Weekly Update: a new vulnerability is published on the National Vulnerability Database (8 items)

New vulnerabilities from the NVD: CVE-2013-0202 Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php. Published at: December 17, 2019 at 08:15PM View on website December 17, 2019 at 09:48PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2012-2237 Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile. Published at: December 17, 2019 at 08:15PM View on website December 17, 2019 at 09:48PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2012-2312 An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges. Published at: December 18, 2019 at 08:15PM View on website December 18, 2019 at 09:48PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2012-2656 An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information. Published at: December 18, 2019 at 09:15PM View on website December 18, 2019 at 11:48PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2012-5639 LibreOffice and OpenOffice automatically open embedded content Published at: December 20, 2019 at 04:15PM View on website December 20, 2019 at 05:44PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2012-3409 ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation Published at: December 20, 2019 at 04:15PM View on website December 20, 2019 at 05:44PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2012-6111 gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function Published at: December 20, 2019 at 05:15PM View on website December 20, 2019 at 07:44PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2012-6094 cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system Published at: December 20, 2019 at 05:15PM View on website December 20, 2019 at 07:44PM via National Vulnerability Database