JVN Info.

Id
12855  
Name
JVNDB-2014-001730  
Title
複数の Mozilla 製品で使用される Cairo の _cairo_truetype_index_to_ucs4 関数におけるバッファオーバーフローの脆弱性  
Summary
Mozilla Firefox、Thunderbird、および SeaMonkey で使用される Cairo の _cairo_truetype_index_to_ucs4 関数には、バッファオーバーフローの脆弱性が存在します。  
Nvdinfo
CVE-2014-1509  
Cvssv2
7.6  
Jvnurl
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-001730.html  
Published Date
2014-03-18  
Registered Date
2014-03-20  
Last Updated Date
2014-04-08  

Actions

Related Nessuslogs

Id Log ID Jvninfo Id Plugin ID CVE CVSS Risk Host Protocol Port Name Synopsis Description Solution See Also Plugin Output Actions
51587 H28_MUN_DWEB_Q4_172_16_240_seg.csv 12855 89676 CVE-2010-1323 7.8 High 172.16.240.115 tcp 443 VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0007) (remote check) The remote VMware ESX / ESXi host is missing a security-related patch. The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities : - Multiple forgery vulnerabilities exist in the bundled version of MIT Kerberos 5 (krb5). An attacker can exploit these issues to impersonate a client, escalate privileges, and disclose sensitive information. (CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021) - A local arbitrary code execution vulnerability exists in the Kernel in the do_anonymous_page() function due to improper separation of the stack and the heap. A local attacker can exploit this vulnerability to execute arbitrary code. (CVE-2010-2240) - A denial of service vulnerability exists that allows a remote attacker to exhaust available sockets, preventing further connections. (CVE-2011-1785) - A denial of service vulnerability exists in the bundled version of lsassd in Likewise Open. A remote attacker can exploit this, via an Active Directory login attempt that provides a username containing an invalid byte sequence, to cause a daemon crash. (CVE-2011-1786) Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1 or ESXi version 4.0 / 4.1. https://www.vmware.com/security/advisories/VMSA-2011-0007 http://lists.vmware.com/pipermail/security-announce/2011/000133.html Version : ESX 4.0 Installed build : 208167 Fixed build : 392990
51614 H28_MUN_DWEB_Q4_172_16_240_seg.csv 12855 89680 CVE-2010-1323 7.9 High 172.16.240.115 tcp 443 VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0012) (remote check) The remote VMware ESX / ESXi host is missing a security-related patch. The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities in several third-party components and libraries : - Kernel - krb5 - glibc - mtp2sas - mptsas - mptspi Apply the appropriate patch according to the vendor advisory that pertains to ESX version 3.5 / 4.0 / 4.1 or ESXi version 3.5 / 4.0 / 4.1 / 5.0. https://www.vmware.com/security/advisories/VMSA-2011-0012 http://lists.vmware.com/pipermail/security-announce/2012/000164.html Version : ESX 4.0 Installed build : 208167 Fixed build : 480973
57168 H28_DWEB_NW_Scan_Q1_172_16_240_Seg_20160518_hepxqa.csv 12855 89676 CVE-2010-1323 7.8 High 172.16.240.115 tcp 443 VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0007) (remote check) The remote VMware ESX / ESXi host is missing a security-related patch. The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities : - Multiple forgery vulnerabilities exist in the bundled version of MIT Kerberos 5 (krb5). An attacker can exploit these issues to impersonate a client, escalate privileges, and disclose sensitive information. (CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021) - A local arbitrary code execution vulnerability exists in the Kernel in the do_anonymous_page() function due to improper separation of the stack and the heap. A local attacker can exploit this vulnerability to execute arbitrary code. (CVE-2010-2240) - A denial of service vulnerability exists that allows a remote attacker to exhaust available sockets, preventing further connections. (CVE-2011-1785) - A denial of service vulnerability exists in the bundled version of lsassd in Likewise Open. A remote attacker can exploit this, via an Active Directory login attempt that provides a username containing an invalid byte sequence, to cause a daemon crash. (CVE-2011-1786) Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1 or ESXi version 4.0 / 4.1. https://www.vmware.com/security/advisories/VMSA-2011-0007 http://lists.vmware.com/pipermail/security-announce/2011/000133.html Version : ESX 4.0 Installed build : 208167 Fixed build : 392990
57195 H28_DWEB_NW_Scan_Q1_172_16_240_Seg_20160518_hepxqa.csv 12855 89680 CVE-2010-1323 7.9 High 172.16.240.115 tcp 443 VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0012) (remote check) The remote VMware ESX / ESXi host is missing a security-related patch. The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities in several third-party components and libraries : - Kernel - krb5 - glibc - mtp2sas - mptsas - mptspi Apply the appropriate patch according to the vendor advisory that pertains to ESX version 3.5 / 4.0 / 4.1 or ESXi version 3.5 / 4.0 / 4.1 / 5.0. https://www.vmware.com/security/advisories/VMSA-2011-0012 http://lists.vmware.com/pipermail/security-announce/2012/000164.html Version : ESX 4.0 Installed build : 208167 Fixed build : 480973