The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability." Per http://technet.microsoft.com/en-us/security/bulletin/ms13-004 Microsoft .NET Framework 3.0 Service Pack 2 is not vulnerable. MS13-004 Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability." Per http://technet.microsoft.com/en-us/security/bulletin/ms13-004 Microsoft .NET Framework 3.0 Service Pack 2 is not vulnerable. TA13-008A MS13-004 Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability." Per http://technet.microsoft.com/en-us/security/bulletin/ms13-004 Microsoft .NET Framework 3.0 Service Pack 2 is not vulnerable. TA13-008A MS13-004 Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability." TA13-008A MS13-004 The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability." TA13-008A MS13-007 Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability." TA13-008A MS13-002 Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability." TA13-008A MS13-002 win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability." TA13-008A MS13-005 Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010. TA13-008A MS13-003 Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009. TA13-008A MS13-003 The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability." TA13-008A MS13-001 The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability." TA13-008A MS13-006 Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability." MS13-009 Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SetCapture Use After Free Vulnerability." MS13-009 Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerability." MS13-009 Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkup Use After Free Vulnerability." MS13-009 Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer vtable Use After Free Vulnerability." MS13-009 Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability." MS13-009 Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CDispNode Use After Free Vulnerability." MS13-009 Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability." MS13-009 Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SLayoutRun Use After Free Vulnerability." MS13-009 Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer InsertElement Use After Free Vulnerability." MS13-009 Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CPasteCommand Use After Free Vulnerability." MS13-009 Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CObjectElement Use After Free Vulnerability." MS13-009 Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CHTML Use After Free Vulnerability." MS13-009 The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability." MS13-010 The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability." MS13-015 Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability." TA13-071A MS13-022 The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability." MS13-018 The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability." MS13-019 Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability." MS13-011 The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerability." MS13-034 Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability." TA13-071A MS13-023 Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability." TA13-071A MS13-024 Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability." TA13-071A MS13-024 Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability." TA13-071A MS13-024 Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability." TA13-071A MS13-024 Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability." TA13-071A MS13-025 Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer OnResize Use After Free Vulnerability." TA13-071A MS13-021 Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer saveHistory Use After Free Vulnerability." TA13-071A MS13-021 Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability." TA13-071A MS13-021 Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability." TA13-071A MS13-021 Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability." TA13-071A MS13-021 Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer GetMarkupPtr Use After Free Vulnerability." TA13-071A MS13-021 Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer onBeforeCopy Use After Free Vulnerability." TA13-071A MS13-021 Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer removeChild Use After Free Vulnerability." TA13-071A MS13-021 Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability." TA13-071A MS13-026 Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms13-045 'There is no update available for Windows Essentials 2011. See update FAQ for details.' MS13-045 Stack-based buffer overflow in Foxit Advanced PDF Editor 3 before 3.04 might allow remote attackers to execute arbitrary code via a crafted document containing instructions that reconstruct a certain security cookie. VU#275219 An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code via a crafted HTML document. http://ics-cert.us-cert.gov/pdf/ICSA-13-053-02.pdf The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not properly handle exceptions, which allows local users to gain privileges or cause a denial of service (memory overwrite) via a crafted application. VU#957036 http://www.nvidia.com/object/product-security.html nvSCPAPISvr.exe in the NVIDIA Stereoscopic 3D Driver service, as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program. VU#957036 http://www.nvidia.com/object/product-security.html daemonu.exe (aka the NVIDIA Update Service Daemon), as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program. VU#957036 http://www.nvidia.com/object/product-security.html Nuance PDF Reader 7.0 and PDF Viewer Plus 7.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document. VU#248449 CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self. VU#583564 http://www.kb.cert.org/vuls/id/BLUU-949PQL The web interface on Dell PowerConnect 6248P switches allows remote attackers to cause a denial of service (device crash) via a malformed request. VU#160460 The avast! Mobile Security application before 2.0.4400 for Android allows attackers to cause a denial of service (application crash) via a crafted application that sends an intent to com.avast.android.mobilesecurity.app.scanner.DeleteFileActivity with zero arguments. VU#131263 Multiple SQL injection vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to execute arbitrary SQL commands via (1) the nHistoryId parameter to WebProd/pages/pgHistory.asp or (2) the OrderBy parameter to WebProd/pages/pgadmin.asp. VU#406596 Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to inject arbitrary web script or HTML via the (1) Number or (2) UpdatePage parameter to WebProd/cgi-bin/AskiaExt.dll. VU#406596 Cross-site scripting (XSS) vulnerability in fileview.asp in C2 WebResource allows remote attackers to inject arbitrary web script or HTML via the File parameter. VU#418923 Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters. VU#278204 24860 http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.html IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka SPRs JMOY95BLM6 and JMOY95BN49. VU#912420 ibm-notes-applet-tags(83775) http://www-01.ibm.com/support/docview.wss?uid=swg21633819 20130501 n.runs-SA-2013.005 - IBM Lotus Notes - arbitrary code execution The Contact Customer Support feature in the TigerText Free Private Texting app before 3.1.402 for iOS sends a log-file e-mail message with unencrypted credentials, which allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to an e-mail endpoint. VU#704916 Multiple cross-site scripting (XSS) vulnerabilities in pd-admin before 4.17 allow remote authenticated users to inject arbitrary web script or HTML via (1) the WebFTP Overview "Create new directory" field or (2) the body of an e-mail autoresponder message. VU#311644 http://www.pdadmin-forum.de/thread.php?threadid=4051 Multiple buffer overflows in Core FTP before 2.2 build 1769 allow remote FTP servers to execute arbitrary code or cause a denial of service (application crash) via a long directory name in a (1) DELE, (2) LIST, or (3) VIEW command. VU#370868 http://www.coreftp.com/forums/viewtopic.php?t=222102 Buffer overflow in the NVIDIA GPU driver before 304.88, 310.x before 310.44, and 313.x before 313.30 for the X Window System on UNIX, when NoScanout mode is enabled, allows remote authenticated users to execute arbitrary code via a large ARGB cursor. VU#771620 http://www.nvidia.com/object/product-security.html http://nvidia.custhelp.com/app/answers/detail/a_id/3290 The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote attackers to execute arbitrary PHP code via a request containing crafted environment variables. VU#310500 Untrusted search path vulnerability in /usr/local/psa/admin/sbin/wrapper in Parallels Plesk Panel 11.0.9 allows local users to gain privileges via a crafted PATH environment variable. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' VU#310500 Cross-site scripting (XSS) vulnerability in the web interface in AirDroid allows remote attackers to inject arbitrary web script or HTML via a crafted text message that is transmitted by a managed phone. VU#557252 Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php. VU#183692 http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation. VU#701572 https://community.rapid7.com/community/metasploit/blog/2013/05/15/new-1day-exploits-mutiny-vulnerabilities BitZipper 2013 before Update 1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ZIP archive. http://www.kb.cert.org/vuls/id/BLUU-95GP23 VU#880916 The Arecont Vision AV1355DN MegaDome camera allows remote attackers to cause a denial of service (video-capture outage) via a packet to UDP port 69. VU#375180 SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel. VU#209131 https://kc.mcafee.com/corporate/index?page=content&id=SB10042 Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to upload arbitrary files via a crafted request over the Agent-Server communication channel, as demonstrated by writing to the Software/ directory. VU#209131 https://kc.mcafee.com/corporate/index?page=content&id=SB10042 QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors. VU#927644 cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string. VU#927644 Cross-site request forgery (CSRF) vulnerability in cgi-bin/create_user.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a NEW USER action. VU#927644 Buffer overflow in the TFTPD service in Serva32 2.1.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in a read request. VU#127108 The Data Camouflage (aka Faircom Standard Encryption) algorithm in Faircom c-treeACE does not ensure that a decryption key is needed for accessing database contents, which allows context-dependent attackers to read cleartext database records by copying a database to another system that has a certain default configuration. VU#900031 The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause a denial of service (long-duration page mappings and host OS crash) by leveraging administrative access to an HVM guest in a domain with a large number of VCPUs. http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=d60d7082289a74e44b3dc8f67df46c3404ca08bf [oss-security] 20130122 Xen Security Advisory 34 (CVE-2013-0151) - nested virtualization on 32-bit exposes host crash Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service (host memory consumption) by performing nested virtualization in a way that triggers errors that are not properly handled. 1028032 [oss-security] 20130123 Xen Security Advisory 35 (CVE-2013-0152) - Nested HVM exposes host to being driven out of memory by guest The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests. xen-amdiommu-dos(81831) 57745 [oss-security] 20130205 Xen Security Advisory 36 (CVE-2013-0153) - interrupt remap entries shared and old ones not cleared on AMD IOMMUs DSA-2636 51881 RHSA-2013:0847 89867 openSUSE-SU-2013:0637 openSUSE-SU-2013:0636 The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash) via unspecified vectors related to a hypercall. xen-hypercall-dos(80977) 1027937 57159 [oss-security] 20130104 Xen Security Advisory 37 (CVE-2013-0154) - Hypervisor crash due to incorrect ASSERT (debug build only) http://seclists.org/oss-sec/2013/q1/att-17/xsa37-4_2.patch 88913 openSUSE-SU-2013:0637 openSUSE-SU-2013:0636 Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694. [rubyonrails-security] 20130108 Unsafe Query Generation Risk in Ruby on Rails (CVE-2013-0155) DSA-2609 http://support.apple.com/kb/HT5784 RHSA-2013:0155 RHSA-2013:0154 APPLE-SA-2013-06-04-1 http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion. VU#628463 VU#380039 [rubyonrails-security] 20130108 Multiple vulnerabilities in parameter parsing in Action Pack (CVE-2013-0156) https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156 http://www.insinuator.net/2013/01/rails-yaml/ DSA-2604 http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/ RHSA-2013:0155 RHSA-2013:0154 RHSA-2013:0153 APPLE-SA-2013-03-14-1 http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A Unspecified vulnerability in CloudBees Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors. https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04 https://github.com/jenkinsci/jenkins/commit/c3d8e05a1b3d58b6c4dcff97394cb3a79608b4b2 https://github.com/jenkinsci/jenkins/commit/a9aff088f327278a8873aef47fa8f80d3c5932fd https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602 https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5 https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04 https://bugzilla.redhat.com/show_bug.cgi?id=892795 [oss-security] 20130107 Re: CVE Request: Jenkins possible remote code execution http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb RHSA-2013:0220 The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. https://bugzilla.redhat.com/show_bug.cgi?id=892983 [oss-security] 20130107 Re: /dev/ptmx timing SUSE-SU-2013:0674 openSUSE-SU-2013:0395 The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. https://bugzilla.redhat.com/show_bug.cgi?id=892806 RHSA-2013:0548 RHSA-2013:0544 The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. https://github.com/openshift/origin-server/pull/1136 https://github.com/openshift/origin-server/commit/524465f70a32d0eb6bf047e6a05c76c22d52bfa2 https://bugzilla.redhat.com/show_bug.cgi?id=893307 RHSA-2013:0220 OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. https://bugzilla.redhat.com/show_bug.cgi?id=908052 http://www.openssl.org/news/secadv_20130204.txt DSA-2621 RHSA-2013:0783 RHSA-2013:0782 RHSA-2013:0587 HPSBUX02856 SSRT101104 http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ebc71865f0506a293242bd4aec97cdc7a8ef24b0 http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200 http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7 The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors. https://bugzilla.redhat.com/show_bug.cgi?id=893355 entreprise-movedisk-dos(81834) 1028076 57750 RHSA-2013:0211 The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. Per http://www.openssl.org/news/vulnerabilities.html: Fixed in OpenSSL 1.0.1d (Affected 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1) Fixed in OpenSSL 1.0.0k (Affected 1.0.0j, 1.0.0i, 1.0.0g, 1.0.0f, 1.0.0e, 1.0.0d, 1.0.0c, 1.0.0b, 1.0.0a, 1.0.0) Fixed in OpenSSL 0.9.8y (Affected 0.9.8x, 0.9.8w, 0.9.8v, 0.9.8u, 0.9.8t, 0.9.8s, 0.9.8r, 0.9.8q, 0.9.8p, 0.9.8o, 0.9.8n, 0.9.8m, 0.9.8l, 0.9.8k, 0.9.8j, 0.9.8i, 0.9.8h, 0.9.8g, 0.9.8f, 0.9.8d, 0.9.8c, 0.9.8b, 0.9.8a, 0.9.8) TA13-051A https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released USN-1735-1 http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html http://www.openssl.org/news/secadv_20130204.txt http://www.matrixssl.org/news.html http://www.isg.rhul.ac.uk/tls/TLStiming.pdf DSA-2622 DSA-2621 RHSA-2013:0783 RHSA-2013:0782 RHSA-2013:0587 [oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations SSRT101184 HPSBMU02874 HPSBUX02857 SSRT101103 HPSBUX02856 SSRT101104 openSUSE-SU-2013:0378 openSUSE-SU-2013:0375 SUSE-SU-2013:0328 Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue. https://bugzilla.redhat.com/show_bug.cgi?id=893450 libvirt-virnetmessagefree-code-exec(81552) USN-1708-1 1028047 57578 http://wiki.libvirt.org/page/Maintenance_Releases 52003 52001 RHSA-2013:0199 89644 SUSE-SU-2013:0320 openSUSE-SU-2013:0275 openSUSE-SU-2013:0274 FEDORA-2013-1626 FEDORA-2013-1642 FEDORA-2013-1644 http://libvirt.org/news.html http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720 Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute. http://www.samba.org/samba/security/CVE-2013-0172 multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156. https://news.ycombinator.com/item?id=5040457 https://groups.google.com/forum/?fromgroups=#!topic/ruby-grape/fthDkMgIOa0 https://github.com/sferik/multi_xml/pull/34 https://gist.github.com/nate/d7f6d9f4925f413621aa [oss-security] 20130111 Re: CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156) The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet. http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/ libssh-publickeyfromprivatekey-dos(81595) USN-1707-1 51982 FEDORA-2013-1407 FEDORA-2013-1422 Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. https://drupal.org/node/1884332 https://drupal.org/node/1884076 [oss-security] 20130114 Re: CVE request for Drupal contributed modules http://drupalcode.org/project/search_api.git/commitdiff/35b5728 The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to payments, which allows remote attackers to read arbitrary payments. https://drupal.org/node/1884360 http://drupal.org/node/1883830 [oss-security] 20130114 Re: CVE request for Drupal contributed modules http://drupalcode.org/project/payment.git/commitdiff/62c9186 http://drupal.org/node/1871508 multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet. https://groups.google.com/forum/#!topic/rack-devel/7ZKPNAjgRSs https://groups.google.com/forum/#!topic/rack-devel/-MWPHDeGWtI https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18 https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff https://bugzilla.redhat.com/show_bug.cgi?id=895282 RHSA-2013:0548 RHSA-2013:0544 http://rack.github.com/ openSUSE-SU-2013:0462 Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings." https://bugzilla.redhat.com/show_bug.cgi?id=895384 RHSA-2013:0548 RHSA-2013:0544 openSUSE-SU-2013:0462 cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison. Per http://www.ubuntu.com/usn/USN-1713-1/ A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 Ubuntu 10.04 LTS http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2012_1.patch http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch [scm-commits] 20130125 [squid/f17] CVE-2013-0189: Incomplete fix for the CVE-2012-5643 https://bugzilla.redhat.com/show_bug.cgi?id=895972 https://bugzilla.redhat.com/show_bug.cgi?id=887962#c9 USN-1713-1 57646 DSA-2631 52024 http://bazaar.launchpad.net/~squid/squid/3.2/revision/11744 http://bazaar.launchpad.net/~squid/squid/3.2/revision/11743 The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service (guest crash) by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption. https://bugzilla.redhat.com/show_bug.cgi?id=896038 USN-1728-1 USN-1725-1 57433 [oss-security] 20130116 Xen Security Advisory 40 (CVE-2013-0190) - Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests. [oss-security] 20130116 [PATCH] xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. RHSA-2013:0496 Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411. http://www.thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=22ce550e5346947a12a781ed0959a7b1165d0dc6 https://bugzilla.redhat.com/show_bug.cgi?id=894486 [oss-security] 20130118 Re: CVE Request -- dnsmasq: Incomplete fix for the CVE-2012-3411 issue [oss-security] 20130118 CVE Request -- dnsmasq: Incomplete fix for the CVE-2012-3411 issue HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722. Per https://access.redhat.com/security/cve/CVE-2013-0200 "This issue has been addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0500." ftp://ftp.scientificlinux.org/linux/scientific/6x/SRPMS/vendor/hplip-3.12.4-4.el6.src.rpm https://bugzilla.redhat.com/show_bug.cgi?id=902163 http://hplipopensource.com/hplip-web/release_notes.html Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vectors. https://drupal.org/node/1890216 https://drupal.org/node/1890212 https://drupal.org/node/1890222 [oss-security] 20130121 Re: CVE request for Drupal contributed modules Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. CWE-434: Unrestricted Upload of File with Dangerous Type https://drupal.org/node/1890318 [oss-security] 20130121 Re: CVE request for Drupal contributed modules http://drupalcode.org/project/live_css.git/commitdiff/ef323c8 http://drupalcode.org/project/live_css.git/commitdiff/cb7005f http://drupal.org/node/1883978 http://drupal.org/node/1883976 Cross-site request forgery (CSRF) vulnerability in the Mark Complete module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. https://drupal.org/node/1890566 https://drupal.org/node/1890538 [oss-security] 20130121 Re: CVE request for Drupal contributed modules http://drupalcode.org/project/mark_complete.git/commitdiff/a18c7b2 The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter. Per http://www.ubuntu.com/usn/USN-1709-1/ A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b https://bugzilla.redhat.com/show_bug.cgi?id=902629 https://bugs.launchpad.net/nova/+bug/1069904 nova-volume-security-bypass(81697) USN-1709-1 57613 [oss-security] 20130129 [OSSA 2013-001] Boot from volume allows access to random volumes (CVE-2013-0208) 51992 51963 RHSA-2013:0208 89661 lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code. http://www.movabletype.org/2013/01/movable_type_438_patch.html http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rb_.txt http://www.sec-1.com/blog/?p=402 [oss-security] 20130121 Re: CVE request for Movable Type store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages. Per http://www.ubuntu.com/usn/usn-1710-1/ A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10 https://bugzilla.redhat.com/show_bug.cgi?id=902964 USN-1710-1 [openstack] 20130129 [OSSA 2013-002] Backend password leak in Glance error message (CVE-2013-0212) https://launchpad.net/glance/+milestone/2012.2.3 https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89 https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1 https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7 https://bugs.launchpad.net/glance/+bug/1098962 [oss-security] 20130129 [OSSA 2013-002] Backend password leak in Glance error message (CVE-2013-0212) 51990 51957 RHSA-2013:0209 The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element. Per: http://capec.mitre.org/data/definitions/103.html "CAPEC-103: Clickjacking" http://www.samba.org/samba/security/CVE-2013-0213 DSA-2617 openSUSE-SU-2013:0281 openSUSE-SU-2013:0277 SUSE-SU-2013:0519 SUSE-SU-2013:0326 Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions. http://www.samba.org/samba/security/CVE-2013-0214 DSA-2617 openSUSE-SU-2013:0281 openSUSE-SU-2013:0277 SUSE-SU-2013:0519 SUSE-SU-2013:0326 oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly consider the state of the Xenstore ring during read operations, which allows guest OS users to cause a denial of service (daemon crash and host-control outage, or memory consumption) or obtain sensitive control-plane data by leveraging guest administrative access. http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=61401264eb00fae4ee4efc8e9a5067449283207b http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=40f9c5e0a6d15b4ca1f6d4ed3a46f0871520eab5 [oss-security] 20130205 Xen Security Advisory 38 (CVE-2013-0215) - oxenstored incorrect handling of certain Xenbus ring states The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. https://github.com/torvalds/linux/commit/48856286b64e4b66ec62b94e504d0b29c1ade664 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=48856286b64e4b66ec62b94e504d0b29c1ade664 https://bugzilla.redhat.com/show_bug.cgi?id=910883 [oss-security] 20130205 Xen Security Advisory 39 (CVE-2013-0216,CVE-2013-0217) - Linux netback DoS via malicious guest ring. http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.8 SUSE-SU-2013:0674 openSUSE-SU-2013:0395 Memory leak in drivers/net/xen-netback/netback.c in the Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (memory consumption) by triggering certain error conditions. https://github.com/torvalds/linux/commit/7d5145d8eb2b9791533ffe4dc003b129b9696c48 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7d5145d8eb2b9791533ffe4dc003b129b9696c48 https://bugzilla.redhat.com/show_bug.cgi?id=910883 [oss-security] 20130205 Xen Security Advisory 39 (CVE-2013-0216,CVE-2013-0217) - Linux netback DoS via malicious guest ring. http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.8 The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file. Per http://rhn.redhat.com/errata/RHSA-2013-0206.html "An update for JBoss Enterprise Application Platform 5.2.0 which fixes one security issue is now available from the Red Hat Customer Portal." Per http://rhn.redhat.com/errata/RHSA-2013-0207.html "An update for JBoss Enterprise Web Platform 5.2.0 which fixes one security issue is now available from the Red Hat Customer Portal." https://bugzilla.redhat.com/show_bug.cgi?id=903073 jboss-eap-info-disc(81725) 57652 89698 52041 RHSA-2013:0207 RHSA-2013:0206 System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files. Per https://access.redhat.com/security/cve/CVE-2013-0219 This issue affects the version of sssd shipped with Red Hat Enterprise Linux 5 and 6. https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4 https://fedorahosted.org/sssd/ticket/1782 https://bugzilla.redhat.com/show_bug.cgi?id=884254 57539 52315 51928 RHSA-2013:0508 FEDORA-2013-1826 FEDORA-2013-1795 http://git.fedorahosted.org/cgit/sssd.git/commit/?id=e864d914a44a37016736554e9257c06b18c57d37 http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a http://git.fedorahosted.org/cgit/sssd.git/commit/?id=3843b284cd3e8f88327772ebebc7249990fd87b9 http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047 The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet. https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4 https://fedorahosted.org/sssd/ticket/1781 https://bugzilla.redhat.com/show_bug.cgi?id=884601 57539 52315 51928 RHSA-2013:0508 FEDORA-2013-1826 FEDORA-2013-1795 http://git.fedorahosted.org/cgit/sssd.git/commit/?id=30e2585dd46b62aa3a4abdf6de3f40a20e1743ab http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325 The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file. https://drupal.org/node/1896714 https://drupal.org/node/1895234 [oss-security] 20130124 Re: CVE request for Drupal contributed modules Cross-site scripting (XSS) vulnerability in the User Relationships module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for Drupal allows remote authenticated users with the "administer user relationships" permission to inject arbitrary web script or HTML via a relationship name. https://drupal.org/node/1896720 https://drupal.org/node/1896276 https://drupal.org/node/1896272 [oss-security] 20130124 Re: CVE request for Drupal contributed modules http://drupalcode.org/project/user_relationships.git/commitdiff/b9a4739 http://drupalcode.org/project/user_relationships.git/commitdiff/17e94b9 The Keyboard Shortcut Utility module 7.x-1.x before 7.x-1.1 for Drupal does not properly check node restrictions, which allows (1) remote authenticated users with the "view shortcuts" permission to read nodes or (2) remote authenticated users with the "admin shortcuts" permission to read, edit, or delete nodes via unspecified vectors. https://drupal.org/node/1896752 https://drupal.org/node/1896752 [oss-security] 20130124 Re: CVE request for Drupal contributed modules Cross-site scripting (XSS) vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels. https://drupal.org/node/1896782 https://drupal.org/node/1896756 [oss-security] 20130124 Re: CVE request for Drupal contributed modules http://drupalcode.org/project/search_api_sorts.git/commitdiff/f6cbf47 The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel before 3.7.9 on 32-bit Xen paravirt_ops platforms does not properly handle an invalid value in the DS segment register, which allows guest OS users to gain guest OS privileges via a crafted application. https://github.com/torvalds/linux/commit/13d2b4d11d69a92574a55bfd985cfb0ca77aebdc https://bugzilla.redhat.com/show_bug.cgi?id=906309 USN-1808-1 USN-1805-1 USN-1797-1 USN-1796-1 USN-1795-1 [oss-security] 20130213 Xen Security Advisory 42 (CVE-2013-0228) - Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS. http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.9 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=13d2b4d11d69a92574a55bfd985cfb0ca77aebdc The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read. https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method. https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information. xen-pcibackenablemsi-dos(81923) 57740 [oss-security] 20130205 Xen Security Advisory 43 (CVE-2013-0231) - Linux pciback DoS via not rate limited log messages. DSA-2632 52059 89903 SUSE-SU-2013:0674 openSUSE-SU-2013:0395 includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function. http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771 89529 [oss-security] 20130128 Re: CVE Request: zoneminder: arbitrary command execution vulnerability 24310 DSA-2640 http://itsecuritysolutions.org/2013-01-22-ZoneMinder-Video-Server-arbitrary-command-execution-vulnerability/ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910 Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts. Per http://lists.opensuse.org/opensuse-updates/2013-03/msg00000.html "Affected Products: openSUSE 12.2" https://github.com/Snorby/snorby/issues/261 57577 http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html [oss-security] 20130128 Re: CVE request for 'devise' ruby gem http://www.metasploit.com/modules/auxiliary/admin/http/rails_devise_pass_reset openSUSE-SU-2013:0374 http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/ The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid before 8.0.6 does not properly validate masks, which allows remote attackers to cause a denial of service (crash) via a mask that causes a negative number to be parsed. ircdhybrid-tryparsev4netmask-dos(81695) 57610 [oss-security] 20130129 ircd-hybrid: Denial of service vulnerability in hostmask.c:try_parse_v4_netmask() DSA-2618 http://svn.ircd-hybrid.org:8000/viewcvs.cgi/ircd-hybrid/trunk/src/hostmask.c?r1=1786&r2=1785&pathrev=1786 52106 51948 89623 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699267 Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element. http://svn.apache.org/viewvc?view=revision&revision=1438424 apachecxf-username-tokens-sec-bypass(81981) 57876 51988 20130208 New security advisories for Apache CXF RHSA-2013:0749 http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html 90078 http://cxf.apache.org/cve-2013-0239.html Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. Per http://www.ubuntu.com/usn/usn-1779-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10" [gnome-announce-list] 20130304 GNOME Online Accounts 3.6.3 released https://git.gnome.org/browse/gnome-online-accounts/commit/?id=edde7c63326242a60a075341d3fea0be0bc4d80e https://git.gnome.org/browse/gnome-online-accounts/commit/?id=bc10fdb68f75f8be84eb698ada08743b9c7c248f https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=ecad8142e9ac519b9fc74b96dcb5531052bbffe1 https://bugzilla.redhat.com/show_bug.cgi?id=894352 https://bugzilla.gnome.org/show_bug.cgi?id=693214 USN-1779-1 52791 51976 openSUSE-SU-2013:0301 The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information. Per https://rhn.redhat.com/errata/RHSA-2013-0218.html Affected Products: Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Workstation (v. 6) Per http://www.ubuntu.com/usn/USN-1714-1/ A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Ubuntu 11.10 https://bugzilla.redhat.com/show_bug.cgi?id=906032 qxl-virtual-spice-dos(81704) USN-1714-1 [oss-security] 20130130 Re: CVE request -- qxl: synchronous io guest DoS [oss-security] 20130130 CVE request -- qxl: synchronous io guest DoS 52021 RHSA-2013:0218 Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. http://sourceware.org/bugzilla/show_bug.cgi?id=15078 glibc-extendbuffers-dos(81707) 1028063 57638 [oss-security] 20130130 Re: CVE Request -- glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters [libc-alpha] 20130129 [PATCH] Fix buffer overrun in regexp matcher 51951 RHSA-2013:0769 89747 OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries. Per http://www.ubuntu.com/usn/USN-1715-1/ A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS https://bugzilla.redhat.com/show_bug.cgi?id=906171 https://bugs.launchpad.net/keystone/+bug/1098307 USN-1715-1 57747 RHSA-2013:0253 FEDORA-2013-2168 The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack. 90906 20130306 [SECURITY] CVE-2013-0248 Apache Commons FileUpload - Insecure examples Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message. USN-1721-1 1028093 89988 24487 http://packetstormsecurity.com/files/120170/Slackware-Security-Advisory-curl-Updates.html http://packetstormsecurity.com/files/120147/cURL-Buffer-Overflow.html http://nakedsecurity.sophos.com/2013/02/10/anatomy-of-a-vulnerability-curl-web-download-toolkit-holed-by-authentication-bug/ FEDORA-2013-2098 http://curl.haxx.se/docs/adv_20130206.html http://blog.volema.com/curl-rce.html Stack-based buffer overflow in llogincircuit.cc in latd 1.25 through 1.30 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the llogin version. [oss-security] 20130205 Re: CVE id request: latd [oss-security] 20130203 Re: CVE id request: latd http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699625 boost::locale::utf::utf_traits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes. https://svn.boost.org/trac/boost/ticket/7743 https://bugzilla.redhat.com/show_bug.cgi?id=907481 USN-1727-1 57675 [oss-security] 20130203 Re: CVE id request: boost http://www.boost.org/users/news/boost_locale_security_notice.html FEDORA-2013-2448 FEDORA-2013-2420 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699650 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699649 The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack. https://maven.apache.org/security.html https://bugzilla.redhat.com/show_bug.cgi?id=917084 RHSA-2013:0700 The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. [qt-announce] 20130205 [Announce] [CVE-2013-0254] Qt Project Security Advisory: System V shared memory segments created world-writeable https://bugzilla.redhat.com/show_bug.cgi?id=907425 RHSA-2013:0669 openSUSE-SU-2013:0411 openSUSE-SU-2013:0404 openSUSE-SU-2013:0403 PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read. https://bugzilla.redhat.com/show_bug.cgi?id=907892 https://blogs.oracle.com/sunsecurity/entry/cve_2013_0255_array_index postgresql-enumrecv-dos(81917) USN-1717-1 57844 http://www.postgresql.org/docs/9.2/static/release-9-2-3.html http://www.postgresql.org/docs/9.1/static/release-9-1-8.html http://www.postgresql.org/docs/9.0/static/release-9-0-12.html http://www.postgresql.org/docs/8.4/static/release-8-4-16.html http://www.postgresql.org/docs/8.3/static/release-8-3-23.html DSA-2630 52819 51923 89935 openSUSE-SU-2013:0319 openSUSE-SU-2013:0318 FEDORA-2013-2123 darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL. Per http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/ Affected versions All ruby 1.9 versions prior to ruby 1.9.3 patchlevel 383 All ruby 2.0 versions prior to ruby 2.0.0 rc2 or prior to trunk revision 39102 https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60 https://bugzilla.redhat.com/show_bug.cgi?id=907820 USN-1733-1 http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/ 52774 RHSA-2013:0728 RHSA-2013:0701 RHSA-2013:0686 RHSA-2013:0548 openSUSE-SU-2013:0303 SUSE-SU-2013:0647 http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2 The email2image module 6.x-1.x and 6.x-2.x for Drupal does not properly restrict access to nodes, which allows remote attackers to read images of user email addresses and email fields. http://drupal.org/node/1903264 [oss-security] 20130204 Re: CVE request for Drupal contributed modules The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username. http://drupalcode.org/project/ga_login.git/commitdiff/50b032d http://drupal.org/node/1903282 http://drupal.org/node/1902102 [oss-security] 20130204 Re: CVE request for Drupal contributed modules Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web script or HTML via the subject parameter. http://drupal.org/node/1903300 [oss-security] 20130204 Re: CVE request for Drupal contributed modules http://drupalcode.org/project/boxes.git/commitdiff/456ff8e http://drupal.org/node/1897016 Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors. [oss-security] 20130204 Re: CVE request for Drupal contributed modules http://drupal.org/node/1903324 (1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. Per http://rhn.redhat.com/errata/RHSA-2013-0595.html these are the affected products: Red Hat OpenStack Essex Red Hat OpenStack Folsom https://bugzilla.redhat.com/show_bug.cgi?id=908101 RHSA-2013:0595 rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals." https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30 https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56 https://gist.github.com/rentzsch/4736940 https://bugzilla.redhat.com/show_bug.cgi?id=909072 https://bugzilla.redhat.com/show_bug.cgi?id=909071 52033 http://rack.github.com/ openSUSE-SU-2013:0462 Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving am HMAC comparison function that does not run in constant time. https://twitter.com/coda/statuses/299732877745197056 https://groups.google.com/forum/#!msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ https://groups.google.com/forum/#!msg/rack-devel/hz-liLb9fKE/8jvVWU6xYiYJ https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ https://groups.google.com/d/msg/rack-devel/xKrHVWeNvDM/4ZGA576CnK4J https://github.com/rack/rack/commit/9a81b961457805f6d1a5c275d053068440421e11 https://github.com/rack/rack/commit/0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07 https://gist.github.com/codahale/f9f3781f7b54985bee94 https://bugzilla.redhat.com/show_bug.cgi?id=909071 89939 52774 52134 52033 RHSA-2013:0686 http://rack.github.com/ openSUSE-SU-2013:0462 The redirect_stderr function in xnbd_common.c in xnbd-server and xndb-wrapper in xNBD 0.1.0 allow local users to overwrite arbitrary files via a symlink attack on /tmp/xnbd.log. [oss-security] 20130206 CVE request: Insecure default log file path in xNBD 90008 [oss-security] 20130206 Re: CVE request: Insecure default log file path in xNBD manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files. https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc https://bugzilla.redhat.com/show_bug.cgi?id=908581 RHSA-2013:0595 The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c903f0456bc69176912dee6dd25c6a66ee1aed00 https://github.com/torvalds/linux/commit/c903f0456bc69176912dee6dd25c6a66ee1aed00 https://bugzilla.redhat.com/show_bug.cgi?id=908693 [oss-security] 20130207 Re: CVE request -- Linux kernel: x86/msr: /dev/cpu/*/msr local privilege escalation http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.6 SUSE-SU-2013:0674 The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability." [rubyonrails-security] 20130211 Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269] json-ruby-security-bypass(82010) http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection USN-1733-1 57899 90074 [oss-security] 20130211 Patch update for [CVE-2013-0269] [oss-security] 20130211 Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269] http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/ http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed 52902 52774 52075 RHSA-2013:0701 RHSA-2013:0686 openSUSE-SU-2013:0603 SUSE-SU-2013:0647 SUSE-SU-2013:0609 SSA:2013-075-01 OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token. https://launchpad.net/keystone/grizzly/2013.1 https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8 https://bugzilla.redhat.com/show_bug.cgi?id=909012 https://bugs.launchpad.net/keystone/+bug/1099025 RHSA-2013:0708 The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname. USN-1746-1 http://www.pidgin.im/news/security/?id=65 openSUSE-SU-2013:0405 SUSE-SU-2013:0388 http://hg.pidgin.im/pidgin/main/rev/a8aef1d340f2 Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header. USN-1746-1 http://www.pidgin.im/news/security/?id=66 openSUSE-SU-2013:0407 openSUSE-SU-2013:0405 SUSE-SU-2013:0388 http://hg.pidgin.im/pidgin/main/rev/879db2a9a59c sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet. USN-1746-1 http://www.pidgin.im/news/security/?id=67 openSUSE-SU-2013:0407 openSUSE-SU-2013:0405 SUSE-SU-2013:0388 http://hg.pidgin.im/pidgin/main/rev/c31cf8de31cd upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network. USN-1746-1 http://www.pidgin.im/news/security/?id=68 openSUSE-SU-2013:0407 openSUSE-SU-2013:0405 SUSE-SU-2013:0388 http://hg.pidgin.im/pidgin/main/rev/ad7e7fb98db3 Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. https://github.com/ganglia/ganglia-web/commit/31d348947419058c43b8dfcd062e2988abd5058e https://bugzilla.redhat.com/show_bug.cgi?id=892823 58204 [oss-security] 20130208 Re: CVE request: XSS flaws fixed in ganglia http://ganglia.info/?p=566 ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request. [oss-security] 20130211 Circumvention of attr_protected [CVE-2013-0276] [rubyonrails-security] 20130211 Circumvention of attr_protected [CVE-2013-0276] 57896 90072 DSA-2620 http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/ http://support.apple.com/kb/HT5784 52774 52112 RHSA-2013:0686 openSUSE-SU-2013:0462 APPLE-SA-2013-06-04-1 ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML. [oss-security] 20130211 Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0 [CVE-2013-0277] [rubyonrails-security] 20130211 Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0 [CVE-2013-0277] 90073 DSA-2620 http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/ http://support.apple.com/kb/HT5784 1028109 52112 openSUSE-SU-2013:0462 APPLE-SA-2013-06-04-1 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-1664, CVE-2013-1665. Reason: This candidate is a duplicate of CVE-2013-1664 and/or CVE-2013-1665. Notes: All CVE users should reference CVE-2013-1664 and/or CVE-2013-1665 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-1664, CVE-2013-1665. Reason: This candidate is a duplicate of CVE-2013-1664 and/or CVE-2013-1665. Notes: All CVE users should reference CVE-2013-1664 and/or CVE-2013-1665 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-1664, CVE-2013-1665. Reason: This candidate is a duplicate of CVE-2013-1664 and/or CVE-2013-1665. Notes: All CVE users should reference CVE-2013-1664 and/or CVE-2013-1665 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions. https://review.openstack.org/#/c/22321/ https://review.openstack.org/#/c/22320/ https://review.openstack.org/#/c/22319/ https://launchpad.net/keystone/grizzly/2013.1 https://launchpad.net/keystone/+milestone/2012.2.4 https://bugs.launchpad.net/keystone/+bug/1121494 [oss-security] 20130219 [OSSA 2013-005] Keystone EC2-style authentication accepts disabled user/tenants (CVE-2013-0282) Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information (database credentials and SQL statements) by sniffing the network and deserializing the data. https://newrelic.com/docs/ruby/ruby-agent-security-notification [oss-security] 20130213 Some rubygems related CVEs The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156. https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately [oss-security] 20130213 Some rubygems related CVEs The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions. http://git.fedorahosted.org/cgit/sssd.git/patch/?id=c0bca1722d6f9dfb654ad78397be70f79ff39af1 http://git.fedorahosted.org/cgit/sssd.git/patch/?id=b63830b142053f99bfe954d4be5a2b0f68ce3a93 http://git.fedorahosted.org/cgit/sssd.git/patch/?id=8b8019fe3dd1564fba657e219ec20ff816c7ffdb http://git.fedorahosted.org/cgit/sssd.git/patch/?id=7619be9f6bf649665fcbeee9e6b120f9f9cba2a5 http://git.fedorahosted.org/cgit/sssd.git/patch/?id=754b09b5444e6da88ed58d6deaed8b815e268b6b http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6837eee3f7f81c0ee454d3718d67d7f3cc6b48ef http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6569d57e3bc168e6e83d70333b48c5cb43aa04c4 http://git.fedorahosted.org/cgit/sssd.git/patch/?id=26590d31f492dbbd36be6d0bde46a4bd3b221edb [sssd-devel] 20130319 [SSSD] A security bug in SSSD 1.9 (CVE-2013-0287) 58593 1028317 52722 52704 RHSA-2013:0663 openSUSE-SU-2013:0559 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=910938 nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer overflow related to incorrect use of the FD_SET macro. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0288 nsspamldapd-fdsetsize-bo(82175) 58007 [oss-security] 20130218 CVE-2013-0288 nss-pam-ldapd: FD_SET array index error, leading to stack-based buffer overflow DSA-2628 52242 52212 RHSA-2013:0590 openSUSE-SU-2013:0524 openSUSE-SU-2013:0522 FEDORA-2013-2754 [nss-pam-ldapd-announce] 20130218 nss-pam-ldapd security advisory (CVE-2013-0288) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690319 http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=f266f05f20afe73e89c3946a7bd60bd7c5948e1b http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=abf03bc54032beeff95b1b8634cc005137e11f32 http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=7867b93f9a7c76b96f1571cddc1de0811134bb81 The __skb_recv_datagram function in net/core/datagram.c in the Linux kernel before 3.8 does not properly handle the MSG_PEEK flag with zero-length data, which allows local users to cause a denial of service (infinite loop and system hang) via a crafted application. https://github.com/torvalds/linux/commit/77c1090f94d1b0b5186fb13a1b71b47b1343f87f http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.8.bz2 https://bugzilla.redhat.com/show_bug.cgi?id=911473 [oss-security] 20130214 Re: CVE Request: kernel -- local DOS (endless loop with interrupts disabled) http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=77c1090f94d1b0b5186fb13a1b71b47b1343f87f The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal. http://cgit.freedesktop.org/dbus/dbus-glib/commit/?id=166978a09cf5edff4028e670b6074215a4c75eca https://bugs.freedesktop.org/show_bug.cgi?id=60916 dbus-message-sender-priv-esc(82135) USN-1753-1 57985 [oss-security] 20130215 CVE-2013-0292: authentication bypass due to insufficient checks in dbus-glib < 0.100.1 52404 52375 52225 RHSA-2013:0568 90302 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=911658 The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information. Per http://www.ubuntu.com/usn/usn-1757-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 Ubuntu 10.04 LTS" https://www.djangoproject.com/weblog/2013/feb/19/security/ DSA-2634 USN-1757-1 RHSA-2013:0670 The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter. https://www.djangoproject.com/weblog/2013/feb/19/security/ DSA-2634 USN-1757-1 RHSA-2013:0670 The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. https://raw.github.com/git/git/master/Documentation/RelNotes/1.8.1.4.txt https://bugzilla.redhat.com/show_bug.cgi?id=909977 https://bugzilla.novell.com/show_bug.cgi?id=804730 git-gitimapsend-spoofing(82329) 1028205 58148 52467 52443 52361 RHSA-2013:0589 [ANNOUNCE] 20130220 Git v1.8.1.4 openSUSE-SU-2013:0382 openSUSE-SU-2013:0380 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701586 arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial of service (system crash) via a crafted application. Per https://access.redhat.com/security/cve/CVE-2013-0309 "This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6." https://github.com/torvalds/linux/commit/027ef6c87853b0a9df53175063028edb4950d476 https://bugzilla.redhat.com/show_bug.cgi?id=912898 [oss-security] 20130219 Re: CVE request -- Linux kernel: mm: thp: pmd_present and PROT_NONE local DoS http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.2 RHSA-2013:0496 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=027ef6c87853b0a9df53175063028edb4950d476 The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call. Per https://access.redhat.com/security/cve/CVE-2013-0310 "This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6." https://github.com/torvalds/linux/commit/89d7ae34cdda4195809a5a987f697a517a2a3177 https://bugzilla.redhat.com/show_bug.cgi?id=912900 [oss-security] 20130219 Re: CVE request -- Linux kernel: net: CIPSO_V4_TAG_LOCAL tag NULL pointer dereference http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.8 RHSA-2013:0496 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89d7ae34cdda4195809a5a987f697a517a2a3177 The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges. Per https://access.redhat.com/security/cve/CVE-2013-0311 "This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6." http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.7.bz2 https://github.com/torvalds/linux/commit/bd97120fc3d1a11f3124c7c9ba1d91f51829eb85 https://bugzilla.redhat.com/show_bug.cgi?id=912905 [oss-security] 20130219 Re: CVE request -- Linux kernel: vhost: fix length for cross region descriptor RHSA-2013:0882 RHSA-2013:0579 RHSA-2013:0496 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bd97120fc3d1a11f3124c7c9ba1d91f51829eb85 389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence. https://fedorahosted.org/389/ticket/571 https://bugzilla.redhat.com/show_bug.cgi?id=912964 58428 52568 52279 RHSA-2013:0628 http://directory.fedoraproject.org/wiki/Releases/1.3.0.4 The evm_update_evmxattr function in security/integrity/evm/evm_crypto.c in the Linux kernel before 3.7.5, when the Extended Verification Module (EVM) is enabled, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an attempted removexattr operation on an inode of a sockfs filesystem. https://github.com/torvalds/linux/commit/a67adb997419fb53540d4a4f79c6471c60bc69b6 https://bugzilla.redhat.com/show_bug.cgi?id=913266 [oss-security] 20130220 Re: CVE request - Linux kernel: evm: NULL pointer de-reference flaw http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.5 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a67adb997419fb53540d4a4f79c6471c60bc69b6 The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets. https://bugzilla.redhat.com/show_bug.cgi?id=913327 91120 52552 RHSA-2013:0613 The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack. https://bugzilla.redhat.com/show_bug.cgi?id=913340 91121 52552 RHSA-2013:0613 The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service (CPU and disk space consumption) via a large number of new derivative requests. http://drupal.org/SA-CORE-2013-002 [oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomplete field. http://drupalcode.org/project/og_manager_change.git/commitdiff/ab7152b http://drupal.org/node/1916312 http://drupal.org/node/1915408 [oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules The admin page in the Banckle Chat module for Drupal does not properly restrict access, which allows remote attackers to bypass intended restrictions via unspecified vectors. [oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules http://drupal.org/node/1916370 Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data. http://drupalcode.org/project/yandex_metrics.git/commitdiff/80bb901 http://drupalcode.org/project/yandex_metrics.git/commitdiff/290b718 http://drupal.org/node/1922400 http://drupal.org/node/1921342 http://drupal.org/node/1921340 [oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors. http://drupal.org/node/1922410 http://drupal.org/node/1922170 http://drupal.org/node/1922168 [oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3 http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801 Cross-site scripting (XSS) vulnerability in Views in the Ubercart Views (uc_views) module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field. http://drupal.org/node/1922416 http://drupal.org/node/1922128 [oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules http://drupalcode.org/project/uc_views.git/commitdiff/157d5d3 Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field. http://drupal.org/node/1922418 http://drupal.org/node/1922136 [oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules http://drupalcode.org/project/ubercart.git/commitdiff/f9d69b5 Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the author field. http://drupalcode.org/project/ds.git/commitdiff/90bcd8f http://drupalcode.org/project/ds.git/commitdiff/665c791 http://drupalcode.org/project/ds.git/commitdiff/45d490e http://drupal.org/node/1922438 http://drupal.org/node/1922430 http://drupal.org/node/1922424 [oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title. http://drupalcode.org/project/menu_reference.git/commitdiff/7e7367d http://drupal.org/node/1922446 http://drupal.org/node/1922434 [oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules Multiple cross-site scripting (XSS) vulnerabilities in the Varnish module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta2 for Drupal allow remote attackers to inject arbitrary web script or HTML via crafted a (1) Watchdog message or (2) admin setting. http://drupal.org/node/1922756 http://drupal.org/node/1922730 http://drupal.org/node/1922726 [oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules http://drupalcode.org/project/varnish.git/commitdiff/f69a62c http://drupalcode.org/project/varnish.git/commitdiff/e6726b4 Cross-site request forgery (CSRF) vulnerability in Jenkins master in CloudBees Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to hijack the authentication of users via unknown vectors. https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16 https://bugzilla.redhat.com/show_bug.cgi?id=914875 [oss-security] 20130220 Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16 http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb RHSA-2013:0638 Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16 https://bugzilla.redhat.com/show_bug.cgi?id=914876 57994 [oss-security] 20130220 Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16 http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb RHSA-2013:0638 Unspecified vulnerability in CloudBees Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to bypass the CSRF protection mechanism via unknown attack vectors. https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16 https://bugzilla.redhat.com/show_bug.cgi?id=914877 [oss-security] 20130220 Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16 http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb RHSA-2013:0638 Unspecified vulnerability in CloudBees Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors. https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16 https://bugzilla.redhat.com/show_bug.cgi?id=914878 57994 [oss-security] 20130220 Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16 http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb RHSA-2013:0638 CloudBees Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to cause a denial of service via a crafted payload. https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16 https://bugzilla.redhat.com/show_bug.cgi?id=914879 57994 [oss-security] 20130220 Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16 http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb RHSA-2013:0638 Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter. http://www.zoneminder.com/wiki/index.php/Change_History http://www.zoneminder.com/forums/viewtopic.php?f=1&t=17979 [oss-security] 20130221 Re: CVE request: zoneminder: local file inclusion vulnerability [oss-security] 20130220 Re: CVE request: zoneminder: local file inclusion vulnerability DSA-2640 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700912 lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156. VU#628463 [rubyonrails-security] 20130129 Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 DSA-2613 http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/ http://support.apple.com/kb/HT5784 RHSA-2013:0203 RHSA-2013:0202 RHSA-2013:0201 APPLE-SA-2013-03-14-1 APPLE-SA-2013-06-04-1 OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port. Per http://www.ubuntu.com/usn/USN-1771-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10" https://review.openstack.org/#/c/22872/ https://review.openstack.org/#/c/22758 https://review.openstack.org/#/c/22086/ https://bugs.launchpad.net/nova/+bug/1125378 USN-1771-1 90657 [oss-security] 20130226 [OSSA-2013-006] VNC proxy can connect to the wrong VM (CVE-2013-0335) 52728 52337 RHSA-2013:0709 libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity. Per http://www.ubuntu.com/usn/USN-1782-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 Ubuntu 10.04 LTS Ubuntu 8.04 LTS" Per http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html "http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html" https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab https://bugzilla.redhat.com/show_bug.cgi?id=912400 USN-1782-1 MDVSA-2013:056 openSUSE-SU-2013:0555 openSUSE-SU-2013:0552 The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages. https://bugzilla.redhat.com/show_bug.cgi?id=914664 [oss-security] 20130222 Re: Linux kernel handling of IPv6 temporary addresses [oss-security] 20130121 Re: Linux kernel handling of IPv6 temporary addresses [oss-security] 20130116 Re: Linux kernel handling of IPv6 temporary addresses [oss-security] 20121205 Re: Linux kernel handling of IPv6 temporary addresses The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call. https://github.com/torvalds/linux/commit/0a9ab9bdb3e891762553f667066190c1d22ad62b https://bugzilla.redhat.com/show_bug.cgi?id=914298 USN-1808-1 USN-1805-1 [oss-security] 20130222 Re: CVE request: Linux kernel: Bluetooth HIDP information disclosure http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.6 RHSA-2013:0744 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0a9ab9bdb3e891762553f667066190c1d22ad62b Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0237 RHSA-2013:0236 HPSBMU02874 SSRT101184 SSRT101156 HPSBUX02864 HPSBUX02857 SSRT101103 Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Content Management. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 allows remote attackers to affect integrity via unknown vectors related to Enterprise Configuration Management. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5, and EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3, allows remote attackers to affect integrity via unknown vectors related to Policy Framework. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1, and EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3, allows remote attackers to affect integrity via unknown vectors related to Distributed/Cross DB Features. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity, related to PIA Core Technology. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity, related to PIA Core Technology. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Resource Manager. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the APM - Application Performance Management component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Business Transaction Management. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Application Performance Management (APM) component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Business Transaction Management, a different vulnerability than CVE-2013-0396. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0366. Per: http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html 'Oracle Database Mobile Server was formerly known as Oracle Database Lite for 10g.' http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2013-0363 and CVE-2013-0364. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2013-0362 and CVE-2013-0364. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2013-0362 and CVE-2013-0363. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0361. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition. USN-1703-1 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. USN-1703-1 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Query. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM. USN-1703-1 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 11.1.0.1 and 12.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Distributed/Cross DB Features. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1, and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Distributed/Cross DB Features. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1, and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Database Cloning. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication. USN-1703-1 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html RHSA-2013:0219 Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Diagnostics. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Client System Analyzer. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Siebel Calendar, a different vulnerability than CVE-2013-0379. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Siebel Calendar, a different vulnerability than CVE-2013-0378. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Oracle Payroll component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to View Payslip. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Application Framework. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Campaign Management. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking. USN-1703-1 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html RHSA-2013:0219 Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema. USN-1703-1 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html RHSA-2013:0219 Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication. USN-1703-1 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html RHSA-2013:0219 Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure. USN-1703-1 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to PeopleCode. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the PeopleSoft HRMS component in Oracle PeopleSoft Products 9.1 allows remote attackers to affect integrity via unknown vectors related to Mobile Company Directory. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. USN-1703-1 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html RHSA-2013:0219 Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Bookmarkable Pages. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Security. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity via unknown vectors related to Portal, a different vulnerability than CVE-2012-5059. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0418. Per: http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html '2. Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8." http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html MS13-012 Unspecified vulnerability in the PeopleSoft HRMS component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote attackers to affect confidentiality via unknown vectors related to Candidate Gateway. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect integrity via unknown vectors related to Security. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Application Performance Management (APM) component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Business Transaction Management, a different vulnerability than CVE-2013-0360. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Diagnostics. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Umount. http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Filesystem/cachefs. http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions. https://twitter.com/thezdi/status/309784608508100608 https://bugzilla.redhat.com/show_bug.cgi?id=920245 http://www.zdnet.com/pwn2own-down-go-all-the-browsers-7000012283/ USN-1806-1 http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html RHSA-2013:0758 RHSA-2013:0757 RHSA-2013:0752 openSUSE-SU-2013:0777 SUSE-SU-2013:0835 SUSE-SU-2013:0814 http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/31c782610044 http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157 http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/ http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/ Heap-based buffer overflow in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via unspecified vectors related to JavaFX, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013. https://twitter.com/thezdi/status/309484730506698752 http://www.zdnet.com/pwn2own-down-go-all-the-browsers-7000012283/ http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html RHSA-2013:0757 http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157 Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Utility. http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Boot. http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality and integrity via vectors related to NFS client mounts and IPv6. http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors via vectors related to Kernel/IPsec. http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework. http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to CPU performance counters drivers. http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.) Applies to installation process on client deployment of Java." TA13-032A VU#858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0237 RHSA-2013:0236 HPSBMU02874 SSRT101184 SSRT101156 HPSBUX02864 HPSBUX02857 SSRT101103 Unspecified vulnerability in the Agile EDM component in Oracle Supply Chain Products Suite 6.1.1.0, 6.1.2.0, and 6.1.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Base Component - Common Objects. http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via vectors related to RBAC Configuration. http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax. http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Remote Execution Service. http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via unknown vectors related to Utility/ksh93. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package. http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Services, a different vulnerability than CVE-2013-2403. http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html Unspecified vulnerability in the Sun Storage Common Array Manager (CAM) component in Oracle Sun Products Suite 6.9.0 allows remote attackers to affect confidentiality, related to Fault Management System (FMS). http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. NOTE: the previous information was obtained from the January 2013 CPU. Oracle has not commented on claims from an independent researcher that this is a heap-based buffer overflow in the Paradox database stream filter (vspdx.dll) that can be triggered using a table header with a crafted "number of fields" value. Per: http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html#AppendixFMW '2. Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8.' http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html MS13-012 20130117 Secunia Research: Oracle Outside In Technology Paradox Database Handling Buffer Overflow Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0237 RHSA-2013:0236 HPSBMU02874 SSRT101184 SSRT101156 HPSBUX02864 HPSBUX02857 SSRT101103 Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: The previous information was obtained from the January 2013 Oracle CPU. Oracle has not commented on claims from another vendor that this issue is related to an incorrect comparison in the vga_draw_text function in Devices/Graphics/DevVGA.cpp, which can cause VirtualBox to "draw more lines than necessary." https://www.virtualbox.org/changeset/44055/vbox https://bugzilla.novell.com/show_bug.cgi?id=798776 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html openSUSE-SU-2013:0231 Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue. Per: http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html 'Note: JDK and JRE 6, 5.0 and 1.4.2, and Java SE Embedded JRE releases are not affected.' TA13-010A VU#625617 https://www-304.ibm.com/connections/blogs/PSIRT/entry/oracle_java_7_security_manager_bypass_vulnerability_cve_2013_04224?lang=en_us https://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013 https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf USN-1693-1 http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html 20130110 [SE-2012-01] 'Fix' for Issue 32 exploited by new Java 0-day code RHSA-2013:0165 RHSA-2013:0156 http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html openSUSE-SU-2013:0199 http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/ http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/ http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0237 RHSA-2013:0236 HPSBMU02874 SSRT101184 SSRT101156 HPSBUX02864 HPSBUX02857 SSRT101103 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number. Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 https://bugzilla.redhat.com/show_bug.cgi?id=906813 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0247 RHSA-2013:0246 RHSA-2013:0245 RHSA-2013:0237 RHSA-2013:0236 SSRT101184 HPSBMU02874 SSRT101156 HPSBUX02864 SSRT101103 HPSBUX02857 SUSE-SU-2013:0478 openSUSE-SU-2013:0377 openSUSE-SU-2013:0312 http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6e173569e1e7 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0247 RHSA-2013:0246 RHSA-2013:0245 RHSA-2013:0237 RHSA-2013:0236 SSRT101184 HPSBMU02874 SSRT101156 HPSBUX02864 HPSBUX02857 SSRT101103 SUSE-SU-2013:0478 openSUSE-SU-2013:0377 openSUSE-SU-2013:0312 http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce105dd2e4de http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907344 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0247 RHSA-2013:0246 RHSA-2013:0245 RHSA-2013:0237 RHSA-2013:0236 SSRT101184 HPSBMU02874 SSRT101156 HPSBUX02864 HPSBUX02857 SSRT101103 SUSE-SU-2013:0478 openSUSE-SU-2013:0377 openSUSE-SU-2013:0312 http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce105dd2e4de http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907346 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0247 RHSA-2013:0246 RHSA-2013:0245 RHSA-2013:0237 RHSA-2013:0236 SSRT101184 HPSBMU02874 SSRT101156 HPSBUX02864 HPSBUX02857 SSRT101103 openSUSE-SU-2013:0377 openSUSE-SU-2013:0312 http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/87d135824bdf http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907455 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API. Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 https://bugzilla.redhat.com/show_bug.cgi?id=907207 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0247 RHSA-2013:0246 RHSA-2013:0245 RHSA-2013:0237 RHSA-2013:0236 SSRT101184 HPSBMU02874 SSRT101156 HPSBUX02864 SSRT101103 HPSBUX02857 SUSE-SU-2013:0478 openSUSE-SU-2013:0377 openSUSE-SU-2013:0312 http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/c9534e095b37 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0247 RHSA-2013:0246 RHSA-2013:0245 RHSA-2013:0237 RHSA-2013:0236 SSRT101184 HPSBMU02874 SSRT101156 HPSBUX02864 HPSBUX02857 SSRT101103 openSUSE-SU-2013:0377 openSUSE-SU-2013:0312 http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/corba/rev/c1ed8145c1b8 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907460 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process of the client. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to installation process on client deployment of Java." TA13-032A VU#858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0237 RHSA-2013:0236 SSRT101184 HPSBMU02874 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 20130122 Re: [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717 20130122 Re: [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable 20130118 [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable RHSA-2013:0247 RHSA-2013:0237 SSRT101184 HPSBMU02874 HPSBUX02857 SSRT101103 openSUSE-SU-2013:0377 http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53 http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/ Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks." Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0247 RHSA-2013:0246 RHSA-2013:0245 RHSA-2013:0237 RHSA-2013:0236 SSRT101184 HPSBMU02874 SSRT101156 HPSBUX02864 HPSBUX02857 SSRT101103 SUSE-SU-2013:0478 openSUSE-SU-2013:0377 openSUSE-SU-2013:0312 http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/e46d557465da http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907219 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 https://bugzilla.redhat.com/show_bug.cgi?id=907456 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0247 RHSA-2013:0246 RHSA-2013:0245 RHSA-2013:0237 RHSA-2013:0236 SSRT101184 HPSBMU02874 HPSBUX02864 SSRT101156 HPSBUX02857 SSRT101103 openSUSE-SU-2013:0377 openSUSE-SU-2013:0312 http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ab011765c4e8 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0247 RHSA-2013:0246 RHSA-2013:0245 RHSA-2013:0237 RHSA-2013:0236 SSRT101184 HPSBMU02874 SSRT101156 HPSBUX02864 SSRT101103 HPSBUX02857 SUSE-SU-2013:0478 openSUSE-SU-2013:0377 openSUSE-SU-2013:0312 http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jaxp/rev/91fcc41a0b4b http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907453 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements." Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0247 RHSA-2013:0246 RHSA-2013:0245 RHSA-2013:0237 RHSA-2013:0236 SSRT101184 HPSBMU02874 SSRT101156 HPSBUX02864 HPSBUX02857 SSRT101103 openSUSE-SU-2013:0377 openSUSE-SU-2013:0312 http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/c1fa21042291 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=906892 Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. TA13-032A VU#858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html SSRT101184 HPSBMU02874 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client and server deployment of Java. This vulnerability can be exploited through untrusted Java Web Start applications and untrusted Java applets. It can also be exploited by supplying data to APIs in the specified Component without using untrusted Java Web Start applications or untrusted Java applets, such as through a web service." TA13-032A VU#858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0237 HPSBMU02874 SSRT101184 SSRT101103 HPSBUX02857 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0237 RHSA-2013:0236 HPSBMU02874 SSRT101184 SSRT101156 HPSBUX02864 HPSBUX02857 SSRT101103 Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html SSRT101184 HPSBMU02874 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to server deployments of JSSE." TA13-032A VU#858729 https://bugzilla.redhat.com/show_bug.cgi?id=859140 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0247 RHSA-2013:0246 RHSA-2013:0245 RHSA-2013:0237 RHSA-2013:0236 SSRT101184 HPSBMU02874 HPSBUX02864 SSRT101156 HPSBUX02857 SSRT101103 SUSE-SU-2013:0478 openSUSE-SU-2013:0377 openSUSE-SU-2013:0312 http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/5c1e8b779c65 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction." Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0247 RHSA-2013:0246 RHSA-2013:0245 RHSA-2013:0237 RHSA-2013:0236 SSRT101184 HPSBMU02874 SSRT101156 HPSBUX02864 HPSBUX02857 SSRT101103 openSUSE-SU-2013:0377 openSUSE-SU-2013:0312 http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/corba/rev/307ddc7799c7 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907458 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0247 RHSA-2013:0246 RHSA-2013:0245 RHSA-2013:0237 RHSA-2013:0236 SSRT101184 HPSBMU02874 SSRT101156 HPSBUX02864 HPSBUX02857 SSRT101103 SUSE-SU-2013:0478 openSUSE-SU-2013:0377 openSUSE-SU-2013:0312 http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6527ae06da69 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=906899 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to server deployments of JSSE." TA13-032A VU#858729 https://bugzilla.redhat.com/show_bug.cgi?id=907340 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0247 RHSA-2013:0246 RHSA-2013:0245 RHSA-2013:0237 RHSA-2013:0236 SSRT101184 HPSBMU02874 SSRT101156 HPSBUX02864 HPSBUX02857 SSRT101103 SUSE-SU-2013:0478 openSUSE-SU-2013:0377 openSUSE-SU-2013:0312 http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/496bced2d275 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient checks for cached results" by the Java Beans MethodFinder, which might allow attackers to access methods that should only be accessible to privileged code. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0247 RHSA-2013:0237 SSRT101184 HPSBMU02874 HPSBUX02857 SSRT101103 openSUSE-SU-2013:0377 http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce04db4aba39 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907218 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 https://bugzilla.redhat.com/show_bug.cgi?id=906900 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0247 RHSA-2013:0246 RHSA-2013:0245 RHSA-2013:0237 RHSA-2013:0236 SSRT101184 HPSBMU02874 HPSBUX02864 SSRT101156 HPSBUX02857 SSRT101103 http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6527ae06da69 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0237 RHSA-2013:0236 HPSBMU02874 SSRT101184 SSRT101156 HPSBUX02864 HPSBUX02857 SSRT101103 Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html SSRT101184 HPSBMU02874 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect integrity via unknown vectors related to Libraries. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0237 SSRT101184 HPSBMU02874 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0237 HPSBMU02874 SSRT101184 SSRT101103 HPSBUX02857 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" TA13-032A VU#858729 https://bugzilla.redhat.com/show_bug.cgi?id=906911 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html RHSA-2013:0247 RHSA-2013:0246 RHSA-2013:0245 RHSA-2013:0237 RHSA-2013:0236 SSRT101184 HPSBMU02874 HPSBUX02864 SSRT101156 HPSBUX02857 SSRT101103 openSUSE-SU-2013:0377 openSUSE-SU-2013:0312 http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6e0d9f4942af http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format (AMF) messages. tem-sua-csrf(80968) http://www-01.ibm.com/support/docview.wss?uid=swg21631350 IV38145 Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli Endpoint Manager (TEM) before 8.2.1372 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. tem-web-reports-xss(80969) http://www.ibm.com/support/docview.wss?uid=swg21631351 IV37766 The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter. https://www.samba.org/samba/security/CVE-2013-0454 [samba-announce] 20120625 [Announce] Samba 3.6.6 Available for Download https://bugzilla.samba.org/show_bug.cgi?id=8738 https://bugzilla.redhat.com/show_bug.cgi?id=928419 storwize-cifs-incorrect-permissions(80970) USN-1802-1 http://www.ibm.com/support/docview.wss?uid=ssg1S1004289 Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid. mam-uisessionid-xss(81011) http://www-01.ibm.com/support/docview.wss?uid=swg21625624 IV20590 Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2, when login security is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. was-admin-login-xss(81012) http://www.ibm.com/support/docview.wss?uid=swg21622444 PM71139 Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. was-admin-type-xss(81013) http://www.ibm.com/support/docview.wss?uid=swg21622444 PM72536 Cross-site request forgery (CSRF) vulnerability in the portlet subsystem in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 and 7.0 before 7.0.0.27 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. was-admin-portlet-csrf(81014) http://www.ibm.com/support/docview.wss?uid=swg21622444 PM72275 Cross-site scripting (XSS) vulnerability in the virtual member manager (VMM) administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. was-admin-vmm-xss(81015) http://www.ibm.com/support/docview.wss?uid=swg21622444 PM71389 Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors. http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerabilities_fixed_in_ibm_websphere_application_server_7_0_0_2785 Multiple cross-site scripting (XSS) vulnerabilities in IBM Eclipse Help System (IEHS) 3.4.3 and 3.6.2, as used in IBM SPSS Data Collection 6.0, 6.0.1, and 7.0, allow remote attackers to inject arbitrary web script or HTML via a crafted URL. iehs-cve20130464-xss(81060) http://www-01.ibm.com/support/docview.wss?uid=swg21637954 Unspecified vulnerability in the IBM WebSphere Cast Iron physical and virtual appliance 6.0 and 6.1 before 6.1.0.15 and 6.3 before 6.3.0.1, when LDAP authentication is enabled, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. http://www-01.ibm.com/support/docview.wss?uid=swg21623324 was-castiron-security-bypass(81061) LI77155 Cross-site scripting (XSS) vulnerability in IBM WebSphere Message Broker 7.0 before 7.0.0.6 and 8.0 before 8.0.0.2, when wsdl support is enabled on a SOAPInput node, allows remote attackers to inject arbitrary web script or HTML via a wsdl request that is not properly handled during construction of an error message. wmb-wsdl-xss(81062) http://www-01.ibm.com/support/docview.wss?uid=swg21623316 IC89383 IBM Eclipse Help System (IEHS), as used in IBM Data Studio 3.1 and 3.1.1 and other products, allows remote authenticated users to read source code via a crafted URL. iehs-source-disclosure(81102) http://www-01.ibm.com/support/docview.wss?uid=swg21625573 HTTPD in IBM Netezza Performance Portal 1.0.2 allows remote authenticated users to list application directories containing asset files via a direct request to a directory URI, as demonstrated by listing image files. netezza-cve20130470-info-disclosure(81336) http://www-01.ibm.com/support/docview.wss?uid=swg21631945 The traditional scheduler in the client in IBM Tivoli Storage Manager (TSM) before 6.2.5.0, 6.3 before 6.3.1.0, and 6.4 before 6.4.0.1, when Prompted mode is enabled, allows remote attackers to cause a denial of service (scheduling outage) via unspecified vectors. tsm-scheduler-dos(81215) http://www-01.ibm.com/support/docview.wss?uid=swg21624135 IC87331 The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.1.0 and 6.4 before 6.4.0.1 allows man-in-the-middle attackers to obtain unspecified client access, and consequently obtain unspecified server access, via unknown vectors. http://www-01.ibm.com/support/docview.wss?uid=swg21624118 tsm-gui-unauth-access(81216) IC87210 Multiple cross-site scripting (XSS) vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allow remote attackers to inject arbitrary web script or HTML via a crafted report. appscan-cve20130473-xss(81337) http://www-01.ibm.com/support/docview.wss?uid=swg21631304 http://www-01.ibm.com/support/docview.wss?uid=swg21626264 The Manual Explore browser plug-in in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to discover test Platform Authentication credentials via a crafted web site. appscan-manual-explore-csrf(81338) http://www-01.ibm.com/support/docview.wss?uid=swg21631304 http://www-01.ibm.com/support/docview.wss?uid=swg21626264 Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 and 10.1 before FP1 and InfoSphere Master Data Management Server for Product Information Management 6.0, 9.0, and 9.1 allow remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors. mdm-web-content-spoofing(81481) http://www-01.ibm.com/support/docview.wss?uid=swg21624952 Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 and 10.1 before FP1 and InfoSphere Master Data Management Server for Product Information Management 6.0, 9.0, and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. mdm-web-xss(81482) http://www-01.ibm.com/support/docview.wss?uid=swg21624952 IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message, related to a "Signature Wrap attack," a different vulnerability than CVE-2011-1377 and CVE-2013-0489. was-wssecurity-spoofing(81548) http://www-01.ibm.com/support/docview.wss?uid=swg21635474 http://www-01.ibm.com/support/docview.wss?uid=swg21634646 PM86026 PM76582 IC88185 The login component in SOAP Gateway in IBM IMS Enterprise Suite 1.1, 2.1, and 2.2 uses cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. ims-insecure-login(81533) http://www-01.ibm.com/support/docview.wss?uid=swg21631537 Memory leak in the HTTP server in IBM Domino 8.5.x allows remote attackers to cause a denial of service (memory consumption and daemon crash) via GET requests, aka SPR KLYH92NKZY. domino-get-dos(81812) http://www-01.ibm.com/support/docview.wss?uid=swg21627597 JVNDB-2013-000030 JVN#51305555 The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN. domino-controller-auth-bypass(81852) http://www-01.ibm.com/support/docview.wss?uid=swg21627597 Cross-site scripting (XSS) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. domino-webadmin-xss(81853) http://www-01.ibm.com/support/docview.wss?uid=swg21627597 Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote authenticated users to hijack the authentication of administrators. domino-webadmin-csrf(81854) http://www-01.ibm.com/support/docview.wss?uid=swg21627597 Unspecified vulnerability in IBM InfoSphere Guardium S-TAP 8.1 for DB2 on z/OS allows local users to gain privileges via unknown vectors. ibm-zos-priv-esc(81948) http://www-01.ibm.com/support/docview.wss?uid=swg21626276 Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services. https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130523-0_IBM_Xi50_Echo-WebService_Xss_in_Xml_v10.txt was-datapower-echo-xss(82221) http://www-01.ibm.com/support/docview.wss?uid=swg21637717 20130523 SEC Consult SA-20130523-0 :: JavaScript Execution in IBM WebSphere DataPower Services The EdrawSoft EDOFFICE.EDOfficeCtrl.1 ActiveX control, as used in Edraw Office Viewer Component, the client in IBM Cognos Disclosure Management (CDM) 10.2.0, and other products, allows remote attackers to read arbitrary files, or download an arbitrary program onto a client machine and execute this program, via a crafted web site. cdm-edrawsoft-activex(82345) http://www.ibm.com/support/docview.wss?uid=swg21627070 Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server 8.1, 8.5 through FP3, 8.7 through FP2, and 9.1 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. infosphere-web-console-xss(82233) http://www-01.ibm.com/support/docview.wss?uid=swg21632556 JR45274 Cross-site scripting (XSS) vulnerability in the Bookmarks component in IBM Lotus Connections before 4.0 CR3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. lotus-connections-reflected-xss(82265) http://www-01.ibm.com/support/docview.wss?uid=swg21634538 LO74182 Buffer overflow in the broker service in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows attackers to execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb13-08.html 'Flash Player 11.6.602.168 and earlier versions for Windows Flash Player 11.6.602.167 and earlier versions for Macintosh Flash Player 11.2.202.270 and earlier for Linux' http://www.adobe.com/support/security/bulletins/apsb13-08.html RHSA-2013:0574 SUSE-SU-2013:0373 openSUSE-SU-2013:0360 openSUSE-SU-2013:0359 IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors. sterling-om-xpath-injection(82339) http://www-01.ibm.com/support/docview.wss?uid=swg21631302 Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. sterling-om-address-xss(82341) http://www-01.ibm.com/support/docview.wss?uid=swg21631302 IC90858 Multiple buffer overflows in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) 4.0.0 before FP14 and 4.0.1 before FP1 allow context-dependent attackers to execute arbitrary code or cause a denial of service via a long line in (1) hrfstable.idx, (2) hrdevice.idx, (3) hrstorage.idx, or (4) lotusmapfile in the SSM Config directory, or (5) .manifest.hive in the main agent directory. netcool-cve20130508-config-bo(82333) http://www-01.ibm.com/support/docview.wss?uid=swg21638459 Buffer overflow in the Transaction MIB agent in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) 4.0.0 before FP14 allows remote attackers to execute arbitrary code via a SQL transaction with a long table name that is not properly handled by a packet decoder. netcool-cve20130509-mib-bo(82334) http://www-01.ibm.com/support/docview.wss?uid=swg21638183 IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 includes a security test that sends session cookies to a specific external server, which allows man-in-the-middle attackers to hijack the test account by capturing these cookies. appscan-fwd-info-disclosure(82592) http://www-01.ibm.com/support/docview.wss?uid=swg21626264 Multiple SQL injection vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified parameters. appscan-cve20130511-sql-injection(82344) http://www-01.ibm.com/support/docview.wss?uid=swg21626264 Stack-based buffer overflow in the Manual Explore browser plug-in for Firefox in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to cause a denial of service (plug-in crash) via a crafted web page. appscan-fme-dos(82593) http://www-01.ibm.com/support/docview.wss?uid=swg21631304 http://www-01.ibm.com/support/docview.wss?uid=swg21626264 IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 create a service that lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program, related to an "Unquoted Service Path Enumeration" vulnerability. appscan-svc-path-priv-esc(82594) http://www-01.ibm.com/support/docview.wss?uid=swg21631304 http://www-01.ibm.com/support/docview.wss?uid=swg21626264 IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. ssp-cve20130518-content-spoofing(83128) http://www-01.ibm.com/support/docview.wss?uid=swg21636369 IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 provides web-server version data in (1) an unspecified page title and (2) an unspecified HTTP header field, which allows remote attackers to obtain potentially sensitive information by reading a version string. ssp-cve20130519-info-disclosure(82654) http://www-01.ibm.com/support/docview.wss?uid=swg21636369 IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java stack-trace information by providing invalid input data. ssp-cve20130520-info-disclosure(83433) http://www-01.ibm.com/support/docview.wss?uid=swg21636369 Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes 8.5.x allow local users to inject arbitrary web script or HTML via a shared mail file, aka SPR DKEN8PDNTX. inotes-folder-xss(82542) http://www-01.ibm.com/support/docview.wss?uid=swg21628658 Cross-site request forgery (CSRF) vulnerability in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that cause a denial of service via malformed HTTP data. appscan-cve20130532-csrf(82595) http://www-01.ibm.com/support/docview.wss?uid=swg21631304 http://www-01.ibm.com/support/docview.wss?uid=swg21626264 Cross-site scripting (XSS) vulnerability in the Sametime Links server in IBM Sametime 8.0.2 through 8.5.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. inotes-webmail-xss(82655) http://www-01.ibm.com/support/docview.wss?uid=swg21633620 Multiple cross-site scripting (XSS) vulnerabilities in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. sametime-meeting-multiple-xss(82657) http://www-01.ibm.com/support/docview.wss?uid=swg21635545 http://www-01.ibm.com/support/docview.wss?uid=swg21635185 Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in an HTML e-mail message, aka SPRs JMOY95BLM6 and JMOY95BN49. VU#912420 ibm-notes-javascript-tags(83270) http://www-01.ibm.com/support/docview.wss?uid=swg21633819 IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session. was-ssl-sec-bypass(82695) PM81056 http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Windows, when a localOS registry is used in conjunction with WebSphere Identity Manger (WIM), allows local users to cause a denial of service (daemon crash) via unspecified vectors. was-cve20130541-dos(82696) PM74909 http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via crafted field values. was-cve20130542-xss(82697) PM81846 http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not properly validate user accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors. was-cve20130543-sec-bypass(82759) PM75582 http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux and UNIX allows remote authenticated users to modify data via unspecified vectors. was-cve20130544-dir-traversal(82760) PM82468 http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 Cross-site scripting (XSS) vulnerability in the Web Content Manager - Web Content Viewer Portlet in the server in IBM WebSphere Portal 7.0.0.x through 7.0.0.2 CF22 and 8.0.0.x through 8.0.0.1 CF5, when the IBM Portlet API is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. was-portal-cve20130549-xss(82762) http://www-01.ibm.com/support/docview.wss?uid=swg21638984 PM84525 The client implementation in IBM Sametime 8.5.1 through 8.5.2.1, as used in Sametime Connect client, Sametime Advanced Connect client, Sametime Advanced Web client, and other products, allows remote authenticated users to send commands to individual chat users, or to all participants in a chat room, via a crafted Sametime Instant Message (IM). ibm-sametime-commands(82915) http://www-01.ibm.com/support/docview.wss?uid=swg21633618 Cross-site scripting (XSS) vulnerability in the RPC adapter for the Web 2.0 and Mobile toolkit in IBM WebSphere Application Server (WAS) 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted response. was-cve20130565-xss(83138) PM83402 http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 Cross-site scripting (XSS) vulnerability in the Communities component in IBM Connections 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ibm-communities-cve20130569-xss(83354) http://www-01.ibm.com/support/docview.wss?uid=swg21635059 LO74629 Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote attackers to inject arbitrary web script or HTML via a crafted URL. asf-cve20130571-xss(83246) http://www-01.ibm.com/support/docview.wss?uid=swg21635328 Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors. asf-cve20130572-spoofing(83247) http://www-01.ibm.com/support/docview.wss?uid=swg21635328 Cross-site scripting (XSS) vulnerability in the Tivoli Enterprise Portal browser client in IBM Tivoli Monitoring 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. http://www-01.ibm.com/support/docview.wss?uid=swg21634920 ibm-tivoli-cve20130576-xss(83328) IV32812 The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0 before FP45, and 9.2.0 before FP17, when the API tester is enabled, do not require administrative credentials, which allows remote authenticated users to obtain sensitive database information via a request to the API tester URI. Per: http://www-01.ibm.com/support/docview.wss?uid=swg21636034 'AFFECTED PRODUCTS AND VERSIONS: IBM Sterling Selling and Fulfillment Foundation 9.2.0 IBM Sterling Selling and Fulfillment Foundation 9.1.0 IBM Sterling Selling and Fulfillment Foundation 9.0 IBM Sterling Selling and Fulfillment Foundation 8.5 IBM Sterling Multi-Channel Fulfillment Solution 8.0' ibm-sterling-cve20130578-info-disclosure(83330) http://www-01.ibm.com/support/docview.wss?uid=swg21636034 IC91829 Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.12, 6.2.1 before 6.2.1.5, and 6.2.2 before 6.2.2.4 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.12 and 6.2.1 before 6.2.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a SAML 2.0 response. http://www-01.ibm.com/support/docview.wss?uid=swg21635688 IV31640 IV26034 IV26033 The Data Replication Dashboard component in IBM InfoSphere Replication Server 9.7 and 10.x before 10.2.0.0-b113 allows remote attackers to obtain a list of all user accounts, along with information about whether each account requires a password, via unspecified vectors. ibm-infosphere-cve20130584-info-disclosure(83355) http://www-01.ibm.com/support/docview.wss?uid=swg21634798 Unspecified vulnerability in the olch2x32 ActiveX control in IBM SPSS SamplePower 3.0 before 3.0-IM-S3SAMPC-WIN32-FP001 allows remote attackers to execute arbitrary code via unknown vectors. ibm-spss-cve20130593-code-exec(83382) http://www-01.ibm.com/support/docview.wss?uid=swg21635503 IBM Eclipse Help System (IEHS), as used in IBM Rational Directory Server 5.1.1 through 5.1.1.2 and 5.2 through 5.2.1 and other products, allows remote attackers to obtain sensitive information by providing a crafted parameter path and then reading the debug information associated with the 500 HTTP status code. ibm-iehs-cve20130599-info-disclosure(83613) http://www-01.ibm.com/support/docview.wss?uid=swg21637151 Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance devices 2.0 and 2.1 through 2.1 FP3 allows remote attackers to bypass authentication and perform administrative actions via unknown vectors. http://www-01.ibm.com/support/docview.wss?uid=swg21636324 IC91726 Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0605, CVE-2013-0616, CVE-2013-0619, CVE-2013-0620, and CVE-2013-0623. http://www.adobe.com/support/security/bulletins/apsb13-02.html RHSA-2013:0150 openSUSE-SU-2013:0193 openSUSE-SU-2013:0138 SUSE-SU-2013:0047 SUSE-SU-2013:0044 Use-after-free vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors. http://www.adobe.com/support/security/bulletins/apsb13-02.html RHSA-2013:0150 openSUSE-SU-2013:0193 openSUSE-SU-2013:0138 SUSE-SU-2013:0047 SUSE-SU-2013:0044 Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0604. http://www.adobe.com/support/security/bulletins/apsb13-02.html RHSA-2013:0150 openSUSE-SU-2013:0193 openSUSE-SU-2013:0138 SUSE-SU-2013:0047 SUSE-SU-2013:0044 Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0603. http://www.adobe.com/support/security/bulletins/apsb13-02.html RHSA-2013:0150 openSUSE-SU-2013:0193 openSUSE-SU-2013:0138 SUSE-SU-2013:0047 SUSE-SU-2013:0044