CVE-2013-1024

CVE-2013-1024 is a memory‑initialization flaw in CoreMedia Playback for Mac OS X before 10.8.4, triggered by processing text tracks in a crafted movie file, allowing remote code execution or a denial of service. Related advisories reference Apple HT5784/HT6001, but the provided documents do not s...

tomcat: Improper TOMCAT_LOG management in init script (DoS, ACE)

The 1 tomcat5, 2 tomcat6, and 3 tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on a tomcat5-initd.log, b...

tomcat: Improper TOMCAT_LOG management in init script (DoS, ACE)

The 1 tomcat5, 2 tomcat6, and 3 tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on a tomcat5-initd.log, b...

Wireshark ASN.1 BER Dissector DoS Vulnerability - May 13 (Mac OS X)

This host is installed with Wireshark and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: gbwiresharkdosvulnmay13macosx.nasl 6115 2017-05-12 09:03:25Z teissa $ Wireshark ASN.1 BER Dissector DoS Vulnerability - May 13 Mac OS X Authors: Arun Kallavi Copyright: Copyright...

Mozilla Thunderbird ESR Multiple Vulnerabilities -01 May13 (Windows)

This host is installed with Mozilla Thunderbird ESR and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillathunderbirdesrmultvuln01may13win.nasl 6093 2017-05-10 09:03:18Z teissa $ Mozilla Thunderbird ESR Multiple Vulnerabilities -01 May13 Windows Authors: Arun Kallavi...

SIEMENS Solid Edge ST4 WebPartHelper ActiveX - RFMSsvs!JShellExecuteEx RCE

Exploit for windows platform in category remote exploits SIEMENS Solid Edge ST4 WebPartHelper ActiveX Control RFMSsvs!JShellExecuteEx Remote Command Execution Tested against: Microsoft Windows Server 2003 r2 sp2 Microsoft Windows XP sp3 Internet Explorer 8 Software description:...

Design/Logic Flaw

Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain...

CVE-2013-1675

Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain...

Borland Caliber 11.0 Quiksoft EasyMail SMTP Object Buffer Overflows

Borland Caliber 11.0 Quiksoft EasyMail SMTP Object Buffer Overflows ActiveX settings: Binary path: C:Program Files x86BorlandCaliberRMemsmtp.dll Version: 5.0.0.11 ProgID: EasyMail.SMTP.5 CLSID: 4610E7BF-710F-11D3-813D-00C04F6B92D0 Safe for Scripting: True Safe for Initialization: True...

krb5: PKINIT null pointer deref leads to DoS

The pkinitserverreturnpadata function in plugins/preauth/pkinit/pkinitsrv.c in the PKINIT implementation in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a...

DEBIAN-CVE-2013-1415

The pkinitcheckkdcpkid function in plugins/preauth/pkinit/pkinitcryptoopenssl.c in the PKINIT implementation in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate,...

Scientific Linux Security Update : dnsmasq on SL6.x i386/x86_64 (20130221)

It was discovered that dnsmasq, when used in combination with certain libvirtd configurations, could incorrectly process network packets from network interfaces that were intended to be prohibited. A remote, unauthenticated attacker could exploit this flaw to cause a denial of service via DNS...

ipa security, bug fix and enhancement update

3.0.0-25.el6 - Filter generated winbind dependencies so the right version of samba can be installed. 905594 3.0.0-24.el6 - Add certmonger condrestart to server post scriptlet 903758 - Make certmonger a pre Requires 903758 - Add selinux-policy to Requirespre to avoid post scriptlet AVCs 903758 - S...

libvirt security and bug fix update

0.8.2-29.0.1.el5 - Replaced docs/et.png in tarball - remove virshtest from test cases to fix failure in mock build root libvirt-0.8.2-29.el5 - Coverity pointed out an use after free in the fix for 816601 rhbz772848 libvirt-0.8.2-28.el5 - qemu: Rollback on used USB devices rhbz816601 - qemu: Don't...

CVE-2013-0001

CVE-2013-0001 concerns a vulnerability in the Windows Forms (WinForms) component of Microsoft .NET Framework (1.0 SP3–4.5). The root cause is improper initialization of memory arrays and use of a pointer to unmanaged memory, enabling information disclosure. Exploitation could occur via a crafted ...

PT-2013-2052 · Microsoft · .Net Framework

Name of the Vulnerable Software and Affected Versions: Microsoft .NET Framework versions 1.0 SP3 through 4.5 Description: An information disclosure issue exists due to improper initialization of memory arrays in the Windows Forms component. This allows remote attackers to obtain sensitive...

PHPCMS2008 Yellow Pages module vulnerability-vulnerability warning-the black bar safety net

PHPCMS2008 Yellow Pages module vulnerability variable initialization is not strict lead to arbitrary PHP code execution PHPCMS2008 system string2array function calls eval with high-risk, in/yp/web/include/common. inc. php$menu variable initialization is not strict, the result can be injected to...

python keyring weak cryptography

Insecure cipher initializaton...

CVE-2012-4571

Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack...

PYSEC-2012-8

Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack...