Protection Bypass

Overview Affected versions of this package are vulnerable to Protection Bypass via ng-attr-action and ng-attr-srcdoc allowing binding to Javascript. The fix was to require bindings to formaction to be $sce.RESOURCEURL and bindings to iframesrcdoc to be $sce.HTML Remediation Upgrade angularjs to...

OpenJDK: XML parsing Denial of Service (JAXP, 8017298)

A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an...

CVE-2013-6114

Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service application crash via a 1 large or 2 small value in the subview attribute of a viewer element in a .motn file...

Integer overflow

Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service application crash via a 1 large or 2 small value in the subview attribute of a viewer element in a .motn file...

CVE-2012-0825

Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle MITM attack...

CVE-2012-0825

Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle MITM attack...

Information disclosure

Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle MITM attack...

CVE-2012-0825

Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle MITM attack...

CVE-2012-0825

CVE-2012-0825 affects Drupal 6.x up to 6.23 and 7.x up to 7.11, where Attribute Exchange (AX) information is not signed, enabling MITM modification of AX data. Related advisories confirm this CVE in multiple distributions (e.g., Debian DSA-2776-1; MiracleLinux AXSA-2012-98:01). Remediation in aff...

CVE-2012-0825

Removed by vendor...

OpenJDK: Incorrect image attribute verification (2D, 8012438)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...

OpenJDK: Incorrect image attribute verification (2D, 8012438)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...

OpenJDK: XML parsing Denial of Service (JAXP, 8017298)

A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an...

The xsrf cookie token is not a 'secure' cookie for secure('https') requests

To prevent against man in the middle attacks the xsrf cookie token should have the 'secure' attribute set...

The xsrf cookie token is not a 'secure' cookie for secure('https') requests

To prevent against man in the middle attacks the xsrf cookie token should have the 'secure' attribute set...

The xsrf cookie token is not a 'secure' cookie for secure('https') requests

To prevent against man in the middle attacks the xsrf cookie token should have the 'secure' attribute set...

CVE-2013-4002

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment JRE in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlie...

UBUNTU-CVE-2013-4255

The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a 1 PREEMPT, 2 SUSPEND, 3 CONTINUE, 4 WANTVACATE, or 5 KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of...

libipa_hbac, sssd security update

CentOS Errata and Security Advisory CESA-2013:1319 Updated sssd packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVS...

Ubuntu Update for samba USN-1966-1

Check for the Version of samba OpenVAS Vulnerability Test $Id: gbubuntuUSN19661.nasl 8509 2018-01-24 06:57:46Z teissa $ Ubuntu Update for samba USN-1966-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; y...