Weekly Vulnerabilities Reports > February 4 to 10, 2013
Overview
38 new vulnerabilities reported during this period, including 10 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 39 products from 23 vendors including HP, Redhat, Google, EMC, and Opera. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Cryptographic Issues", and "Information Exposure".
- 34 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 35 reported vulnerabilities are exploitable by an anonymous user.
- HP has the most reported vulnerabilities, with 6 reported vulnerabilities.
- HP has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
10 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-02-06 | CVE-2012-3285 | HP | Unspecified vulnerability in HP Lefthand P4000 Virtual SAN Appliance and San/Iq Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1513. | 10.0 |
2013-02-06 | CVE-2012-3284 | HP | Unspecified vulnerability in HP Lefthand P4000 Virtual SAN Appliance and San/Iq Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1512. | 10.0 |
2013-02-06 | CVE-2012-3283 | HP | Unspecified vulnerability in HP Lefthand P4000 Virtual SAN Appliance and San/Iq Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1511. | 10.0 |
2013-02-06 | CVE-2012-3282 | HP | Unspecified vulnerability in HP Lefthand P4000 Virtual SAN Appliance and San/Iq Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1468. | 10.0 |
2013-02-08 | CVE-2013-1465 | Cubecart | Deserialization of Untrusted Data vulnerability in Cubecart The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object. | 9.8 |
2013-02-08 | CVE-2013-1638 | Opera | Code Injection vulnerability in Opera Browser Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document. | 9.3 |
2013-02-08 | CVE-2013-1637 | Opera | Code Injection vulnerability in Opera Browser Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events. | 9.3 |
2013-02-08 | CVE-2013-0634 | Adobe Apple Microsoft Linux | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Flash Player Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013. | 9.3 |
2013-02-08 | CVE-2013-0633 | Adobe Apple Microsoft Linux | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Flash Player Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. | 9.3 |
2013-02-08 | CVE-2012-4700 | Ecava | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ecava Integraxor Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document. | 9.3 |
3 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-02-06 | CVE-2012-3281 | HP | Denial of Service vulnerability in HP XP P9000 Command View Advanced Edition 7.1.0/7.2/7.2.03 Unspecified vulnerability in Device Manager in HP XP P9000 Command View Advanced Edition before 7.4.0-00 allows remote attackers to cause a denial of service via unknown vectors. | 7.8 |
2013-02-06 | CVE-2012-2292 | EMC | Permissions, Privileges, and Access Controls vulnerability in EMC RSA Archer Egrc and RSA Archer Smartsuite The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | 7.5 |
2013-02-05 | CVE-2011-1350 | Information Exposure vulnerability in Google Android The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device. | 7.1 |
22 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-02-05 | CVE-2011-1352 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device. | 6.9 | |
2013-02-08 | CVE-2013-1639 | Opera | Cross-Site Request Forgery (CSRF) vulnerability in Opera Browser Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request. | 6.8 |
2013-02-06 | CVE-2013-1120 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unity Express and Unity Express Software Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910. | 6.8 |
2013-02-06 | CVE-2012-2294 | EMC | Improper Input Validation vulnerability in EMC RSA Archer Egrc and RSA Archer Smartsuite EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page. | 6.8 |
2013-02-06 | CVE-2012-2293 | EMC | Path Traversal vulnerability in EMC RSA Archer Egrc and RSA Archer Smartsuite Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary code, via a relative path. | 6.5 |
2013-02-05 | CVE-2012-3370 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat products The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users. | 5.8 |
2013-02-08 | CVE-2013-0242 | GNU | Buffer Errors vulnerability in GNU Glibc 2.17 Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. | 5.0 |
2013-02-05 | CVE-2012-5478 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat products The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and perform arbitrary JMX operations via unspecified vectors. | 4.9 |
2013-02-08 | CVE-2013-1623 | Yassl | Cryptographic Issues vulnerability in Yassl Cyassl The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. | 4.3 |
2013-02-08 | CVE-2013-1621 | Polarssl | Improper Input Validation vulnerability in Polarssl Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169. | 4.3 |
2013-02-07 | CVE-2013-1464 | Doryphores Wordpress | Cross-Site Scripting vulnerability in Doryphores Audio Player Cross-site scripting (XSS) vulnerability in assets/player.swf in the Audio Player plugin before 2.0.4.6 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the playerID parameter. | 4.3 |
2013-02-06 | CVE-2012-5187 | Weathernews | Permissions, Privileges, and Access Controls vulnerability in Weathernews Touch The Weathernews Touch application 2.3.2 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files. | 4.3 |
2013-02-06 | CVE-2012-5186 | Fleugel | Cross-Site Scripting vulnerability in Fleugel Myu-S and PHP Weblog System Mania Cross-site scripting (XSS) vulnerability in FLUGELz netmania myu-s and PHP WeblogSystem allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-02-06 | CVE-2012-3279 | HP | Cross-Site Scripting vulnerability in HP Network Node Manager I Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-02-06 | CVE-2012-1064 | EMC | Cross-Site Scripting vulnerability in EMC RSA Archer Egrc and RSA Archer Smartsuite Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-02-05 | CVE-2013-0176 | Libssh | Resource Management Errors vulnerability in Libssh The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet. | 4.3 |
2013-02-04 | CVE-2013-1471 | Fortinet | Cross-Site Scripting vulnerability in Fortinet Fortimail 3.0/4.0 Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via (1) the Add field for the Black List under Antispam Management User Preferences or (2) the User name field for the Personal Black/White List in the AntiSpam section. | 4.3 |
2013-02-08 | CVE-2013-1624 | Bouncycastle | Cryptographic Issues vulnerability in Bouncycastle products The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. | 4.0 |
2013-02-08 | CVE-2013-1619 | GNU | Cryptographic Issues vulnerability in GNU Gnutls The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. | 4.0 |
2013-02-08 | CVE-2013-1618 | Opera | Cryptographic Issues vulnerability in Opera Browser The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. | 4.0 |
2013-02-06 | CVE-2013-1107 | Cisco | Information Exposure vulnerability in Cisco Webex Social The search function in Cisco Webex Social (formerly Cisco Quad) allows remote authenticated users to read files via unspecified parameters, aka Bug ID CSCud40235. | 4.0 |
2013-02-05 | CVE-2012-3369 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat products The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's password to be used. | 4.0 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-02-06 | CVE-2013-0254 | QT | Permissions, Privileges, and Access Controls vulnerability in QT The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. | 3.6 |
2013-02-05 | CVE-2013-0218 | Redhat | Information Exposure vulnerability in Redhat products The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file. | 2.1 |
2013-02-05 | CVE-2012-0034 | Redhat | Credentials Management vulnerability in Redhat products The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file. | 2.1 |