Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Boot.
CVE-2013-1511 (mysql, solaris)
Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Oracle Critical Patch Update Advisory – April 2013
Oracle Java SE Critical Patch Update Advisory – April 2013
[BSA-080] Security Update for postgresql-9.1
Package : postgresql-9.1
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1899 CVE-2013-1900 CVE-2013-1901
Debian Bug : 704479
Several vulnerabilities were discovered in PostgreSQL database server.
CVE-2013-1899
Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center
discovered that it was possible for a connection request containing a
database name that begins with "-" to be crafted that can damage or destroy
files within a server's data directory. Anyone with access to the port the
PostgreSQL server listens on can initiate this request.
CVE-2013-1900
Random numbers generated by contrib/pgcrypto functions may be easy for
another database user to guess.
CVE-2013-1901
An unprivileged user could run commands that could interfere with
in-progress backups
For backports for the stable distribution (squeeze-backports), these
problems have been fixed in version 9.1.9-1~bpo60+1.
For the stable dist
CVE-2012-1038 (networks_mobility_system_software)
Cross-site scripting (XSS) vulnerability in the WebAAA login functionality (wba_login.html) in Juniper Networks Mobility System Software (MSS) 7.6.x before 7.6.3, 7.7.x before 7.7.1, 7.5.x before 7.5.3, and other unspecified versions before 7.4 and 7.3 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter name.
Removal of postgresql-9.0 from backports
The postgresql-9.0 package on backports.debian.org is no longer maintained, and was finally removed from the archive now. postgresql-9.0 will not be part of the next Debian release, and hence was removed from Debian/testing and unstable. Backports is now following this move. There are two options for users of postgresql-9.0: * Upgrade to postgresql-9.1 which will be shipped with wheezy. This package is part of backports.debian.org. * Switch to the PostgreSQL APT archive at apt.postgresql.org, as detailed in https://wiki.postgresql.org/wiki/Apt. This archive provides compatible 9.0 packages. (And 9.1 and 9.2.) postgresql-9.0 is affected by the upcoming security update: http://www.postgresql.org/about/news/1454/ Please move away from the backports.debian.org version of postgresql-9.0 as soon as possible. Christoph
WatchGuard Receives Industry Recognition in First Quarter from CRN, SC Magazine and Info Security Product Guide
Product Reviews and Industry Awards Show Dedication to Innovation, Leadership in Network Security
CVE-2013-1830 (fedora, moodle)
user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search.
CVE-2013-1427
The configuration file for the FastCGI PHP support for lighthttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition. (CVSS:1.9) (Last Update:2013-03-22)