DLA-186-1 mailman - security update

Bulletin has no description...

Hospira MedNet Password Disclosure Vulnerability

MedNet manages drug libraries, firmware updates, and configurations for Hospira IV pumps for use in the healthcare and public health sectors. MedNet installs with a username and password stored in plaintext on the local file system, which allows a malicious user to disrupt the MedNet installation...

Fortinet FortiAuthenticator Appliance Multiple Security Vulnerabilities (FG-IR-15-003)

Fortinet FortiAuthenticator is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Advantech WebAccess bwocxrun ActiveX Control Installation Vulnerability

This vulnerability allows remote attackers to install certain ActiveX controls without user interaction on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...

Microsoft XML Core Services Information Disclosure (MS14-005; CVE-2014-0266)

An information-disclosure vulnerability has been reported in Microsoft XML Core Services. The vulnerability is caused when Internet Explorer does not properly enforce cross-domain policies, allowing an attacker to access content from different domains. An attacker could exploit the vulnerability ...

SuSE Update for Mozilla openSUSE-SU-2013:1334-1 (Mozilla)

Check for the Version of Mozilla OpenVAS Vulnerability Test $Id: gbsuse201313341.nasl 8509 2018-01-24 06:57:46Z teissa $ SuSE Update for Mozilla openSUSE-SU-2013:1334-1 Mozilla Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This progr...

Puppet: resource_type service code execution

Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resourcetype service. NOTE: this vulnerability can only be exploited...

DEBIAN-CVE-2013-4761

Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resourcetype service. NOTE: this vulnerability can only be exploited...

update for MozillaFirefox, MozillaThunderbird, mozilla-nspr, mozilla-nss, seamonkey, xulrunner (important)

Changes in seamonkey: - update to SeaMonkey 2.20 bnc833389 MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards MFSA 2013-64/CVE-2013-1704 bmo883313 Use after free mutating DOM during SetBody MFSA 2013-65/CVE-2013-1705 bmo882865 Buffer underflow when generating CRMF reques...

CVE-2013-4761

Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resourcetype service. NOTE: this vulnerability can only be exploited...

Mozilla updates August 2013 (important)

This patch contains updates for - Firefox to 23.0 - xulrunner to 17.0.8esr - Thunderbird to 17.0.8 - mozilla-nspr to 4.10 - mozilla-nss to 3.15,1 MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards MFSA 2013-64/CVE-2013-1704 bmo883313 Use after free mutating DOM during...

SuSE 11.2 / 11.3 Security Update : Mozilla Firefox (SAT Patch Numbers 8187 / 8191)

This update to Firefox 17.0.8esr bnc833389 addresses : - bmo855331, bmo844088, bmo858060, bmo870200, bmo874974, bmo861530, bmo854157, bmo893684, bmo878703, bmo862185, bmo879139, bmo888107, bmo880734. MFSA 2013-63 / CVE-2013-1701 / CVE-2013-1702 Miscellaneous memory safety hazards have been fixed...

FreeBSD : mozilla -- multiple vulnerabilities (0998e79d-0055-11e3-905b-0025905a4771)

The Mozilla Project reports : MFSA 2013-63 Miscellaneous memory safety hazards rv:23.0 / rv:17.0.8 MFSA 2013-64 Use after free mutating DOM during SetBody MFSA 2013-65 Buffer underflow when generating CRMF requests MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater MF...

Further Privilege escalation through Mozilla Updater — Mozilla

Security researcher Ash reported an issue with the Mozilla Updater on Windows 7 and later versions of Windows. On vulnerable platforms, the Mozilla Updater can be made to load a specific malicious DLL file from the local system. This DLL file can run in a privileged context through the Mozilla...

Local Java applets may read contents of local file system — Mozilla

Security researcher Georgi Guninski reported an issue with Java applets where in some circumstances the applet could access files on the local system when loaded using the a file:/// URI and violate file origin policy due to interaction with the codebase parameter. This affects applets running on...

CVE-2013-1717

Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging...

Mozilla Updater fails to update some Windows Registry entries — Mozilla

Security researcher Robert Kugler discovered that in some instances the Mozilla Maintenance Service on Windows will be vulnerable to some previously fixed privilege escalation attacks that allowed for local privilege escalation. This was caused by the Mozilla Updater not updating Windows Registry...

Local privilege escalation through Mozilla Maintenance Service — Mozilla

Security researcher Seb Patane reported an issue with the Mozilla Maintenance Service on Windows. This issue allows unprivileged users to local privilege escalation through the system privileges used by the service when interacting with local malicious software. This allows the user to bypass...

File input control has access to full path — Mozilla

Mozilla security researcher mozbugra4 reported a mechanism to exploit the control when set to the file type in order to get the full path. This can lead to information leakage and could be combined with other exploits to target attacks on the local file system...

ESA-2013-028: EMC NetWorker Elevation of Privilege Vulnerability

ESA-2013-028.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-028: EMC NetWorker Elevation of Privilege Vulnerability EMC Identifier: ESA-2013-028 EMC Identifier: NW147983 CVE Identifier: CVE-2013- 0940 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected product...