ISC BIND 9 resolver contains a vulnerability that could allow a attacker to keep a domain name in the cache even after it has been deleted from registration.

Project Open]po[version 3.4 and possibly earlier versions suffer from a reflective cross-site scripting(XSS)vulnerability in the account-closed.tcl script

Project Open]po[version 3.4 and possibly earlier versions suffer from a reflective cross-site scripting(XSS)vulnerability in the account-closed.tcl script

Apple Mac OS X CoreText contains a use-after-free vulnerability that may allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

Apple Mac OS X ATS contains a memory corruption vulnerability that may allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

Apple Mac OS X CoreText contains a use-after-free vulnerability that may allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

Apple Mac OS X ATS contains a memory corruption vulnerability that may allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

A user's 802.1X WiFi credentials and SSID information may be exposed to any application with basic WiFi permissions on certain HTC builds of Android.

A user's 802.1X WiFi credentials and SSID information may be exposed to any application with basic WiFi permissions on certain HTC builds of Android.

Linux kernel>=2.6.39 incorrectly handles the permissions for/proc//mem. A local,authenticated attacker could exploit this vulnerability to escalate to root privileges. Exploit code is available in the wild and there have been reports of active exploitation.

Linux kernel>=2.6.39 incorrectly handles the permissions for/proc//mem. A local,authenticated attacker could exploit this vulnerability to escalate to root privileges. Exploit code is available in the wild and there have been reports of active exploitation.

Oracle Outside In contains an exploitable vulnerability in the Lotus 123 version 4 file parser,which can allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

Wibu-Systems CodeMeter contains a remote denial of service vulnerability when receiving specially crafted packets.

Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks,which can be leveraged by an unauthenticated attacker to cause a denial-of-service(DoS)condition.

The WiFi Protected Setup(WPS)PIN is susceptible to a brute force attack. A design flaw that exists in the WPS specification for the PIN authentication significantly reduces the time required to brute force the entire PIN because it allows an attacker to know when the first half of the 8 digit PIN is correct. The lack of a proper lock out policy after a certain number of failed attempts to guess the PIN on many wireless routers makes this brute force attack that much more feasible.

A specially crafted DNS query containing signed duplicate resource records or a malformed NSEC3 signed resource record may cause Unbound to crash.

Microsoft Office Publisher fails to properly validate Publisher documents,which may allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

Power2Go 8 contains a buffer overflow in the handling of project(.p2g)files,which can allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

Adobe Reader and Acrobat fail to properly handle U3D data,which could allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

A vulnerability in certain Hewlett-Packard devices could allow a remote attacker to install unauthorized firmware on an affected system.