[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Tue Mar 4 05:20:18 PST 2014
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 351 Published: Tue, 04 Mar 2014 02:43:09 GMT
New Fixlets:
============
***************************************************************
Title: The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and m
Severity: Medium
Fixlet ID: 2204701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22047.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3137
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."
***************************************************************
Title: Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0500
Severity: High
Fixlet ID: 2237301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22373.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0501
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0500.
***************************************************************
Title: Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0501
Severity: High
Fixlet ID: 2242301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22423.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0500
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0501.
***************************************************************
Title: Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK and Compiler before 4.0.0.1628 do not prevent access to address information, which makes it easier for attacke
Severity: High
Fixlet ID: 2244501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22445.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0499
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK and Compiler before 4.0.0.1628 do not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors.
***************************************************************
Title: Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK and Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via u
Severity: High
Fixlet ID: 2256801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22568.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0498
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK and Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors.
More information about the WinVulns-Announcements
mailing list