Revision Note: V2.1 (January 27, 2012): For MS12-004, corrected the aggregate severity rating for the KB2631813 update package for all supported editions of Windows XP, Windows Server 2003, Windows Vi […]

Severity Rating: Critical Revision Note: V1.2 (January 27, 2012): Corrected the aggregate severity rating for the KB2631813 update package in the Affected Software table for all supported editions of […]

Severity Rating: Important Revision Note: V4.2 (January 24, 2012): Added an entry to the update FAQ to announce a detection change for KB2538242, KB2538243, KB2467173, KB2538218, KB2538241, and KB2542 […]

Severity Rating: Important Revision Note: V2.3 (January 24, 2012): Added an entry to the update FAQ to announce a detection change for KB2251481, KB2251487, and KB2251489 to correct an installation is […]

Ubuntu Security Notice USN-1349-1 26th January, 2012 xorg vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.10 Ubuntu 10.04 LTS S […]

Ubuntu Security Notice USN-1348-1 26th January, 2012 icu vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.10 Ubuntu 10.04 LTS Su […]

Ubuntu Security Notice USN-1342-1 25th January, 2012 linux-lts-backport-oneiric vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 10.04 LTS Summary The system […]

Ubuntu Security Notice USN-1347-1 25th January, 2012 evince vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 11.04 Ubuntu 10.10 Ubuntu 10.04 LTS Summary Evin […]

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to o […]

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, wh […]

The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain functions without properly initializing certain data, which allows local users to cause a denial of service (NULL pointer derefer […]

Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code […]

The tpm_read function in the Linux kernel 2.6 does not properly clear memory, which might allow local users to read the results of the previous TPM command. […]

Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. […]

The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ex […]

Multiple buffer overflows in Schneider Electric Modicon Quantum PLC allow remote attackers to cause a denial of service via malformed requests to the (1) FTP server or (2) HTTP server. […]

Double free vulnerability in the prepare_exec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted st […]

The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain po […]