Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack. (CVSS:2.1) (Last Update:2012-12-03)
Monthly Archives: November 2012
CVE-2012-4557
The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request. (CVSS:5.0) (Last Update:2013-12-05)
CVE-2012-5130 (chrome, opensuse)
Skia, as used in Google Chrome before 23.0.1271.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2012-5136 (chrome, opensuse)
Google Chrome before 23.0.1271.91 does not properly perform a cast of an unspecified variable during handling of the INPUT element, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document.
CVE-2012-5533
The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the “Connection: TE,,Keep-Alive” header. (CVSS:5.0) (Last Update:2014-02-06)
CVE-2012-4520
The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values. (CVSS:6.4) (Last Update:2013-05-03)
CVE-2012-5827
Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving “Inadequate protection.” (CVSS:4.3) (Last Update:2012-11-19)
WatchGuard Recognized for Its Excellence in Email Content Security
Frost and Sullivan Awards WatchGuard the 2012 North American Product Quality Leadership Award
CVE-2012-3755
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Targa image. (CVSS:9.3) (Last Update:2013-11-02)
CVE-2012-5123 (chrome)
Skia, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.