Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.

CVE-2013-5891: Oracle Critical Patch Update - January 2014

Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.

Image

Featured Details

**Multiple ways to consume Secunia Research**

Secunia delivers software security research that provides reliable, curated and actionable vulnerability intelligence. Organizations can expect to receive standardized, validated and enriched vulnerability research on a specific version of a software product. Secunia Research supports four solutions:

SVG

**Data Platform**

Data Platform leverages Secunia Research to provide high-level insights based on major or minor versions of software in your normalized inventory

Learn More

SVG

**Flexera One**

Flexera One utilizes Secunia Research (alongside public NVD data) to provide more granular matching of build-level versions of software in your normalized inventory within its IT Asset Management and IT Visibility solutions

Learn More

How it works

**Accurate, reliable vulnerability insights at your fingertips**

The Secunia Research team from Flexera is comprised of several security specialists who conduct vulnerability research in various products in addition to testing, verifying and validating public vulnerability reports. Since its inception in 2002, the goal of the Secunia Research team is to provide the most accurate and reliable source of vulnerability intelligence.

Delivering the world’s best vulnerability intelligence requires skill and passion. Team members continually develop their skills exploring various high-profile closed and open-source software using a variety of approaches, focusing chiefly on thorough code audits and binary analysis. The team has received industry recognition, including naming members to Microsoft’s Most Valuable Security Researchers list.

Secunia researchers discover hard-to-find vulnerabilities that aren’t normally identified with techniques such as fuzzing, and the results have been impressive. Members of the Secunia Research team have discovered critical vulnerabilities in products from vendors including Microsoft, Symantec, IBM, Adobe, RealNetworks, Trend Micro, HP, Blue Coat, Samba, CA, Mozilla and Apple.

The team produces invaluable security advisories based on research of the vulnerabilities affecting any given software update. Sometimes a single update can address multiple vulnerabilities of varying criticalities and threats; but these advisories aggregate and distill findings down to a single advisory perfect for the prioritization of patching efforts within Software Vulnerability Manager. Criticality scores are consistently applied along with details around attack vector and other valuable details within Software Vulnerability Research. Illegitimate vulnerability reports are also investigated and rejected so you can focus only on what truly matters.

CVE-2013-4517: About Secunia Research | Flexera

Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.

CVE-2013-5807: Oracle Critical Patch Update - October 2013

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP.

CVE-2013-5802: Oracle Critical Patch Update - October 2013

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."

CVE-2013-2172

Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.

*   Nmap Security Scanner
    *   Intro
    *   Ref Guide
    *   Install Guide
    *   Download
    *   Changelog
    *   Book
    *   Docs
*   Security Lists
    *   Nmap Announce
    *   Nmap Dev
    *   Bugtraq
    *   Full Disclosure
    *   Pen Test
    *   Basics
    *   More
*   Security Tools
    *   Password audit
    *   Sniffers
    *   Vuln scanners
    *   Web scanners
    *   Wireless
    *   Exploitation
    *   Packet crafters
    *   More
*   Site News
*   Advertising
*   About/Contact

*   Sponsors:

![/](http://seclists.org/shared/images/topleftcurve.gif)

![bugtraq logo](http://seclists.org/images/bugtraq-logo.png) Bugtraq mailing list archives  

**CVE-2013-2189: OpenOffice DOC Memory Corruption Vulnerability**

_From_: Herbert Duerr <hdu () apache org>  
_Date_: Fri, 26 Jul 2013 07:56:20 +0200  

\-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2013-2189
OpenOffice DOC Memory Corruption Vulnerability

Severity: Important
Vendor: The Apache Software Foundation

Versions Affected:
     Apache OpenOffice 3.4.0 to 3.4.1 on all platforms.
     Predecessor versions of OpenOffice.org may be also affected.

Description:

     The vulnerability is caused by operating on invalid PLCF (Plex of
Character Positions in File) data when parsing a malformed DOC document
file. Specially crafted documents can be used for denial-of-service
attacks. Further exploits are possible but have not been verified.

Mitigation:

     Apache OpenOffice 3.4 users are advised to upgrade to Apache
OpenOffice 4.0. Users who are unable to upgrade immediately should be
cautious when opening untrusted documents.

Credits:

     The Apache OpenOffice Security Team credits Jeremy Brown of
Microsoft Vulnerability Research as the discoverer of this flaw.

Herbert Dürr
Member of the Apache OpenOffice Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJR8g9+AAoJEDfnuKc+PLjJbqIP/2PaWKJvwYVXOmr33gVD4Kpx
Q2zzCfK/je3rJmK6PAfJpGB2ooKim00/Q/+G+gYvvi+35NQLk2dgfynkdhRiQP59
9DaPeNC7NDAjDgIk+8hC/reKmwfqdyyMj0FU/NwIIjEsMPMzKl3Vc1svEN9vz5GN
lc3fLORH5GPUVZkwJfV+C+CyBCLk3Yurxd4GNTBpqFKmbR7ENQmKPAmH5gEMIZO7
iCSzGK4terEUjUtAmvHy4yFlZtHz33XgvMZZrbE92y7ppoury8ZN4mb42vAowTDQ
+JSGtBKCGPDQRaoDOJdwhafgFcnRu10sJbUtYMmSy9qcZNq6JFHe2aR7+j9h0pN+
c85HgwM/NyCjmw8y5EhD+3Cjwc6AlF9olekPSUui7x+6svDj3uVSM4/tpg/pPXLn
0SLB8r6BrxfP5naqMFwISdbSZaQiGuV3JvFhz7VB6k8tMuzIgI8Huw9IT28LP34F
Yxn2VCvzHpZOpWHB9lYORxn1GI+WlrSrKvbaZYUOnBm8fniLHuRSSrra+IWOZqjW
UbCko1gtr0A0b9HEeuVVeJAKyXEL52hUUJ2RmZfGJdWGLC/k/8i+s4Ppvqzmf3r2
ujAfn89Vhk12cAb5NXidV4Nh8Ko82Ow32GBBHlavPHX5T5LVnGNa6CWGoctuQGru
T6rrd/hV6DXtMmgWPTPH
=t46D
-----END PGP SIGNATURE-----

![](http://seclists.org/images/left-icon-16x16.png)  By Date  ![](http://seclists.org/images/right-icon-16x16.png)       ![](http://seclists.org/images/left-icon-16x16.png)  By Thread  ![](http://seclists.org/images/right-icon-16x16.png)

**Current thread:**

*   **CVE-2013-2189: OpenOffice DOC Memory Corruption Vulnerability** _Herbert Duerr (Jul 26)_

CVE-2013-2189: OpenOffice DOC Memory Corruption Vulnerability

Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.

**OpenOffice DOCM Memory Corruption Vulnerability**

**Severity: Important****Vendor: The Apache Software Foundation****Versions Affected:**

*   Apache OpenOffice 3.4.0 to 3.4.1, on all platforms.
*   Earlier versions may be also affected.

**Description:**

The vulnerability is caused by mishandling of unknown XML elements when parsing OOXML document files. Specially crafted documents can be used for denial-of-service attacks. Further exploits are possible but have not been verified.

**Mitigation**

Apache OpenOffice 3.4 users are advised to upgrade to Apache OpenOffice 4.0. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.

**Credits**

The Apache OpenOffice security team credits Jeremy Brown of Microsoft Vulnerability Research as the discoverer of this flaw.

Security Home -> Bulletin -> CVE-2013-4156

CVE-2013-4156: CVE-2013-4156

mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.

CVE-2013-2249

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

CVE-2013-1896

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

Index: CHANGES =================================================================== --- CHANGES (revision 1469310) +++ CHANGES (working copy) @@ -1,8 +1,11 @@ -\*- coding: utf-8 -\*- Changes with Apache 2.2.25 + \*) SECURITY: CVE-2013-1862 (cve.mitre.org) + mod\_rewrite: Ensure that client data written to the RewriteLog is + escaped to prevent terminal escape sequences from entering the + log file. \[Joe Orton\] - Changes with Apache 2.2.24 \*) SECURITY: CVE-2012-3499 (cve.mitre.org) Index: modules/mappers/mod\_rewrite.c =================================================================== --- modules/mappers/mod\_rewrite.c (revision 1469310) +++ modules/mappers/mod\_rewrite.c (working copy) @@ -500,11 +500,11 @@ logline = apr\_psprintf(r->pool, "%s %s %s %s \[%s/sid#%pp\]\[rid#%pp/%s%s%s\] " "(%d) %s%s%s%s" APR\_EOL\_STR, - rhost ? rhost : "UNKNOWN-HOST", - rname ? rname : "-", - r->user ? (\*r->user ? r->user : "\\"\\"") : "-", + rhost ? ap\_escape\_logitem(r->pool, rhost) : "UNKNOWN-HOST", + rname ? ap\_escape\_logitem(r->pool, rname) : "-", + r->user ? (\*r->user ? ap\_escape\_logitem(r->pool, r->user) : "\\"\\"") : "-", current\_logtime(r), - ap\_get\_server\_name(r), + ap\_escape\_logitem(r->pool, ap\_get\_server\_name(r)), (void \*)(r->server), (void \*)r, r->main ? "subreq" : "initial", @@ -514,7 +514,7 @@ perdir ? "\[perdir " : "", perdir ? perdir : "", perdir ? "\] ": "", - text); + ap\_escape\_logitem(r->pool, text)); nbytes = strlen(logline); apr\_file\_write(conf->rewritelogfp, logline, &nbytes);

Tag

#apache