[CLOSE] OSVDB ID : 93610 - Disclosed: 2013-05-22

Description:

RT contains a flaw that is due to the program allowing the calling of arbitrary Mason components without control of arguments. This may allow a remote authenticated attacker to execute arbitrary private components which may, according to the vendor, 'have negative side-effects'.

[CLOSE] OSVDB ID : 93609 - Disclosed: 2013-05-22

Description:

RT contains a flaw that is due to the program not restricting direct requests to private callback components. This may allow a remote attacker to exploit an extension or a local callback which uses insecurely passed arguments. The vendor did not release details on the specific impact of this issue.

[CLOSE] OSVDB ID : 93608 - Disclosed: 2013-05-22

Description:

RT contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via attachment filenames before returning it to the user. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 93607 - Disclosed: 2013-05-22

Description:

RT contains an unspecified flaw that may allow a remote attacker to perform an HTTP header injection attack. These headers are limited to the value of the Content-Disposition header. No further details were provided by the vendor.

[CLOSE] OSVDB ID : 93606 - Disclosed: 2013-05-22

Description:

RT contains a flaw in email templates that may leave the program vulnerable to a MIME header injection attack in emails that are generated by the application. This may allow a remote attacker to append additional information to any message, such as adding recipients to send arbitrary emails to a large number of recipients anonymously or changing the message body.

[CLOSE] OSVDB ID : 93605 - Disclosed: 2013-05-22

Description:

RT contains a flaw that may lead to the unauthorized disclosure of sensitive information. The issue is due to the application reusing the Apache::Session::File file-based session store. This may allow a remote attacker to gain access to user preferences and caches.

[CLOSE] OSVDB ID : 93625 - Disclosed: 2013-05-22

Description:

Apple QuickTime contains an overflow condition that is triggered as user-supplied input is not properly validated when handling 'dref' atoms in a specially crafted movie file. This may allow a context-dependent attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

[CLOSE] OSVDB ID : 93624 - Disclosed: 2013-05-22

Description:

Apple QuickTime contains an overflow condition that is triggered as user-supplied input is not properly validated when handling a specially crafted H.263 encoded movie file. This may allow a context-dependent attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

[CLOSE] OSVDB ID : 93623 - Disclosed: 2013-05-22

Description:

Apple QuickTime contains an overflow condition that is triggered as user-supplied input is not properly validated when handling a specially crafted MP3 file. This may allow a context-dependent attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

[CLOSE] OSVDB ID : 93622 - Disclosed: 2013-05-22

Description:

Apple QuickTime contains an overflow condition that is triggered as user-supplied input is not properly validated when handling Sorenson encoded movie files. This may allow a context-dependent attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

[CLOSE] OSVDB ID : 93621 - Disclosed: 2013-05-22

Description:

Apple QuickTime contains a flaw that is triggered as user-supplied input is not properly sanitized when handling JPEG encoded data in a specially crafted movie file. This may allow a context-dependent attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code.

[CLOSE] OSVDB ID : 93620 - Disclosed: 2013-05-22

Description:

Apple QuickTime contains a flaw that is triggered as user-supplied input is not properly sanitized when handling a specially crafted QTIF file. This may allow a context-dependent attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code.

[CLOSE] OSVDB ID : 93619 - Disclosed: 2013-05-22

Description:

Apple QuickTime contains an overflow condition that is triggered as user-supplied input is not properly validated when handling JPEG encoded data in a specially crafted movie file. This may allow a context-dependent attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

[CLOSE] OSVDB ID : 93618 - Disclosed: 2013-05-22

Description:

Apple QuickTime contains an overflow condition that is triggered as user-supplied input is not properly validated when handling 'enof' atoms in a specially crafted movie file. This may allow a context-dependent attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

[CLOSE] OSVDB ID : 93617 - Disclosed: 2013-05-22

Description:

Apple QuickTime contains an overflow condition that is triggered as user-supplied input is not properly validated when handling a specially crafted FPX file. This may allow a context-dependent attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

[CLOSE] OSVDB ID : 93613 - Disclosed: 2013-05-22

Description:

Red Hat Certificate System contains a format string in the TPS subsystem that is triggered as format string specifiers (e.g. %s and %x) are not properly sanitized in user-supplied input when viewing certificates. This may allow a remote attacker to cause a denial of service or potentially execute arbitrary code.

[CLOSE] OSVDB ID : 93616 - Disclosed: 2013-05-22

Description:

Apple QuickTime contains an underflow condition that is triggered as user-supplied input is not properly validated when handling 'mvhd' atoms in a specially crafted movie file. This may allow a context-dependent attacker to cause a buffer underflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

[CLOSE] OSVDB ID : 93611 - Disclosed: 2013-05-22

Description:

RT contains a flaw that leads to unauthorized privileges being gained. The issue is due to the program failing to properly verify certain permissions. This may allow an authenticated remote attacker with ModifyTicket privileges to gain DeleteTicket privileges, and delete tickets without proper authorization.

[CLOSE] OSVDB ID : 93612 - Disclosed: 2013-05-22

Description:

RT contains a flaw in the command line tool as bin/rt creates temporary files insecurely. It is possible for a local attacker to use a symlink attack against an unspecified file to cause the program to unexpectedly overwrite an arbitrary file.

[CLOSE] OSVDB ID : 93604 - Disclosed: 2013-05-22

Description:

Transifex contains a flaw in the command-line client related to certificate validation. The issue is due to the server hostname not being verified to match a domain name in the Subject's Common Name (CN) or SubjectAltName field of the X.509 certificate. This may allow an attacker with access to network traffic (e.g. MiTM, DNS cache poisoning) to spoof the SSL server via an arbitrary certificate that appears valid. Such an attack would allow for the interception of sensitive traffic, and potentially allow for the injection of content into the SSL stream.

[CLOSE] OSVDB ID : 93603 - Disclosed: 2013-05-22

Description:

3S CoDeSys Gateway contains an unspecified use-after-free error that may allow a remote attacker to dereference already freed memory and potentially execute arbitrary code. No further details have been provided by ICS-CERT.

[CLOSE] OSVDB ID : 93602 - Disclosed: 2013-05-22

Description:

Cisco IOS XR contains a flaw in the SNMP process that may allow a remote denial of service. The issue is triggered when handling a saturation of UDP packets for the SNMP port 162. This may allow a remote attacker to cause a memory leak that may lead to a repeated reload of the SNMP process, resulting in a loss of availability for the process.

[CLOSE] OSVDB ID : 93614 - Disclosed: 2013-05-22

Description:

Apple QuickTime contains an overflow condition that is triggered as user-supplied input is not properly validated when handling a specially crafted H.263 encoded movie file. This may allow a context-dependent attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

[CLOSE] OSVDB ID : 93601 - Disclosed: 2013-05-22

Description:

IBM Rational Directory Server contains a flaw that may lead to the unauthorized disclosure of sensitive information. The issue is triggered when handling an arbitrary parameter path to the Rational Directory Server help documentation, which will result in an error message response from the server. This may allow a remote attacker to gain access to sensitive HTTP ERROR 500 debug information in the returned error message.

[CLOSE] OSVDB ID : 93600 - Disclosed: 2013-05-22

Description:

IBM Tivoli Monitoring contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input related to the portal browser client before returning it to the user. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 93628 - Disclosed: 2013-05-22

Description:

OTRS (Open Ticket Request System) / OTRS ITSM contains a flaw that may lead to the unauthorized disclosure of sensitive information. The issue is triggered when manipulating URLs in the ticket split mechanism. This may allow a remote attacker to gain access to ticket content.

[CLOSE] OSVDB ID : 93626 - Disclosed: 2013-05-22

Description:

Red Hat Certificate System contains a flaw in the pki-tps package that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the URL upon submission to /tus/. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 93627 - Disclosed: 2013-05-22

Description:

Red Hat Certificate System contains a flaw in the pki-tps package that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the URL upon submission to /tus/tus/. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 93615 - Disclosed: 2013-05-22

Description:

Apple QuickTime contains a flaw that is triggered as user-supplied input is not properly sanitized when handling a specially crafted TeXML file. This may allow a context-dependent attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code.

[CLOSE] OSVDB ID : 93530 - Disclosed: 2013-05-21

Description:

Moodle contains an unspecified flaw related to filtering of form elements named 'foo[i]', which may allow an attacker to have an unspecified impact. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 93567 - Disclosed: 2013-05-21

Description:

Google Chrome contains an unspecified out-of-bounds read flaw in v8 that may allow a context-dependent attacker to cause a denial of service. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 93568 - Disclosed: 2013-05-21

Description:

Google Chrome contains an unspecified bad cast flaw that is triggered during the handling of the clip board, which may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 93569 - Disclosed: 2013-05-21

Description:

Google Chrome contains an unspecified use-after-free error related to the media loader. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 93570 - Disclosed: 2013-05-21

Description:

Google Chrome contains an unspecified use-after-free error that is triggered during the handling of a pepper resource. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 93571 - Disclosed: 2013-05-21

Description:

Google Chrome contains an unspecified use-after-free error that is triggered during the handling of a widget. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 93572 - Disclosed: 2013-05-21

Description:

Google Chrome contains an unspecified use-after-free error that is triggered during speech handling. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 93573 - Disclosed: 2013-05-21

Description:

Google Chrome contains an unspecified use-after-free error related to style resolution. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 93574 - Disclosed: 2013-05-21

Description:

Google Chrome contains multiple unspecified flaws in web audio. These issues are triggered as user-supplied input is not properly sanitized, which will allow a context-dependent attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code.

[CLOSE] OSVDB ID : 93575 - Disclosed: 2013-05-21

Description:

Google Chrome contains an unspecified use-after-free error related to media loader. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 93576 - Disclosed: 2013-05-21

Description:

Google Chrome contains an unspecified race condition that occurs during the handling of workers which may lead to a use-after-free condition. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.