USN-1932-1: Linux kernel vulnerabilities

Chanam Park reported a Null pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service system crash. CVE-2013-1059 An information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtai...

USN-1931-1: Linux kernel (Quantal HWE) vulnerabilities

Chanam Park reported a Null pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service system crash. CVE-2013-1059 An information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtai...

Yahoo! Japan Shopping for Android contains an issue where it fails to verify SSL server certificates

Overview Yahoo! Japan Shopping for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Zachary Mathis of Proactive Defense Kobe Digital Labo reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

PT-2013-4915 · Python +3 · Python +3

Name of the Vulnerable Software and Affected Versions: Python versions 2.6 through 3.4 Description: The issue arises from the ssl.match hostname function in the SSL module, which fails to properly handle a '0' character in a domain name in the Subject Alternative Name field of an X.509 certificat...

nss: TLS CBC padding timing attack

The TLS implementation in Mozilla Network Security Services NSS does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attac...

Cross-Site Scripting and Remote Code Execution Vulnerability in TYPO3 Core

It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting and Remote Code Execution Component Type: TYPO3 Core Vulnerability Types: Cross-Site Scripting, Remote Code Execution Overall Severity: Critical Release Date: July 30, 2013 Vulnerable subcomponent: Third Party Libraries...

CVE-2013-3774

Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

CVE-2013-3774

Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

CVE-2013-3774

Oracle Database Server contains an unspecified vulnerability in the Network Layer component (CVE-2013-3774) affecting 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1, allowing remote attackers to compromise confidentiality, integrity, and availability via unknown vectors. Public re...

Oracle Database Multiple Vulnerabilities (July 2013 CPU)

The remote Oracle database server is missing the July 2013 Critical Patch Update CPU and is, therefore, potentially affected by security issues in the following components : - XML Parser - Network Layer - Oracle Executable - Core RDBMS %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Oracle Linux 3 : cyrus-sasl (ELSA-2007-0878)

From Red Hat Security Advisory 2007:0878 : Updated cyrus-sasl packages that correct a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The cyrus-sasl package contains the Cyrus...

Oracle Linux 3 : openssl (ELSA-2007-0813)

From Red Hat Security Advisory 2007:0813 : Updated OpenSSL packages that correct security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secu...

Oracle Linux 4 : cyrus-sasl (ELSA-2007-0795)

From Red Hat Security Advisory 2007:0795 : An updated cyrus-sasl package that addresses a security issue and fixes various other bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The cyrus-sas...

Oracle Linux 4 : kernel (ELSA-2010-0718)

From Red Hat Security Advisory 2010:0718 : Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, whi...

CVE-2013-4688

flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway ALG is enabled, allows remote attackers to cause a denial of service daemon crash via crafted MSRPC requests, aka PR 772834...

Code injection

flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway ALG is enabled, allows remote attackers to cause a denial of service daemon crash via crafted MSRPC requests, aka PR 772834...

Design/Logic Flaw

flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R6-S2, and 12.1 before 12.1R6 on SRX devices, when certain Application Layer Gateways ALGs are enabled, allows remote attackers to cause a denial of service daemon crash via crafted TCP packets, aka PRs 727980, 806269, and 83559...

CVE-2013-4688

flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway ALG is enabled, allows remote attackers to cause a denial of service daemon crash via crafted MSRPC requests, aka PR 772834...

OpenJDK: JConsole SSL support (Serviceability, 8003703)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the...