Zero Day Initiative Advisory 10-021 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell NetStorage. Authentication is not required to exploit this vulnerability. The specific flaws exists within the xsrvd process during the wide character conversion of requested file paths. In conjunction with a long username value the file path conversion will result in a heap overflow corrupting a chunk that will be immediately freed. This can be leveraged by remote attackers to compromise the NetStorage server.

CA's support is alerting customers to a security risk with CA eHealth Performance Manager. A cross-site scripting vulnerability exists that can allow a remote attacker to potentially gain sensitive information. CA has provided guidance to remediate the vulnerability.

Mandriva Linux Security Advisory 2010-047 - A race condition has been found in fuse that could escalate privileges for local users and lead to a DoS (Denial of Service). The updated packages have been patched to correct this issue.

Mandriva Linux Security Advisory 2010-046 - A vulnerability has been found in ncpfs which can be exploited by local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially gain escalated privileges. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

Mandriva Linux Security Advisory 2010-045 - PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

Debian Linux Security Advisory 2003-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

Secunia Research has discovered a security issue in Bournal, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The script uses temporary files in an insecure manner, which can be exploited to e.g. overwrite arbitrary files via symlink attacks when running the update check via the --hack_the_gibson parameter. Version 1.4 is affected.

Secunia Research has discovered a security issue in Bournal, which can be exploited by malicious, local users to disclose sensitive information. The script uses e.g. the insecure -K command line parameter to pass the key to the ccrypt utilities, which can be exploited to obtain the key from the list of running processes. Note: This may not affect recent Linux versions, but is confirmed for FreeBSD 8.0. Other systems may also be affected. Version 1.4 is affected.

CA's support is alerting customers to a security risk with CA Service Desk r12.1. The release of Tomcat as included with CA Service Desk r12.1 is potentially susceptible to a cross-site scripting vulnerability.

Ubuntu Security Notice 902-1 - Fabian Yamaguchi discovered that Pidgin incorrectly validated all fields of an incoming message in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. Sadrul Habib Chowdhury discovered that Pidgin incorrectly handled certain nicknames in Finch group chat rooms. A remote attacker could use a specially crafted nickname and cause Pidgin to crash, leading to a denial of service. Antti Hayrynen discovered that Pidgin incorrectly handled large numbers of smileys. A remote attacker could send a specially crafted message and cause Pidgin to become unresponsive, leading to a denial of service.

Zero Day Initiative Advisory 10-019 - This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the lack of cross domain policy enforcement. Through usage of the showModalDialog() JavaScript method an attacker can gather sensitive information from another website. This vulnerability can be exploited to obtain website credentials not originating from the attacking site.

An Active-X component in CLIproxy.dll from Symantec Antivirus Client Proxy suffers from a buffer overflow vulnerability.

Mandriva Linux Security Advisory 2010-044 - MySQL is vulnerable to a symbolic link attack when the data home directory contains a symlink to a different filesystem which allows remote authenticated users to bypass intended access restrictions. The updated packages have been patched to correct these issues.

Mandriva Linux Security Advisory 2010-043 - Integer overflow in libtheora in Xiph.Org Theora before 1.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions. The updated packages have been patched to correct this issue.