07.07.2008 | STERLING, VA
PUBLIC ADVISORIES LIST
PUBLIC ADVISORIES LIST
PUBLIC ADVISORIES LIST
iDefense original vulnerabilities are a key element for proactive security intelligence. The iDefense Vulnerability Contributor Program (VCP), which facilitates the company's original vulnerability research, is a network of more than 250 security researchers worldwide. The following is a list of all original vulnerabilities that have been made public since 2002.
>> 06.11.08 : Multiple Vendor X Server Render Extension AllocateGlyph() Integer Overflow Vulnerability
>> 06.11.08 : Multiple Vendor X Server Render Extension ProcRenderCreateCursor() Integer Overflow Vulnerability
>> 06.11.08 : Multiple Vendor X Server Render Extension Gradient Creation Integer Overflow Vulnerability
>> 06.11.08 : Multiple Vendor X Server Record and Security Extensions Multiple Memory Corruption Vulnerabilities
>> 06.11.08 : Multiple Vendor X Server MIT-SHM Extension Information Disclosure Vulnerability
>> 06.10.08 : Multiple Vendor OpenOffice rtl_allocateMemory() Integer Overflow Vulnerability
>> 06.10.08 : Multiple Vendor FreeType2 PFB Integer Overflow Vulnerability
>> 06.10.08 : Multiple Vendor FreeType2 PFB Memory Corruption Vulnerability
>> 06.10.08 : Multiple Vendor FreeType2 Multiple Heap Overflow Vulnerabilities
>> 06.04.08 : Kaspersky Internet Security IOCTL Stack Based Buffer Overflow Vulnerability
>> 06.04.08 : Skype File URI Security Bypass Code Execution Vulnerability
>> 06.04.08 : VMware Tools HGFS Local Privilege Escalation Vulnerability
>> 06.04.08 : VMware Multiple Products vmware-authd Untrusted Library Loading Vulnerability
>> 06.03.08 : Sun Java System Active Server Pages File Creation Vulnerability
>> 06.03.08 : Sun Java System Active Server Pages Information Disclosure Vulnerability
>> 06.03.08 : Sun Java System Active Server Pages Multiple Directory Traversal Vulnerabilities
>> 06.03.08 : Sun Java System Active Server Pages Buffer Overflow Vulnerability
>> 06.03.08 : Sun Java System Active Server Pages Multiple Command Injection Vulnerabilities
>> 06.03.08 : Sun Java System Active Server Pages Authorization Bypass Vulnerability
>> 05.27.08 : EMC AlphaStor Server Agent Multiple Stack Buffer Overflow Vulnerabilities
>> 05.27.08 : EMC AlphaStor Library Manager Arbitrary Command Execution Vulnerability
>> 05.21.08 : Multiple Vendor Snort IP Fragment TTL Evasion Vulnerability
>> 05.13.08 : Microsoft Word CSS Processing Memory Corruption Vulnerability
>> 05.12.08 : Microsoft Windows I2O Filter Utility Driver (i2omgmt.sys) Local Privilege Escalation Vulnerability
>> 05.07.08 : Multiple Vendor rdesktop iso_recv_msg() Integer Underflow Vulnerability
>> 05.07.08 : Multiple Vendor rdesktop process_redirect_pdu() BSS Overflow Vulnerability
>> 05.07.08 : Multiple Vendor rdesktop channel_process() Integer Signedness Vulnerability
>> 04.30.08 : Akamai Download Manager Arbitrary Program Execution Vulnerability
>> 04.17.08 : Multiple Vendor OpenOffice QPRO Multiple Heap Overflow Vulnerabilities
>> 04.17.08 : Multiple Vendor OpenOffice EMF EMR_BITBLT Record Integer Overflow Vulnerability
>> 04.17.08 : Multiple Vendor OpenOffice QPRO File Parsing Integer Underflow Vulnerability
>> 04.17.08 : Multiple Vendor OpenOffice OLE DocumentSummaryInformation Heap Overflow Vulnerability
>> 04.15.08 : IBM DB2 Universal Database Administration Server File Creation Vulnerability
>> 04.15.08 : IBM DB2 Universal Database db2dasStartStopFMDaemon Buffer Overflow Vulnerability
>> 04.15.08 : Oracle Application Express Privilege Escalation Vulnerability
>> 04.14.08 : ClamAV libclamav PeSpin Heap Overflow Vulnerability
>> 04.14.08 : ClamAV libclamav PE WWPack Heap Overflow Vulnerability
>> 04.10.08 : EMC DiskXtender Authentication Bypass Vulnerability
>> 04.10.08 : EMC DiskXtender File System Manager Stack Buffer Overflow Vulnerability
>> 04.10.08 : EMC DiskXtender MediaStor Format String Vulnerability
>> 04.08.08 : Microsoft HxTocCtrl ActiveX Control Invalid Param Heap Corruption Vulnerability
>> 04.08.08 : Microsoft Windows Graphics Rendering Engine Integer Overflow Vulnerability
>> 04.08.08 : Microsoft Windows Graphics Rendering Engine Heap Buffer Overflow Vulnerability
>> 04.03.08 : SCO UnixWare pkgadd Directory Traversal Vulnerability
>> 04.03.08 : Computer Associates Alert Notification Service Multiple RPC Buffer Overflow Vulnerabilities
>> 04.02.08 : Borland CaliberRM StarTeam Multicast Service Buffer Overflow Vulnerability
>> 04.02.08 : Symantec Norton Internet Security 2008 ActiveX Control Buffer Overflow Vulnerability
>> 04.02.08 : Symantec Internet Security 2008 ActiveDataInfo.LaunchProcess Design Error Vulnerability
>> 03.31.08 : Macrovision InstallShield InstallScript One-Click Install Untrusted Library Loading Vulnerability
>> 03.18.08 : Multiple Vendor CUPS CGI Heap Overflow Vulnerability
>> 03.11.08 : Microsoft Excel DVAL Heap Corruption Vulnerability
>> 03.11.08 : Microsoft Excel 2003 Malformed Formula Memory Corruption Vulnerability
>> 03.11.08 : Microsoft Outlook mailto Command Line Switch Injection
>> 03.10.08 : SAP MaxDB Signedness Error Heap Corruption Vulnerability
>> 03.10.08 : SAP MaxDB sdbstarter Privilege Escalation Vulnerability
>> 02.26.08 : Symantec Scan Engine 5.1.2 RAR File Denial of Service Vulnerability
>> 02.26.08 : Symantec Scan Engine 5.1.2 RAR File Buffer Overflow Vulnerability
>> 02.26.08 : Mozilla Thunderbird MIME External-Body Heap Overflow Vulnerability
>> 02.20.08 : Symantec Veritas Storage Foundation Scheduler Service DoS Vulnerability
>> 02.19.08 : EMC RepliStor Multiple Heap Overflow Vulnerabilities
>> 02.12.08 : ClamAV libclamav PE File Integer Overflow Vulnerability
>> 02.12.08 : Microsoft Office Works Converter Heap Overflow Vulnerability
>> 02.12.08 : Microsoft Office Works Converter Stack-based Buffer Overflow Vulnerability
>> 02.12.08 : Microsoft Internet Explorer Property Memory Corruption Vulnerability
>> 02.12.08 : Adobe Flash Media Server 2 Multiple Integer Overflow Vulnerabilities
>> 02.12.08 : Adobe Flash Media Server 2 Memory Corruption Vulnerability
>> 02.08.08 : Adobe Reader Security Provider Unsafe Libary Path Vulnerability
>> 02.08.08 : Adobe Reader and Acrobat JavaScript Insecure Method Exposure Vulnerability
>> 02.08.08 : Adobe Reader and Acrobat Multiple Stack-based Buffer Overflow Vulnerabilities
>> 02.07.08 : IBM DB2 Universal Database db2pd Arbitrary Library Loading Vulnerability
>> 02.07.08 : IBM DB2 Universal Database Administration Server Memory Corruption Vulnerability
>> 02.04.08 : Hewlett-Packard Network Node Manager Topology Manager Service DoS Vulnerability
>> 01.31.08 : IBM Informix Dynamic Server SQLIDEBUG File Creation Vulnerability
>> 01.31.08 : IBM Informix Dynamic Server onedcu File Creation Vulnerability
>> 01.23.08 : IBM AIX pioout BSS Buffer Overflow Vulnerability
>> 01.22.08 : IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability
>> 01.17.08 : Multiple Vendor X Server XInput Extension Multiple Memory Corruption Vulnerabilities
>> 01.17.08 : Multiple Vendor X Server TOG-CUP Extension Information Disclosure Vulnerability
>> 01.17.08 : Multiple Vendor X Server EVI and MIT-SHM Extensions Integer Overflow Vulnerabilities
>> 01.17.08 : Multiple Vendor X Server XFree86-Misc Extension Invalid Array Index Vulnerability
>> 01.15.08 : TIBCO SmartSockets RTserver Heap Overflow Vulnerability
>> 01.15.08 : TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities
>> 01.15.08 : TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities
>> 01.15.08 : TIBCO SmartSockets RTServer Multiple Untrusted Loop Bounds Vulnerabilities
>> 01.15.08 : Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability
>> 01.09.08 : Novell NetWare Client nicm.sys Local Privilege Escalation Vulnerability
>> 01.07.08 : Motorola netOctopus Agent MSR Write Privilege Escalation Vulnerability
>> 06.11.08 : Multiple Vendor X Server Render Extension ProcRenderCreateCursor() Integer Overflow Vulnerability
>> 06.11.08 : Multiple Vendor X Server Render Extension Gradient Creation Integer Overflow Vulnerability
>> 06.11.08 : Multiple Vendor X Server Record and Security Extensions Multiple Memory Corruption Vulnerabilities
>> 06.11.08 : Multiple Vendor X Server MIT-SHM Extension Information Disclosure Vulnerability
>> 06.10.08 : Multiple Vendor OpenOffice rtl_allocateMemory() Integer Overflow Vulnerability
>> 06.10.08 : Multiple Vendor FreeType2 PFB Integer Overflow Vulnerability
>> 06.10.08 : Multiple Vendor FreeType2 PFB Memory Corruption Vulnerability
>> 06.10.08 : Multiple Vendor FreeType2 Multiple Heap Overflow Vulnerabilities
>> 06.04.08 : Kaspersky Internet Security IOCTL Stack Based Buffer Overflow Vulnerability
>> 06.04.08 : Skype File URI Security Bypass Code Execution Vulnerability
>> 06.04.08 : VMware Tools HGFS Local Privilege Escalation Vulnerability
>> 06.04.08 : VMware Multiple Products vmware-authd Untrusted Library Loading Vulnerability
>> 06.03.08 : Sun Java System Active Server Pages File Creation Vulnerability
>> 06.03.08 : Sun Java System Active Server Pages Information Disclosure Vulnerability
>> 06.03.08 : Sun Java System Active Server Pages Multiple Directory Traversal Vulnerabilities
>> 06.03.08 : Sun Java System Active Server Pages Buffer Overflow Vulnerability
>> 06.03.08 : Sun Java System Active Server Pages Multiple Command Injection Vulnerabilities
>> 06.03.08 : Sun Java System Active Server Pages Authorization Bypass Vulnerability
>> 05.27.08 : EMC AlphaStor Server Agent Multiple Stack Buffer Overflow Vulnerabilities
>> 05.27.08 : EMC AlphaStor Library Manager Arbitrary Command Execution Vulnerability
>> 05.21.08 : Multiple Vendor Snort IP Fragment TTL Evasion Vulnerability
>> 05.13.08 : Microsoft Word CSS Processing Memory Corruption Vulnerability
>> 05.12.08 : Microsoft Windows I2O Filter Utility Driver (i2omgmt.sys) Local Privilege Escalation Vulnerability
>> 05.07.08 : Multiple Vendor rdesktop iso_recv_msg() Integer Underflow Vulnerability
>> 05.07.08 : Multiple Vendor rdesktop process_redirect_pdu() BSS Overflow Vulnerability
>> 05.07.08 : Multiple Vendor rdesktop channel_process() Integer Signedness Vulnerability
>> 04.30.08 : Akamai Download Manager Arbitrary Program Execution Vulnerability
>> 04.17.08 : Multiple Vendor OpenOffice QPRO Multiple Heap Overflow Vulnerabilities
>> 04.17.08 : Multiple Vendor OpenOffice EMF EMR_BITBLT Record Integer Overflow Vulnerability
>> 04.17.08 : Multiple Vendor OpenOffice QPRO File Parsing Integer Underflow Vulnerability
>> 04.17.08 : Multiple Vendor OpenOffice OLE DocumentSummaryInformation Heap Overflow Vulnerability
>> 04.15.08 : IBM DB2 Universal Database Administration Server File Creation Vulnerability
>> 04.15.08 : IBM DB2 Universal Database db2dasStartStopFMDaemon Buffer Overflow Vulnerability
>> 04.15.08 : Oracle Application Express Privilege Escalation Vulnerability
>> 04.14.08 : ClamAV libclamav PeSpin Heap Overflow Vulnerability
>> 04.14.08 : ClamAV libclamav PE WWPack Heap Overflow Vulnerability
>> 04.10.08 : EMC DiskXtender Authentication Bypass Vulnerability
>> 04.10.08 : EMC DiskXtender File System Manager Stack Buffer Overflow Vulnerability
>> 04.10.08 : EMC DiskXtender MediaStor Format String Vulnerability
>> 04.08.08 : Microsoft HxTocCtrl ActiveX Control Invalid Param Heap Corruption Vulnerability
>> 04.08.08 : Microsoft Windows Graphics Rendering Engine Integer Overflow Vulnerability
>> 04.08.08 : Microsoft Windows Graphics Rendering Engine Heap Buffer Overflow Vulnerability
>> 04.03.08 : SCO UnixWare pkgadd Directory Traversal Vulnerability
>> 04.03.08 : Computer Associates Alert Notification Service Multiple RPC Buffer Overflow Vulnerabilities
>> 04.02.08 : Borland CaliberRM StarTeam Multicast Service Buffer Overflow Vulnerability
>> 04.02.08 : Symantec Norton Internet Security 2008 ActiveX Control Buffer Overflow Vulnerability
>> 04.02.08 : Symantec Internet Security 2008 ActiveDataInfo.LaunchProcess Design Error Vulnerability
>> 03.31.08 : Macrovision InstallShield InstallScript One-Click Install Untrusted Library Loading Vulnerability
>> 03.18.08 : Multiple Vendor CUPS CGI Heap Overflow Vulnerability
>> 03.11.08 : Microsoft Excel DVAL Heap Corruption Vulnerability
>> 03.11.08 : Microsoft Excel 2003 Malformed Formula Memory Corruption Vulnerability
>> 03.11.08 : Microsoft Outlook mailto Command Line Switch Injection
>> 03.10.08 : SAP MaxDB Signedness Error Heap Corruption Vulnerability
>> 03.10.08 : SAP MaxDB sdbstarter Privilege Escalation Vulnerability
>> 02.26.08 : Symantec Scan Engine 5.1.2 RAR File Denial of Service Vulnerability
>> 02.26.08 : Symantec Scan Engine 5.1.2 RAR File Buffer Overflow Vulnerability
>> 02.26.08 : Mozilla Thunderbird MIME External-Body Heap Overflow Vulnerability
>> 02.20.08 : Symantec Veritas Storage Foundation Scheduler Service DoS Vulnerability
>> 02.19.08 : EMC RepliStor Multiple Heap Overflow Vulnerabilities
>> 02.12.08 : ClamAV libclamav PE File Integer Overflow Vulnerability
>> 02.12.08 : Microsoft Office Works Converter Heap Overflow Vulnerability
>> 02.12.08 : Microsoft Office Works Converter Stack-based Buffer Overflow Vulnerability
>> 02.12.08 : Microsoft Internet Explorer Property Memory Corruption Vulnerability
>> 02.12.08 : Adobe Flash Media Server 2 Multiple Integer Overflow Vulnerabilities
>> 02.12.08 : Adobe Flash Media Server 2 Memory Corruption Vulnerability
>> 02.08.08 : Adobe Reader Security Provider Unsafe Libary Path Vulnerability
>> 02.08.08 : Adobe Reader and Acrobat JavaScript Insecure Method Exposure Vulnerability
>> 02.08.08 : Adobe Reader and Acrobat Multiple Stack-based Buffer Overflow Vulnerabilities
>> 02.07.08 : IBM DB2 Universal Database db2pd Arbitrary Library Loading Vulnerability
>> 02.07.08 : IBM DB2 Universal Database Administration Server Memory Corruption Vulnerability
>> 02.04.08 : Hewlett-Packard Network Node Manager Topology Manager Service DoS Vulnerability
>> 01.31.08 : IBM Informix Dynamic Server SQLIDEBUG File Creation Vulnerability
>> 01.31.08 : IBM Informix Dynamic Server onedcu File Creation Vulnerability
>> 01.23.08 : IBM AIX pioout BSS Buffer Overflow Vulnerability
>> 01.22.08 : IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability
>> 01.17.08 : Multiple Vendor X Server XInput Extension Multiple Memory Corruption Vulnerabilities
>> 01.17.08 : Multiple Vendor X Server TOG-CUP Extension Information Disclosure Vulnerability
>> 01.17.08 : Multiple Vendor X Server EVI and MIT-SHM Extensions Integer Overflow Vulnerabilities
>> 01.17.08 : Multiple Vendor X Server XFree86-Misc Extension Invalid Array Index Vulnerability
>> 01.15.08 : TIBCO SmartSockets RTserver Heap Overflow Vulnerability
>> 01.15.08 : TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities
>> 01.15.08 : TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities
>> 01.15.08 : TIBCO SmartSockets RTServer Multiple Untrusted Loop Bounds Vulnerabilities
>> 01.15.08 : Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability
>> 01.09.08 : Novell NetWare Client nicm.sys Local Privilege Escalation Vulnerability
>> 01.07.08 : Motorola netOctopus Agent MSR Write Privilege Escalation Vulnerability
Vulnerability Advisories: 