Weekly Vulnerabilities Reports > February 11 to 17, 2013
Overview
3 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 12 products from 7 vendors including Adobe, Opensuse, Redhat, Suse, and Debian. Vulnerabilities are notably categorized as "Out-of-bounds Write", "XXE", and "Classic Buffer Overflow".
- 1 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 3 reported vulnerabilities are exploitable by an anonymous user.
- Adobe has the most reported vulnerabilities, with 2 reported vulnerabilities.
- Debian has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-02-13 | CVE-2012-3363 | Zend Fedoraproject Debian | XXE vulnerability in multiple products Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack. | 9.1 |
2 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-02-14 | CVE-2013-0641 | Adobe Redhat Suse Opensuse | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013. | 7.8 |
2013-02-14 | CVE-2013-0640 | Adobe Suse Opensuse Redhat | Out-of-bounds Write vulnerability in multiple products Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013. | 7.8 |
0 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|