Mandriva Linux Security Advisory : kernel (MDVSA-2013:176)

Multiple vulnerabilities has been found and corrected in the Linux kernel : The scmsetcred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Updated kernel packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which...

CVE-2013-4075

epan/dissectors/packet-gmr1bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service application crash via a crafted packet...

CVE-2013-4075

epan/dissectors/packet-gmr1bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service application crash via a crafted packet...

DEBIAN-CVE-2013-4075

epan/dissectors/packet-gmr1bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service application crash via a crafted packet...

CVE-2013-4075

epan/dissectors/packet-gmr1bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service application crash via a crafted packet...

CVE-2013-4075

epan/dissectors/packet-gmr1bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service application crash via a crafted packet...

CVE-2013-4075

epan/dissectors/packet-gmr1bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service application crash via a crafted packet...

Design/Logic Flaw

CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted movie file...

CVE-2013-1024

CVE-2013-1024 is a memory‑initialization flaw in CoreMedia Playback for Mac OS X before 10.8.4, triggered by processing text tracks in a crafted movie file, allowing remote code execution or a denial of service. Related advisories reference Apple HT5784/HT6001, but the provided documents do not s...

tomcat: Improper TOMCAT_LOG management in init script (DoS, ACE)

The 1 tomcat5, 2 tomcat6, and 3 tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on a tomcat5-initd.log, b...

tomcat: Improper TOMCAT_LOG management in init script (DoS, ACE)

The 1 tomcat5, 2 tomcat6, and 3 tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on a tomcat5-initd.log, b...

Wireshark ASN.1 BER Dissector DoS Vulnerability - May 13 (Mac OS X)

This host is installed with Wireshark and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: gbwiresharkdosvulnmay13macosx.nasl 6115 2017-05-12 09:03:25Z teissa $ Wireshark ASN.1 BER Dissector DoS Vulnerability - May 13 Mac OS X Authors: Arun Kallavi Copyright: Copyright...

Mozilla Thunderbird ESR Multiple Vulnerabilities -01 May13 (Windows)

This host is installed with Mozilla Thunderbird ESR and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillathunderbirdesrmultvuln01may13win.nasl 6093 2017-05-10 09:03:18Z teissa $ Mozilla Thunderbird ESR Multiple Vulnerabilities -01 May13 Windows Authors: Arun Kallavi...

SIEMENS Solid Edge ST4 WebPartHelper ActiveX - RFMSsvs!JShellExecuteEx RCE

Exploit for windows platform in category remote exploits SIEMENS Solid Edge ST4 WebPartHelper ActiveX Control RFMSsvs!JShellExecuteEx Remote Command Execution Tested against: Microsoft Windows Server 2003 r2 sp2 Microsoft Windows XP sp3 Internet Explorer 8 Software description:...

Design/Logic Flaw

Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain...

CVE-2013-1675

Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain...

Borland Caliber 11.0 Quiksoft EasyMail SMTP Object Buffer Overflows

Borland Caliber 11.0 Quiksoft EasyMail SMTP Object Buffer Overflows ActiveX settings: Binary path: C:Program Files x86BorlandCaliberRMemsmtp.dll Version: 5.0.0.11 ProgID: EasyMail.SMTP.5 CLSID: 4610E7BF-710F-11D3-813D-00C04F6B92D0 Safe for Scripting: True Safe for Initialization: True...

krb5: PKINIT null pointer deref leads to DoS

The pkinitserverreturnpadata function in plugins/preauth/pkinit/pkinitsrv.c in the PKINIT implementation in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a...

DEBIAN-CVE-2013-1415

The pkinitcheckkdcpkid function in plugins/preauth/pkinit/pkinitcryptoopenssl.c in the PKINIT implementation in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate,...