ID CVE-2013-6629
Summary The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
References
Vulnerable Configurations
  • Google Chrome 31.0.1650.0
    cpe:2.3:a:google:chrome:31.0.1650.0
  • Google Chrome 31.0.1650.2
    cpe:2.3:a:google:chrome:31.0.1650.2
  • Google Chrome 31.0.1650.3
    cpe:2.3:a:google:chrome:31.0.1650.3
  • Google Chrome 31.0.1650.4
    cpe:2.3:a:google:chrome:31.0.1650.4
  • Google Chrome 31.0.1650.5
    cpe:2.3:a:google:chrome:31.0.1650.5
  • Google Chrome 31.0.1650.6
    cpe:2.3:a:google:chrome:31.0.1650.6
  • Google Chrome 31.0.1650.7
    cpe:2.3:a:google:chrome:31.0.1650.7
  • Google Chrome 31.0.1650.8
    cpe:2.3:a:google:chrome:31.0.1650.8
  • Google Chrome 31.0.1650.9
    cpe:2.3:a:google:chrome:31.0.1650.9
  • Google Chrome 31.0.1650.10
    cpe:2.3:a:google:chrome:31.0.1650.10
  • Google Chrome 31.0.1650.11
    cpe:2.3:a:google:chrome:31.0.1650.11
  • Google Chrome 31.0.1650.12
    cpe:2.3:a:google:chrome:31.0.1650.12
  • Google Chrome 31.0.1650.13
    cpe:2.3:a:google:chrome:31.0.1650.13
  • Google Chrome 31.0.1650.14
    cpe:2.3:a:google:chrome:31.0.1650.14
  • Google Chrome 31.0.1650.15
    cpe:2.3:a:google:chrome:31.0.1650.15
  • Google Chrome 31.0.1650.16
    cpe:2.3:a:google:chrome:31.0.1650.16
  • Google Chrome 31.0.1650.17
    cpe:2.3:a:google:chrome:31.0.1650.17
  • Google Chrome 31.0.1650.18
    cpe:2.3:a:google:chrome:31.0.1650.18
  • Google Chrome 31.0.1650.19
    cpe:2.3:a:google:chrome:31.0.1650.19
  • Google Chrome 31.0.1650.20
    cpe:2.3:a:google:chrome:31.0.1650.20
  • Google Chrome 31.0.1650.22
    cpe:2.3:a:google:chrome:31.0.1650.22
  • Google Chrome 31.0.1650.23
    cpe:2.3:a:google:chrome:31.0.1650.23
  • Google Chrome 31.0.1650.25
    cpe:2.3:a:google:chrome:31.0.1650.25
  • Google Chrome 31.0.1650.26
    cpe:2.3:a:google:chrome:31.0.1650.26
  • Google Chrome 31.0.1650.27
    cpe:2.3:a:google:chrome:31.0.1650.27
  • Google Chrome 31.0.1650.28
    cpe:2.3:a:google:chrome:31.0.1650.28
  • Google Chrome 31.0.1650.29
    cpe:2.3:a:google:chrome:31.0.1650.29
  • Google Chrome 31.0.1650.30
    cpe:2.3:a:google:chrome:31.0.1650.30
  • Google Chrome 31.0.1650.31
    cpe:2.3:a:google:chrome:31.0.1650.31
  • Google Chrome 31.0.1650.32
    cpe:2.3:a:google:chrome:31.0.1650.32
  • Google Chrome 31.0.1650.33
    cpe:2.3:a:google:chrome:31.0.1650.33
  • Google Chrome 31.0.1650.34
    cpe:2.3:a:google:chrome:31.0.1650.34
  • Google Chrome 31.0.1650.35
    cpe:2.3:a:google:chrome:31.0.1650.35
  • Google Chrome 31.0.1650.36
    cpe:2.3:a:google:chrome:31.0.1650.36
  • Google Chrome 31.0.1650.37
    cpe:2.3:a:google:chrome:31.0.1650.37
  • Google Chrome 31.0.1650.38
    cpe:2.3:a:google:chrome:31.0.1650.38
  • Google Chrome 31.0.1650.39
    cpe:2.3:a:google:chrome:31.0.1650.39
  • Google Chrome 31.0.1650.41
    cpe:2.3:a:google:chrome:31.0.1650.41
  • Google Chrome 31.0.1650.42
    cpe:2.3:a:google:chrome:31.0.1650.42
  • Google Chrome 31.0.1650.43
    cpe:2.3:a:google:chrome:31.0.1650.43
  • Google Chrome 31.0.1650.44
    cpe:2.3:a:google:chrome:31.0.1650.44
  • Google Chrome 31.0.1650.45
    cpe:2.3:a:google:chrome:31.0.1650.45
  • Google Chrome 31.0.1650.46
    cpe:2.3:a:google:chrome:31.0.1650.46
  • Google Chrome 31.0.1650.47
    cpe:2.3:a:google:chrome:31.0.1650.47
  • Oracle Solaris 11.3
    cpe:2.3:o:oracle:solaris:11.3
  • Artifex GPL Ghostscript
    cpe:2.3:a:artifex:gpl_ghostscript
CVSS
Base: 5.0 (as of 09-11-2016 - 13:51)
Impact:
Exploitability:
CWE CWE-200
CAPEC
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
msbulletin via4
bulletin_SOURCE_FILE https://portal.msrc.microsoft.com/api/security-guidance/en-us/
cves_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629
impact Information Disclosure
knowledgebase_SOURCE_FILE https://support.microsoft.com/help/4015549
knowledgebase_id 4015549
name Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
publishedDate 2017-04-11T07:00:00
severity Important
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0509.NASL
    description Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-2427, CVE-2014-2412, CVE-2014-0460, CVE-2013-6629, CVE-2014-2401, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP6 release. All running instances of IBM Java must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 74032
    published 2014-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74032
    title RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2014:0509)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-0732-1.NASL
    description IBM Java 5 was updated to SR 16 FP 6 to fix several bugs and security issues. Further information is available at: https://www.ibm.com/developerworks/java/jdk/aix/j532/fixes.html#SR16FP 6 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-11-02
    plugin id 83625
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83625
    title SUSE SLES10 Security Update : IBM Java 5 (SUSE-SU-2014:0732-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-773.NASL
    description This openjdk update fixes the following security and non security issues : - Upgrade to 2.4.8 (bnc#887530) - Changed back from gzipped tarball to xz - Changed the keyring file to add Andrew John Hughes that signed the icedtea package - Change ZERO to AARCH64 tarball - Removed patches : - gstackbounds.patch - java-1.7.0-openjdk-ppc-zero-jdk.patch - java-1.7.0-openjdk-ppc-zero-hotspot.patch - Integrated in upstream icedtea - java-1.7.0-openjdk-makefiles-zero.patch - Does not apply on the AARCH64 tarball, since the change from DEFAULT and ZERO tarball to DEFAULT and AARCH64 - Upstream changes since 2.4.4 : - Security fixes - S8029755, CVE-2014-4209: Enhance subject class - S8030763: Validate global memory allocation - S8031340, CVE-2014-4264: Better TLS/EC management - S8031346, CVE-2014-4244: Enhance RSA key handling - S8031540: Introduce document horizon - S8032536: JVM resolves wrong method in some unusual cases - S8033055: Issues in 2d - S8033301, CVE-2014-4266: Build more informative InfoBuilder - S8034267: Probabilistic native crash - S8034272: Do not cram data into CRAM arrays - S8034985, CVE-2014-2483: Better form for Lambda Forms - S8035004, CVE-2014-4252: Provider provides less service - S8035009, CVE-2014-4218: Make Proxy representations consistent - S8035119, CVE-2014-4219: Fix exceptions to bytecode verification - S8035699, CVE-2014-4268: File choosers should be choosier - S8035788. CVE-2014-4221: Provide more consistency for lookups - S8035793, CVE-2014-4223: Maximum arity maxed out - S8036571: (process) Process process arguments carefully - S8036800: Attribute OOM to correct part of code - S8037046: Validate libraries to be loaded - S8037076, CVE-2014-2490: Check constant pool constants - S8037157: Verify call - S8037162, CVE-2014-4263: More robust DH exchanges - S8037167, CVE-2014-4216: Better method signature resolution - S8039520, CVE-2014-4262: More atomicity of atomic updates - S8023046: Enhance splashscreen support - S8025005: Enhance CORBA initializations - S8025010, CVE-2014-2412: Enhance AWT contexts - S8025030, CVE-2014-2414: Enhance stream handling - S8025152, CVE-2014-0458: Enhance activation set up - S8026067: Enhance signed jar verification - S8026163, CVE-2014-2427: Enhance media provisioning - S8026188, CVE-2014-2423: Enhance envelope factory - S8026200: Enhance RowSet Factory - S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling - S8026736, CVE-2014-2398: Enhance Javadoc pages - S8026797, CVE-2014-0451: Enhance data transfers - S8026801, CVE-2014-0452: Enhance endpoint addressing - S8027766, CVE-2014-0453: Enhance RSA processing - S8027775: Enhance ICU code. - S8027841, CVE-2014-0429: Enhance pixel manipulations - S8028385: Enhance RowSet Factory - S8029282, CVE-2014-2403: Enhance CharInfo set up - S8029286: Enhance subject delegation - S8029699: Update Poller demo - S8029730: Improve audio device additions - S8029735: Enhance service mgmt natives - S8029740, CVE-2014-0446: Enhance handling of loggers - S8029745, CVE-2014-0454: Enhance algorithm checking - S8029750: Enhance LCMS color processing (in-tree LCMS) - S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg) - S8029844, CVE-2014-0455: Enhance argument validation - S8029854, CVE-2014-2421: Enhance JPEG decodings - S8029858, CVE-2014-0456: Enhance array copies - S8030731, CVE-2014-0460: Improve name service robustness - S8031330: Refactor ObjectFactory - S8031335, CVE-2014-0459: Better color profiling (in-tree LCMS) - S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng) - S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader - S8031395: Enhance LDAP processing - S8032686, CVE-2014-2413: Issues with method invoke - S8033618, CVE-2014-1876: Correct logging output - S8034926, CVE-2014-2397: Attribute classes properly - S8036794, CVE-2014-0461: Manage JavaScript instances - Backports - S5049299: (process) Use posix_spawn, not fork, on S10 to avoid swap exhaustion - S6571600: JNI use results in UnsatisfiedLinkError looking for libmawt.so - S7131153: GetDC called way too many times - causes bad performance. - S7190349: [macosx] Text (Label) is incorrectly drawn with a rotated g2d - S8001108: an attempt to use '' as a method name should elicit NoSuchMethodException - S8001109: arity mismatch on a call to spreader method handle should elicit IllegalArgumentException - S8008118: (process) Possible NULL pointer dereference in jdk/src/solaris/native/java/lang/UNIXProcess_md.c - S8013611: Modal dialog fails to obtain keyboard focus - S8013809: deadlock in SSLSocketImpl between between write and close - S8013836: getFirstDayOfWeek reports wrong day for pt-BR locale - S8014460: Need to check for non-empty EXT_LIBS_PATH before using it - S8019853: Break logging and AWT circular dependency - S8019990: IM candidate window appears on the South-East corner of the display. - S8020191: System.getProperty('os.name') returns 'Windows NT (unknown)' on Windows 8.1 - S8022452: Hotspot needs to know about Windows 8.1 and Windows Server 2012 R2 - S8023990: Regression: postscript size increase from 6u18 - S8024283: 10 nashorn tests fail with similar stack trace InternalError with cause being NoClassDefFoundError - S8024616: JSR292: lazily initialize core NamedFunctions used for bootstrapping - S8024648: 7141246 & 8016131 break Zero port (AArch64 only) - S8024830: SEGV in org.apache.lucene.codecs.compressing.CompressingTermVect orsReader.get - S8025588: [macosx] Frozen AppKit thread in 7u40 - S8026404: Logging in Applet can trigger ACE: access denied ('java.lang.RuntimePermission' 'modifyThreadGroup') - S8026705: [TEST_BUG] java/beans/Introspector/TestTypeResolver.java failed - S8027196: Increment minor version of HSx for 7u55 and initialize the build number - S8027212: java/nio/channels/Selector/SelectAfterRead.java fails intermittently - S8028285: RMI Thread can no longer call out to AWT - S8029177: [Parfait] warnings from b117 for jdk.src.share.native.com.sun.java.util.jar: JNI exception pending - S8030655: Regression: 14_01 Security fix 8024306 causes test failures - S8030813: Signed applet fails to load when CRLs are stored in an LDAP directory - S8030822: (tz) Support tzdata2013i - S8031050: (thread) Change Thread initialization so that thread name is set before invoking SecurityManager - S8031075: [Regression] focus disappears with shift+tab on dialog having one focus component - S8031462: Fonts with morx tables are broken with latest ICU fixes - S8032585: JSR292: IllegalAccessError when attempting to invoke protected method from different package - S8032740: Need to create SE Embedded Source Bundles in 7 Release - S8033278: Missed access checks for Lookup.unreflect* after 8032585 - S8034772: JDK-8028795 brought a specification change to 7u55 release and caused JCK7 signature test failure - S8035283: Second phase of branch shortening doesn't account for loop alignment - S8035613: With active Securitymanager JAXBContext.newInstance fails - S8035618: Four api/org_omg/CORBA TCK tests fail under plugin only - S8036147: Increment hsx 24.55 build to b02 for 7u55-b11 - S8036786: Update jdk7 testlibrary to match jdk8 - S8036837: Increment hsx 24.55 build to b03 for 7u55-b12 - S8037012: (tz) Support tzdata2014a - S8038306: (tz) Support tzdata2014b - S8038392: Generating prelink cache breaks JAVA 'jinfo' utility normal behavior - S8042264: 7u65 l10n resource file translation update 1 - S8042582: Test java/awt/KeyboardFocusmanager/ChangeKFMTest/ChangeKFMTes t.html fails on Windows x64 - S8042590: Running form URL throws NPE - S8042789: org.omg.CORBA.ORBSingletonClass loading no longer uses context class loader - S8043012: (tz) Support tzdata2014c - S8004145: New improved hgforest.sh, ctrl-c now properly terminates mercurial processes. - S8007625: race with nested repos in /common/bin/hgforest.sh - S8011178: improve common/bin/hgforest.sh python detection (MacOS) - S8011342: hgforest.sh : 'python --version' not supported on older python - S8011350: hgforest.sh uses non-POSIX sh features that may fail with some shells - S8024200: handle hg wrapper with space after #! - S8025796: hgforest.sh could trigger unbuffered output from hg without complicated machinations - S8028388: 9 jaxws tests failed in nightly build with java.lang.ClassCastException - S8031477: [macosx] Loading AWT native library fails - S8032370: No 'Truncated file' warning from IIOReadWarningListener on JPEGImageReader - S8035834: InetAddress.getLocalHost() can hang after JDK-8030731 was fixed - S8009062: poor performance of JNI AttachCurrentThread after fix for 7017193 - S8035893: JVM_GetVersionInfo fails to zero structure - Re-enable the 'gamma' test at the end of the HotSpot build, but only for HotSpot based bootstrap JDKs. - S8015976: OpenJDK part of bug JDK-8015812 [TEST_BUG] Tests have conflicting test descriptions - S8022698: javax/script/GetInterfaceTest.java fails since 7u45 b04 with -agentvm option - S8022868: missing codepage Cp290 at java runtime - S8023310: Thread contention in the method Beans.IsDesignTime() - S8024461: [macosx] Java crashed on mac10.9 for swing and 2d function manual test - S8025679: Increment minor version of HSx for 7u51 and initialize the build number - S8026037: [TESTBUG] sun/security/tools/jarsigner/warnings.sh test fails on Solaris - S8026304: jarsigner output bad grammar - S8026772: test/sun/util/resources/TimeZone/Bug6317929.java failing - S8026887: Make issues due to failed large pages allocations easier to debug - S8027204: Revise the update of 8026204 and 8025758 - S8027224: test regression - ClassNotFoundException - S8027370: Support tzdata2013h - S8027378: Two closed/javax/xml/8005432 fails with jdk7u51b04 - S8027787: 7u51 l10n resource file translation update 1 - S8027837: JDK-8021257 causes CORBA build failure on emdedded platforms - S8027943: serial version of com.sun.corba.se.spi.orbutil.proxy.CompositeInvocationHa ndlerImpl changed in 7u45 - S8027944: Increment hsx 24.51 build to b02 for 7u51-b07 - S8028057: Modify jarsigner man page documentation to document CCC 8024302: Clarify jar verifications - S8028090: reverting change - changeset pushed with incorrect commit message, linked to wrong issue - S8028111: XML readers share the same entity expansion counter - S8028215: ORB.init fails with SecurityException if properties select the JDK default ORB - S8028293: Check local configuration for actual ephemeral port range - S8028382: Two javax/xml/8005433 tests still fail after the fix JDK-8028147 - S8028453: AsynchronousSocketChannel.connect() requires SocketPermission due to bind to local address (win) - S8028823: java/net/Makefile tabs converted to spaces - S8029038: Revise fix for XML readers share the same entity expansion counter - S8029842: Increment hsx 24.51 build to b03 for 7u51-b11 - Bug fixes - Fix accidental reversion of PR1188 for armel - PR1781: NSS PKCS11 provider fails to handle multipart AES encryption - PR1830: Drop version requirement for LCMS 2 - PR1833, RH1022017: Report elliptic curves supported by NSS, not the SunEC library - RH905128: [CRASH] OpenJDK-1.7.0 while using NSS security provider and kerberos - PR1393: JPEG support in build is broken on non-system-libjpeg builds - PR1726: configure fails looking for ecj.jar before even trying to find javac - Red Hat local: Fix for repo with path statting with / . - Remove unused hgforest script - PR1101: Undefined symbols on GNU/Linux SPARC - PR1659: OpenJDK 7 returns incorrect TrueType font metrics when bold style is set - PR1677, G498288: Update PaX support to detect running PaX kernel and use newer tools - PR1679: Allow OpenJDK to build on PaX-enabled kernels - PR1684: Build fails with empty PAX_COMMAND - RH1015432: java-1.7.0-openjdk: Fails on PPC with StackOverflowError (revised fix) - Link against $(LIBDL) if SYSTEM_CUPS is not true - Perform configure checks using ecj.jar when --with-gcj (native ecj build) is enabled. - Fix broken bootstrap build by updating ecj-multicatch.patch - PR1653: Support ppc64le via Zero - PR1654: ppc32 needs a larger ThreadStackSize to build - RH1015432: java-1.7.0-openjdk: Fails on PPC with StackOverflowError - RH910107: fail to load PC/SC library - ARM32 port - Add arm_port from IcedTea 6 - Add patches/arm.patch from IcedTea 6 - Add patches/arm-debug.patch from IcedTea 6 - Add patches/arm-hsdis.patch from IcedTea 6 - added jvmti event generation for dynamic_generate and compiled_method_load events to ARM JIT compiler - Adjust saved SP when safepointing. - First cut of invokedynamic - Fix trashed thread ptr after recursive re-entry from asm JIT. - JIT-compilation of ldc methodHandle - Rename a bunch of misleadingly-named functions - Changes for HSX22 - Rename a bunch of misleadingly-named functions - Patched method handle adapter code to deal with failures in TCK - Phase 1 - Phase 2 - RTC Thumb2 JIT enhancements. - Zero fails to build in hsx22+, fix for hsx22 after runs gamma OK, hsx23 still nogo. - Use ldrexd for atomic reads on ARMv7. - Use unified syntax for thumb code. - Corrected call from fast_method_handle_entry to CppInterpreter::method_handle_entry so that thread is loaded into r2 - Don't save locals at a return. - Fix call to handle_special_method(). Fix compareAndSwapLong. - Fix JIT bug that miscompiles org.eclipse.ui.internal.contexts.ContextAuthority.source Changed - invokedynamic and aldc for JIT - Modified safepoint check to rely on memory protect signal instead of polling - Minor review cleanups. - PR1188: ASM Interpreter and Thumb2 JIT javac miscompile modulo reminder on armel - PR1363: Fedora 19 / rawhide FTBFS SIGILL - Changes for HSX23 - Remove fragment from method that has been removed - Remove C++ flags from CC_COMPILE and fix usage in zeroshark.make. - Use $(CC) to compile mkbc instead of $(CC_COMPILE) to avoid C++-only flags - Add note about use of $(CFLAGS)/$(CXXFLAGS)/$(CPPFLAGS) at present. - Override automatic detection of source language for bytecodes_arm.def - Include $(CFLAGS) in assembler stage - PR1626: ARM32 assembler update for hsx24. Use ARM32JIT to turn it on/off. - Replace literal offsets for METHOD_SIZEOFPARAMETERS and ISTATE_NEXT_FRAME with correct symbolic names. - Turn ARM32 JIT on by default - AArch64 port - AArch64 C2 instruct for smull - Add a constructor as a conversion from Register - RegSet. Use it. - Add RegSet::operator+=. - Add support for a few simple intrinsics - Add support for builtin crc32 instructions - Add support for CRC32 intrinsic - Add support for Neon implementation of CRC32 - All address constants are 48 bits in size. - C1: Fix offset overflow when profiling. - Common frame handling for C1/C2 which correctly handle all frame sizes - Correct costs for operations with shifts. - Correct OptoAssembly for prologs and epilogs. - Delete useless instruction. - Don't use any form of _call_VM_leaf when we're calling a stub. - Fast string comparison - Fast String.equals() - Fix a tonne of bogus comments. - Fix biased locking and enable as default - Fix instruction size from 8 to 4 - Fix opto assembly for shifts. - Fix register misuse in verify_method_data_pointer - Fix register usage in generate_verify_oop(). - Implement various locked memory operations. - Improve C1 performance improvements in ic_cache checks - Improve code generation for pop(), as suggested by Edward Nevill. - Improvements to safepoint polling - Make code entry alignment 64 for C2 - Minor optimisation for divide by 2 - New cost model for instruction selection. - Offsets in lookupswitch instructions should be signed. - Optimise addressing of card table byte map base - Optimise C2 entry point verification - Optimise long divide by 2 - Performance improvement and ease of use changes pulled from upstream - Preserve callee save FP registers around call to java code - Remove obsolete C1 patching code. - Remove special-case handling of division arguments. AArch64 doesn't need it. - Remove unnecessary memory barriers around CAS operations - Restore sp from sender sp, r13 in crc32 code - Restrict default ReservedCodeCacheSize to 128M - Rewrite CAS operations to be more conservative - Save intermediate state before removing C1 patching code. - Tidy up register usage in push/pop instructions. - Tidy up stack frame handling. - Use 2- and 3-instruction immediate form of movoop and mov_metadata in C2-generated code. - Use an explicit set of registers rather than a bitmap for psh and pop operations. - Use explicit barrier instructions in C1. - Use gcc __clear_cache instead of doing it ourselves - PR1713: Support AArch64 Port - Shark - Add Shark definitions from 8003868 - Drop compile_method argument removed in 7083786 from sharkCompiler.cpp
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 80046
    published 2014-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80046
    title openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1638-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_9_2.NASL
    description The remote host is running a version of Mac OS X 10.9.x that is prior to 10.9.2. This update contains several security-related fixes for the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - CoreText - curl - Data Security - Date and Time - File Bookmark - Finder - ImageIO - NVIDIA Drivers - PHP - QuickLook - QuickTime Note that successful exploitation of the most serious issues could result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 72687
    published 2014-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72687
    title Mac OS X 10.9.x < 10.9.2 Multiple Vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201406-32.NASL
    description The remote host is affected by the vulnerability described in GLSA-201406-32 (IcedTea JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 76303
    published 2014-06-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76303
    title GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-961.NASL
    description Chromium was updated to 31.0.1650.57: Stable channel update : - Security Fixes : - CVE-2013-6632: Multiple memory corruption issues. - Update to Chromium 31.0.1650.48 Stable Channel update : - Security fixes : - CVE-2013-6621: Use after free related to speech input elements.. - CVE-2013-6622: Use after free related to media elements. - CVE-2013-6623: Out of bounds read in SVG. - CVE-2013-6624: Use after free related to “id” attribute strings. - CVE-2013-6625: Use after free in DOM ranges. - CVE-2013-6626: Address bar spoofing related to interstitial warnings. - CVE-2013-6627: Out of bounds read in HTTP parsing. - CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. - CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. - CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. - CVE-2013-6631: Use after free in libjingle. - Added patch chromium-fix-chromedriver-build.diff to fix the chromedriver build - Enable ARM build for Chromium. - Added patches chromium-arm-webrtc-fix.patch, chromium-fix-arm-icu.patch and chromium-fix-arm-sysroot.patch to resolve ARM specific build issues - Update to Chromium 30.0.1599.114 Stable Channel update: fix build for 32bit systems - Drop patch chromium-fix-chromedriver-build.diff. This is now fixed upstream - For openSUSE versions lower than 13.1, build against the in-tree libicu - Update to Chromium 30.0.1599.101 - Security Fixes : + CVE-2013-2925: Use after free in XHR + CVE-2013-2926: Use after free in editing + CVE-2013-2927: Use after free in forms. + CVE-2013-2928: Various fixes from internal audits, fuzzing and other initiatives. - Update to Chromium 30.0.1599.66 - Easier searching by image - A number of new apps/extension APIs - Lots of under the hood changes for stability and performance - Security fixes : + CVE-2013-2906: Races in Web Audio + CVE-2013-2907: Out of bounds read in Window.prototype object + CVE-2013-2908: Address bar spoofing related to the “204 No Content” status code + CVE-2013-2909: Use after free in inline-block rendering + CVE-2013-2910: Use-after-free in Web Audio + CVE-2013-2911: Use-after-free in XSLT + CVE-2013-2912: Use-after-free in PPAPI + CVE-2013-2913: Use-after-free in XML document parsing + CVE-2013-2914: Use after free in the Windows color chooser dialog + CVE-2013-2915: Address bar spoofing via a malformed scheme + CVE-2013-2916: Address bar spoofing related to the “204 No Content” status code + CVE-2013-2917: Out of bounds read in Web Audio + CVE-2013-2918: Use-after-free in DOM + CVE-2013-2919: Memory corruption in V8 + CVE-2013-2920: Out of bounds read in URL parsing + CVE-2013-2921: Use-after-free in resource loader + CVE-2013-2922: Use-after-free in template element + CVE-2013-2923: Various fixes from internal audits, fuzzing and other initiatives + CVE-2013-2924: Use-after-free in ICU. Upstream bug
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75225
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75225
    title openSUSE Security Update : chromium (openSUSE-SU-2013:1861-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_26.NASL
    description The installed version of Firefox is earlier than 26.0 and is, therefore, potentially affected by multiple vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5609, CVE-2013-5610) - An issue exists where the notification for a Web App installation could persist from one website to another website. This could be used by a malicious website to trick a user into installing an application from one website while making it appear to come from another website. (CVE-2013-5611) - Cross-site scripting filtering evasion may be possible due to character encodings being inherited from a previously visited website when character set encoding is missing from the current website. (CVE-2013-5612) - Two use-after-free vulnerabilities exist in the functions for synthetic mouse movement handling. (CVE-2013-5613) - Sandbox restrictions may be bypassed because 'iframe sandbox' restrictions are not properly applied to 'object' elements in sandboxed iframes. (CVE-2013-5614) - An issue exists in which 'GetElementIC' typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact. (CVE-2013-5615) - A use-after-free vulnerability exists when interacting with event listeners from the mListeners array. This could result in a denial of service or arbitrary code execution. (CVE-2013-5616) - A use-after-free vulnerability exists in the table editing user interface of the editor during garbage collection. This could result in a denial of service or arbitrary code execution. (CVE-2013-5618) - Memory issues exist in the binary search algorithms in the SpiderMonkey JavaScript engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5619) - Issues exist with the JPEG format image processing with Start Of Scan (SOS) and Define Huffman Table (DHT) markers in the 'libjpeg' library. This could allow attackers to read arbitrary memory content as well as cross-domain image theft. (CVE-2013-6629, CVE-2013-6630) - A memory issue exists when inserting an ordered list into a document through a script that could result in a denial of service or arbitrary code execution. (CVE-2013-6671) - Trust settings for built-in root certificates are ignored during extended validation (EV) certificate validation. This removes the ability of users to explicitly untrust root certificates from specific certificate authorities. (CVE-2013-6673) - An intermediate certificate that is used by a man-in- the-middle (MITM) traffic management device exists in Mozilla's root certificate authorities. Reportedly, this certificate has been misused.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 71344
    published 2013-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71344
    title Firefox < 26.0 Multiple Vulnerabilities (Mac OS X)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS17-APR_4015551.NASL
    description The remote Windows host is missing security update 4015548 or cumulative update 4015551. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the open-source libjpeg image processing library due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this to disclose sensitive information that can be utilized to bypass ASLR security protections. (CVE-2013-6629) - An information disclosure vulnerability exists in Windows DirectShow due to improper handling of objects in memory. Any unauthenticated, remote attacker can exploit this, by convincing a user to visit a website with specially crafted media content, to disclose sensitive information. (CVE-2017-0042) - Multiple information disclosure vulnerabilities exist in the win32k component due to improper handling of kernel information. A local attacker can exploit these vulnerabilities, via a specially crafted application, to disclose sensitive information. (CVE-2017-0058, CVE-2017-0188) - Multiple flaws exist in Windows Hyper-V Network Switch due to improper validation of input from the guest operating system. A local attacker can exploit these, via a specially crafted application on the guest, to execute arbitrary code on the host system. (CVE-2017-0163, CVE-2017-0180) - A flaw exists in LDAP due to buffer request lengths not being properly calculated. An unauthenticated, remote attacker can exploit this, via specially crafted traffic sent to a Domain Controller, to run processes with elevated privileges. (CVE-2017-0166) - Multiple information disclosure vulnerabilities exist in Windows Hyper-V Network Switch due to improper validation of user-supplied input. A guest attacker can exploit these to disclose sensitive information on the host server. (CVE-2017-0168, CVE-2017-0169) - Multiple denial of service vulnerabilities exist in Windows Hyper-V Network Switch due to improper validation of input from the guest operating system. A local attacker on the guest can exploit these vulnerabilities, via a specially crafted application, to crash the host system. (CVE-2017-0182, CVE-2017-0183, CVE-2017-0185, CVE-2017-0186) - Multiple denial of service vulnerabilities exist in Hyper-V due to improper validation of input from a privileged user on a guest operating system. A local attacker on the guest can exploit these, via a specially crafted application, to cause the host system to crash. (CVE-2017-0184) - A flaw exists in Windows due to improper handling of objects in memory that allows an attacker to cause a denial of service condition. (CVE-2017-0191) - An information disclosure vulnerability exists in the Adobe Type Manager Font Driver (ATMFD.dll) due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted document or visit a malicious web page, to disclose sensitive information. (CVE-2017-0192) - An arbitrary code execution vulnerability exists in Microsoft Office and Windows WordPad due to improper handling of specially crafted files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a malicious file, to execute arbitrary code in the context of the current user. Note that this vulnerability is being utilized to spread the Petya ransomware. (CVE-2017-0199) - A memory corruption issue exists in Internet Explorer in the JScript and VBScript engines due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a malicious website, to execute arbitrary code. (CVE-2017-0201) - A privilege escalation vulnerability exists in Internet Explorer due to a failure to properly enforce cross-domain policies. An unauthenticated, remote attacker can exploit this to inject arbitrary content and gain elevated privileges. (CVE-2017-0210) - A privilege escalation vulnerability exists in Microsoft Windows OLE due to an unspecified failure in integrity-level checks. An authenticated, remote attacker can exploit this to run an application with limited privileges at a medium integrity level. Note that this vulnerability by itself does not allow arbitrary code execution but can be used in conjunction other vulnerabilities. (CVE-2017-0211)
    last seen 2019-02-21
    modified 2018-08-03
    plugin id 99285
    published 2017-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99285
    title Windows Server 2012 April 2017 Security Updates (Petya)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS17_APR_4015550.NASL
    description The remote Windows host is missing security update 4015547 or cumulative update 4015550. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the open-source libjpeg image processing library due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this to disclose sensitive information that can be utilized to bypass ASLR security protections. (CVE-2013-6629) - Multiple information disclosure vulnerabilities exist in the win32k component due to improper handling of kernel information. A local attacker can exploit these vulnerabilities, via a specially crafted application, to disclose sensitive information. (CVE-2017-0058, CVE-2017-0188) - A privilege escalation vulnerability exists in the Microsoft Graphics Component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0156) - A flaw exists in the VBScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a malicious website or open a specially crafted document file, to execute arbitrary code. (CVE-2017-0158) - A security feature bypass vulnerability exists in ADFS due to incorrectly treating requests from Extranet clients as Intranet requests. An unauthenticated, remote attacker can exploit this to bypass account lockout protection mechanisms and more easily gain access to a user's account via a brute-force attack. (CVE-2017-0159) - Multiple flaws exist in Windows Hyper-V Network Switch due to improper validation of input from the guest operating system. A local attacker can exploit these, via a specially crafted application on the guest, to execute arbitrary code on the host system. (CVE-2017-0162, CVE-2017-0163, CVE-2017-0180) - A privilege escalation vulnerability exists due to improper sanitization of handles stored in memory. A local attacker can exploit this to gain elevated privileges. (CVE-2017-0165) - A flaw exists in LDAP due to buffer request lengths not being properly calculated. An unauthenticated, remote attacker can exploit this, via specially crafted traffic sent to a Domain Controller, to run processes with elevated privileges. (CVE-2017-0166) - A flaw exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0167) - Multiple information disclosure vulnerabilities exist in Windows Hyper-V Network Switch due to improper validation of user-supplied input. A guest attacker can exploit these to disclose sensitive information on the host server. (CVE-2017-0168, CVE-2017-0169) - Multiple denial of service vulnerabilities exist in Hyper-V due to improper validation of input from a privileged user on a guest operating system. A local attacker on the guest can exploit these, via a specially crafted application, to cause the host system to crash. (CVE-2017-0178, CVE-2017-0179, CVE-2017-0184) - Multiple denial of service vulnerabilities exist in Windows Hyper-V Network Switch due to improper validation of input from the guest operating system. A local attacker on the guest can exploit these vulnerabilities, via a specially crafted application, to crash the host system. (CVE-2017-0182, CVE-2017-0183, CVE-2017-0185, CVE-2017-0186) - A flaw exists in Windows due to improper handling of objects in memory that allows an attacker to cause a denial of service condition. (CVE-2017-0191) - An information disclosure vulnerability exists in the Adobe Type Manager Font Driver (ATMFD.dll) due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted document or visit a malicious web page, to disclose sensitive information. (CVE-2017-0192) - A memory corruption issue exists in Internet Explorer due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a malicious website, to execute arbitrary code. (CVE-2017-0202) - A privilege escalation vulnerability exists in Internet Explorer due to a failure to properly enforce cross-domain policies. An unauthenticated, remote attacker can exploit this to inject arbitrary content and gain elevated privileges. (CVE-2017-0210) - A privilege escalation vulnerability exists in Microsoft Windows OLE due to an unspecified failure in integrity-level checks. An authenticated, remote attacker can exploit this to run an application with limited privileges at a medium integrity level. Note that this vulnerability by itself does not allow arbitrary code execution but can be used in conjunction other vulnerabilities. (CVE-2017-0211)
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 99312
    published 2017-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99312
    title Windows 8.1 and Windows Server 2012 R2 April 2017 Security Updates
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_26.NASL
    description The installed version of Firefox is earlier than 26.0 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5609, CVE-2013-5610) - An issue exists where the notification for a Web App installation could persist from one website to another website. This could be used by a malicious website to trick a user into installing an application from one website while making it appear to come from another website. (CVE-2013-5611) - Cross-site scripting filtering evasion may be possible due to character encodings being inherited from a previously visited website when character set encoding is missing from the current website. (CVE-2013-5612) - Two use-after-free vulnerabilities exist in the functions for synthetic mouse movement handling. (CVE-2013-5613) - Sandbox restrictions may be bypassed because 'iframe sandbox' restrictions are not properly applied to 'object' elements in sandboxed iframes. (CVE-2013-5614) - An issue exists in which 'GetElementIC' typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact. (CVE-2013-5615) - A use-after-free vulnerability exists when interacting with event listeners from the mListeners array. This could result in a denial of service or arbitrary code execution. (CVE-2013-5616) - A use-after-free vulnerability exists in the table editing user interface of the editor during garbage collection. This could result in a denial of service or arbitrary code execution. (CVE-2013-5618) - Memory issues exist in the binary search algorithms in the SpiderMonkey JavaScript engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5619) - Issues exist with the JPEG format image processing with Start Of Scan (SOS) and Define Huffman Table (DHT) markers in the 'libjpeg' library. This could allow attackers to read arbitrary memory content as well as cross-domain image theft. (CVE-2013-6629, CVE-2013-6630) - A memory issue exists when inserting an ordered list into a document through a script that could result in a denial of service or arbitrary code execution. (CVE-2013-6671) - Trust settings for built-in root certificates are ignored during extended validation (EV) certificate validation. This removes the ability of users to explicitly untrust root certificates from specific certificate authorities. (CVE-2013-6673) - An intermediate certificate that is used by a man-in- the-middle (MITM) traffic management device exists in Mozilla's root certificate authorities. Reportedly, this certificate has been misused.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 71347
    published 2013-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71347
    title Firefox < 26.0 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2014-001.NASL
    description The remote host is running a version of Mac OS X 10.7 or 10.8 that does not have Security Update 2014-001 applied. This update contains several security-related fixes for the following components : - Apache - App Sandbox - ATS - Certificate Trust Policy - CFNetwork Cookies - CoreAnimation - Date and Time - File Bookmark - ImageIO - IOSerialFamily - LaunchServices - NVIDIA Drivers - PHP - QuickLook - QuickTime - Secure Transport Note that successful exploitation of the most serious issues could result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 72688
    published 2014-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72688
    title Mac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS17_APR_4015217.NASL
    description The remote Windows 10 host is missing security update KB4015217. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the open-source libjpeg image processing library due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this to disclose sensitive information that can be utilized to bypass ASLR security protections. (CVE-2013-6629) - Multiple information disclosure vulnerabilities exist in the win32k component due to improper handling of kernel information. A local attacker can exploit these, via a specially crafted application, to disclose sensitive information. (CVE-2017-0058, CVE-2017-0188) - A privilege escalation vulnerability exists in the Microsoft Graphics Component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0156) - A flaw exists in the VBScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a malicious website or open a specially crafted document file, to execute arbitrary code. (CVE-2017-0158) - A security feature bypass vulnerability exists in ADFS due to incorrectly treating requests from Extranet clients as Intranet requests. An unauthenticated, remote attacker can exploit this to bypass account lockout protection mechanisms and more easily gain access to a user's account via a brute-force attack. (CVE-2017-0159) - Multiple flaws exist in Windows Hyper-V Network Switch due to improper validation of input from the guest operating system. A local attacker can exploit these, via a specially crafted application on the guest, to execute arbitrary code on the host system. (CVE-2017-0162, CVE-2017-0163, CVE-2017-0180, CVE-2017-0181) - A flaw exists in Active Directory when handling specially crafted search queries that allows an authenticated, remote attacker attacker to cause a denial of service condition. (CVE-2017-0164) - A flaw exists in LDAP due to buffer request lengths not being properly calculated. An unauthenticated, remote attacker can exploit this, via specially crafted traffic sent to a Domain Controller, to run processes with elevated privileges. (CVE-2017-0166) - A flaw exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0167) - Multiple denial of service vulnerabilities exist in Hyper-V due to improper validation of input from a privileged user on a guest operating system. A local attacker on the guest can exploit these, via a specially crafted application, to cause the host system to crash. (CVE-2017-0178, CVE-2017-0179, CVE-2017-0184) - Multiple denial of service vulnerabilities exist in Windows Hyper-V Network Switch due to improper validation of input from the guest operating system. A local attacker on the guest can exploit these vulnerabilities, via a specially crafted application, to crash the host system. (CVE-2017-0182, CVE-2017-0183, CVE-2017-0185, CVE-2017-0186) - A privilege escalation vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in kernel mode. (CVE-2017-0189) - A flaw exists in Windows due to improper handling of objects in memory that allows an attacker to cause a denial of service condition. (CVE-2017-0191) - An information disclosure vulnerability exists in the Adobe Type Manager Font Driver (ATMFD.dll) due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted document or visit a malicious web page, to disclose sensitive information. (CVE-2017-0192) - A remote code execution vulnerability exists in Microsoft Edge due to improper handling of objects in memory. An unauthenticated, remote attacker could use this to execute arbitrary code in the context of the user. (CVE-2017-0200) - A privilege escalation vulnerability exists in Microsoft Windows OLE due to an unspecified failure in integrity-level checks. An authenticated, remote attacker can exploit this to run an application with limited privileges at a medium integrity level. Note that this vulnerability by itself does not allow arbitrary code execution but can be used in conjunction other vulnerabilities. (CVE-2017-0211)
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 99286
    published 2017-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99286
    title KB4015217: Windows 10 1607 April 2017 Cumulative Update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-772.NASL
    description This openjdk update fixes the following security and non security issues : - Upgrade to 2.4.8 (bnc#887530) - Changed back from gzipped tarball to xz - Changed the keyring file to add Andrew John Hughes that signed the icedtea package - Change ZERO to AARCH64 tarball - Removed patches : - gstackbounds.patch - java-1.7.0-openjdk-ppc-zero-jdk.patch - java-1.7.0-openjdk-ppc-zero-hotspot.patch - Integrated in upstream icedtea - java-1.7.0-openjdk-makefiles-zero.patch - Does not apply on the AARCH64 tarball, since the change from DEFAULT and ZERO tarball to DEFAULT and AARCH64 - Upstream changes since 2.4.4 : - Security fixes - S8029755, CVE-2014-4209: Enhance subject class - S8030763: Validate global memory allocation - S8031340, CVE-2014-4264: Better TLS/EC management - S8031346, CVE-2014-4244: Enhance RSA key handling - S8031540: Introduce document horizon - S8032536: JVM resolves wrong method in some unusual cases - S8033055: Issues in 2d - S8033301, CVE-2014-4266: Build more informative InfoBuilder - S8034267: Probabilistic native crash - S8034272: Do not cram data into CRAM arrays - S8034985, CVE-2014-2483: Better form for Lambda Forms - S8035004, CVE-2014-4252: Provider provides less service - S8035009, CVE-2014-4218: Make Proxy representations consistent - S8035119, CVE-2014-4219: Fix exceptions to bytecode verification - S8035699, CVE-2014-4268: File choosers should be choosier - S8035788. CVE-2014-4221: Provide more consistency for lookups - S8035793, CVE-2014-4223: Maximum arity maxed out - S8036571: (process) Process process arguments carefully - S8036800: Attribute OOM to correct part of code - S8037046: Validate libraries to be loaded - S8037076, CVE-2014-2490: Check constant pool constants - S8037157: Verify call - S8037162, CVE-2014-4263: More robust DH exchanges - S8037167, CVE-2014-4216: Better method signature resolution - S8039520, CVE-2014-4262: More atomicity of atomic updates - S8023046: Enhance splashscreen support - S8025005: Enhance CORBA initializations - S8025010, CVE-2014-2412: Enhance AWT contexts - S8025030, CVE-2014-2414: Enhance stream handling - S8025152, CVE-2014-0458: Enhance activation set up - S8026067: Enhance signed jar verification - S8026163, CVE-2014-2427: Enhance media provisioning - S8026188, CVE-2014-2423: Enhance envelope factory - S8026200: Enhance RowSet Factory - S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling - S8026736, CVE-2014-2398: Enhance Javadoc pages - S8026797, CVE-2014-0451: Enhance data transfers - S8026801, CVE-2014-0452: Enhance endpoint addressing - S8027766, CVE-2014-0453: Enhance RSA processing - S8027775: Enhance ICU code. - S8027841, CVE-2014-0429: Enhance pixel manipulations - S8028385: Enhance RowSet Factory - S8029282, CVE-2014-2403: Enhance CharInfo set up - S8029286: Enhance subject delegation - S8029699: Update Poller demo - S8029730: Improve audio device additions - S8029735: Enhance service mgmt natives - S8029740, CVE-2014-0446: Enhance handling of loggers - S8029745, CVE-2014-0454: Enhance algorithm checking - S8029750: Enhance LCMS color processing (in-tree LCMS) - S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg) - S8029844, CVE-2014-0455: Enhance argument validation - S8029854, CVE-2014-2421: Enhance JPEG decodings - S8029858, CVE-2014-0456: Enhance array copies - S8030731, CVE-2014-0460: Improve name service robustness - S8031330: Refactor ObjectFactory - S8031335, CVE-2014-0459: Better color profiling (in-tree LCMS) - S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng) - S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader - S8031395: Enhance LDAP processing - S8032686, CVE-2014-2413: Issues with method invoke - S8033618, CVE-2014-1876: Correct logging output - S8034926, CVE-2014-2397: Attribute classes properly - S8036794, CVE-2014-0461: Manage JavaScript instances - Backports - S5049299: (process) Use posix_spawn, not fork, on S10 to avoid swap exhaustion - S6571600: JNI use results in UnsatisfiedLinkError looking for libmawt.so - S7131153: GetDC called way too many times - causes bad performance. - S7190349: [macosx] Text (Label) is incorrectly drawn with a rotated g2d - S8001108: an attempt to use '' as a method name should elicit NoSuchMethodException - S8001109: arity mismatch on a call to spreader method handle should elicit IllegalArgumentException - S8008118: (process) Possible NULL pointer dereference in jdk/src/solaris/native/java/lang/UNIXProcess_md.c - S8013611: Modal dialog fails to obtain keyboard focus - S8013809: deadlock in SSLSocketImpl between between write and close - S8013836: getFirstDayOfWeek reports wrong day for pt-BR locale - S8014460: Need to check for non-empty EXT_LIBS_PATH before using it - S8019853: Break logging and AWT circular dependency - S8019990: IM candidate window appears on the South-East corner of the display. - S8020191: System.getProperty('os.name') returns 'Windows NT (unknown)' on Windows 8.1 - S8022452: Hotspot needs to know about Windows 8.1 and Windows Server 2012 R2 - S8023990: Regression: postscript size increase from 6u18 - S8024283: 10 nashorn tests fail with similar stack trace InternalError with cause being NoClassDefFoundError - S8024616: JSR292: lazily initialize core NamedFunctions used for bootstrapping - S8024648: 7141246 & 8016131 break Zero port (AArch64 only) - S8024830: SEGV in org.apache.lucene.codecs.compressing.CompressingTermVect orsReader.get - S8025588: [macosx] Frozen AppKit thread in 7u40 - S8026404: Logging in Applet can trigger ACE: access denied ('java.lang.RuntimePermission' 'modifyThreadGroup') - S8026705: [TEST_BUG] java/beans/Introspector/TestTypeResolver.java failed - S8027196: Increment minor version of HSx for 7u55 and initialize the build number - S8027212: java/nio/channels/Selector/SelectAfterRead.java fails intermittently - S8028285: RMI Thread can no longer call out to AWT - S8029177: [Parfait] warnings from b117 for jdk.src.share.native.com.sun.java.util.jar: JNI exception pending - S8030655: Regression: 14_01 Security fix 8024306 causes test failures - S8030813: Signed applet fails to load when CRLs are stored in an LDAP directory - S8030822: (tz) Support tzdata2013i - S8031050: (thread) Change Thread initialization so that thread name is set before invoking SecurityManager - S8031075: [Regression] focus disappears with shift+tab on dialog having one focus component - S8031462: Fonts with morx tables are broken with latest ICU fixes - S8032585: JSR292: IllegalAccessError when attempting to invoke protected method from different package - S8032740: Need to create SE Embedded Source Bundles in 7 Release - S8033278: Missed access checks for Lookup.unreflect* after 8032585 - S8034772: JDK-8028795 brought a specification change to 7u55 release and caused JCK7 signature test failure - S8035283: Second phase of branch shortening doesn't account for loop alignment - S8035613: With active Securitymanager JAXBContext.newInstance fails - S8035618: Four api/org_omg/CORBA TCK tests fail under plugin only - S8036147: Increment hsx 24.55 build to b02 for 7u55-b11 - S8036786: Update jdk7 testlibrary to match jdk8 - S8036837: Increment hsx 24.55 build to b03 for 7u55-b12 - S8037012: (tz) Support tzdata2014a - S8038306: (tz) Support tzdata2014b - S8038392: Generating prelink cache breaks JAVA 'jinfo' utility normal behavior - S8042264: 7u65 l10n resource file translation update 1 - S8042582: Test java/awt/KeyboardFocusmanager/ChangeKFMTest/ChangeKFMTes t.html fails on Windows x64 - S8042590: Running form URL throws NPE - S8042789: org.omg.CORBA.ORBSingletonClass loading no longer uses context class loader - S8043012: (tz) Support tzdata2014c - S8004145: New improved hgforest.sh, ctrl-c now properly terminates mercurial processes. - S8007625: race with nested repos in /common/bin/hgforest.sh - S8011178: improve common/bin/hgforest.sh python detection (MacOS) - S8011342: hgforest.sh : 'python --version' not supported on older python - S8011350: hgforest.sh uses non-POSIX sh features that may fail with some shells - S8024200: handle hg wrapper with space after #! - S8025796: hgforest.sh could trigger unbuffered output from hg without complicated machinations - S8028388: 9 jaxws tests failed in nightly build with java.lang.ClassCastException - S8031477: [macosx] Loading AWT native library fails - S8032370: No 'Truncated file' warning from IIOReadWarningListener on JPEGImageReader - S8035834: InetAddress.getLocalHost() can hang after JDK-8030731 was fixed - S8009062: poor performance of JNI AttachCurrentThread after fix for 7017193 - S8035893: JVM_GetVersionInfo fails to zero structure - Re-enable the 'gamma' test at the end of the HotSpot build, but only for HotSpot based bootstrap JDKs. - S8015976: OpenJDK part of bug JDK-8015812 [TEST_BUG] Tests have conflicting test descriptions - S8022698: javax/script/GetInterfaceTest.java fails since 7u45 b04 with -agentvm option - S8022868: missing codepage Cp290 at java runtime - S8023310: Thread contention in the method Beans.IsDesignTime() - S8024461: [macosx] Java crashed on mac10.9 for swing and 2d function manual test - S8025679: Increment minor version of HSx for 7u51 and initialize the build number - S8026037: [TESTBUG] sun/security/tools/jarsigner/warnings.sh test fails on Solaris - S8026304: jarsigner output bad grammar - S8026772: test/sun/util/resources/TimeZone/Bug6317929.java failing - S8026887: Make issues due to failed large pages allocations easier to debug - S8027204: Revise the update of 8026204 and 8025758 - S8027224: test regression - ClassNotFoundException - S8027370: Support tzdata2013h - S8027378: Two closed/javax/xml/8005432 fails with jdk7u51b04 - S8027787: 7u51 l10n resource file translation update 1 - S8027837: JDK-8021257 causes CORBA build failure on emdedded platforms - S8027943: serial version of com.sun.corba.se.spi.orbutil.proxy.CompositeInvocationHa ndlerImpl changed in 7u45 - S8027944: Increment hsx 24.51 build to b02 for 7u51-b07 - S8028057: Modify jarsigner man page documentation to document CCC 8024302: Clarify jar verifications - S8028090: reverting change - changeset pushed with incorrect commit message, linked to wrong issue - S8028111: XML readers share the same entity expansion counter - S8028215: ORB.init fails with SecurityException if properties select the JDK default ORB - S8028293: Check local configuration for actual ephemeral port range - S8028382: Two javax/xml/8005433 tests still fail after the fix JDK-8028147 - S8028453: AsynchronousSocketChannel.connect() requires SocketPermission due to bind to local address (win) - S8028823: java/net/Makefile tabs converted to spaces - S8029038: Revise fix for XML readers share the same entity expansion counter - S8029842: Increment hsx 24.51 build to b03 for 7u51-b11 - Bug fixes - Fix accidental reversion of PR1188 for armel - PR1781: NSS PKCS11 provider fails to handle multipart AES encryption - PR1830: Drop version requirement for LCMS 2 - PR1833, RH1022017: Report elliptic curves supported by NSS, not the SunEC library - RH905128: [CRASH] OpenJDK-1.7.0 while using NSS security provider and kerberos - PR1393: JPEG support in build is broken on non-system-libjpeg builds - PR1726: configure fails looking for ecj.jar before even trying to find javac - Red Hat local: Fix for repo with path statting with / . - Remove unused hgforest script - PR1101: Undefined symbols on GNU/Linux SPARC - PR1659: OpenJDK 7 returns incorrect TrueType font metrics when bold style is set - PR1677, G498288: Update PaX support to detect running PaX kernel and use newer tools - PR1679: Allow OpenJDK to build on PaX-enabled kernels - PR1684: Build fails with empty PAX_COMMAND - RH1015432: java-1.7.0-openjdk: Fails on PPC with StackOverflowError (revised fix) - Link against $(LIBDL) if SYSTEM_CUPS is not true - Perform configure checks using ecj.jar when --with-gcj (native ecj build) is enabled. - Fix broken bootstrap build by updating ecj-multicatch.patch - PR1653: Support ppc64le via Zero - PR1654: ppc32 needs a larger ThreadStackSize to build - RH1015432: java-1.7.0-openjdk: Fails on PPC with StackOverflowError - RH910107: fail to load PC/SC library - ARM32 port - Add arm_port from IcedTea 6 - Add patches/arm.patch from IcedTea 6 - Add patches/arm-debug.patch from IcedTea 6 - Add patches/arm-hsdis.patch from IcedTea 6 - added jvmti event generation for dynamic_generate and compiled_method_load events to ARM JIT compiler - Adjust saved SP when safepointing. - First cut of invokedynamic - Fix trashed thread ptr after recursive re-entry from asm JIT. - JIT-compilation of ldc methodHandle - Rename a bunch of misleadingly-named functions - Changes for HSX22 - Rename a bunch of misleadingly-named functions - Patched method handle adapter code to deal with failures in TCK - Phase 1 - Phase 2 - RTC Thumb2 JIT enhancements. - Zero fails to build in hsx22+, fix for hsx22 after runs gamma OK, hsx23 still nogo. - Use ldrexd for atomic reads on ARMv7. - Use unified syntax for thumb code. - Corrected call from fast_method_handle_entry to CppInterpreter::method_handle_entry so that thread is loaded into r2 - Don't save locals at a return. - Fix call to handle_special_method(). Fix compareAndSwapLong. - Fix JIT bug that miscompiles org.eclipse.ui.internal.contexts.ContextAuthority.source Changed - invokedynamic and aldc for JIT - Modified safepoint check to rely on memory protect signal instead of polling - Minor review cleanups. - PR1188: ASM Interpreter and Thumb2 JIT javac miscompile modulo reminder on armel - PR1363: Fedora 19 / rawhide FTBFS SIGILL - Changes for HSX23 - Remove fragment from method that has been removed - Remove C++ flags from CC_COMPILE and fix usage in zeroshark.make. - Use $(CC) to compile mkbc instead of $(CC_COMPILE) to avoid C++-only flags - Add note about use of $(CFLAGS)/$(CXXFLAGS)/$(CPPFLAGS) at present. - Override automatic detection of source language for bytecodes_arm.def - Include $(CFLAGS) in assembler stage - PR1626: ARM32 assembler update for hsx24. Use ARM32JIT to turn it on/off. - Replace literal offsets for METHOD_SIZEOFPARAMETERS and ISTATE_NEXT_FRAME with correct symbolic names. - Turn ARM32 JIT on by default - AArch64 port - AArch64 C2 instruct for smull - Add a constructor as a conversion from Register - RegSet. Use it. - Add RegSet::operator+=. - Add support for a few simple intrinsics - Add support for builtin crc32 instructions - Add support for CRC32 intrinsic - Add support for Neon implementation of CRC32 - All address constants are 48 bits in size. - C1: Fix offset overflow when profiling. - Common frame handling for C1/C2 which correctly handle all frame sizes - Correct costs for operations with shifts. - Correct OptoAssembly for prologs and epilogs. - Delete useless instruction. - Don't use any form of _call_VM_leaf when we're calling a stub. - Fast string comparison - Fast String.equals() - Fix a tonne of bogus comments. - Fix biased locking and enable as default - Fix instruction size from 8 to 4 - Fix opto assembly for shifts. - Fix register misuse in verify_method_data_pointer - Fix register usage in generate_verify_oop(). - Implement various locked memory operations. - Improve C1 performance improvements in ic_cache checks - Improve code generation for pop(), as suggested by Edward Nevill. - Improvements to safepoint polling - Make code entry alignment 64 for C2 - Minor optimisation for divide by 2 - New cost model for instruction selection. - Offsets in lookupswitch instructions should be signed. - Optimise addressing of card table byte map base - Optimise C2 entry point verification - Optimise long divide by 2 - Performance improvement and ease of use changes pulled from upstream - Preserve callee save FP registers around call to java code - Remove obsolete C1 patching code. - Remove special-case handling of division arguments. AArch64 doesn't need it. - Remove unnecessary memory barriers around CAS operations - Restore sp from sender sp, r13 in crc32 code - Restrict default ReservedCodeCacheSize to 128M - Rewrite CAS operations to be more conservative - Save intermediate state before removing C1 patching code. - Tidy up register usage in push/pop instructions. - Tidy up stack frame handling. - Use 2- and 3-instruction immediate form of movoop and mov_metadata in C2-generated code. - Use an explicit set of registers rather than a bitmap for psh and pop operations. - Use explicit barrier instructions in C1. - Use gcc __clear_cache instead of doing it ourselves - PR1713: Support AArch64 Port - Shark - Add Shark definitions from 8003868 - Drop compile_method argument removed in 7083786 from sharkCompiler.cpp
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 80045
    published 2014-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80045
    title openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1645-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-37.NASL
    description - Update to Chromium 31.0.1650.63 Stable channel update : - Security fixes : - CVE-2013-6634: Session fixation in sync related to 302 redirects - CVE-2013-6635: Use-after-free in editing - CVE-2013-6636: Address bar spoofing related to modal dialogs - CVE-2013-6637: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6638: Buffer overflow in v8 - CVE-2013-6639: Out of bounds write in v8. - CVE-2013-6640: Out of bounds read in v8 - and 12 other security fixes. - Remove the build flags to build according to the Chrome ffmpeg branding and the proprietary codecs. (bnc#847971) - Update to Chromium 31.0.1650.57 Stable channel update : - Security Fixes : - CVE-2013-6632: Multiple memory corruption issues. - Update to Chromium 31.0.1650.48 Stable Channel update : - Security fixes : - CVE-2013-6621: Use after free related to speech input elements.. - CVE-2013-6622: Use after free related to media elements. - CVE-2013-6623: Out of bounds read in SVG. - CVE-2013-6624: Use after free related to “id” attribute strings. - CVE-2013-6625: Use after free in DOM ranges. - CVE-2013-6626: Address bar spoofing related to interstitial warnings. - CVE-2013-6627: Out of bounds read in HTTP parsing. - CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. - CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. - CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. - CVE-2013-6631: Use after free in libjingle. - Added patch chromium-fix-chromedriver-build.diff to fix the chromedriver build - Enable ARM build for Chromium. - Added patches chromium-arm-webrtc-fix.patch, chromium-fix-arm-icu.patch and chromium-fix-arm-sysroot.patch to resolve ARM specific build issues - Update to Chromium 30.0.1599.114 Stable Channel update: fix build for 32bit systems - Drop patch chromium-fix-chromedriver-build.diff. This is now fixed upstream - For openSUSE versions lower than 13.1, build against the in-tree libicu - Update to Chromium 30.0.1599.101 - Security Fixes : + CVE-2013-2925: Use after free in XHR + CVE-2013-2926: Use after free in editing + CVE-2013-2927: Use after free in forms. + CVE-2013-2928: Various fixes from internal audits, fuzzing and other initiatives. - Update to Chromium 30.0.1599.66 - Easier searching by image - A number of new apps/extension APIs - Lots of under the hood changes for stability and performance - Security fixes : + CVE-2013-2906: Races in Web Audio + CVE-2013-2907: Out of bounds read in Window.prototype object + CVE-2013-2908: Address bar spoofing related to the “204 No Content” status code + CVE-2013-2909: Use after free in inline-block rendering + CVE-2013-2910: Use-after-free in Web Audio + CVE-2013-2911: Use-after-free in XSLT + CVE-2013-2912: Use-after-free in PPAPI + CVE-2013-2913: Use-after-free in XML document parsing + CVE-2013-2914: Use after free in the Windows color chooser dialog + CVE-2013-2915: Address bar spoofing via a malformed scheme + CVE-2013-2916: Address bar spoofing related to the “204 No Content” status code + CVE-2013-2917: Out of bounds read in Web Audio + CVE-2013-2918: Use-after-free in DOM + CVE-2013-2919: Memory corruption in V8 + CVE-2013-2920: Out of bounds read in URL parsing + CVE-2013-2921: Use-after-free in resource loader + CVE-2013-2922: Use-after-free in template element + CVE-2013-2923: Various fixes from internal audits, fuzzing and other initiatives + CVE-2013-2924: Use-after-free in ICU. Upstream bug
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75366
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75366
    title openSUSE Security Update : chromium (openSUSE-SU-2014:0065-1)
  • NASL family Windows
    NASL id IBM_NOTES_9_0_1_FP2.NASL
    description The remote host has a version of IBM Notes (formerly Lotus Notes) 9.0.x prior to 9.0.1 Fix Pack 2 (FP2) installed. It is, therefore, affected by the following vulnerabilities : - An unspecified error exists related to the TLS implementation and the IBM HTTP server that could allow certain error cases to cause 100% CPU utilization. Note this issue only affects Microsoft Windows hosts. (CVE-2014-0963) - Fixes in the Oracle Java CPU for April 2014 are included in the fixed IBM Java release, which is included in the fixed IBM Domino release. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 77812
    published 2014-09-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77812
    title IBM Notes 9.0.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS17_APR_4015221.NASL
    description The remote Windows 10 Version 1507 host is missing security update KB4015221. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the open-source libjpeg image processing library due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this to disclose sensitive information that can be utilized to bypass ASLR security protections. (CVE-2013-6629) - An information disclosure vulnerability exists in the win32k component due to improper handling of kernel information. A local attacker can exploit these vulnerabilities, via a specially crafted application, to disclose sensitive information. (CVE-2017-0058) - A privilege escalation vulnerability exists in the Microsoft Graphics Component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0156) - A flaw exists in the VBScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a malicious website or open a specially crafted document file, to execute arbitrary code. (CVE-2017-0158) - A privilege escalation vulnerability exists in the Microsoft .NET framework due to improper validation of input when loading libraries. A local attacker can exploit this to gain elevated privileges. (CVE-2017-0160) - Multiple flaws exist in Windows Hyper-V Network Switch due to improper validation of input from the guest operating system. A local attacker can exploit these, via a specially crafted application on the guest, to execute arbitrary code on the host system. (CVE-2017-0162, CVE-2017-0163) - A privilege escalation vulnerability exists due to improper sanitization of handles stored in memory. A local attacker can exploit this to gain elevated privileges. (CVE-2017-0165) - A flaw exists in LDAP due to buffer request lengths not being properly calculated. An unauthenticated, remote attacker can exploit this, via specially crafted traffic sent to a Domain Controller, to run processes with elevated privileges. (CVE-2017-0166) - A flaw exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0167)
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 99287
    published 2017-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99287
    title KB4015221: Windows 10 Version 1507 April 2017 Cumulative Update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-904.NASL
    description Chromium was updated to 31.0.1650.57: Stable channel update : - Security Fixes : - CVE-2013-6632: Multiple memory corruption issues. - Update to Chromium 31.0.1650.48 (bnc#850430) Stable Channel update : - Security fixes : - CVE-2013-6621: Use after free related to speech input elements.. - CVE-2013-6622: Use after free related to media elements. - CVE-2013-6623: Out of bounds read in SVG. - CVE-2013-6624: Use after free related to “id” attribute strings. - CVE-2013-6625: Use after free in DOM ranges. - CVE-2013-6626: Address bar spoofing related to interstitial warnings. - CVE-2013-6627: Out of bounds read in HTTP parsing. - CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. - CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. - CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. - CVE-2013-6631: Use after free in libjingle. - Added patch chromium-fix-chromedriver-build.diff to fix the chromedriver build
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75213
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75213
    title openSUSE Security Update : chromium (openSUSE-SU-2013:1777-1)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS17_APR_4015219.NASL
    description The remote Windows 10 version 1511 host is missing security update KB4015219. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the open-source libjpeg image processing library due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this to disclose sensitive information that can be utilized to bypass ASLR security protections. (CVE-2013-6629) - Multiple information disclosure vulnerabilities exist in the win32k component due to improper handling of kernel information. A local attacker can exploit these vulnerabilities, via a specially crafted application, to disclose sensitive information. (CVE-2017-0058, CVE-2017-0188) - A remote code execution vulnerability exists in Microsoft Edge due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a malicious website, to execute arbitrary code. (CVE-2017-0093) - A privilege escalation vulnerability exists in the Microsoft Graphics Component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0156) - A flaw exists in the VBScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a malicious website or open a specially crafted document file, to execute arbitrary code. (CVE-2017-0158) - A privilege escalation vulnerability exists in the Microsoft .NET framework due to improper validation of input when loading libraries. A local attacker can exploit this to gain elevated privileges. (CVE-2017-0160) - Multiple flaws exist in Windows Hyper-V Network Switch due to improper validation of input from the guest operating system. A local attacker can exploit these, via a specially crafted application on the guest, to execute arbitrary code on the host system. (CVE-2017-0162, CVE-2017-0163, CVE-2017-0180, CVE-2017-0181) - A privilege escalation vulnerability exists due to improper sanitization of handles stored in memory. A local attacker can exploit this to gain elevated privileges. (CVE-2017-0165) - A flaw exists in LDAP due to buffer request lengths not being properly calculated. An unauthenticated, remote attacker can exploit this, via specially crafted traffic sent to a Domain Controller, to run processes with elevated privileges. (CVE-2017-0166) - A flaw exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0167) - Multiple denial of service vulnerabilities exist in Hyper-V due to improper validation of input from a privileged user on a guest operating system. A local attacker on the guest can exploit these, via a specially crafted application, to cause the host system to crash. (CVE-2017-0178, CVE-2017-0179, CVE-2017-0184) - Multiple denial of service vulnerabilities exist in Windows Hyper-V Network Switch due to improper validation of input from the guest operating system. A local attacker on the guest can exploit these vulnerabilities, via a specially crafted application, to crash the host system. (CVE-2017-0182, CVE-2017-0183, CVE-2017-0185, CVE-2017-0186) - A privilege escalation vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in kernel mode. (CVE-2017-0189) - A flaw exists in Windows due to improper handling of objects in memory that allows an attacker to cause a denial of service condition. (CVE-2017-0191) - An information disclosure vulnerability exists in the Adobe Type Manager Font Driver (ATMFD.dll) due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted document or visit a malicious web page, to disclose sensitive information. (CVE-2017-0192) - A memory corruption issue exists in Internet Explorer due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a malicious website, to execute arbitrary code. (CVE-2017-0202) - A security feature bypass vulnerability exists in Microsoft Edge due to improper handling of CSP documents. An unauthenticated, remote attacker can exploit this, via a specially crafted CSP document, to bypass security features. (CVE-2017-0203) - A memory corruption issue exists in Microsoft Edge due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a malicious website, to execute arbitrary code. (CVE-2017-0205) - An information disclosure vulnerability exists in Microsoft Edge in the Chakra scripting engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-0208) - A privilege escalation vulnerability exists in Internet Explorer due to a failure to properly enforce cross-domain policies. An unauthenticated, remote attacker can exploit this to inject arbitrary content and gain elevated privileges. (CVE-2017-0210) - A privilege escalation vulnerability exists in Microsoft Windows OLE due to an unspecified failure in integrity-level checks. An authenticated, remote attacker can exploit this to run an application with limited privileges at a medium integrity level. Note that this vulnerability by itself does not allow arbitrary code execution but can be used in conjunction other vulnerabilities. (CVE-2017-0211)
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 99282
    published 2017-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99282
    title KB4015219: Windows 10 Version 1511 April 2017 Cumulative Update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2799.NASL
    description Several vulnerabilities have been discovered in the chromium web browser. - CVE-2013-2931 The chrome 31 development team found various issues from internal fuzzing, audits, and other studies. - CVE-2013-6621 Khalil Zhani discovered a use-after-free issue in speech input handling. - CVE-2013-6622 'cloudfuzzer' discovered a use-after-free issue in HTMLMediaElement. - CVE-2013-6623 'miaubiz' discovered an out-of-bounds read in the Blink/Webkit SVG implementation. - CVE-2013-6624 Jon Butler discovered a use-after-free issue in id attribute strings. - CVE-2013-6625 'cloudfuzzer' discovered a use-after-free issue in the Blink/Webkit DOM implementation. - CVE-2013-6626 Chamal de Silva discovered an address bar spoofing issue. - CVE-2013-6627 'skylined' discovered an out-of-bounds read in the HTTP stream parser. - CVE-2013-6628 Antoine Delignat-Lavaud and Karthikeyan Bhargavan of INRIA Paris discovered that a different (unverified) certificate could be used after successful TLS renegotiation with a valid certificate. - CVE-2013-6629 Michal Zalewski discovered an uninitialized memory read in the libjpeg and libjpeg-turbo libraries. - CVE-2013-6630 Michal Zalewski discovered another uninitialized memory read in the libjpeg and libjpeg-turbo libraries. - CVE-2013-6631 Patrik Hoglund discovered a use-free issue in the libjingle library. - CVE-2013-6632 Pinkie Pie discovered multiple memory corruption issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 70986
    published 2013-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70986
    title Debian DSA-2799-1 : chromium-browser - several vulnerabilities
  • NASL family Windows
    NASL id VMWARE_VCENTER_UPDATE_MGR_VMSA-2014-0008.NASL
    description The version of VMware vCenter Update Manager installed on the remote Windows host is 5.5 prior to Update 2. It is, therefore, affected by multiple vulnerabilities related to the bundled version of Oracle JRE prior to 1.7.0_55.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 77727
    published 2014-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77727
    title VMware vCenter Update Manager Multiple Java Vulnerabilities (VMSA-2014-0008)
  • NASL family Misc.
    NASL id APPLETV_6_1.NASL
    description According to its banner, the remote Apple TV 2nd generation or later device is prior to 6.1. It is, therefore, reportedly affected by multiple vulnerabilities, the most serious issues of which could result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 72962
    published 2014-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72962
    title Apple TV < 6.1 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_7_0-IBM-140515.NASL
    description IBM Java 7 was updated to version SR7, which received security and bug fixes. More information is available at: http://www.ibm.com/developerworks/java/jdk/aix/j764/Java7_64.fixes.htm l#SR7
    last seen 2019-02-21
    modified 2015-01-28
    plugin id 74254
    published 2014-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74254
    title SuSE 11.3 Security Update : IBM Java 7 (SAT Patch Number 9263)
  • NASL family Misc.
    NASL id VMWARE_VCENTER_VMSA-2014-0008.NASL
    description The VMware vCenter Server installed on the remote host is version 5.0 prior to Update 3c, 5.1 prior to Update 3, or 5.5 prior to Update 2. It is, therefore, affected by multiple vulnerabilities in third party libraries : - The bundled version of Apache Struts contains a code execution flaw. Note that 5.0 Update 3c only addresses this vulnerability. (CVE-2014-0114) - The bundled tc-server / Apache Tomcat contains multiple vulnerabilities. (CVE-2013-4590, CVE-2013-4322, and CVE-2014-0050) - The bundled version of Oracle JRE is prior to 1.7.0_55 and thus is affected by multiple vulnerabilities. Note that this only affects version 5.5 of vCenter.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 77728
    published 2014-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77728
    title VMware Security Updates for vCenter Server (VMSA-2014-0008)
  • NASL family Misc.
    NASL id ORACLE_JAVA_CPU_APR_2014_UNIX.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 8 Update 5, 7 Update 55, 6 Update 75, or 5 Update 65. It is, therefore, potentially affected by security issues in the following components : - 2D - AWT - Deployment - Hotspot - JAX-WS - JAXB - JAXP - JNDI - JavaFX - Javadoc - Libraries - Scripting - Security - Sound
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 73571
    published 2014-04-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73571
    title Oracle Java SE Multiple Vulnerabilities (April 2014 CPU) (Unix)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-6859.NASL
    description - Update to 1.3.1 - Fixes CVE-2013-6629 and CVE-2013-6630 (RHBZ #1031740) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 74400
    published 2014-06-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74400
    title Fedora 19 : mingw-libjpeg-turbo-1.3.1-1.fc19 (2014-6859)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS17_APR_4015583.NASL
    description The remote Windows 10 version 1703 host is missing security update KB4015583. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the open-source libjpeg image processing library due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this to disclose sensitive information that can be utilized to bypass ASLR security protections. (CVE-2013-6629) - Multiple information disclosure vulnerabilities exist in the win32k component due to improper handling of kernel information. A local attacker can exploit these vulnerabilities, via a specially crafted application, to disclose sensitive information. (CVE-2017-0058, CVE-2017-0188) - A remote code execution vulnerability exists in Microsoft Edge due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a malicious website, to execute arbitrary code. (CVE-2017-0093) - A privilege escalation vulnerability exists in the Microsoft Graphics Component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0156) - A flaw exists in the VBScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a malicious website or open a specially crafted document file, to execute arbitrary code. (CVE-2017-0158) - A security feature bypass vulnerability exists in ADFS due to incorrectly treating requests from Extranet clients as Intranet requests. An unauthenticated, remote attacker can exploit this to bypass account lockout protection mechanisms and more easily gain access to a user's account via a brute-force attack. (CVE-2017-0159) - A privilege escalation vulnerability exists in the Microsoft .NET framework due to improper validation of input when loading libraries. A local attacker can exploit this to gain elevated privileges. (CVE-2017-0160) - Multiple flaws exist in Windows Hyper-V Network Switch due to improper validation of input from the guest operating system. A local attacker can exploit these, via a specially crafted application on the guest, to execute arbitrary code on the host system. (CVE-2017-0162, CVE-2017-0163, CVE-2017-0180, CVE-2017-0181) - A flaw exists in LDAP due to buffer request lengths not being properly calculated. An unauthenticated, remote attacker can exploit this, via specially crafted traffic sent to a Domain Controller, to run processes with elevated privileges. (CVE-2017-0166) - A flaw exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0167) - Multiple denial of service vulnerabilities exist in Hyper-V due to improper validation of input from a privileged user on a guest operating system. A local attacker on the guest can exploit these, via a specially crafted application, to cause the host system to crash. (CVE-2017-0179, CVE-2017-0184) - Multiple denial of service vulnerabilities exist in Windows Hyper-V Network Switch due to improper validation of input from the guest operating system. A local attacker on the guest can exploit these vulnerabilities, via a specially crafted application, to crash the host system. (CVE-2017-0182, CVE-2017-0183, CVE-2017-0185, CVE-2017-0186) - A privilege escalation vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in kernel mode. (CVE-2017-0189) - A flaw exists in Windows due to improper handling of objects in memory that allows an attacker to cause a denial of service condition. (CVE-2017-0191) - An information disclosure vulnerability exists in the Adobe Type Manager Font Driver (ATMFD.dll) due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted document or visit a malicious web page, to disclose sensitive information. (CVE-2017-0192) - A memory corruption issue exists in Internet Explorer due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a malicious website, to execute arbitrary code. (CVE-2017-0202) - A security feature bypass vulnerability exists in Microsoft Edge due to improper handling of CSP documents. An unauthenticated, remote attacker can exploit this, via a specially crafted CSP document, to bypass security features. (CVE-2017-0203) - A memory corruption issue exists in Microsoft Edge due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a malicious website, to execute arbitrary code. (CVE-2017-0205) - An information disclosure vulnerability exists in Microsoft Edge in the Chakra scripting engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-0208) - A privilege escalation vulnerability exists in Internet Explorer due to a failure to properly enforce cross-domain policies. An unauthenticated, remote attacker can exploit this to inject arbitrary content and gain elevated privileges. (CVE-2017-0210) - A privilege escalation vulnerability exists in Microsoft Windows OLE due to an unspecified failure in integrity-level checks. An authenticated, remote attacker can exploit this to run an application with limited privileges at a medium integrity level. Note that this vulnerability by itself does not allow arbitrary code execution but can be used in conjunction other vulnerabilities. (CVE-2017-0211)
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 99288
    published 2017-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99288
    title KB4015583: Windows 10 Version 1703 April 2017 Cumulative Update
  • NASL family AIX Local Security Checks
    NASL id AIX_JAVA_APR2014_ADVISORY.NASL
    description The version of Java SDK installed on the remote host is potentially affected by the following vulnerabilities : - There is an information disclosure flaw in libjpeg and libjpeg-turbo allowing remote attackers access to uninitialized memory via crafted JPEG images. (CVE-2013-6629) - A vulnerability in libpng allows denial of service attacks via a flaw in pngtran.c pngset.c. (CVE-2013-6954) - Vulnerabilities in Oracle Java allow remote code execution via flaws in 2D image handling. (CVE-2014-0429, CVE-2014-2401, CVE-2014-2421) - A vulnerability in Oracle Java allows remote code execution via a flaw in logger handling. (CVE-2014-0446) - Vulnerabilities in Oracle Java allow remote code execution via flaws in the Deployment subcomponent. (CVE-2014-0448, CVE-2014-0449, CVE-2014-2409, CVE-2014-2420, CVE-2014-2428) - A vulnerability in Oracle Java allows a remote attacker to bypass security features through flaws in AWT. (CVE-2014-0451, CVE-2014-2412) - A vulnerability in Oracle Java allows a remote attacker to bypass security features through flaws in W3CEndpointReference.java. (CVE-2014-0452) - An information disclosure vulnerability in Oracle Java RSAPadding allows a remote attacker to view timing information protected by encryption. (CVE-2014-0452) - A vulnerability in Oracle Java allows a remote attacker to modify the SIGNATURE_PRIMITIVE_SET through flaws in SignatureAndHalshAlgorithm and AlgorithmChecker. (CVE-2014-0454) - A vulnerability in Oracle Java allows remote code execution via a flaw in MethodHandles.java. (CVE-2014-0455) - A vulnerability in Oracle Java allows remote code execution via a flaw in exception handling. (CVE-2014-0457) - Vulnerabilities in Oracle Java allow a remote attacker to bypass security features through flaws in JAX-WS. (CVE-2014-0458, CVE-2014-2423) - An unspecified vulnerability exists in Oracle Java via sandboxed applications. (CVE-2014-0459) - A vulnerability in Oracle Java allows remote attackers to conduct spoofing attacks via a flaw in the DnsClient component. (CVE-2014-0460) - A vulnerability in Oracle Java allows remote code execution via a flaw in ScriptEngineManager.java. (CVE-2014-0461) - A vulnerability in Oracle Java allows a remote attacker to bypass security features through flaws in the random number generation of cryptographic protection. (CVE-2014-0878) - A privilege escalation vulnerability in Oracle Java allows remote attacks to overwrite arbitrary files via a flaw in unpack200. (CVE-2014-1876) - A vulnerability in Oracle Java allows remote code execution via a flaw in Javadoc. (CVE-2014-2398) - A vulnerability in Oracle Java allows a remote attacker to bypass security features through flaws in asynchronous channel handling across threads. (CVE-2014-2402) - Vulnerabilities in Oracle Java allow a remote attacker to bypass security features through flaws in JAXB. (CVE-2014-2414) - A vulnerability in Oracle Java allows a remote attacker to bypass security features through flaws in Java sound libraries. (CVE-2014-2427)
    last seen 2019-02-21
    modified 2018-07-17
    plugin id 76870
    published 2014-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76870
    title AIX Java Advisory : java_apr2014_advisory.asc
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0414.NASL
    description Updated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 12th May 2014] The package list in this erratum has been updated to make the packages available in the Oracle Java for Red Hat Enterprise Linux 6 Workstation x86_64 channels on the Red Hat Network. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory pages, listed in the References section. (CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5852, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 75 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-26
    plugin id 79011
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79011
    title RHEL 5 / 6 : java-1.6.0-sun (RHSA-2014:0414)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0982.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.4, 5.5, and 5.6. The Red Hat Security Response Team has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4, 5.5, and 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-0878, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) Users of Red Hat Network Satellite Server 5.4, 5.5, and 5.6 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR16 release. For this update to take effect, Red Hat Network Satellite Server must be restarted ('/usr/sbin/rhn-satellite restart'), as well as all running instances of IBM Java.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 79039
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79039
    title RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2014:0982)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-23722.NASL
    description Apply fixes CVE-2013-6629, CVE-2013-6630 (#1031737) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 71903
    published 2014-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71903
    title Fedora 19 : libjpeg-turbo-1.2.90-3.fc19 (2013-23722)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_MS17-04-4019460_MONO.NASL
    description The Mono Framework application installed on the remote macOS or Mac OS X host is missing security update KB4019460. It is, therefore, affected by an information disclosure vulnerability in the libjpeg and libjpeg-turbo libraries of Mono Framework. An unauthenticated, remote attacker can exploit this, via a specially crafted JPEG image, to disclose potentially sensitive information from uninitialized memory.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 99310
    published 2017-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99310
    title KB4019460: Security Update for the libjpeg Information Disclosure Vulnerability for Mono Framework (macOS)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0508.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0461, CVE-2014-2428, CVE-2014-0446, CVE-2014-0452, CVE-2014-0451, CVE-2014-2423, CVE-2014-2427, CVE-2014-0458, CVE-2014-2414, CVE-2014-2412, CVE-2014-2409, CVE-2014-0460, CVE-2013-6954, CVE-2013-6629, CVE-2014-2401, CVE-2014-0449, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876, CVE-2014-2420) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 74031
    published 2014-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74031
    title RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2014:0508)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-1804.NASL
    description An updated libjpeg package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libjpeg package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions. An uninitialized memory read issue was found in the way libjpeg decoded images with missing Start Of Scan (SOS) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629) All libjpeg users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 71272
    published 2013-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71272
    title CentOS 5 : libjpeg (CESA-2013:1804)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-273.NASL
    description Updated libjpeg packages fix security vulnerabilities : libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in presence of valid chroma data (Cr, Cb) (CVE-2013-6629). libjpeg-turbo will use uninitialized memory when handling Huffman tables (CVE-2013-6630).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 71028
    published 2013-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71028
    title Mandriva Linux Security Advisory : libjpeg (MDVSA-2013:273)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1803.NASL
    description Updated libjpeg-turbo packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libjpeg-turbo package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions. An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan (SOS) JPEG markers or Define Huffman Table (DHT) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629, CVE-2013-6630) All libjpeg-turbo users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 71290
    published 2013-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71290
    title RHEL 6 : libjpeg-turbo (RHSA-2013:1803)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_3BFC70164BCC11E3B0CF00262D5ED8EE.NASL
    description Google Chrome Releases reports : 25 security fixes in this release, including : - [268565] Medium CVE-2013-6621: Use after free related to speech input elements. Credit to Khalil Zhani. - [272786] High CVE-2013-6622: Use after free related to media elements. Credit to cloudfuzzer. - [282925] High CVE-2013-6623: Out of bounds read in SVG. Credit to miaubiz. - [290566] High CVE-2013-6624: Use after free related to 'id' attribute strings. Credit to Jon Butler. - [295010] High CVE-2013-6625: Use after free in DOM ranges. Credit to cloudfuzzer. - [295695] Low CVE-2013-6626: Address bar spoofing related to interstitial warnings. Credit to Chamal de Silva. - [299892] High CVE-2013-6627: Out of bounds read in HTTP parsing. Credit to skylined. - [306959] Medium CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco of INRIA Paris. - [315823] Medium-Critical CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives. - [258723] Medium CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. Credit to Michal Zalewski of Google. - [299835] Medium CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. Credit to Michal Zalewski of Google. - [296804] High CVE-2013-6631: Use after free in libjingle. Credit to Patrik Hoglund of the Chromium project.
    last seen 2019-02-21
    modified 2016-05-27
    plugin id 70865
    published 2013-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70865
    title FreeBSD : chromium -- multiple vulnerabilities (3bfc7016-4bcc-11e3-b0cf-00262d5ed8ee)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS17_APR_4015549.NASL
    description The remote Windows host is missing security update 4015546 or cumulative update 4015549. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the open-source libjpeg image processing library due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this to disclose sensitive information that can be utilized to bypass ASLR security protections. (CVE-2013-6629) - An information disclosure vulnerability exists in the win32k component due to improper handling of kernel information. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0058) - Multiple privilege escalation vulnerabilities exist in the Microsoft Graphics Component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0155, CVE-2017-0156) - A flaw exists in the VBScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a malicious website or open a specially crafted document file, to execute arbitrary code. (CVE-2017-0158) - Multiple flaws exist in Windows Hyper-V Network Switch due to improper validation of input from the guest operating system. A local attacker can exploit these, via a specially crafted application on the guest, to execute arbitrary code on the host system. (CVE-2017-0163, CVE-2017-0180) - A flaw exists in LDAP due to buffer request lengths not being properly calculated. An unauthenticated, remote attacker can exploit this, via specially crafted traffic sent to a Domain Controller, to run processes with elevated privileges. (CVE-2017-0166) - An information disclosure vulnerability exists in Windows Hyper-V Network Switch due to improper validation of user-supplied input. A guest attacker can exploit this to disclose sensitive information on the host server. (CVE-2017-0168) - Multiple denial of service vulnerabilities exist in Windows Hyper-V Network Switch due to improper validation of input from the guest operating system. A local attacker on the guest can exploit these vulnerabilities, via a specially crafted application, to crash the host system. (CVE-2017-0182, CVE-2017-0183) - A denial of service vulnerability exists in Hyper-V due to improper validation of input from a privileged user on a guest operating system. A local attacker on the guest can exploit this, via a specially crafted application, to cause the host system to crash. (CVE-2017-0184) - A flaw exists in Windows due to improper handling of objects in memory that allows an attacker to cause a denial of service condition. (CVE-2017-0191) - An information disclosure vulnerability exists in the Adobe Type Manager Font Driver (ATMFD.dll) due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted document or visit a malicious web page, to disclose sensitive information. (CVE-2017-0192) - An arbitrary code execution vulnerability exists in Microsoft Office and Windows WordPad due to improper handling of specially crafted files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a malicious file, to execute arbitrary code in the context of the current user. Note that this vulnerability is being utilized to spread the Petya ransomware. (CVE-2017-0199) - A memory corruption issue exists in Internet Explorer due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a malicious website, to execute arbitrary code. (CVE-2017-0202) - A privilege escalation vulnerability exists in Internet Explorer due to a failure to properly enforce cross-domain policies. An unauthenticated, remote attacker can exploit this to inject arbitrary content and gain elevated privileges. (CVE-2017-0210)
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 99304
    published 2017-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99304
    title Windows 7 and Windows 2008 R2 April 2017 Security Updates (Petya)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-6870.NASL
    description - Update to 1.3.1 - Fixes CVE-2013-6629 and CVE-2013-6630 (RHBZ #1031740) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 74402
    published 2014-06-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74402
    title Fedora 20 : mingw-libjpeg-turbo-1.3.1-1.fc20 (2014-6870)
  • NASL family Windows
    NASL id SEAMONKEY_223.NASL
    description The installed version of SeaMonkey is earlier than 2.23 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5609, CVE-2013-5610) - Cross-site scripting filtering evasion may be possible due to character encodings being inherited from a previously visited website when character set encoding is missing from the current website. (CVE-2013-5612) - Two use-after-free vulnerabilities exist in the functions for synthetic mouse movement handling. (CVE-2013-5613) - Sandbox restrictions may be bypassed because 'iframe sandbox' restrictions are not properly applied to 'object' elements in sandboxed iframes. (CVE-2013-5614) - An issue exists in which 'GetElementIC' typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact. (CVE-2013-5615) - A use-after-free vulnerability exists when interacting with event listeners from the mListeners array. This could result in a denial of service or arbitrary code execution. (CVE-2013-5616) - A use-after-free vulnerability exists in the table editing user interface of the editor during garbage collection. This could result in a denial of service or arbitrary code execution. (CVE-2013-5618) - Memory issues exist in the binary search algorithms in the SpiderMonkey JavaScript engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5619) - Issues exist with the JPEG format image processing with Start Of Scan (SOS) and Define Huffman Table (DHT) markers in the 'libjpeg' library. This could allow attackers to read arbitrary memory content as well as cross-domain image theft. (CVE-2013-6629, CVE-2013-6630) - A memory issue exists when inserting an ordered list into a document through a script that could result in a denial of service or arbitrary code execution. (CVE-2013-6671) - Trust settings for built-in root certificates are ignored during extended validation (EV) certificate validation. This removes the ability of users to explicitly untrust root certificates from specific certificate authorities. (CVE-2013-6673) - An intermediate certificate that is used by a man-in- the-middle (MITM) traffic management device exists in Mozilla's root certificate authorities. Reportedly, this certificate has been misused.
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 71349
    published 2013-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71349
    title SeaMonkey < 2.23 Multiple Vulnerabilities
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_24_2.NASL
    description The installed version of Thunderbird is earlier than 24.2 and is, therefore, potentially affected the following vulnerabilities: - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5609, CVE-2013-5610) - Two use-after-free vulnerabilities exist in the functions for synthetic mouse movement handling. (CVE-2013-5613) - An issue exists in which 'GetElementIC' typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact. (CVE-2013-5615) - A use-after-free vulnerability exists when interacting with event listeners from the mListeners array. This could result in a denial of service or arbitrary code execution. (CVE-2013-5616) - A use-after-free vulnerability exists in the table editing user interface of the editor during garbage collection. This could result in a denial of service or arbitrary code execution. (CVE-2013-5618) - Issues exist with the JPEG format image processing with Start Of Scan (SOS) and Define Huffman Table (DHT) markers in the 'libjpeg' library. This could allow attackers to read arbitrary memory content as well as cross-domain image theft. (CVE-2013-6629, CVE-2013-6630) - A memory issue exists when inserting an ordered list into a document through a script that could result in a denial of service or arbitrary code execution. (CVE-2013-6671) - Trust settings for built-in root certificates are ignored during extended validation (EV) certificate validation. This removes the ability of users to explicitly untrust root certificates from specific certificate authorities. (CVE-2013-6673) - An intermediate certificate that is used by a man-in- the-middle (MITM) traffic management device exists in Mozilla's root certificate authorities. Reportedly, this certificate has been misused.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 71348
    published 2013-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71348
    title Mozilla Thunderbird < 24.2 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-995.NASL
    description - update to Firefox 26.0 (bnc#854367, bnc#854370) - rebased patches - requires NSPR 4.10.2 and NSS 3.15.3.1 - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - removed gecko.js preference file as GStreamer is enabled by default now
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75241
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75241
    title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1918-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2923.NASL
    description Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 73868
    published 2014-05-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73868
    title Debian DSA-2923-1 : openjdk-7 - security update
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2053-1.NASL
    description Ben Turner, Bobby Holley, Jesse Ruderman and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5609) Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in event listeners. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5616) A use-after-free was discovered in the table editing interface. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5618) Tyson Smith and Jesse Schwartzentruber discovered a crash when inserting an ordered list in to a document using script. If a user had enabled scripting, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-6671) Sijie Xia discovered that trust settings for built-in EV root certificates were ignored under certain circumstances, removing the ability for a user to manually untrust certificates from specific authorities. (CVE-2013-6673) Tyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a use-after-free in functions for synthetic mouse movement handling. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5613) Eric Faust discovered that GetElementIC typed array stubs can be generated outside observed typesets. If a user had enabled scripting, an attacker could possibly exploit this to cause undefined behaviour with a potential security impact. (CVE-2013-5615) Michal Zalewski discovered several issues with JPEG image handling. An attacker could potentially exploit these to obtain sensitive information. (CVE-2013-6629, CVE-2013-6630). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 71375
    published 2013-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71375
    title Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : thunderbird vulnerabilities (USN-2053-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0486.NASL
    description Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0461, CVE-2014-0455, CVE-2014-2428, CVE-2014-0448, CVE-2014-0454, CVE-2014-0446, CVE-2014-0452, CVE-2014-0451, CVE-2014-2402, CVE-2014-2423, CVE-2014-2427, CVE-2014-0458, CVE-2014-2414, CVE-2014-2412, CVE-2014-2409, CVE-2014-0460, CVE-2013-6954, CVE-2013-6629, CVE-2014-2401, CVE-2014-0449, CVE-2014-0459, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876, CVE-2014-2420) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR7 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 74005
    published 2014-05-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74005
    title RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2014:0486)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0412.NASL
    description Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2015-01-28
    plugin id 73608
    published 2014-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73608
    title RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2014:0412)
  • NASL family Windows
    NASL id ORACLE_JAVA_CPU_APR_2014.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 8 Update 5, 7 Update 55, 6 Update 75, or 5 Update 65. It is, therefore, potentially affected by security issues in the following components : - 2D - AWT - Deployment - Hotspot - JAX-WS - JAXB - JAXP - JNDI - JavaFX - Javadoc - Libraries - Scripting - Security - Sound
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 73570
    published 2014-04-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73570
    title Oracle Java SE Multiple Vulnerabilities (April 2014 CPU)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-903.NASL
    description Security and bugfix update to Chromium 31.0.1650.57 - Update to Chromium 31.0.1650.57 : - Security Fixes : - CVE-2013-6632: Multiple memory corruption issues. - Update to Chromium 31.0.1650.48 Stable Channel update : - Security fixes : - CVE-2013-6621: Use after free related to speech input elements.. - CVE-2013-6622: Use after free related to media elements. - CVE-2013-6623: Out of bounds read in SVG. - CVE-2013-6624: Use after free related to “id” attribute strings. - CVE-2013-6625: Use after free in DOM ranges. - CVE-2013-6626: Address bar spoofing related to interstitial warnings. - CVE-2013-6627: Out of bounds read in HTTP parsing. - CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. - CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. - CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. - CVE-2013-6631: Use after free in libjingle. - Stable Channel update: fix build for 32bit systems - Update to Chromium 30.0.1599.101 - Security Fixes : + CVE-2013-2925: Use after free in XHR + CVE-2013-2926: Use after free in editing + CVE-2013-2927: Use after free in forms. + CVE-2013-2928: Various fixes from internal audits, fuzzing and other initiatives. - Enable ARM build for Chromium.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75212
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75212
    title openSUSE Security Update : chromium (openSUSE-SU-2013:1776-1)
  • NASL family Windows
    NASL id GOOGLE_CHROME_31_0_1650_48.NASL
    description The version of Google Chrome installed on the remote host is a version prior to 31.0.1650.48. It is, therefore, affected by multiple vulnerabilities : - Various, unspecified errors exist. (CVE-2013-2931) - Use-after-free errors exist related to speech input elements, media elements, 'id' attribute strings, DOM ranges, and libjingle. (CVE-2013-6621, CVE-2013-6622, CVE-2013-6624, CVE-2013-6625, CVE-2013-6631) - Out-of-bounds read errors exist in SVG and HTTP parsing. (CVE-2013-6623, CVE-2013-6627) - An address bar URI-spoofing vulnerability exists that is related to interstitial warnings. (CVE-2013-6626) - A certificate validation security bypass issue exists during TLS renegotiation. (CVE-2013-6628) - A memory corruption error exists in the libjpeg and libjpeg-turbo libraries when memory is uninitialized when decoding images with missing SOS data. (CVE-2013-6629) - A memory corruption error exists in the 'jdmarker.c' source file in the libjpeg-turbo library when processing Huffman tables. (CVE-2013-6630)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 70916
    published 2013-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70916
    title Google Chrome < 31.0.1650.48 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_6_0-IBM-140514.NASL
    description BM Java 6 was updated to version 6 SR16 to fix several security issues and various other bugs. More information can be found at: http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen 2019-02-21
    modified 2015-01-28
    plugin id 74284
    published 2014-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74284
    title SuSE 11.3 Security Update : IBM Java 6 (SAT Patch Number 9256)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-23291.NASL
    description Update to latest upstream - 24.2.0 See release notes here: http://www.mozilla.org/en-US/firefox/17.0.9/releasenotes/ See http://www.mozilla.org/en/thunderbird/24.0/releasenotes/ for full list of changes. See http://www.mozilla.org/en/thunderbird/24.0/releasenotes/ for full list of changes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 71785
    published 2014-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71785
    title Fedora 18 : thunderbird-24.2.0-2.fc18 (2013-23291)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-1023.NASL
    description - update to Thunderbird 24.2.0 (bnc#854370) - requires NSS 3.15.3.1 or higher - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - update to Thunderbird 24.1.1 - requires NSPR 4.10.2 and NSS 3.15.3 for security reasons - fix binary compatibility issues for patch level updates (bmo#927073)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74867
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74867
    title openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:1959-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0413.NASL
    description Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 12th May 2014] The package list in this erratum has been updated to make the packages available in the Oracle Java for Red Hat Enterprise Linux 6 Workstation x86_64 channels on the Red Hat Network. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-26
    plugin id 79010
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79010
    title RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2014:0413)
  • NASL family Misc.
    NASL id DOMINO_9_0_1_FP2.NASL
    description According to its version, the IBM Domino (formerly IBM Lotus Domino) application on the remote host is 9.x prior to 9.0.1 Fix Pack 2 (FP2). It is, therefore, affected by the following vulnerabilities : - An unspecified error exists related to the TLS implementation and the IBM HTTP server that could allow certain error cases to cause 100% CPU utilization. Note that this issue only affects Microsoft Windows hosts. (CVE-2014-0963) - Fixes in the Oracle Java CPU for April 2014 are included in the fixed IBM Java release, which is included in the fixed IBM Domino release. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428)
    last seen 2019-02-21
    modified 2018-07-10
    plugin id 77810
    published 2014-09-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77810
    title IBM Domino 9.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities (uncredentialed check)
  • NASL family Windows
    NASL id IBM_DOMINO_9_0_1_FP2.NASL
    description The version of IBM Domino (formerly Lotus Domino) installed on the remote host is 9.0.x prior to 9.0.1 Fix Pack 2 (FP2). It is, therefore, affected by the following vulnerabilities : - An unspecified error exists related to the TLS implementation and the IBM HTTP server that could allow certain error cases to cause 100% CPU utilization. Note this issue only affects Microsoft Windows hosts. (CVE-2014-0963) - Fixes in the Oracle Java CPU for April 2014 are included in the fixed IBM Java release, which is included in the fixed IBM Domino release. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 77811
    published 2014-09-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77811
    title IBM Domino 9.0.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities (credentialed check) (POODLE)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-23519.NASL
    description New upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 71505
    published 2013-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71505
    title Fedora 20 : firefox-26.0-3.fc20 / thunderbird-24.2.0-3.fc20 / xulrunner-26.0-2.fc20 (2013-23519)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_24_2_ESR.NASL
    description The installed version of Firefox ESR 24.x is earlier than 24.2 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5609, CVE-2013-5610) - Two use-after-free vulnerabilities exist in the functions for synthetic mouse movement handling. (CVE-2013-5613) - An issue exists in which 'GetElementIC' typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact. (CVE-2013-5615) - A use-after-free vulnerability exists when interacting with event listeners from the mListeners array. This could result in a denial of service or arbitrary code execution. (CVE-2013-5616) - A use-after-free vulnerability exists in the table editing user interface of the editor during garbage collection. This could result in a denial of service or arbitrary code execution. (CVE-2013-5618) - Issues exist with the JPEG format image processing with Start Of Scan (SOS) and Define Huffman Table (DHT) markers in the 'libjpeg' library. This could allow attackers to read arbitrary memory content as well as cross-domain image theft. (CVE-2013-6629, CVE-2013-6630) - A memory issue exists when inserting an ordered list into a document through a script that could result in a denial of service or arbitrary code execution. (CVE-2013-6671) - Trust settings for built-in root certificates are ignored during extended validation (EV) certificate validation. This removes the ability of users to explicitly untrust root certificates from specific certificate authorities. (CVE-2013-6673) - An intermediate certificate that is used by a man-in- the-middle (MITM) traffic management device exists in Mozilla's root certificate authorities. Reportedly, this certificate has been misused.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 71343
    published 2013-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71343
    title Firefox ESR 24.x < 24.2 Multiple Vulnerabilities (Mac OS X)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2013-350-02.NASL
    description New libjpeg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
    last seen 2019-02-21
    modified 2013-12-18
    plugin id 71468
    published 2013-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71468
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : libjpeg (SSA:2013-350-02)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_THUNDERBIRD_24_2.NASL
    description The installed version of Thunderbird is earlier than 24.2 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5609, CVE-2013-5610) - Two use-after-free vulnerabilities exist in the functions for synthetic mouse movement handling. (CVE-2013-5613) - An issue exists in which 'GetElementIC' typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact. (CVE-2013-5615) - A use-after-free vulnerability exists when interacting with event listeners from the mListeners array. This could result in a denial of service or arbitrary code execution. (CVE-2013-5616) - A use-after-free vulnerability exists in the table editing user interface of the editor during garbage collection. This could result in a denial of service or arbitrary code execution. (CVE-2013-5618) - Issues exist with the JPEG format image processing with Start Of Scan (SOS) and Define Huffman Table (DHT) markers in the 'libjpeg' library. This could allow attackers to read arbitrary memory content as well as cross-domain image theft. (CVE-2013-6629, CVE-2013-6630) - A memory issue exists when inserting an ordered list into a document through a script that could result in a denial of service or arbitrary code execution. (CVE-2013-6671) - Trust settings for built-in root certificates are ignored during extended validation (EV) certificate validation. This removes the ability of users to explicitly untrust root certificates from specific certificate authorities. (CVE-2013-6673) - An intermediate certificate that is used by a man-in- the-middle (MITM) traffic management device exists in Mozilla's root certificate authorities. Reportedly, this certificate has been misused.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 71345
    published 2013-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71345
    title Thunderbird < 24.2 Multiple Vulnerabilities (Mac OS X)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_7_0-OPENJDK-140508.NASL
    description This java-1_7_0-openjdk update to version 2.4.7 fixes the following security and non-security issues : - Security fixes - S8023046: Enhance splashscreen support - S8025005: Enhance CORBA initializations - S8025010, CVE-2014-2412: Enhance AWT contexts - S8025030, CVE-2014-2414: Enhance stream handling - S8025152, CVE-2014-0458: Enhance activation set up - S8026067: Enhance signed jar verification - S8026163, CVE-2014-2427: Enhance media provisioning - S8026188, CVE-2014-2423: Enhance envelope factory - S8026200: Enhance RowSet Factory - S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling - S8026736, CVE-2014-2398: Enhance Javadoc pages - S8026797, CVE-2014-0451: Enhance data transfers - S8026801, CVE-2014-0452: Enhance endpoint addressing - S8027766, CVE-2014-0453: Enhance RSA processing - S8027775: Enhance ICU code. - S8027841, CVE-2014-0429: Enhance pixel manipulations - S8028385: Enhance RowSet Factory - S8029282, CVE-2014-2403: Enhance CharInfo set up - S8029286: Enhance subject delegation - S8029699: Update Poller demo - S8029730: Improve audio device additions - S8029735: Enhance service mgmt natives - S8029740, CVE-2014-0446: Enhance handling of loggers - S8029745, CVE-2014-0454: Enhance algorithm checking - S8029750: Enhance LCMS color processing (in-tree LCMS) - S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg) - S8029844, CVE-2014-0455: Enhance argument validation - S8029854, CVE-2014-2421: Enhance JPEG decodings - S8029858, CVE-2014-0456: Enhance array copies - S8030731, CVE-2014-0460: Improve name service robustness - S8031330: Refactor ObjectFactory - S8031335, CVE-2014-0459: Better color profiling (in-tree LCMS) - S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng) - S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader - S8031395: Enhance LDAP processing - S8032686, CVE-2014-2413: Issues with method invoke - S8033618, CVE-2014-1876: Correct logging output - S8034926, CVE-2014-2397: Attribute classes properly - S8036794, CVE-2014-0461: Manage JavaScript instances - Backports - S8004145: New improved hgforest.sh, ctrl-c now properly terminates mercurial processes. - S8007625: race with nested repos in /common/bin/hgforest.sh - S8011178: improve common/bin/hgforest.sh python detection (MacOS) - S8011342: hgforest.sh : 'python --version' not supported on older python - S8011350: hgforest.sh uses non-POSIX sh features that may fail with some shells - S8024200: handle hg wrapper with space after #! - S8025796: hgforest.sh could trigger unbuffered output from hg without complicated machinations - S8028388: 9 jaxws tests failed in nightly build with java.lang.ClassCastException - S8031477: [macosx] Loading AWT native library fails - S8032370: No 'Truncated file' warning from IIOReadWarningListener on JPEGImageReader - S8035834: InetAddress.getLocalHost() can hang after JDK-8030731 was fixed - Bug fixes - PR1393: JPEG support in build is broken on non-system-libjpeg builds - PR1726: configure fails looking for ecj.jar before even trying to find javac - Red Hat local: Fix for repo with path statting with / . - Remove unused hgforest script
    last seen 2019-02-21
    modified 2015-01-28
    plugin id 74007
    published 2014-05-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74007
    title SuSE 11.3 Security Update : OpenJDK (SAT Patch Number 9209)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1804.NASL
    description From Red Hat Security Advisory 2013:1804 : An updated libjpeg package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libjpeg package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions. An uninitialized memory read issue was found in the way libjpeg decoded images with missing Start Of Scan (SOS) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629) All libjpeg users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 71333
    published 2013-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71333
    title Oracle Linux 5 : libjpeg (ELSA-2013-1804)
  • NASL family Windows
    NASL id SMB_NT_MS17_APR_4017094.NASL
    description The version of Silverlight 5 installed on the remote Windows host is missing security update KB4017094. It is, therefore, affected by an information disclosure vulnerability in the open-source libjpeg image processing library due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this to disclose sensitive information that can be utilized to bypass ASLR security protections.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 99289
    published 2017-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99289
    title KB4017094: Security Update for the libjpeg Information Disclosure Vulnerability for Microsoft Silverlight 5 (April 2017)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-993.NASL
    description - update to Firefox 26.0 (bnc#854367, bnc#854370) - rebased patches - requires NSPR 4.10.2 and NSS 3.15.3.1 - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - removed gecko.js preference file as GStreamer is enabled by default now
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75239
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75239
    title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1916-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-23749.NASL
    description Apply fixes CVE-2013-6629, CVE-2013-6630 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 71627
    published 2013-12-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71627
    title Fedora 20 : libjpeg-turbo-1.3.0-2.fc20 (2013-23749)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-1022.NASL
    description - update to Thunderbird 24.2.0 (bnc#854370) - requires NSS 3.15.3.1 or higher - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - update to Thunderbird 24.1.1 - requires NSPR 4.10.2 and NSS 3.15.3 for security reasons - fix binary compatibility issues for patch level updates (bmo#927073)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74866
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74866
    title openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:1958-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1804.NASL
    description An updated libjpeg package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libjpeg package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions. An uninitialized memory read issue was found in the way libjpeg decoded images with missing Start Of Scan (SOS) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629) All libjpeg users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 71291
    published 2013-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71291
    title RHEL 5 : libjpeg (RHSA-2013:1804)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-23295.NASL
    description Update to latest upstream - 24.2.0 See release notes here: http://www.mozilla.org/en-US/firefox/17.0.9/releasenotes/ See http://www.mozilla.org/en/thunderbird/24.0/releasenotes/ for full list of changes. See http://www.mozilla.org/en/thunderbird/24.0/releasenotes/ for full list of changes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 71448
    published 2013-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71448
    title Fedora 19 : thunderbird-24.2.0-2.fc19 (2013-23295)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_24_2_ESR.NASL
    description The installed version of Firefox ESR 24.x is earlier than 24.2, and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5609, CVE-2013-5610) - Two use-after-free vulnerabilities exist in the functions for synthetic mouse movement handling. (CVE-2013-5613) - An issue exists in which 'GetElementIC' typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact. (CVE-2013-5615) - A use-after-free vulnerability exists when interacting with event listeners from the mListeners array. This could result in a denial of service or arbitrary code execution. (CVE-2013-5616) - A use-after-free vulnerability exists in the table editing user interface of the editor during garbage collection. This could result in a denial of service or arbitrary code execution. (CVE-2013-5618) - Issues exist with the JPEG format image processing with Start Of Scan (SOS) and Define Huffman Table (DHT) markers in the 'libjpeg' library. This could allow attackers to read arbitrary memory content as well as cross-domain image theft. (CVE-2013-6629, CVE-2013-6630) - A memory issue exists when inserting an ordered list into a document through a script that could result in a denial of service or arbitrary code execution. (CVE-2013-6671) - Trust settings for built-in root certificates are ignored during extended validation (EV) certificate validation. This removes the ability of users to explicitly untrust root certificates from specific certificate authorities. (CVE-2013-6673) - An intermediate certificate that is used by a man-in- the-middle (MITM) traffic management device exists in Mozilla's root certificate authorities. Reportedly, this certificate has been misused.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 71346
    published 2013-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71346
    title Firefox ESR 24.x < 24.2 Multiple Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-23127.NASL
    description Update to Firefox 26. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 71365
    published 2013-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71365
    title Fedora 19 : firefox-26.0-2.fc19 / xulrunner-26.0-1.fc19 (2013-23127)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20131210_LIBJPEG_TURBO_ON_SL6_X.NASL
    description An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan (SOS) JPEG markers or Define Huffman Table (DHT) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629, CVE-2013-6630)
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 71339
    published 2013-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71339
    title Scientific Linux Security Update : libjpeg-turbo on SL6.x i386/x86_64
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_GOOGLE_CHROME_31_0_1650_48.NASL
    description The version of Google Chrome installed on the remote Mac OS X host is a version prior to 31.0.1650.48. It is, therefore, affected by multiple vulnerabilities : - Various, unspecified errors exist. (CVE-2013-2931) - Use-after-free errors exist related to speech input elements, media elements, 'id' attribute strings, DOM ranges, and libjingle. (CVE-2013-6621, CVE-2013-6622, CVE-2013-6624, CVE-2013-6625, CVE-2013-6631) - Out-of-bounds read errors exist in SVG and HTTP parsing. (CVE-2013-6623, CVE-2013-6627) - An address bar URI-spoofing vulnerability exists that is related to interstitial warnings. (CVE-2013-6626) - A certificate validation security bypass issue exists during TLS renegotiation. (CVE-2013-6628) - A memory corruption error exists in the libjpeg and libjpeg-turbo libraries when memory is uninitialized when decoding images with missing SOS data. (CVE-2013-6629) - A memory corruption error exists in the 'jdmarker.c' source file in the libjpeg-turbo library when processing Huffman tables. (CVE-2013-6630)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 70917
    published 2013-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70917
    title Google Chrome < 31.0.1650.48 Multiple Vulnerabilities (Mac OS X)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20131210_LIBJPEG_ON_SL5_X.NASL
    description An uninitialized memory read issue was found in the way libjpeg decoded images with missing Start Of Scan (SOS) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629)
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 71338
    published 2013-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71338
    title Scientific Linux Security Update : libjpeg on SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-2.NASL
    description This update fixes the following security issues with SeaMonkey : - update to SeaMonkey 2.23 (bnc#854370)) - requires NSPR 4.10.2 and NSS 3.15.3.1 - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - rebased patches : - mozilla-nongnome-proxies.patch - mozilla-shared-nss-db.patch
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75327
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75327
    title openSUSE Security Update : seamonkey (openSUSE-SU-2014:0008-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-1024.NASL
    description - update to Thunderbird 24.2.0 (bnc#854370) - requires NSS 3.15.3.1 or higher - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - update to Thunderbird 24.1.1 - requires NSPR 4.10.2 and NSS 3.15.3 for security reasons - fix binary compatibility issues for patch level updates (bmo#927073)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74868
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74868
    title openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:1957-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_DD116B1964B311E3868F0025905A4771.NASL
    description The Mozilla Project reports : MFSA 2013-116 JPEG information leak MFSA 2013-105 Application Installation doorhanger persists on navigation MFSA 2013-106 Character encoding cross-origin XSS attack MFSA 2013-107 Sandbox restrictions not applied to nested object elements MFSA 2013-108 Use-after-free in event listeners MFSA 2013-109 Use-after-free during Table Editing MFSA 2013-110 Potential overflow in JavaScript binary search algorithms MFSA 2013-111 Segmentation violation when replacing ordered list elements MFSA 2013-112 Linux clipboard information disclosure though selection paste MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation MFSA 2013-114 Use-after-free in synthetic mouse movement MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets MFSA 2013-116 JPEG information leak MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 71452
    published 2013-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71452
    title FreeBSD : mozilla -- multiple vulnerabilities (dd116b19-64b3-11e3-868f-0025905a4771)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-994.NASL
    description - update to Firefox 26.0 (bnc#854367, bnc#854370) - rebased patches - requires NSPR 4.10.2 and NSS 3.15.3.1 - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - removed gecko.js preference file as GStreamer is enabled by default now
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75240
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75240
    title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1917-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0705.NASL
    description Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 7 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR1 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 76900
    published 2014-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76900
    title RHEL 7 : java-1.7.1-ibm (RHSA-2014:0705)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1803.NASL
    description From Red Hat Security Advisory 2013:1803 : Updated libjpeg-turbo packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libjpeg-turbo package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions. An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan (SOS) JPEG markers or Define Huffman Table (DHT) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629, CVE-2013-6630) All libjpeg-turbo users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 71287
    published 2013-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71287
    title Oracle Linux 6 : libjpeg-turbo (ELSA-2013-1803)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2060-1.NASL
    description Michal Zalewski discovered that libjpeg and libjpeg-turbo incorrectly handled certain memory operations. An attacker could use this issue with a specially crafted JPEG file to possibly expose sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 71563
    published 2013-12-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71563
    title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : libjpeg-turbo, libjpeg6b vulnerabilities (USN-2060-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2052-1.NASL
    description Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph Diehl discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5609, CVE-2013-5610) Myk Melez discovered that the doorhanger notification for web app installation could persist between page navigations. An attacker could potentially exploit this to conduct clickjacking attacks. (CVE-2013-5611) Masato Kinugawa discovered that pages with missing character set encoding information can inherit character encodings across navigations from another domain. An attacker could potentially exploit this to conduct cross-site scripting attacks. (CVE-2013-5612) Daniel Veditz discovered that a sandboxed iframe could use an object element to bypass its own restrictions. (CVE-2013-5614) Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in event listeners. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5616) A use-after-free was discovered in the table editing interface. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5618) Dan Gohman discovered that binary search algorithms in Spidermonkey used arithmetic prone to overflow in several places. However, this is issue not believed to be exploitable. (CVE-2013-5619) Tyson Smith and Jesse Schwartzentruber discovered a crash when inserting an ordered list in to a document using script. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-6671) Vincent Lefevre discovered that web content could access clipboard data under certain circumstances, resulting in information disclosure. (CVE-2013-6672) Sijie Xia discovered that trust settings for built-in EV root certificates were ignored under certain circumstances, removing the ability for a user to manually untrust certificates from specific authorities. (CVE-2013-6673) Tyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a use-after-free in functions for synthetic mouse movement handling. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5613) Eric Faust discovered that GetElementIC typed array stubs can be generated outside observed typesets. An attacker could possibly exploit this to cause undefined behaviour with a potential security impact. (CVE-2013-5615) Michal Zalewski discovered several issues with JPEG image handling. An attacker could potentially exploit these to obtain sensitive information. (CVE-2013-6629, CVE-2013-6630). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 71374
    published 2013-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71374
    title Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2052-1)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL59503294.NASL
    description The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. (CVE-2013-6629)
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 91303
    published 2016-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91303
    title F5 Networks BIG-IP : libjpeg vulnerability (K59503294)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-1803.NASL
    description Updated libjpeg-turbo packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libjpeg-turbo package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions. An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan (SOS) JPEG markers or Define Huffman Table (DHT) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629, CVE-2013-6630) All libjpeg-turbo users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 71271
    published 2013-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71271
    title CentOS 6 : libjpeg-turbo (CESA-2013:1803)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201606-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201606-03 (libjpeg-turbo: Multiple vulnerabilities) libjpeg-turbo does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers. Impact : Remote attackers could obtain sensitive information from uninitialized memory locations via a crafted JPEG images. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-06-06
    plugin id 91480
    published 2016-06-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91480
    title GLSA-201606-03 : libjpeg-turbo: Multiple vulnerabilities
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2013-267.NASL
    description An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan (SOS) JPEG markers or Define Huffman Table (DHT) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629 , CVE-2013-6630)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 71579
    published 2013-12-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71579
    title Amazon Linux AMI : libjpeg-turbo (ALAS-2013-267)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS17_APR_4015383.NASL
    description The remote Windows host is missing security updates. It is, therefore, affected by an information disclosure vulnerability in the open-source libjpeg image processing library due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this to disclose sensitive information that can be utilized to bypass ASLR security protections.
    last seen 2019-02-21
    modified 2018-08-03
    plugin id 99309
    published 2017-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99309
    title KB4015383: Security Updates for the libjpeg Information Disclosure Vulnerability (April 2017)
redhat via4
advisories
  • bugzilla
    id 1031734
    title CVE-2013-6629 libjpeg: information leak (read of uninitialized memory)
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment libjpeg is earlier than 0:6b-38
          oval oval:com.redhat.rhsa:tst:20131804002
        • comment libjpeg is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20131804003
      • AND
        • comment libjpeg-devel is earlier than 0:6b-38
          oval oval:com.redhat.rhsa:tst:20131804004
        • comment libjpeg-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20131804005
    rhsa
    id RHSA-2013:1804
    released 2013-12-09
    severity Moderate
    title RHSA-2013:1804: libjpeg security update (Moderate)
  • rhsa
    id RHSA-2013:1803
  • rhsa
    id RHSA-2014:0413
  • rhsa
    id RHSA-2014:0414
rpms
  • libjpeg-turbo-0:1.2.1-3.el6_5
  • libjpeg-turbo-devel-0:1.2.1-3.el6_5
  • libjpeg-turbo-static-0:1.2.1-3.el6_5
  • libjpeg-0:6b-38
  • libjpeg-devel-0:6b-38
refmap via4
bid 63676
confirm
debian DSA-2799
fedora
  • FEDORA-2013-23127
  • FEDORA-2013-23291
  • FEDORA-2013-23295
  • FEDORA-2013-23519
fulldisc 20131112 bugs in IJG jpeg6b & libjpeg-turbo
gentoo
  • GLSA-201406-32
  • GLSA-201606-03
hp
  • HPSBUX03091
  • HPSBUX03092
  • SSRT101667
  • SSRT101668
mandriva MDVSA-2013:273
sectrack
  • 1029470
  • 1029476
secunia
  • 56175
  • 58974
  • 59058
suse
  • openSUSE-SU-2013:1776
  • openSUSE-SU-2013:1777
  • openSUSE-SU-2013:1861
  • openSUSE-SU-2013:1916
  • openSUSE-SU-2013:1917
  • openSUSE-SU-2013:1918
  • openSUSE-SU-2013:1957
  • openSUSE-SU-2013:1958
  • openSUSE-SU-2013:1959
  • openSUSE-SU-2014:0008
  • openSUSE-SU-2014:0065
ubuntu
  • USN-2052-1
  • USN-2053-1
  • USN-2060-1
the hacker news via4
id THN:F163E519BC7D66DC74B0794EF8746E50
last seen 2018-01-27
modified 2014-04-17
published 2014-04-16
reporter Wang Wei
source https://thehackernews.com/2014/04/oracle-releases-critical-update-to.html
title Oracle releases Critical Update to Patch 104 Vulnerabilities
vmware via4
description Oracle has documented the CVE identifiers that are addressed in JRE 1.7.0 update 55 in the Oracle Java SE Critical Patch Update Advisory of April 2014. The References section provides a link to this advisory. This issue may lead to remote code execution after authentication.
id VMSA-2014-0008
last_updated 2014-09-09T00:00:00
published 2014-09-09T00:00:00
title vCenter and Update ManagerOracle JRE 1.7 Update 55
workaround None
Last major update 12-04-2017 - 21:59
Published 18-11-2013 - 23:50
Last modified 04-01-2018 - 21:29
Back to Top