could allow a local attacker to gain
elevated privileges on the vulnerable system.
VU#902374: Apple Mac
OS X TruBlueEnvironment vulnerable to buffer overflow
Apple Mac OS X contains a buffer overflow in TruBlueEnvironment which
could allow a local, authenticated attacker to execute arbitrary code
with root privileges.
VU#981222: Linux
kernel mremap(2) system call does not properly check return value from
do_munmap() function
A vulnerability in the Linux mremap(2) system call could allow an
authenticated, local attacker to execute arbitrary code with root
privileges.
VU#982630: Microsoft
Windows Media Services fails to properly validate TCP requests
Microsoft Windows Media Services fails to properly validate TCP
requests which could allow a remote, unauthenticated attacker to cause
the services to refuse new TCP connections.
Get Adobe Reader
US-CERT is part of the Department of Homeland Security
