查看最近更新的漏洞列表 [OSVDB] (608)
Multiple Code Aurora Forum products contain a flaw in the CONFIG_STRICT_MEMORY_RWX feature. The issue is due to the program setting insecure permission for the aforementioned feature. This may allow a remote attacker to manipulate memory objects and more easily execute arbitrary code or crash the program.
Gemini JPEG encoder, Mercury JPEG decoder, and Jpeg1.0 common encoder/decoder contain an unspecified integer overflow condition during the handling of hardware command IOCTL calls that may allow a local attacker to cause a denial of service or potentially execute of arbitrary code.
Gemini JPEG encoder, Mercury JPEG decoder, and Jpeg1.0 common encoder/decoder contain an unspecified flaw related to incorrectly treating the number of hardware commands as signed. No further details have been provided.
Opera contains a flaw in the intent: protocol that is due to the program failing to restrict access to the contents of local data files. This may allow a local attacker to gain access to potentially sensitive information.
Mozilla Firefox contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request for the system log, which discloses the software's profile path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
Simple Zip Viewer (SimZip) for Android contains a flaw that allows traversing outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically path traversal style attacks (e.g. '../') supplied via specially crafted filename. With a specially crafted request, a context-dependent attacker can manipulate arbitrary files.