Firefox ESR 24.x < 24.3 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox ESR 24.x is earlier than 24.3 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2014-1477 - An error exists related to...

Thunderbird < 24.3 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird is earlier than 24.3 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2014-1477 - An error exists related to System...

Mozilla: Clone protected content with XBL scopes (MFSA 2014-02)

The System Only Wrapper SOW implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involvi...

Clone protected content with XBL scopes — Mozilla

Security researcher Cody Crews reported a method to bypass System Only Wrappers SOW by using XML Binding Language XBL content scopes to clone protected XUL elements. This could be used to clone anonymous nodes, making trusted XUL content web accessible...

Protection Bypass

Overview Affected versions of this package are vulnerable to Protection Bypass via ng-attr-action and ng-attr-srcdoc allowing binding to Javascript. The fix was to require bindings to formaction to be $sce.RESOURCEURL and bindings to iframesrcdoc to be $sce.HTML Remediation Upgrade angularjs to...

OpenJDK: exclusive port binding (Networking, 7170730)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous...

OpenJDK: exclusive port binding (Networking, 7170730)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous...

CVE-2013-4370

The ocaml binding for the xcvcpugetaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service heap corruption and crash and possibly execute arbitrary code via unspecified vectors that trigger a 1...

DEBIAN-CVE-2013-4370

The ocaml binding for the xcvcpugetaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service heap corruption and crash and possibly execute arbitrary code via unspecified vectors that trigger a 1...

Double free

The ocaml binding for the xcvcpugetaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service heap corruption and crash and possibly execute arbitrary code via unspecified vectors that trigger a 1...

CVE-2013-4370

CVE-2013-4370 affects the ocaml binding for Xen’s xc_vcpu_getaffinity in Xen 4.2.x and 4.3.x. The underlying issue is a misplaced free (use-after-free/double free) that can lead to heap corruption, denial of service, and potentially arbitrary code execution via unspecified vectors. The issue was ...

CVE-2013-4370

The ocaml binding for the xcvcpugetaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service heap corruption and crash and possibly execute arbitrary code via unspecified vectors that trigger a 1...

Mozilla: Compartment mismatch re-attaching XBL-backed nodes (MFSA 2013-88)

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of...

Mozilla: Compartment mismatch re-attaching XBL-backed nodes (MFSA 2013-88)

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of...

DEBIAN-CVE-2013-2157

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password...

Fedora Update for ghc-X11 FEDORA-2013-13332

Check for the Version of ghc-X11 OpenVAS Vulnerability Test Fedora Update for ghc-X11 FEDORA-2013-13332 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

SDCMS某功能限制不严导致可CSRF劫持账户

简要描述： SDCMS邮件绑定csrf可劫持账户 详细说明： 1、在SDCMS的邮件绑定处，未作任何防御，导致csrf None 2、我们在本地打开poc： 3、然后看看邮箱，成功修改： 4、由于通过csrf可以绑定任意用户任意邮箱，所以可以通过找回密码，发送密码到我们绑定的邮箱中，从而劫持会员账户。 漏洞证明： 见详细说明...

openstack-keystone: Authentication bypass when using LDAP backend

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password...

Updated java-1.6.0-openjdk packages fix security vulnerabilities

Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption CVE-2013-2470, CVE-2013-2471, CVE-2013-2472...

OpenJDK: exclusive port binding (Networking, 7170730)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous...