VARIoT IoT vulnerabilities database
| VAR-201302-0263 | CVE-2013-0648 | Adobe Flash Player of ExternalInterface ActionScript Vulnerability to execute arbitrary code in function |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. Attacks on this vulnerability 2013 Year 2 Observed on the moon.Skillfully crafted by a third party SWF Arbitrary code may be executed through content.
An attacker can exploit this issue to execute arbitrary code in the context of the application or cause denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Through specially crafted SWF content. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0574-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0574.html
Issue date: 2013-02-27
CVE Names: CVE-2013-0504 CVE-2013-0643 CVE-2013-0648
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes three security issues is
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-08,
listed in the References section. (CVE-2013-0504,
CVE-2013-0648)
This update also fixes a permissions issue with the Adobe Flash Player
Firefox sandbox.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
915961 - CVE-2013-0504 CVE-2013-0648 flash-plugin: multiple code execution flaws (APSB13-08)
915964 - CVE-2013-0643 flash-plugin: Firefox sandbox permissions issue (APSB13-08)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.273-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.273-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.273-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.273-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.273-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.273-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.273-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.273-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.273-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.273-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-0504.html
https://www.redhat.com/security/data/cve/CVE-2013-0643.html
https://www.redhat.com/security/data/cve/CVE-2013-0648.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-08.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRLn41XlSAg2UNWIIRAnzdAKCaJI07/I1LimaWJ6whuxtlqVukEwCeJrCH
4j7n45GWDCgkUE8CNNpu/6c=
=Knv1
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. Please review the CVE identifiers referenced below for
details.
Impact
======
A remote attacker could entice a user to open specially crafted SWF
content, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition.
Furthermore, a remote attacker may be able to bypass access
restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.310"
References
==========
[ 1 ] CVE-2012-5248
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248
[ 2 ] CVE-2012-5248
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248
[ 3 ] CVE-2012-5249
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249
[ 4 ] CVE-2012-5249
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249
[ 5 ] CVE-2012-5250
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250
[ 6 ] CVE-2012-5250
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250
[ 7 ] CVE-2012-5251
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251
[ 8 ] CVE-2012-5251
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251
[ 9 ] CVE-2012-5252
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252
[ 10 ] CVE-2012-5252
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252
[ 11 ] CVE-2012-5253
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253
[ 12 ] CVE-2012-5253
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253
[ 13 ] CVE-2012-5254
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254
[ 14 ] CVE-2012-5254
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254
[ 15 ] CVE-2012-5255
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255
[ 16 ] CVE-2012-5255
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255
[ 17 ] CVE-2012-5256
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256
[ 18 ] CVE-2012-5256
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256
[ 19 ] CVE-2012-5257
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257
[ 20 ] CVE-2012-5257
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257
[ 21 ] CVE-2012-5258
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258
[ 22 ] CVE-2012-5258
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258
[ 23 ] CVE-2012-5259
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259
[ 24 ] CVE-2012-5259
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259
[ 25 ] CVE-2012-5260
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260
[ 26 ] CVE-2012-5260
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260
[ 27 ] CVE-2012-5261
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261
[ 28 ] CVE-2012-5261
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261
[ 29 ] CVE-2012-5262
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262
[ 30 ] CVE-2012-5262
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262
[ 31 ] CVE-2012-5263
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263
[ 32 ] CVE-2012-5263
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263
[ 33 ] CVE-2012-5264
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264
[ 34 ] CVE-2012-5264
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264
[ 35 ] CVE-2012-5265
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265
[ 36 ] CVE-2012-5265
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265
[ 37 ] CVE-2012-5266
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266
[ 38 ] CVE-2012-5266
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266
[ 39 ] CVE-2012-5267
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267
[ 40 ] CVE-2012-5267
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267
[ 41 ] CVE-2012-5268
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268
[ 42 ] CVE-2012-5268
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268
[ 43 ] CVE-2012-5269
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269
[ 44 ] CVE-2012-5269
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269
[ 45 ] CVE-2012-5270
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270
[ 46 ] CVE-2012-5270
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270
[ 47 ] CVE-2012-5271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271
[ 48 ] CVE-2012-5271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271
[ 49 ] CVE-2012-5272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272
[ 50 ] CVE-2012-5272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272
[ 51 ] CVE-2012-5274
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5274
[ 52 ] CVE-2012-5275
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5275
[ 53 ] CVE-2012-5276
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5276
[ 54 ] CVE-2012-5277
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5277
[ 55 ] CVE-2012-5278
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5278
[ 56 ] CVE-2012-5279
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5279
[ 57 ] CVE-2012-5280
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5280
[ 58 ] CVE-2012-5676
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5676
[ 59 ] CVE-2012-5677
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5677
[ 60 ] CVE-2012-5678
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5678
[ 61 ] CVE-2013-0504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0504
[ 62 ] CVE-2013-0630
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630
[ 63 ] CVE-2013-0633
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633
[ 64 ] CVE-2013-0634
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634
[ 65 ] CVE-2013-0637
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0637
[ 66 ] CVE-2013-0638
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0638
[ 67 ] CVE-2013-0639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0639
[ 68 ] CVE-2013-0642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0642
[ 69 ] CVE-2013-0643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0643
[ 70 ] CVE-2013-0644
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0644
[ 71 ] CVE-2013-0645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0645
[ 72 ] CVE-2013-0646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646
[ 73 ] CVE-2013-0647
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0647
[ 74 ] CVE-2013-0648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0648
[ 75 ] CVE-2013-0649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0649
[ 76 ] CVE-2013-0650
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650
[ 77 ] CVE-2013-1365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1365
[ 78 ] CVE-2013-1366
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1366
[ 79 ] CVE-2013-1367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1367
[ 80 ] CVE-2013-1368
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1368
[ 81 ] CVE-2013-1369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1369
[ 82 ] CVE-2013-1370
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1370
[ 83 ] CVE-2013-1371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371
[ 84 ] CVE-2013-1372
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1372
[ 85 ] CVE-2013-1373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1373
[ 86 ] CVE-2013-1374
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1374
[ 87 ] CVE-2013-1375
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375
[ 88 ] CVE-2013-1378
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1378
[ 89 ] CVE-2013-1379
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1379
[ 90 ] CVE-2013-1380
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1380
[ 91 ] CVE-2013-2555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2555
[ 92 ] CVE-2013-2728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2728
[ 93 ] CVE-2013-3343
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3343
[ 94 ] CVE-2013-3344
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3344
[ 95 ] CVE-2013-3345
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3345
[ 96 ] CVE-2013-3347
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3347
[ 97 ] CVE-2013-3361
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361
[ 98 ] CVE-2013-3362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362
[ 99 ] CVE-2013-3363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363
[ 100 ] CVE-2013-5324
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201309-06.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201302-0148 | CVE-2013-0643 | Adobe Flash Player of Firefox Arbitrary code execution vulnerability in version sandbox |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. Attacks on this vulnerability 2013 Year 2 Observed on the moon.Expertly crafted by a third party SWF Arbitrary code could be executed via the content. Adobe Flash Player is prone to an unspecified security vulnerability.
The impact of this issue is currently unknown. We will update this BID when more information emerges. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0574-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0574.html
Issue date: 2013-02-27
CVE Names: CVE-2013-0504 CVE-2013-0643 CVE-2013-0648
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes three security issues is
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-08,
listed in the References section.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.273-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.273-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.273-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.273-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.273-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.273-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.273-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.273-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.273-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.273-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-0504.html
https://www.redhat.com/security/data/cve/CVE-2013-0643.html
https://www.redhat.com/security/data/cve/CVE-2013-0648.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-08.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRLn41XlSAg2UNWIIRAnzdAKCaJI07/I1LimaWJ6whuxtlqVukEwCeJrCH
4j7n45GWDCgkUE8CNNpu/6c=
=Knv1
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. Please review the CVE identifiers referenced below for
details.
Impact
======
A remote attacker could entice a user to open specially crafted SWF
content, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition.
Furthermore, a remote attacker may be able to bypass access
restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.310"
References
==========
[ 1 ] CVE-2012-5248
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248
[ 2 ] CVE-2012-5248
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248
[ 3 ] CVE-2012-5249
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249
[ 4 ] CVE-2012-5249
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249
[ 5 ] CVE-2012-5250
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250
[ 6 ] CVE-2012-5250
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250
[ 7 ] CVE-2012-5251
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251
[ 8 ] CVE-2012-5251
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251
[ 9 ] CVE-2012-5252
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252
[ 10 ] CVE-2012-5252
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252
[ 11 ] CVE-2012-5253
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253
[ 12 ] CVE-2012-5253
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253
[ 13 ] CVE-2012-5254
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254
[ 14 ] CVE-2012-5254
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254
[ 15 ] CVE-2012-5255
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255
[ 16 ] CVE-2012-5255
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255
[ 17 ] CVE-2012-5256
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256
[ 18 ] CVE-2012-5256
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256
[ 19 ] CVE-2012-5257
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257
[ 20 ] CVE-2012-5257
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257
[ 21 ] CVE-2012-5258
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258
[ 22 ] CVE-2012-5258
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258
[ 23 ] CVE-2012-5259
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259
[ 24 ] CVE-2012-5259
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259
[ 25 ] CVE-2012-5260
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260
[ 26 ] CVE-2012-5260
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260
[ 27 ] CVE-2012-5261
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261
[ 28 ] CVE-2012-5261
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261
[ 29 ] CVE-2012-5262
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262
[ 30 ] CVE-2012-5262
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262
[ 31 ] CVE-2012-5263
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263
[ 32 ] CVE-2012-5263
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263
[ 33 ] CVE-2012-5264
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264
[ 34 ] CVE-2012-5264
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264
[ 35 ] CVE-2012-5265
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265
[ 36 ] CVE-2012-5265
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265
[ 37 ] CVE-2012-5266
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266
[ 38 ] CVE-2012-5266
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266
[ 39 ] CVE-2012-5267
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267
[ 40 ] CVE-2012-5267
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267
[ 41 ] CVE-2012-5268
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268
[ 42 ] CVE-2012-5268
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268
[ 43 ] CVE-2012-5269
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269
[ 44 ] CVE-2012-5269
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269
[ 45 ] CVE-2012-5270
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270
[ 46 ] CVE-2012-5270
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270
[ 47 ] CVE-2012-5271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271
[ 48 ] CVE-2012-5271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271
[ 49 ] CVE-2012-5272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272
[ 50 ] CVE-2012-5272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272
[ 51 ] CVE-2012-5274
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5274
[ 52 ] CVE-2012-5275
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5275
[ 53 ] CVE-2012-5276
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5276
[ 54 ] CVE-2012-5277
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5277
[ 55 ] CVE-2012-5278
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5278
[ 56 ] CVE-2012-5279
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5279
[ 57 ] CVE-2012-5280
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5280
[ 58 ] CVE-2012-5676
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5676
[ 59 ] CVE-2012-5677
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5677
[ 60 ] CVE-2012-5678
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5678
[ 61 ] CVE-2013-0504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0504
[ 62 ] CVE-2013-0630
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630
[ 63 ] CVE-2013-0633
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633
[ 64 ] CVE-2013-0634
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634
[ 65 ] CVE-2013-0637
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0637
[ 66 ] CVE-2013-0638
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0638
[ 67 ] CVE-2013-0639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0639
[ 68 ] CVE-2013-0642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0642
[ 69 ] CVE-2013-0643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0643
[ 70 ] CVE-2013-0644
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0644
[ 71 ] CVE-2013-0645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0645
[ 72 ] CVE-2013-0646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646
[ 73 ] CVE-2013-0647
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0647
[ 74 ] CVE-2013-0648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0648
[ 75 ] CVE-2013-0649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0649
[ 76 ] CVE-2013-0650
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650
[ 77 ] CVE-2013-1365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1365
[ 78 ] CVE-2013-1366
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1366
[ 79 ] CVE-2013-1367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1367
[ 80 ] CVE-2013-1368
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1368
[ 81 ] CVE-2013-1369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1369
[ 82 ] CVE-2013-1370
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1370
[ 83 ] CVE-2013-1371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371
[ 84 ] CVE-2013-1372
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1372
[ 85 ] CVE-2013-1373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1373
[ 86 ] CVE-2013-1374
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1374
[ 87 ] CVE-2013-1375
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375
[ 88 ] CVE-2013-1378
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1378
[ 89 ] CVE-2013-1379
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1379
[ 90 ] CVE-2013-1380
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1380
[ 91 ] CVE-2013-2555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2555
[ 92 ] CVE-2013-2728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2728
[ 93 ] CVE-2013-3343
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3343
[ 94 ] CVE-2013-3344
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3344
[ 95 ] CVE-2013-3345
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3345
[ 96 ] CVE-2013-3347
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3347
[ 97 ] CVE-2013-3361
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361
[ 98 ] CVE-2013-3362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362
[ 99 ] CVE-2013-3363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363
[ 100 ] CVE-2013-5324
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201309-06.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201302-0416 | No CVE | SAP NetWeaver GRMGApp Security Bypass Vulnerability |
CVSS V2: - CVSS V3: - Severity: MEDIUM |
There is a security vulnerability in SAP NetWeaver, and the application does not properly restrict access to GRMGApp, allowing an attacker to exploit the vulnerability to send administrative commands to the gateway or message server. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There is a security vulnerability in SAP NetWeaver. There is an unspecified error in GRMGApp when parsing external XML entities, allowing an attacker to exploit the vulnerability to read local file content
| VAR-201302-0396 | CVE-2013-1139 | Cisco Cloud Portal of nsAPI Vulnerabilities that capture important information in the interface |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134. Cisco Cloud Portal of nsAPI The interface contains a vulnerability where information can be obtained. The problem is Bug ID CSCud81134 It is a problem.Crafted by remotely authenticated users URL You may get important information through.
A successful exploit of this issue allows an attacker to gain access to certain local files. Information obtained may aid in further attacks.
This issue being tracked by Cisco Bug ID CSCud81134. Remote authentication attackers exploit this vulnerability to obtain sensitive information through specially crafted URLs
| VAR-201302-0395 | CVE-2013-1138 | Cisco Adaptive Security Appliance Service disruption on devices (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID CSCue46386. Cisco Adaptive Security Appliance is prone to a remote denial-of-service vulnerability.
Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions.
This issue is being tracked by Cisco Bug ID CSCue46386
| VAR-201302-0205 | CVE-2013-0120 | Dell PowerConnect 6248P series switch denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The web interface on Dell PowerConnect 6248P switches allows remote attackers to cause a denial of service (device crash) via a malformed request. Dell PowerConnect 6248P There is a service disruption (DoS) Vulnerabilities exist. Dell Network switch provided by PowerConnect 6248P There is a service disruption (DoS) Vulnerabilities exist.Denial of service by handling crafted requests (DoS) There is a possibility of being attacked. The Dell PowerConnect 6248P is a core switch product. Allows an attacker to exploit the vulnerability to make the switch crash unavailable. Dell PowerConnect 6248P is prone to a denial-of-service vulnerability
| VAR-201302-0202 | CVE-2013-0108 |
plural Honeywell Product HscRemoteDeploy.dll Vulnerable to arbitrary code execution
Related entries in the VARIoT exploits database: VAR-E-201302-0148 |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code via a crafted HTML document. Honeywell is a manufacturing company focused on automation control. An unspecified error in the Honeywell multiple product HscRemoteDeploy.dll module allows an attacker to build a malicious WEB page, entice the user to parse, and execute arbitrary code in the application context. The following products are affected by this vulnerability: * Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2* Honeywell SymmetrE R310, R410.1, and R410.2* Honeywell ComfortPoint Open Manager (CPO- M) R100. Multiple Honeywell products are prone to a remote code-execution vulnerability because they fail to properly validate user-supplied input. Failed exploit attempts likely result in denial-of-service conditions.
The following products are vulnerable:
Honeywell EBI
Honeywell SymmetrE
Honeywell CPO-M
| VAR-201302-0588 | No CVE | Multiple vulnerabilities in Hitachi Tuning Manager and JP1/Performance Management |
CVSS V2: 9.0 CVSS V3: - Severity: High |
Hitachi Tuning Manager, JP1/Performance Management - Web Console, and JP1/Performance Management - Manager Web Option contain Cross-site scripting and cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities can not be exploited, unless logging in these products.A remote attacker can insert to malicious scripts during display of the web page by logging in as a user of that products.
| VAR-201302-0418 | No CVE | SAP Xcelsius Dashboard Cross-Site Request Forgery Vulnerability |
CVSS V2: - CVSS V3: - Severity: LOW |
SAP Xcelsius Dashboard is a dynamic dashboard design tool from SAP. A cross-site request forgery vulnerability exists in SAP Xcelsius Dashboard. Allows an attacker to build a malicious URI, entice a user to resolve, and perform malicious actions in the target user context.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible
| VAR-201302-0460 | No CVE | Samsung Galaxy S3 Screen Lock Security Bypass Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Samsung Galaxy S3 is prone to a security-bypass vulnerability due to a failure to restrict access to locked devices.
An attacker with physical access to a locked device can leverage this issue to bypass the lock screen and gain partial access to the device.
| VAR-201302-0583 | No CVE | Hitachi Multiple Products Cross Site Request Forgery Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Because the application allows users to perform certain operations through unauthenticated HTTP requests, an attacker could use the vulnerability to perform certain operations by tricking an administrator user into a malicious URL. Multiple Hitachi products have security vulnerabilities that allow attackers to use the vulnerabilities for cross-site scripting attacks. Attackers can construct malicious URIs to trick users into parsing, gaining sensitive information, or hijacking user sessions
| VAR-201404-0303 | CVE-2013-7365 | SAP Enterprise portal cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks
| VAR-201404-0365 | CVE-2013-7367 | SAP Enterprise Portal Information Disclosure Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. An information disclosure vulnerability exists in SAP Enterprise Portal. Attackers can exploit vulnerabilities to obtain sensitive information that may be helpful in further attacks
| VAR-201404-0302 | CVE-2013-7364 | SAP J2EE Core Service Remote Arbitrary File Access Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. This may lead to further attacks
| VAR-201302-0265 | CVE-2013-0888 | Google Chrome Used in Skia Service disruption in (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file downloads.". Google Chrome Used in Skia There is a service disruption (out-of-bounds read) There is a vulnerability that becomes a condition.Service disruption by a third party (out-of-bounds read) There is a possibility of being put into a state. Google Chrome is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to crash the application, denying service to legitimate users.
Note: This issue was previously discussed in BID 58101 (Google Chrome Multiple Security Vulnerabilities), but has been moved to its own record for better documentation. Google Chrome is a web browser developed by Google (Google). A vulnerability exists in Skia used by versions prior to 25.0.1364.97 of Google Chrome on Windows and Linux, and versions prior to 25.0.1364.99 of Google Chrome on Mac OS X. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201309-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Chromium, V8: Multiple vulnerabilities
Date: September 24, 2013
Bugs: #442096, #444826, #445246, #446944, #451334, #453610,
#458644, #460318, #460776, #463426, #470920, #472350,
#476344, #479048, #481990
ID: 201309-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium and V8, some of
which may allow execution of arbitrary code.
Background
==========
Chromium is an open-source web browser project. V8 is Google's open
source JavaScript engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 29.0.1457.57 >= 29.0.1457.57
2 dev-lang/v8 < 3.18.5.14 >= 3.18.5.14
-------------------------------------------------------------------
2 affected packages
Description
===========
Multiple vulnerabilities have been discovered in Chromium and V8.
Please review the CVE identifiers and release notes referenced below
for details.
Impact
======
A context-dependent attacker could entice a user to open a specially
crafted web site or JavaScript program using Chromium or V8, possibly
resulting in the execution of arbitrary code with the privileges of the
process or a Denial of Service condition. Furthermore, a remote
attacker may be able to bypass security restrictions or have other,
unspecified, impact.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-29.0.1457.57"
All V8 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14"
References
==========
[ 1 ] CVE-2012-5116
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116
[ 2 ] CVE-2012-5117
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117
[ 3 ] CVE-2012-5118
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118
[ 4 ] CVE-2012-5119
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5119
[ 5 ] CVE-2012-5120
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120
[ 6 ] CVE-2012-5121
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121
[ 7 ] CVE-2012-5122
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122
[ 8 ] CVE-2012-5123
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123
[ 9 ] CVE-2012-5124
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124
[ 10 ] CVE-2012-5125
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125
[ 11 ] CVE-2012-5126
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126
[ 12 ] CVE-2012-5127
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127
[ 13 ] CVE-2012-5128
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128
[ 14 ] CVE-2012-5130
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130
[ 15 ] CVE-2012-5132
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132
[ 16 ] CVE-2012-5133
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133
[ 17 ] CVE-2012-5135
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135
[ 18 ] CVE-2012-5136
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136
[ 19 ] CVE-2012-5137
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137
[ 20 ] CVE-2012-5138
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138
[ 21 ] CVE-2012-5139
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139
[ 22 ] CVE-2012-5140
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140
[ 23 ] CVE-2012-5141
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141
[ 24 ] CVE-2012-5142
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142
[ 25 ] CVE-2012-5143
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143
[ 26 ] CVE-2012-5144
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144
[ 27 ] CVE-2012-5145
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145
[ 28 ] CVE-2012-5146
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146
[ 29 ] CVE-2012-5147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147
[ 30 ] CVE-2012-5148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148
[ 31 ] CVE-2012-5149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149
[ 32 ] CVE-2012-5150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150
[ 33 ] CVE-2012-5151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151
[ 34 ] CVE-2012-5152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152
[ 35 ] CVE-2012-5153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153
[ 36 ] CVE-2012-5154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154
[ 37 ] CVE-2013-0828
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828
[ 38 ] CVE-2013-0829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829
[ 39 ] CVE-2013-0830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830
[ 40 ] CVE-2013-0831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831
[ 41 ] CVE-2013-0832
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832
[ 42 ] CVE-2013-0833
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833
[ 43 ] CVE-2013-0834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834
[ 44 ] CVE-2013-0835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835
[ 45 ] CVE-2013-0836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836
[ 46 ] CVE-2013-0837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837
[ 47 ] CVE-2013-0838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838
[ 48 ] CVE-2013-0839
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839
[ 49 ] CVE-2013-0840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840
[ 50 ] CVE-2013-0841
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841
[ 51 ] CVE-2013-0842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842
[ 52 ] CVE-2013-0879
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879
[ 53 ] CVE-2013-0880
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880
[ 54 ] CVE-2013-0881
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881
[ 55 ] CVE-2013-0882
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882
[ 56 ] CVE-2013-0883
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883
[ 57 ] CVE-2013-0884
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884
[ 58 ] CVE-2013-0885
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885
[ 59 ] CVE-2013-0887
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887
[ 60 ] CVE-2013-0888
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888
[ 61 ] CVE-2013-0889
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889
[ 62 ] CVE-2013-0890
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890
[ 63 ] CVE-2013-0891
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891
[ 64 ] CVE-2013-0892
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892
[ 65 ] CVE-2013-0893
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893
[ 66 ] CVE-2013-0894
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894
[ 67 ] CVE-2013-0895
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895
[ 68 ] CVE-2013-0896
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896
[ 69 ] CVE-2013-0897
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897
[ 70 ] CVE-2013-0898
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898
[ 71 ] CVE-2013-0899
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899
[ 72 ] CVE-2013-0900
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900
[ 73 ] CVE-2013-0902
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902
[ 74 ] CVE-2013-0903
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903
[ 75 ] CVE-2013-0904
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904
[ 76 ] CVE-2013-0905
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905
[ 77 ] CVE-2013-0906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906
[ 78 ] CVE-2013-0907
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907
[ 79 ] CVE-2013-0908
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908
[ 80 ] CVE-2013-0909
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909
[ 81 ] CVE-2013-0910
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910
[ 82 ] CVE-2013-0911
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911
[ 83 ] CVE-2013-0912
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912
[ 84 ] CVE-2013-0916
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916
[ 85 ] CVE-2013-0917
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917
[ 86 ] CVE-2013-0918
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918
[ 87 ] CVE-2013-0919
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919
[ 88 ] CVE-2013-0920
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920
[ 89 ] CVE-2013-0921
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921
[ 90 ] CVE-2013-0922
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922
[ 91 ] CVE-2013-0923
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923
[ 92 ] CVE-2013-0924
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924
[ 93 ] CVE-2013-0925
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925
[ 94 ] CVE-2013-0926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926
[ 95 ] CVE-2013-2836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836
[ 96 ] CVE-2013-2837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837
[ 97 ] CVE-2013-2838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838
[ 98 ] CVE-2013-2839
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839
[ 99 ] CVE-2013-2840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840
[ 100 ] CVE-2013-2841
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841
[ 101 ] CVE-2013-2842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842
[ 102 ] CVE-2013-2843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843
[ 103 ] CVE-2013-2844
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844
[ 104 ] CVE-2013-2845
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845
[ 105 ] CVE-2013-2846
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846
[ 106 ] CVE-2013-2847
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847
[ 107 ] CVE-2013-2848
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848
[ 108 ] CVE-2013-2849
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849
[ 109 ] CVE-2013-2853
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853
[ 110 ] CVE-2013-2855
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855
[ 111 ] CVE-2013-2856
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856
[ 112 ] CVE-2013-2857
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857
[ 113 ] CVE-2013-2858
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858
[ 114 ] CVE-2013-2859
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859
[ 115 ] CVE-2013-2860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860
[ 116 ] CVE-2013-2861
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861
[ 117 ] CVE-2013-2862
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862
[ 118 ] CVE-2013-2863
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863
[ 119 ] CVE-2013-2865
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865
[ 120 ] CVE-2013-2867
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867
[ 121 ] CVE-2013-2868
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868
[ 122 ] CVE-2013-2869
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869
[ 123 ] CVE-2013-2870
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870
[ 124 ] CVE-2013-2871
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871
[ 125 ] CVE-2013-2874
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874
[ 126 ] CVE-2013-2875
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875
[ 127 ] CVE-2013-2876
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876
[ 128 ] CVE-2013-2877
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877
[ 129 ] CVE-2013-2878
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878
[ 130 ] CVE-2013-2879
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879
[ 131 ] CVE-2013-2880
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880
[ 132 ] CVE-2013-2881
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881
[ 133 ] CVE-2013-2882
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882
[ 134 ] CVE-2013-2883
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883
[ 135 ] CVE-2013-2884
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884
[ 136 ] CVE-2013-2885
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885
[ 137 ] CVE-2013-2886
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886
[ 138 ] CVE-2013-2887
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887
[ 139 ] CVE-2013-2900
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900
[ 140 ] CVE-2013-2901
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901
[ 141 ] CVE-2013-2902
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902
[ 142 ] CVE-2013-2903
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903
[ 143 ] CVE-2013-2904
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904
[ 144 ] CVE-2013-2905
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905
[ 145 ] Release Notes 23.0.1271.64
http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html
[ 146 ] Release Notes 23.0.1271.91
http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html
[ 147 ] Release Notes 23.0.1271.95
http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201309-16.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201302-0266 | CVE-2013-0889 | Google Chrome Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file. Google Chrome is prone to a security-bypass vulnerability.
An attacker can exploit this vulnerability to bypass the security restrictions. Successfully exploiting this issue may allow attackers to execute arbitrary code.
Very limited information is currently available regarding this issue. We will update this BID as more information emerges.
Note: This issue was previously discussed in BID 58101 (Google Chrome Multiple Security Vulnerabilities), but has been moved to its own record to better document it. A vulnerability exists in versions prior to Google Chrome 25.0.1364.97 on Windows and Linux systems, and versions prior to Google Chrome 25.0.1364.99 on Mac OS X systems. The vulnerability stems from the fact that the program does not perform user action requirements before processing file downloads . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201309-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Chromium, V8: Multiple vulnerabilities
Date: September 24, 2013
Bugs: #442096, #444826, #445246, #446944, #451334, #453610,
#458644, #460318, #460776, #463426, #470920, #472350,
#476344, #479048, #481990
ID: 201309-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium and V8, some of
which may allow execution of arbitrary code.
Background
==========
Chromium is an open-source web browser project. V8 is Google's open
source JavaScript engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 29.0.1457.57 >= 29.0.1457.57
2 dev-lang/v8 < 3.18.5.14 >= 3.18.5.14
-------------------------------------------------------------------
2 affected packages
Description
===========
Multiple vulnerabilities have been discovered in Chromium and V8.
Please review the CVE identifiers and release notes referenced below
for details.
Impact
======
A context-dependent attacker could entice a user to open a specially
crafted web site or JavaScript program using Chromium or V8, possibly
resulting in the execution of arbitrary code with the privileges of the
process or a Denial of Service condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-29.0.1457.57"
All V8 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14"
References
==========
[ 1 ] CVE-2012-5116
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116
[ 2 ] CVE-2012-5117
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117
[ 3 ] CVE-2012-5118
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118
[ 4 ] CVE-2012-5119
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5119
[ 5 ] CVE-2012-5120
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120
[ 6 ] CVE-2012-5121
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121
[ 7 ] CVE-2012-5122
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122
[ 8 ] CVE-2012-5123
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123
[ 9 ] CVE-2012-5124
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124
[ 10 ] CVE-2012-5125
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125
[ 11 ] CVE-2012-5126
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126
[ 12 ] CVE-2012-5127
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127
[ 13 ] CVE-2012-5128
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128
[ 14 ] CVE-2012-5130
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130
[ 15 ] CVE-2012-5132
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132
[ 16 ] CVE-2012-5133
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133
[ 17 ] CVE-2012-5135
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135
[ 18 ] CVE-2012-5136
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136
[ 19 ] CVE-2012-5137
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137
[ 20 ] CVE-2012-5138
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138
[ 21 ] CVE-2012-5139
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139
[ 22 ] CVE-2012-5140
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140
[ 23 ] CVE-2012-5141
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141
[ 24 ] CVE-2012-5142
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142
[ 25 ] CVE-2012-5143
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143
[ 26 ] CVE-2012-5144
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144
[ 27 ] CVE-2012-5145
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145
[ 28 ] CVE-2012-5146
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146
[ 29 ] CVE-2012-5147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147
[ 30 ] CVE-2012-5148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148
[ 31 ] CVE-2012-5149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149
[ 32 ] CVE-2012-5150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150
[ 33 ] CVE-2012-5151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151
[ 34 ] CVE-2012-5152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152
[ 35 ] CVE-2012-5153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153
[ 36 ] CVE-2012-5154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154
[ 37 ] CVE-2013-0828
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828
[ 38 ] CVE-2013-0829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829
[ 39 ] CVE-2013-0830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830
[ 40 ] CVE-2013-0831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831
[ 41 ] CVE-2013-0832
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832
[ 42 ] CVE-2013-0833
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833
[ 43 ] CVE-2013-0834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834
[ 44 ] CVE-2013-0835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835
[ 45 ] CVE-2013-0836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836
[ 46 ] CVE-2013-0837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837
[ 47 ] CVE-2013-0838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838
[ 48 ] CVE-2013-0839
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839
[ 49 ] CVE-2013-0840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840
[ 50 ] CVE-2013-0841
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841
[ 51 ] CVE-2013-0842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842
[ 52 ] CVE-2013-0879
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879
[ 53 ] CVE-2013-0880
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880
[ 54 ] CVE-2013-0881
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881
[ 55 ] CVE-2013-0882
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882
[ 56 ] CVE-2013-0883
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883
[ 57 ] CVE-2013-0884
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884
[ 58 ] CVE-2013-0885
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885
[ 59 ] CVE-2013-0887
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887
[ 60 ] CVE-2013-0888
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888
[ 61 ] CVE-2013-0889
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889
[ 62 ] CVE-2013-0890
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890
[ 63 ] CVE-2013-0891
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891
[ 64 ] CVE-2013-0892
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892
[ 65 ] CVE-2013-0893
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893
[ 66 ] CVE-2013-0894
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894
[ 67 ] CVE-2013-0895
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895
[ 68 ] CVE-2013-0896
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896
[ 69 ] CVE-2013-0897
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897
[ 70 ] CVE-2013-0898
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898
[ 71 ] CVE-2013-0899
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899
[ 72 ] CVE-2013-0900
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900
[ 73 ] CVE-2013-0902
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902
[ 74 ] CVE-2013-0903
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903
[ 75 ] CVE-2013-0904
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904
[ 76 ] CVE-2013-0905
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905
[ 77 ] CVE-2013-0906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906
[ 78 ] CVE-2013-0907
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907
[ 79 ] CVE-2013-0908
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908
[ 80 ] CVE-2013-0909
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909
[ 81 ] CVE-2013-0910
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910
[ 82 ] CVE-2013-0911
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911
[ 83 ] CVE-2013-0912
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912
[ 84 ] CVE-2013-0916
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916
[ 85 ] CVE-2013-0917
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917
[ 86 ] CVE-2013-0918
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918
[ 87 ] CVE-2013-0919
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919
[ 88 ] CVE-2013-0920
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920
[ 89 ] CVE-2013-0921
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921
[ 90 ] CVE-2013-0922
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922
[ 91 ] CVE-2013-0923
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923
[ 92 ] CVE-2013-0924
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924
[ 93 ] CVE-2013-0925
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925
[ 94 ] CVE-2013-0926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926
[ 95 ] CVE-2013-2836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836
[ 96 ] CVE-2013-2837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837
[ 97 ] CVE-2013-2838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838
[ 98 ] CVE-2013-2839
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839
[ 99 ] CVE-2013-2840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840
[ 100 ] CVE-2013-2841
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841
[ 101 ] CVE-2013-2842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842
[ 102 ] CVE-2013-2843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843
[ 103 ] CVE-2013-2844
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844
[ 104 ] CVE-2013-2845
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845
[ 105 ] CVE-2013-2846
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846
[ 106 ] CVE-2013-2847
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847
[ 107 ] CVE-2013-2848
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848
[ 108 ] CVE-2013-2849
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849
[ 109 ] CVE-2013-2853
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853
[ 110 ] CVE-2013-2855
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855
[ 111 ] CVE-2013-2856
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856
[ 112 ] CVE-2013-2857
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857
[ 113 ] CVE-2013-2858
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858
[ 114 ] CVE-2013-2859
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859
[ 115 ] CVE-2013-2860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860
[ 116 ] CVE-2013-2861
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861
[ 117 ] CVE-2013-2862
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862
[ 118 ] CVE-2013-2863
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863
[ 119 ] CVE-2013-2865
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865
[ 120 ] CVE-2013-2867
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867
[ 121 ] CVE-2013-2868
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868
[ 122 ] CVE-2013-2869
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869
[ 123 ] CVE-2013-2870
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870
[ 124 ] CVE-2013-2871
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871
[ 125 ] CVE-2013-2874
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874
[ 126 ] CVE-2013-2875
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875
[ 127 ] CVE-2013-2876
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876
[ 128 ] CVE-2013-2877
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877
[ 129 ] CVE-2013-2878
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878
[ 130 ] CVE-2013-2879
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879
[ 131 ] CVE-2013-2880
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880
[ 132 ] CVE-2013-2881
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881
[ 133 ] CVE-2013-2882
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882
[ 134 ] CVE-2013-2883
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883
[ 135 ] CVE-2013-2884
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884
[ 136 ] CVE-2013-2885
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885
[ 137 ] CVE-2013-2886
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886
[ 138 ] CVE-2013-2887
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887
[ 139 ] CVE-2013-2900
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900
[ 140 ] CVE-2013-2901
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901
[ 141 ] CVE-2013-2902
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902
[ 142 ] CVE-2013-2903
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903
[ 143 ] CVE-2013-2904
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904
[ 144 ] CVE-2013-2905
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905
[ 145 ] Release Notes 23.0.1271.64
http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html
[ 146 ] Release Notes 23.0.1271.91
http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html
[ 147 ] Release Notes 23.0.1271.95
http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201309-16.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201401-0579 | CVE-2013-0340 | Expat Service disruption in (DoS) Vulnerabilities |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. Expat is prone to multiple denial-of-service vulnerabilities.
Successful exploits will allow attackers to consume large amounts of memory and cause a crash through specially crafted XML containing malicious attributes.
Expat 2.1.0 and prior versions are vulnerable. Expat is a C language-based XML parser library developed by American software developer Jim Clark, which uses a stream-oriented parser.
CVE-2021-30837: Siddharth Aeri (@b1n4r1b01)
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to read sensitive information
Description: This issue was addressed with improved checks.
CVE-2021-30838: proteas wang
CoreML
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30825: hjy79425575 working with Trend Micro Zero Day
Initiative
Face ID
Available for devices with Face ID: iPhone X, iPhone XR, iPhone XS
(all models), iPhone 11 (all models), iPhone 12 (all models), iPad
Pro (11-inch), and iPad Pro (3rd generation)
Impact: A 3D model constructed to look like the enrolled user may be
able to authenticate via Face ID
Description: This issue was addressed by improving Face ID anti-
spoofing models.
CVE-2013-0340: an anonymous researcher
Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Siri
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to view contacts from the lock
screen
Description: A lock screen issue allowed access to contacts on a
locked device.
CVE-2021-30815: an anonymous researcher
Telephony
Available for: iPhone SE (1st generation), iPad Pro 12.9-inch, iPad
Air 2, iPad (5th generation), and iPad mini 4
Impact: In certain situations, the baseband would fail to enable
integrity and ciphering protection
Description: A logic issue was addressed with improved state
management.
CVE-2021-30846: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30848: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30849: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2021-30851: Samuel Groß of Google Project Zero
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker in physical proximity may be able to force a user
onto a malicious Wi-Fi network during device setup
Description: An authorization issue was addressed with improved state
management.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201701-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Expat: Multiple vulnerabilities
Date: January 11, 2017
Bugs: #458742, #555642, #577928, #583268, #585510
ID: 201701-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Expat, the worst of which
may allow execution of arbitrary code.
Background
==========
Expat is a set of XML parsing libraries.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/expat < 2.2.0-r1 >= 2.2.0-r1
Description
===========
Multiple vulnerabilities have been discovered in Expat. Please review
the CVE identifiers referenced below for details. This attack could also
be used against automated systems that arbitrarily process XML files.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Expat users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/expat-2.2.0-r1"
References
==========
[ 1 ] CVE-2012-6702
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6702
[ 2 ] CVE-2013-0340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0340
[ 3 ] CVE-2015-1283
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1283
[ 4 ] CVE-2016-0718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0718
[ 5 ] CVE-2016-4472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4472
[ 6 ] CVE-2016-5300
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5300
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201701-21
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-09-20-7 Additional information for
APPLE-SA-2021-09-13-3 macOS Big Sur 11.6
macOS Big Sur 11.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212804.
CoreGraphics
Available for: macOS Big Sur
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have
been actively exploited.
Description: An integer overflow was addressed with improved input
validation.
CVE-2021-30860: The Citizen Lab
CUPS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A permissions issue existed. This issue was addressed
with improved permission validation.
CVE-2021-30827: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to read arbitrary files as root
Description: This issue was addressed with improved checks.
CVE-2021-30828: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to execute arbitrary files
Description: A URI parsing issue was addressed with improved parsing.
CVE-2021-30829: an anonymous researcher
Entry added September 20, 2021
curl
Available for: macOS Big Sur
Impact: curl could potentially reveal sensitive internal information
to the server using a clear-text network protocol
Description: A buffer overflow was addressed with improved input
validation.
CVE-2021-22925
Entry added September 20, 2021
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro
Entry added September 20, 2021
FontParser
Available for: macOS Big Sur
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab
Entry added September 20, 2021
Gatekeeper
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved checks.
CVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc.
Entry added September 20, 2021
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30847: Mike Zhang of Pangu Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30830: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30865: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30857: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-30859: Apple
Entry added September 20, 2021
libexpat
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed by updating expat to version
2.4.1.
CVE-2013-0340: an anonymous researcher
Entry added September 20, 2021
Preferences
Available for: macOS Big Sur
Impact: An application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Entry added September 20, 2021
Sandbox
Available for: macOS Big Sur
Impact: A user may gain access to protected parts of the file system
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30850: an anonymous researcher
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30845: Peter Nguyen Vu Hoang of STAR Labs
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A remote attacker may be able to leak memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs
Entry added September 20, 2021
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30858: an anonymous researcher
Additional recognition
APFS
We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc.
for their assistance.
Entry added September 20, 2021
App Support
We would like to acknowledge @CodeColorist, an anonymous researcher
for their assistance.
Entry added September 20, 2021
CoreML
We would like to acknowledge hjy79425575 working with Trend Micro
Zero Day Initiative for their assistance.
Entry added September 20, 2021
CUPS
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added September 20, 2021
Kernel
We would like to acknowledge Anthony Steinhauser of Google's Safeside
project for their assistance.
Entry added September 20, 2021
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Entry added September 20, 2021
smbx
We would like to acknowledge Zhongcheng Li (CK01) for their
assistance.
Entry added September 20, 2021
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p
rhi/Bg/9GiqXl8sxPjDpATJqneZ1GcAxWxBZgkFrcLV/cMwrVqniWsOeVHqHjMSY
eJUkGehUtKsYE0g8Uk0qJqOUl3dxxGJpIDytOQJB3TFdd1BpZSK/tOChVem1JV1B
+CMhqDnmR/u7bLqfCr1p6J5QJNHjTjgBA4RthdzZZ52pLGql7/2qfaJwpeHkheS4
5EKmch8zh0CGRqrUTg1HgY67ierNsz47jIU6n7UeMwjskRU3xM9VqJ9s4eKGAtSv
4Ry16pv0xUZ4cmL5EiLm2/eFbY8ByCji7jYPP0POBO4l518TGpaX2PaZBP9v0rrD
t6cPEZHnsRaZ49OYak6z9iA8teKGSs6aCMuzSxExvlT8+YySf1o1nefbRH/tZMfn
bwSO0ZyPsS9WYyuG/zX08U3CKOTkjqhLaOwVwte+cAeg2QS85aa9XPMG6PKcpyfu
R7auxS92+Dg+R+97dAsI9TprSutCTw4iY8lyK9MVJSnh+zQSZEihUh4EaSufTHRC
NlOSHvsTfXqsHaeed6sVKyX4ADHCUvRbCCIrqJKUs6waNd2T2XF7SzvgTSDJMHU9
4AL/jpnltTjDJTtMO999VZKNzYurrGiHvBs5zHWr91+eaHW8YGdsDERsX3BFYLe3
85i+Yge0iXlP7mT32cWxIw4AWDFITFiHnmV1/cdsCd2GIkqkhFw=
=9bjT
-----END PGP SIGNATURE-----
| VAR-201310-0633 | CVE-2013-0337 | nginx Vulnerability in which important information is obtained in default settings |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files. Nginx is prone to an insecure file-permission vulnerability. Such information could aid in other attacks. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. There is a security vulnerability in the default configuration of nginx 1.3.13 and earlier versions. The vulnerability stems from the fact that the program uses globally readable permissions for the access.log and error.log files. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201310-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: nginx: Multiple vulnerabilities
Date: October 06, 2013
Bugs: #458726, #468870
ID: 201310-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in nginx, the worst of which
may allow execution of arbitrary code.
Background
==========
nginx is a robust, small, and high performance HTTP and reverse proxy
server.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.4.1-r2 >= 1.4.1-r2
Description
===========
Multiple vulnerabilities have been discovered in nginx. Please review
the CVE identifiers referenced below for details.
Impact
======
A remote attacker could send a specially crafted request, possibly
resulting in execution of arbitrary code with the privileges of the
process, or a Denial of Service condition. Furthermore, a
context-dependent attacker may be able to obtain sensitive information.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All nginx users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.1-r2"
References
==========
[ 1 ] CVE-2013-0337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0337
[ 2 ] CVE-2013-2028
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2028
[ 3 ] CVE-2013-2070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2070
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201310-04.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201302-0360 | CVE-2013-2268 | Google Chrome of WebKit of MathML Vulnerability in implementation of |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack vectors, related to a "high severity security issue.". The impact of this issue is unknown.
Very little information is known about this issue. We will update this BID as soon as more information becomes available. Google Chrome is a web browser developed by Google (Google). A remote attacker can exploit this vulnerability through an unknown vector to have unknown effects on the program
| VAR-201302-0286 | CVE-2013-0887 | Google Chrome of developer-tools Process vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vectors.
The impact of this issue is currently unknown. We will update this BID when more information emerges.
Note: This issue was previously discussed in BID 58101 (Google Chrome Multiple Security Vulnerabilities), but has been moved to its own record to better document it. Google Chrome is a web browser developed by Google (Google). Attackers exploit this vulnerability with unknown impact and attack vectors. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201309-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Chromium, V8: Multiple vulnerabilities
Date: September 24, 2013
Bugs: #442096, #444826, #445246, #446944, #451334, #453610,
#458644, #460318, #460776, #463426, #470920, #472350,
#476344, #479048, #481990
ID: 201309-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium and V8, some of
which may allow execution of arbitrary code.
Background
==========
Chromium is an open-source web browser project. V8 is Google's open
source JavaScript engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 29.0.1457.57 >= 29.0.1457.57
2 dev-lang/v8 < 3.18.5.14 >= 3.18.5.14
-------------------------------------------------------------------
2 affected packages
Description
===========
Multiple vulnerabilities have been discovered in Chromium and V8.
Please review the CVE identifiers and release notes referenced below
for details.
Impact
======
A context-dependent attacker could entice a user to open a specially
crafted web site or JavaScript program using Chromium or V8, possibly
resulting in the execution of arbitrary code with the privileges of the
process or a Denial of Service condition. Furthermore, a remote
attacker may be able to bypass security restrictions or have other,
unspecified, impact.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-29.0.1457.57"
All V8 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14"
References
==========
[ 1 ] CVE-2012-5116
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116
[ 2 ] CVE-2012-5117
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117
[ 3 ] CVE-2012-5118
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118
[ 4 ] CVE-2012-5119
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5119
[ 5 ] CVE-2012-5120
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120
[ 6 ] CVE-2012-5121
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121
[ 7 ] CVE-2012-5122
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122
[ 8 ] CVE-2012-5123
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123
[ 9 ] CVE-2012-5124
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124
[ 10 ] CVE-2012-5125
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125
[ 11 ] CVE-2012-5126
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126
[ 12 ] CVE-2012-5127
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127
[ 13 ] CVE-2012-5128
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128
[ 14 ] CVE-2012-5130
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130
[ 15 ] CVE-2012-5132
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132
[ 16 ] CVE-2012-5133
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133
[ 17 ] CVE-2012-5135
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135
[ 18 ] CVE-2012-5136
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136
[ 19 ] CVE-2012-5137
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137
[ 20 ] CVE-2012-5138
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138
[ 21 ] CVE-2012-5139
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139
[ 22 ] CVE-2012-5140
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140
[ 23 ] CVE-2012-5141
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141
[ 24 ] CVE-2012-5142
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142
[ 25 ] CVE-2012-5143
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143
[ 26 ] CVE-2012-5144
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144
[ 27 ] CVE-2012-5145
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145
[ 28 ] CVE-2012-5146
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146
[ 29 ] CVE-2012-5147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147
[ 30 ] CVE-2012-5148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148
[ 31 ] CVE-2012-5149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149
[ 32 ] CVE-2012-5150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150
[ 33 ] CVE-2012-5151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151
[ 34 ] CVE-2012-5152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152
[ 35 ] CVE-2012-5153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153
[ 36 ] CVE-2012-5154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154
[ 37 ] CVE-2013-0828
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828
[ 38 ] CVE-2013-0829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829
[ 39 ] CVE-2013-0830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830
[ 40 ] CVE-2013-0831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831
[ 41 ] CVE-2013-0832
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832
[ 42 ] CVE-2013-0833
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833
[ 43 ] CVE-2013-0834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834
[ 44 ] CVE-2013-0835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835
[ 45 ] CVE-2013-0836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836
[ 46 ] CVE-2013-0837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837
[ 47 ] CVE-2013-0838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838
[ 48 ] CVE-2013-0839
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839
[ 49 ] CVE-2013-0840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840
[ 50 ] CVE-2013-0841
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841
[ 51 ] CVE-2013-0842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842
[ 52 ] CVE-2013-0879
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879
[ 53 ] CVE-2013-0880
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880
[ 54 ] CVE-2013-0881
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881
[ 55 ] CVE-2013-0882
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882
[ 56 ] CVE-2013-0883
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883
[ 57 ] CVE-2013-0884
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884
[ 58 ] CVE-2013-0885
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885
[ 59 ] CVE-2013-0887
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887
[ 60 ] CVE-2013-0888
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888
[ 61 ] CVE-2013-0889
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889
[ 62 ] CVE-2013-0890
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890
[ 63 ] CVE-2013-0891
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891
[ 64 ] CVE-2013-0892
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892
[ 65 ] CVE-2013-0893
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893
[ 66 ] CVE-2013-0894
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894
[ 67 ] CVE-2013-0895
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895
[ 68 ] CVE-2013-0896
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896
[ 69 ] CVE-2013-0897
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897
[ 70 ] CVE-2013-0898
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898
[ 71 ] CVE-2013-0899
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899
[ 72 ] CVE-2013-0900
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900
[ 73 ] CVE-2013-0902
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902
[ 74 ] CVE-2013-0903
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903
[ 75 ] CVE-2013-0904
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904
[ 76 ] CVE-2013-0905
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905
[ 77 ] CVE-2013-0906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906
[ 78 ] CVE-2013-0907
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907
[ 79 ] CVE-2013-0908
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908
[ 80 ] CVE-2013-0909
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909
[ 81 ] CVE-2013-0910
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910
[ 82 ] CVE-2013-0911
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911
[ 83 ] CVE-2013-0912
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912
[ 84 ] CVE-2013-0916
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916
[ 85 ] CVE-2013-0917
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917
[ 86 ] CVE-2013-0918
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918
[ 87 ] CVE-2013-0919
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919
[ 88 ] CVE-2013-0920
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920
[ 89 ] CVE-2013-0921
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921
[ 90 ] CVE-2013-0922
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922
[ 91 ] CVE-2013-0923
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923
[ 92 ] CVE-2013-0924
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924
[ 93 ] CVE-2013-0925
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925
[ 94 ] CVE-2013-0926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926
[ 95 ] CVE-2013-2836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836
[ 96 ] CVE-2013-2837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837
[ 97 ] CVE-2013-2838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838
[ 98 ] CVE-2013-2839
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839
[ 99 ] CVE-2013-2840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840
[ 100 ] CVE-2013-2841
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841
[ 101 ] CVE-2013-2842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842
[ 102 ] CVE-2013-2843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843
[ 103 ] CVE-2013-2844
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844
[ 104 ] CVE-2013-2845
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845
[ 105 ] CVE-2013-2846
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846
[ 106 ] CVE-2013-2847
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847
[ 107 ] CVE-2013-2848
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848
[ 108 ] CVE-2013-2849
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849
[ 109 ] CVE-2013-2853
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853
[ 110 ] CVE-2013-2855
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855
[ 111 ] CVE-2013-2856
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856
[ 112 ] CVE-2013-2857
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857
[ 113 ] CVE-2013-2858
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858
[ 114 ] CVE-2013-2859
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859
[ 115 ] CVE-2013-2860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860
[ 116 ] CVE-2013-2861
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861
[ 117 ] CVE-2013-2862
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862
[ 118 ] CVE-2013-2863
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863
[ 119 ] CVE-2013-2865
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865
[ 120 ] CVE-2013-2867
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867
[ 121 ] CVE-2013-2868
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868
[ 122 ] CVE-2013-2869
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869
[ 123 ] CVE-2013-2870
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870
[ 124 ] CVE-2013-2871
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871
[ 125 ] CVE-2013-2874
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874
[ 126 ] CVE-2013-2875
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875
[ 127 ] CVE-2013-2876
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876
[ 128 ] CVE-2013-2877
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877
[ 129 ] CVE-2013-2878
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878
[ 130 ] CVE-2013-2879
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879
[ 131 ] CVE-2013-2880
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880
[ 132 ] CVE-2013-2881
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881
[ 133 ] CVE-2013-2882
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882
[ 134 ] CVE-2013-2883
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883
[ 135 ] CVE-2013-2884
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884
[ 136 ] CVE-2013-2885
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885
[ 137 ] CVE-2013-2886
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886
[ 138 ] CVE-2013-2887
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887
[ 139 ] CVE-2013-2900
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900
[ 140 ] CVE-2013-2901
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901
[ 141 ] CVE-2013-2902
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902
[ 142 ] CVE-2013-2903
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903
[ 143 ] CVE-2013-2904
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904
[ 144 ] CVE-2013-2905
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905
[ 145 ] Release Notes 23.0.1271.64
http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html
[ 146 ] Release Notes 23.0.1271.91
http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html
[ 147 ] Release Notes 23.0.1271.95
http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201309-16.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5