oCERT Advisories

oCERT Advisories http://www.ocert.org oCERT Advisories oCERT.org - Some rights reserved en team@ocert.org (oCERT Team) team@ocert.org (oCERT Team) http://blogs.law.harvard.edu/tech/rss 120 http://www.ocert.org/images/logo_bottom.png oCERT Logo http://www.ocert.org #2012-001 multiple implementations denial-of-service via MurmurHash algorithm collision http://www.ocert.org/advisories/ocert-2012-001.html http://www.ocert.org/advisories/ocert-2012-001.html Fri, 23 Nov 2012 17:30:00 GMT #2011-003 multiple implementations denial-of-service via hash algorithm collision http://www.ocert.org/advisories/ocert-2011-003.html http://www.ocert.org/advisories/ocert-2011-003.html Wed, 28 Dec 2011 18:10:00 GMT #2011-002 libavcodec insufficient boundary check http://www.ocert.org/advisories/ocert-2011-002.html http://www.ocert.org/advisories/ocert-2011-002.html Wed, 10 Aug 2011 13:15:00 GMT #2011-001 Chyrp input sanitization errors http://www.ocert.org/advisories/ocert-2011-001.html http://www.ocert.org/advisories/ocert-2011-001.html Wed, 13 Jul 2011 20:15:00 GMT #2010-004 FFmpeg/libavcodec arbitrary offset dereference http://www.ocert.org/advisories/ocert-2010-004.html http://www.ocert.org/advisories/ocert-2010-004.html Fri, 28 Sep 2010 13:45:00 GMT #2010-003 Free Simple CMS path sanitization errors http://www.ocert.org/advisories/ocert-2010-003.html http://www.ocert.org/advisories/ocert-2010-003.html Fri, 17 Sep 2010 10:20:00 GMT #2010-002 Joomla input sanitization errors (XSS) http://www.ocert.org/advisories/ocert-2010-002.html http://www.ocert.org/advisories/ocert-2010-002.html Tue, 20 Jul 2010 21:00:00 GMT #2010-001 multiple http client unexpected download filename vulnerability http://www.ocert.org/advisories/ocert-2010-001.html http://www.ocert.org/advisories/ocert-2010-001.html Mon, 17 May 2010 12:00:00 GMT #2009-019 - Ganeti path sanitization errors http://www.ocert.org/advisories/ocert-2009-019.html http://www.ocert.org/advisories/ocert-2009-019.html Thu, 17 Dec 2009 16:23:00 GMT #2009-017 - PHP multiple issues http://www.ocert.org/advisories/ocert-2009-017.html http://www.ocert.org/advisories/ocert-2009-017.html Mon, 30 Nov 2009 22:00:00 GMT #2009-015 - KDE multiple issues http://www.ocert.org/advisories/ocert-2009-015.html http://www.ocert.org/advisories/ocert-2009-015.html Tue, 27 Oct 2009 21:10:00 GMT #2009-016 - Poppler, xpdf integer overflow during heap allocation http://www.ocert.org/advisories/ocert-2009-016.html http://www.ocert.org/advisories/ocert-2009-016.html Tue, 21 Oct 2009 23:15:00 GMT #2009-014 - Android denial-of-service issues http://www.ocert.org/advisories/ocert-2009-014.html http://www.ocert.org/advisories/ocert-2009-014.html Mon, 05 Oct 2009 13:45:00 GMT #2009-013 - yTNEF/Evolution TNEF attachment decoder input sanitization errors http://www.ocert.org/advisories/ocert-2009-013.html http://www.ocert.org/advisories/ocert-2009-013.html Thu, 05 Sep 2009 12:45:00 GMT #2009-011 - Android improper camera and audio permission verification http://www.ocert.org/advisories/ocert-2009-011.html http://www.ocert.org/advisories/ocert-2009-011.html Thu, 16 Jul 2009 15:25:00 GMT #2009-010 - mimTeX and mathTeX buffer overflows and command injection http://www.ocert.org/advisories/ocert-2009-010.html http://www.ocert.org/advisories/ocert-2009-010.html Thu, 13 Jul 2009 23:45:00 GMT #2009-012 - libtiff tools integer overflows http://www.ocert.org/advisories/ocert-2009-012.html http://www.ocert.org/advisories/ocert-2009-012.html Thu, 13 Jul 2009 19:00:00 GMT #2009-008 - Dillo integer overflow http://www.ocert.org/advisories/ocert-2009-008.html http://www.ocert.org/advisories/ocert-2009-008.html Thu, 03 Jul 2009 21:05:00 GMT #2009-007 - FCKeditor input sanitization errors http://www.ocert.org/advisories/ocert-2009-007.html http://www.ocert.org/advisories/ocert-2009-007.html Thu, 03 Jul 2009 16:45:00 GMT #2009-009 - CamlImages integer overflows http://www.ocert.org/advisories/ocert-2009-009.html http://www.ocert.org/advisories/ocert-2009-009.html Thu, 02 Jul 2009 15:00:00 GMT #2009-006 - Android improper package verification when using shared uids http://www.ocert.org/advisories/ocert-2009-006.html http://www.ocert.org/advisories/ocert-2009-006.html Fri, 22 May 2009 22:00:00 GMT #2009-004 - AjaxTerm session id collision http://www.ocert.org/advisories/ocert-2009-004.html http://www.ocert.org/advisories/ocert-2009-004.html Mon, 11 May 2009 18:30:00 GMT #2009-001 - Pango integer overflow in heap allocation size calculations http://www.ocert.org/advisories/ocert-2009-001.html http://www.ocert.org/advisories/ocert-2009-001.html Thu, 07 May 2009 18:00:00 GMT #2009-003 - LittleCMS integer errors http://www.ocert.org/advisories/ocert-2009-003.html http://www.ocert.org/advisories/ocert-2009-003.html Fri, 20 Mar 2009 18:00:00 GMT #2008-015 - glib and glib-predecessor heap overflows http://www.ocert.org/advisories/ocert-2008-015.html http://www.ocert.org/advisories/ocert-2008-015.html Wed, 12 Mar 2009 16:00:00 GMT #2009-002 - OpenCORE insufficient bounds checking during MP3 decoding http://www.ocert.org/advisories/ocert-2009-002.html http://www.ocert.org/advisories/ocert-2009-002.html Wed, 07 Feb 2009 16:00:00 GMT #2008-016 - multiple OpenSSL signature verification API misuse http://www.ocert.org/advisories/ocert-2008-016.html http://www.ocert.org/advisories/ocert-2008-016.html Wed, 07 Jan 2009 14:00:00 GMT #2008-013 - MPlayer Real demuxer heap overflow http://www.ocert.org/advisories/ocert-2008-013.html http://www.ocert.org/advisories/ocert-2008-013.html Mon, 29 Sep 2008 16:00:00 GMT #2008-012 - Horde, Popoon frameworks common input sanitization errors (XSS) http://www.ocert.org/advisories/ocert-2008-012.html http://www.ocert.org/advisories/ocert-2008-012.html Wed, 10 Sep 2008 17:00:00 GMT #2008-014 - WordNet stack and heap overflows http://www.ocert.org/advisories/ocert-2008-014.html http://www.ocert.org/advisories/ocert-2008-014.html Mon, 01 Sep 2008 14:00:00 GMT #2008-008 - multiple heap overflows in xine-lib http://www.ocert.org/advisories/ocert-2008-008.html http://www.ocert.org/advisories/ocert-2008-008.html Fri, 22 Aug 2008 18:00:00 GMT #2008-009 - libxslt heap overflow http://www.ocert.org/advisories/ocert-2008-009.html http://www.ocert.org/advisories/ocert-2008-009.html Thu, 31 Jul 2008 15:00:00 GMT #2008-007 - libpoppler uninitialized pointer http://www.ocert.org/advisories/ocert-2008-007.html http://www.ocert.org/advisories/ocert-2008-007.html Mon, 07 Jul 2008 15:00:00 GMT #2008-006 - multiple SNMP implementations HMAC authentication spoofing http://www.ocert.org/advisories/ocert-2008-006.html http://www.ocert.org/advisories/ocert-2008-006.html Mon, 10 Jun 2008 01:10:00 GMT #2008-004 - multiple speex implementations insufficient boundary checks http://www.ocert.org/advisories/ocert-2008-004.html http://www.ocert.org/advisories/ocert-2008-004.html Sat, 17 Apr 2008 08:33:00 GMT #2008-003 - libpng zero-length chunks incorrect handling http://www.ocert.org/advisories/ocert-2008-003.html http://www.ocert.org/advisories/ocert-2008-003.html Sat, 12 Apr 2008 20:00:00 GMT #2008-002 - libfishsound insufficient boundary checks http://www.ocert.org/advisories/ocert-2008-2.html http://www.ocert.org/advisories/ocert-2008-2.html Fri, 11 Apr 2008 13:17:43 GMT #2008-001 - GnuPG memory corruption http://www.ocert.org/advisories/ocert-2008-1.html http://www.ocert.org/advisories/ocert-2008-1.html Fri, 11 Apr 2008 13:17:43 GMT