The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Juniper Junos Space Security Design

computer vulnerability note CVE-2013-1741 CVE-2013-2566 CVE-2013-5605

NSS: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NSS.
Impacted products: Debian, Fedora, Junos Space, Firefox, NSS, SeaMonkey, Thunderbird, openSUSE, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Solaris, Oracle Virtual Directory, WebLogic, Oracle Web Tier, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, data flow, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 18/11/2013.
Revision date: 19/11/2013.
Identifiers: BID-58796, BID-63736, BID-63737, BID-63738, CERTA-2013-AVI-642, CERTFR-2014-AVI-318, CERTFR-2017-AVI-012, cpuapr2017, cpujul2014, cpuoct2016, cpuoct2017, CVE-2013-1741, CVE-2013-2566, CVE-2013-5605, CVE-2013-5606, DSA-2800-1, DSA-2994-1, DSA-3071-1, FEDORA-2013-22456, FEDORA-2013-22467, FEDORA-2013-23301, FEDORA-2013-23479, JSA10770, MFSA 2013-103, openSUSE-SU-2013:1730-1, openSUSE-SU-2013:1732-1, RHSA-2013:1791-01, RHSA-2013:1829-01, RHSA-2013:1840-01, RHSA-2013:1841-01, RHSA-2014:0041-01, SSA:2013-339-01, SSA:2013-339-02, SSA:2013-339-03, SUSE-SU-2013:1807-1, VIGILANCE-VUL-13789.

Description of the vulnerability

Several vulnerabilities were announced in NSS.

On a 64 bit computer, an attacker can generate the initialization of a large memory area, in order to trigger a denial of service. [severity:1/4; BID-63736, CVE-2013-1741]

An attacker can generate a buffer overflow in Null Cipher, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-63738, CVE-2013-5605]

When verifyLog is used, the return code of CERT_VerifyCert() is incorrect, so an invalid certificate may be accepted. [severity:2/4; BID-63737, CVE-2013-5606]

When an attacker has 2^30 RC4 encrypted messages with different keys, he can guess the clear text message (VIGILANCE-VUL-12530). [severity:1/4; BID-58796, CVE-2013-2566]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2012-2750 CVE-2013-2251 CVE-2013-3839

MySQL: several vulnerabilities of October 2013

Synthesis of the vulnerability

Several vulnerabilities of MySQL are fixed by the CPU of October 2013.
Impacted products: Debian, Fedora, Junos Space, Junos Space Network Management Platform, MySQL Community, MySQL Enterprise, Solaris, Percona Server, RHEL.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 8.
Creation date: 16/10/2013.
Identifiers: BID-63105, BID-63107, BID-63109, BID-63113, BID-63116, BID-63119, BID-63125, bulletinoct2015, CERTA-2013-AVI-589, cpuoct2013, CVE-2012-2750, CVE-2013-2251, CVE-2013-3839, CVE-2013-5767, CVE-2013-5770, CVE-2013-5786, CVE-2013-5793, CVE-2013-5807, DSA-2780-1, DSA-2818-1, FEDORA-2013-19648, FEDORA-2013-19654, MDVSA-2013:250, RHSA-2014:0173-01, RHSA-2014:0186-01, RHSA-2014:0189-01, VIGILANCE-VUL-13606.

Description of the vulnerability

A Critical Patch Update fixes several vulnerabilities of MySQL.

An attacker can use a vulnerability of Service Manager, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2013-2251]

An attacker can use a vulnerability of Replication, in order to obtain or alter information. [severity:2/4; BID-63105, CVE-2013-5807]

An attacker can use a vulnerability of InnoDB, in order to trigger a denial of service. [severity:2/4; BID-63107, CVE-2013-5786]

An attacker can use a vulnerability of Optimizer, in order to trigger a denial of service. [severity:2/4; BID-63125, CVE-2012-2750]

An attacker can use a vulnerability of Optimizer, in order to trigger a denial of service. [severity:2/4; BID-63109, CVE-2013-3839]

An attacker can use a vulnerability of Optimizer, in order to trigger a denial of service. [severity:2/4; BID-63113, CVE-2013-5767]

An attacker can use a vulnerability of InnoDB, in order to trigger a denial of service. [severity:2/4; BID-63116, CVE-2013-5793]

An attacker can use a vulnerability of Locking, in order to trigger a denial of service. [severity:1/4; BID-63119, CVE-2013-5770]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2013-5095 CVE-2013-5096 CVE-2013-5097

Junos Space: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Junos Space.
Impacted products: Junos Space, Junos Space Network Management Platform.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 19/08/2013.
Identifiers: BID-61791, BID-61794, BID-61795, CERTA-2013-AVI-508, CVE-2013-5095, CVE-2013-5096, CVE-2013-5097, JSA10585, PR 863804, PR 879462, PR 884469, VIGILANCE-VUL-13285.

Description of the vulnerability

Several vulnerabilities were announced in Junos Space.

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-61791, CVE-2013-5095, PR 884469]

An attacker with read-only privileges can edit the configuration. [severity:2/4; BID-61794, CVE-2013-5096, PR 863804]

An attacker can obtain password hashes, and then use a brute force attack to retrieve them. [severity:2/4; BID-61795, CVE-2013-5097, PR 879462]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2013-2249

Apache HTTP Server: vulnerability of mod_session_dbd

Synthesis of the vulnerability

A vulnerability was announced in the mod_session_dbd module of Apache HTTP Server.
Impacted products: Apache httpd, Fedora, Junos Space, Slackware.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Creation date: 22/07/2013.
Identifiers: BID-61379, CERTA-2013-AVI-435, CERTFR-2015-AVI-431, CERTFR-2016-AVI-300, CVE-2013-2249, FEDORA-2013-13922, FEDORA-2013-13994, JSA10698, SSA:2013-218-02, VIGILANCE-VUL-13151.

Description of the vulnerability

The mod_session_dbd module is used to store HTTP sessions in a database.

However, this module does not correctly process changed data ("dirty flag").
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2013-1861 CVE-2013-3783 CVE-2013-3793

MySQL: several vulnerabilities of July 2013

Synthesis of the vulnerability

Several vulnerabilities of MySQL are fixed by the CPU of July 2013.
Impacted products: Debian, Junos Space, Junos Space Network Management Platform, MySQL Community, MySQL Enterprise, openSUSE, Solaris, Percona Server, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 18.
Creation date: 17/07/2013.
Identifiers: BID-58511, BID-61210, BID-61214, BID-61222, BID-61227, BID-61233, BID-61235, BID-61238, BID-61244, BID-61249, BID-61252, BID-61256, BID-61260, BID-61264, BID-61269, BID-61272, BID-61274, bulletinoct2015, CERTA-2013-AVI-419, CERTA-2013-AVI-543, cpujuly2013, CVE-2013-1861, CVE-2013-3783, CVE-2013-3793, CVE-2013-3794, CVE-2013-3795, CVE-2013-3796, CVE-2013-3798, CVE-2013-3801, CVE-2013-3802, CVE-2013-3804, CVE-2013-3805, CVE-2013-3806, CVE-2013-3807, CVE-2013-3808, CVE-2013-3809, CVE-2013-3810, CVE-2013-3811, CVE-2013-3812, DSA-2818-1, JSA10601, MDVSA-2013:197, openSUSE-SU-2013:1335-1, openSUSE-SU-2013:1410-1, SUSE-SU-2013:1390-1, SUSE-SU-2013:1529-1, VIGILANCE-VUL-13132.

Description of the vulnerability

A Critical Patch Update fixes several vulnerabilities of MySQL.

An authenticated attacker can use a geometry query, in order to stop MySQL (VIGILANCE-VUL-12529). [severity:2/4; BID-58511, CVE-2013-1861]

An attacker can use a vulnerability of MemCached, in order to alter information, or to trigger a denial of service. [severity:2/4; BID-61274, CVE-2013-3798]

An attacker can use a vulnerability of Audit Log, in order to alter information. [severity:2/4; BID-61272, CVE-2013-3809]

An attacker can use a vulnerability of Data Manipulation Language, in order to trigger a denial of service. [severity:2/4; BID-61264, CVE-2013-3793]

An attacker can use a vulnerability of Data Manipulation Language, in order to trigger a denial of service. [severity:2/4; BID-61238, CVE-2013-3795]

An attacker can use a vulnerability of Full Text Search, in order to trigger a denial of service. [severity:2/4; BID-61244, CVE-2013-3802]

An attacker can use a vulnerability of InnoDB, in order to trigger a denial of service. [severity:2/4; BID-61235, CVE-2013-3806]

An attacker can use a vulnerability of Prepared Statements, in order to trigger a denial of service. [severity:2/4; BID-61256, CVE-2013-3805]

An attacker can use a vulnerability of Server Optimizer, in order to trigger a denial of service. [severity:2/4; BID-61260, CVE-2013-3804]

An attacker can use a vulnerability of Server Optimizer, in order to trigger a denial of service. [severity:2/4; BID-61233, CVE-2013-3796]

An attacker can use a vulnerability of Server Options, in order to trigger a denial of service. [severity:2/4; BID-61227, CVE-2013-3808]

An attacker can use a vulnerability of Server Options, in order to trigger a denial of service. [severity:2/4; BID-61269, CVE-2013-3801]

An attacker can use a vulnerability of Server Parser, in order to trigger a denial of service. [severity:2/4; BID-61210, CVE-2013-3783]

An attacker can use a vulnerability of Server Partition, in order to trigger a denial of service. [severity:2/4; BID-61222, CVE-2013-3794]

An attacker can use a vulnerability of Server Privileges, in order to obtain or alter information. [severity:2/4; BID-61238, CVE-2013-3807]

An attacker can use a vulnerability of InnoDB, in order to trigger a denial of service. [severity:2/4; BID-61252, CVE-2013-3811]

An attacker can use a vulnerability of Server Replication, in order to trigger a denial of service. [severity:2/4; BID-61249, CVE-2013-3812]

An attacker can use a vulnerability of XA Transactions, in order to trigger a denial of service. [severity:2/4; BID-61214, CVE-2013-3810]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2013-1896

Apache HTTP Server: denial of service via mod_dav

Synthesis of the vulnerability

An attacker can send a MERGE query for mod_dav of Apache HTTP Server, in order to trigger a denial of service.
Impacted products: Apache httpd, Fedora, HP-UX, Junos Space, Junos Space Network Management Platform, NSMXpress, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, Slackware, SLES.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 15/07/2013.
Identifiers: BID-61129, c03922406, CERTA-2013-AVI-435, CERTA-2013-AVI-543, CERTA-2013-AVI-590, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CERTFR-2015-AVI-286, CVE-2013-1896, FEDORA-2013-13922, FEDORA-2013-13994, HPSBUX02927, JSA10685, MDVSA-2013:193, openSUSE-SU-2013:1337-1, openSUSE-SU-2013:1340-1, openSUSE-SU-2013:1341-1, openSUSE-SU-2014:1647-1, RHSA-2013:1133-01, RHSA-2013:1134-01, RHSA-2013:1156-01, RHSA-2013:1207-01, RHSA-2013:1208-01, RHSA-2013:1209-01, SSA:2013-218-02, SSRT101288, SUSE-SU-2014:1082-1, VIGILANCE-VUL-13117.

Description of the vulnerability

The mod_dav (DAV, Distributed Authoring and Versioning) module can be installed in Apache HTTP Server.

The MERGE command of mod_dav_svn applies differences between two Subversion information sources. However, if this command indicates an URI which is not configured for DAV, a segmentation fault occurs in mod_dav.

An attacker can therefore send a MERGE query for mod_dav of Apache HTTP Server, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2013-1862

Apache httpd 2.2: character injection via mod_rewrite

Synthesis of the vulnerability

An attacker can use special characters, which are not filtered by mod_rewrite of Apache httpd 2.2, in order to inject them in the log file.
Impacted products: Apache httpd, BIG-IP Hardware, TMOS, HP-UX, Junos Space, Junos Space Network Management Platform, NSMXpress, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, SLES.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: internet client.
Creation date: 14/05/2013.
Identifiers: BID-59826, c03922406, CERTA-2013-AVI-332, CERTA-2013-AVI-543, CERTA-2013-AVI-590, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CERTFR-2014-AVI-502, CERTFR-2015-AVI-286, CVE-2013-1862, HPSBUX02927, JSA10685, MDVSA-2013:174, openSUSE-SU-2013:1337-1, openSUSE-SU-2013:1340-1, openSUSE-SU-2013:1341-1, openSUSE-SU-2014:1647-1, RHSA-2013:0815-01, RHSA-2013:1133-01, RHSA-2013:1134-01, RHSA-2013:1207-01, RHSA-2013:1208-01, RHSA-2013:1209-01, SOL15877, SSRT101288, SUSE-SU-2014:1082-1, VIGILANCE-VUL-12790.

Description of the vulnerability

The mod_rewrite module of Apache httpd is used to edit queries. The RewriteLog directive of Apache 2.2 indicates the filename where to log performed modifications.

However, special characters contained in the client name, the username and the free text are not filtered.

An attacker can therefore use special characters, which are not filtered by mod_rewrite of Apache httpd 2.2, in order to inject them in the log file.

If the attacker injects ANSI escape sequences, they are then interpreted when the administrator displays log files in a shell terminal.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2013-3497

Junos Space: password reading via the Web Interface

Synthesis of the vulnerability

An attacker, who can read administrator's screen, can see the password displayed on the Junos Space Web Interface, in order to authenticate on the product.
Impacted products: Junos Space, Junos Space Network Management Platform.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user console.
Creation date: 13/05/2013.
Identifiers: BID-59760, CVE-2013-3497, KB27374, PSN-2013-05-939, VIGILANCE-VUL-12775.

Description of the vulnerability

The Junos Space Web Interface allows the administrator to edit and to display the configuration.

However, some passwords are directly displayed on the screen, without being hidden by asterisks.

An attacker, who can read administrator's screen, can therefore see the password displayed on the Junos Space Web Interface, in order to authenticate on the product.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2012-5614 CVE-2013-1502 CVE-2013-1506

MySQL: several vulnerabilities of April 2013

Synthesis of the vulnerability

Several vulnerabilities of MySQL are fixed by the CPU of April 2013.
Impacted products: Debian, Junos Space, Junos Space Network Management Platform, MySQL Community, MySQL Enterprise, Solaris, Percona Server, RHEL.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 25.
Creation date: 17/04/2013.
Identifiers: BID-59173, BID-59180, BID-59188, BID-59196, BID-59201, BID-59202, BID-59205, BID-59207, BID-59209, BID-59210, BID-59211, BID-59215, BID-59216, BID-59217, BID-59218, BID-59222, BID-59223, BID-59224, BID-59225, BID-59227, BID-59229, BID-59232, BID-59237, BID-59239, BID-59242, bulletinjul2016, bulletinoct2015, CERTA-2013-AVI-253, cpuapr2013, CVE-2012-5614, CVE-2013-1502, CVE-2013-1506, CVE-2013-1511, CVE-2013-1512, CVE-2013-1521, CVE-2013-1523, CVE-2013-1526, CVE-2013-1531, CVE-2013-1532, CVE-2013-1544, CVE-2013-1548, CVE-2013-1552, CVE-2013-1555, CVE-2013-1566, CVE-2013-1567, CVE-2013-1570, CVE-2013-2375, CVE-2013-2376, CVE-2013-2378, CVE-2013-2381, CVE-2013-2389, CVE-2013-2391, CVE-2013-2392, CVE-2013-2395, DSA-2667-1, MDVSA-2013:150, RHSA-2013:0772-01, VIGILANCE-VUL-12684.

Description of the vulnerability

A Critical Patch Update fixes several vulnerabilities of MySQL.

An attacker can use a vulnerability of Data Manipulation Language, in order to create a denial of service. [severity:3/4; BID-59173, CVE-2013-2395]

An attacker can use a vulnerability of Server Locking, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59180, CVE-2013-1521]

An attacker can use a vulnerability of Information Schema, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59188, CVE-2013-2378]

An attacker can use a vulnerability of Server, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59196, CVE-2013-1552]

An attacker can use a vulnerability of Server Privileges, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59202, CVE-2013-1531]

An attacker can use a vulnerability of Server Privileges, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59209, CVE-2013-2375]

An attacker can use a vulnerability of MemCached, in order to create a denial of service. [severity:2/4; BID-59216, CVE-2013-1570]

An attacker can use a vulnerability of Server Optimizer, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-59225, CVE-2013-1523]

An attacker can use a vulnerability of Data Manipulation Language, in order to create a denial of service. [severity:2/4; BID-59229, CVE-2013-1544]

An attacker can use a vulnerability of Data Manipulation Language, in order to create a denial of service. [severity:2/4; BID-59218, CVE-2013-1512]

An attacker can use a vulnerability of Information Schema, in order to create a denial of service. [severity:2/4; BID-59211, CVE-2013-1532]

An attacker can use a vulnerability of InnoDB, in order to create a denial of service. [severity:2/4; BID-59207, CVE-2013-2389]

An attacker can use a vulnerability of Server Optimizer, in order to create a denial of service. [severity:2/4; BID-59224, CVE-2013-2392]

An attacker can use a vulnerability of Server Partition, in order to create a denial of service. [severity:2/4; BID-59210, CVE-2013-1555]

An attacker can use a vulnerability of Server Replication, in order to create a denial of service. [severity:2/4; BID-59217, CVE-2013-1526]

An attacker can use a vulnerability of Server XML, in order to create a denial of service (VIGILANCE-VUL-12198). [severity:2/4; BID-59222, CVE-2012-5614]

An attacker can use a vulnerability of Stored Procedure, in order to create a denial of service. [severity:2/4; BID-59227, CVE-2013-2376]

An attacker can use a vulnerability of Data Manipulation Language, in order to create a denial of service. [severity:2/4; BID-59232, CVE-2013-1567]

An attacker can use a vulnerability of InnoDB, in order to create a denial of service. [severity:2/4; BID-59201, CVE-2013-1511]

An attacker can use a vulnerability of InnoDB, in order to create a denial of service. [severity:2/4; BID-59205, CVE-2013-1566]

An attacker can use a vulnerability of Server Privileges, in order to alter information. [severity:2/4; BID-59215, CVE-2013-2381]

An attacker can use a vulnerability of Server Types, in order to create a denial of service. [severity:2/4; BID-59223, CVE-2013-1548]

An attacker can use a vulnerability of Server Install, in order to obtain or alter information. [severity:2/4; BID-59242, CVE-2013-2391]

An attacker can use a vulnerability of Server Locking, in order to create a denial of service. [severity:1/4; BID-59237, CVE-2013-1506]

An attacker can use a vulnerability of Server Partition, in order to create a denial of service. [severity:1/4; BID-59239, CVE-2013-1502]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-0401 CVE-2013-0402 CVE-2013-1488

Oracle JRE, JDK, JavaFX: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Oracle JRE, JDK and JavaFX can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Impacted products: Fedora, HP-UX, Domino, Notes, Tivoli System Automation, Junos Space, Junos Space Network Management Platform, Java OpenJDK, openSUSE, Java Oracle, JavaFX, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 42.
Creation date: 17/04/2013.
Identifiers: BID-59088, BID-59089, BID-59124, BID-59128, BID-59131, BID-59137, BID-59141, BID-59145, BID-59149, BID-59153, BID-59154, BID-59159, BID-59162, BID-59165, BID-59166, BID-59167, BID-59170, BID-59172, BID-59175, BID-59178, BID-59179, BID-59184, BID-59185, BID-59187, BID-59190, BID-59191, BID-59194, BID-59195, BID-59203, BID-59206, BID-59208, BID-59212, BID-59213, BID-59219, BID-59220, BID-59228, BID-59234, BID-59243, bulletinoct2015, c03874547, c03898880, CERTA-2013-AVI-256, CVE-2013-0401, CVE-2013-0402, CVE-2013-1488, CVE-2013-1491, CVE-2013-1518, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1561, CVE-2013-1563, CVE-2013-1564, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2414, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2425, CVE-2013-2426, CVE-2013-2427, CVE-2013-2428, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2432, CVE-2013-2433, CVE-2013-2434, CVE-2013-2435, CVE-2013-2436, CVE-2013-2438, CVE-2013-2439, CVE-2013-2440, FEDORA-2013-5922, FEDORA-2013-5958, HPSBUX02908, HPSBUX02922, javacpuapr2013, KLYH95CMCJ, MDVSA-2013:145, MDVSA-2013:161, openSUSE-SU-2013:0745-1, openSUSE-SU-2013:0777-1, openSUSE-SU-2013:0964-1, openSUSE-SU-2013:0993-1, RHSA-2013:0751-01, RHSA-2013:0752-01, RHSA-2013:0757-01, RHSA-2013:0758-01, RHSA-2013:0770-01, RHSA-2013:0822-01, RHSA-2013:0823-01, RHSA-2013:0855-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SA-20130417-1, SE-2012-01, SSRT101305, SUSE-SU-2013:0814-1, SUSE-SU-2013:0835-1, SUSE-SU-2013:0835-2, SUSE-SU-2013:0835-3, SUSE-SU-2013:0871-1, SUSE-SU-2013:0871-2, SUSE-SU-2013:0934-1, swg21644918, swg21645096, swg21645100, VIGILANCE-VUL-12678, ZDI-13-068, ZDI-13-069, ZDI-13-070, ZDI-13-071, ZDI-13-072, ZDI-13-073, ZDI-13-074, ZDI-13-075, ZDI-13-076, ZDI-13-077, ZDI-13-078, ZDI-13-079, ZDI-13-089.

Description of the vulnerability

Several vulnerabilities were announced in Oracle JRE, JDK and JavaFX. The most severe vulnerabilities lead to code execution.

An attacker can use a vulnerability of ICU 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59190, CVE-2013-2383, ZDI-13-070]

An attacker can use a vulnerability of ICU 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59179, CVE-2013-2384, ZDI-13-068]

An attacker can use a vulnerability of ICU 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59166, CVE-2013-1569, ZDI-13-069]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59137, CVE-2013-2434, ZDI-13-071]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59154, CVE-2013-2432]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59167, CVE-2013-2420, ZDI-13-073]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; CVE-2013-1491, ZDI-13-078]

An attacker can use a vulnerability of Beans, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59219, CVE-2013-1558]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59124, CVE-2013-2440]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59089, CVE-2013-2435]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59165, CVE-2013-2431]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59191, CVE-2013-2425]

An attacker can use a vulnerability of JAXP, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59141, CVE-2013-1518]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59234, CVE-2013-2414]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59175, CVE-2013-2428, ZDI-13-074]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59128, CVE-2013-2427]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59228, CVE-2013-2422]

An attacker can use a vulnerability of RMI, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59194, CVE-2013-1537]

An attacker can use a vulnerability of RMI, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59170, CVE-2013-1557]

An attacker can use a vulnerability of HotSpot, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59153, CVE-2013-2421]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; CVE-2013-0402, ZDI-13-077]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59206, CVE-2013-2426, ZDI-13-075]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59213, CVE-2013-2436, ZDI-13-079]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; CVE-2013-1488, ZDI-13-076]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59172, CVE-2013-2394, ZDI-13-072]

An attacker can use a vulnerability of ImageIO, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59243, CVE-2013-2430]

An attacker can use a vulnerability of ImageIO, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59184, CVE-2013-2429]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59208, CVE-2013-1563]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59178, CVE-2013-2439]

An attacker can use a vulnerability of AWT, in order to obtain or alter information. [severity:3/4; CVE-2013-0401, ZDI-13-089]

An attacker can use a vulnerability of ICU 2D, in order to create a denial of service. [severity:2/4; BID-59131, CVE-2013-2419]

An attacker can use a vulnerability of JMX, in order to obtain information. [severity:2/4; BID-59159, CVE-2013-2424]

An attacker can use a vulnerability of JavaFX, in order to obtain information. [severity:2/4; BID-59203, CVE-2013-1561]

An attacker can use a vulnerability of JavaFX, in order to alter information. [severity:2/4; BID-59195, CVE-2013-1564]

An attacker can use a vulnerability of JavaFX, in order to alter information. [severity:2/4; BID-59185, CVE-2013-2438]

An attacker can use a vulnerability of Networking, in order to create a denial of service. [severity:2/4; BID-59187, CVE-2013-2417]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-59145, CVE-2013-2418]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-59088, CVE-2013-2416, SA-20130417-1]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-59220, CVE-2013-2433]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-59149, CVE-2013-1540]

An attacker can use a vulnerability of Hotspot, in order to alter information. [severity:2/4; BID-59162, CVE-2013-2423]

An attacker can use a vulnerability of JAX-WS, in order to obtain information. [severity:1/4; BID-59212, CVE-2013-2415]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Juniper Junos Space Security Design: