CVE-2013-2056

The CVE-2013-2056 entry concerns Red Hat Network Satellite (RHN Satellite) versions 5.3–5.5 (Spacewalk-backend). The vulnerability stems from the Inter-Satellite Sync (ISS) operation not properly verifying client authenticity, enabling a remote attacker to obtain channel content by bypassing the ...

Debian DSA-2724-1 : chromium-browser - several vulnerabilities

Several vulnerabilities have been discovered in the Chromium web browser. - CVE-2013-2853 The HTTPS implementation does not ensure that headers are terminated by \r\n\r\n carriage return, newline, carriage return, newline. - CVE-2013-2867 Chrome does not properly prevent pop-under windows. -...

Google Chrome Multiple Vulnerabilities-01 July13 (MAC OS X)

The host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvuln01jul13macosx.nasl 6104 2017-05-11 09:03:48Z teissa $ Google Chrome Multiple Vulnerabilities-01 July13 MAC OS X Authors: Arun Kallavi Copyright: Copyright c 201...

Google Chrome Multiple Vulnerabilities-01 (Jul 2013) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ASUS RT-N66U Router - HTTPS Directory traversal and full file access and credential disclosure vuln

Vulnerable product: ASUS RT-N66U when HTTPS WebService via AiCloud is enabled AC66R and RT-N65U are effected as well, but need more testing Vulnerabilities: - Linux 2.6.22 - Researched on both 3.0.0.4.270 and 3.0.0.4.354 firmware - Full directory traversal and plain text disclosure of all sensiti...

CVE-2013-2868

common/extensions/synchelper.cc in Google Chrome before 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting, which might allow remote attackers to trigger unwanted extension changes via unspecified vectors...

Code injection

common/extensions/synchelper.cc in Google Chrome before 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting, which might allow remote attackers to trigger unwanted extension changes via unspecified vectors...

CVE-2013-2879

Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site...

CVE-2013-2868

common/extensions/synchelper.cc in Google Chrome before 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting, which might allow remote attackers to trigger unwanted extension changes via unspecified vectors...

CVE-2013-2879

Removed by vendor...

CVE-2013-2868

Removed by vendor...

Scientific Linux Security Update : tzdata enhancement update on SL5.x, SL6.x i386/x86_64 (20130709)

This update adds the following enhancements : Morocco does not observe DST during Ramadan. Therefore, Morocco is expected to switch to Western European Time WET on July 7 and resume again to Western European Summer Time WEST on August 10. Also, the period of DST in Israel has been extended until...

Google Chrome < 28.0.1500.71 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is a version prior to 28.0.1500.71 and is, therefore, affected by multiple vulnerabilities : - A vulnerability exists that exposes HTTP in SSL to a man-in-the-middle attack. CVE-2013-2853 - Block pop-unders in various scenarios...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: A special reward for Andrey Labunets for his combination of CVE-2013-2879 and CVE-2013-2868 along with some since fixed server-side bugs. 252216 Low CVE-2013-2867: Block pop-unders in various scenarios. 252062 High CVE-2013-2879: Confusion setting up sign-in and...

[SECURITY] Fedora 19 Update: owncloud-4.5.12-1.fc19

ownCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. ownCloud is extendable via a simple but powerful API f...

[SECURITY] Fedora 18 Update: owncloud-4.5.12-1.fc18

ownCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. ownCloud is extendable via a simple but powerful API f...

ASUS RT-N66U Directory Traversal

Vulnerable product: ASUS RT-N66U when HTTPS WebService via AiCloud is enabled AC66R and RT-N65U are effected as well, but need more testing Vulnerabilities: - Linux 2.6.22 - Researched on both 3.0.0.4.270 and 3.0.0.4.354 firmware - Full directory traversal and plain text disclosure of all sensiti...

RHEL 5 / 6 : spacewalk-backend in Satellite Server (RHSA-2013:0848)

Updated spacewalk-backend packages that fix one security issue are now available for Red Hat Network Satellite 5.3, 5.4, and 5.5. The Red Hat Security Response Team has rated this update as having a moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

Satellite: Inter-Satellite Sync (ISS) does not require authentication/authorization

The Inter-Satellite Sync ISS operation in Red Hat Network RHN Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call...

Moderate: Red Hat Security Advisory: Red Hat Network Satellite spacewalk-backend security update

Updated spacewalk-backend packages that fix one security issue are now available for Red Hat Network Satellite 5.3, 5.4, and 5.5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...