Monthly Archive: February 2013

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. Date published : 2013-02-20...

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Date...

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management – Collaborative Edition 10.0 and 10.1 before FP1 and InfoSphere Master Data Management Server for Product Information Management 6.0, 9.0, and 9.1 allows remote...

Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management – Collaborative Edition 10.0 and 10.1 before FP1 and InfoSphere Master Data Management Server for Product Information Management 6.0, 9.0, and 9.1 allow...

The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.1.0 and 6.4 before 6.4.0.1 allows man-in-the-middle attackers to obtain unspecified client access, and consequently obtain unspecified server access, via...

The traditional scheduler in the client in IBM Tivoli Storage Manager (TSM) before 6.2.5.0, 6.3 before 6.3.1.0, and 6.4 before 6.4.0.1, when Prompted mode is enabled, allows remote attackers to cause a denial of...

IBM Eclipse Help System (IEHS), as used in IBM Data Studio 3.1 and 3.1.1 and other products, allows remote authenticated users to read source code via a crafted URL. Date published : 2013-02-20 http://www-01.ibm.com/support/docview.wss?uid=swg21625573...

Cross-site scripting (XSS) vulnerability in IBM WebSphere Message Broker 7.0 before 7.0.0.6 and 8.0 before 8.0.0.2, when wsdl support is enabled on a SOAPInput node, allows remote attackers to inject arbitrary web script or...

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related...

The management GUI on the IBM SAN Volume Controller and Storwize V7000 6.x before 6.4.1.3 allows remote attackers to bypass authentication and obtain superuser access via IP packets. Date published : 2013-02-19 http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004277 https://exchange.xforce.ibmcloud.com/vulnerabilities/80716

Memory leak in Cisco Unity Connection 9.x allows remote attackers to cause a denial of service (memory consumption and process crash) by sending many TCP requests, aka Bug ID CSCud59736. Date published : 2013-02-19...

The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified...

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or...

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause...