Weekly Vulnerabilities Reports > March 4 to 10, 2013

Overview

96 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 27 high severity vulnerabilities. This weekly summary report vulnerabilities in 86 products from 37 vendors including HP, Opensuse, Wireshark, Google, and IBM. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Improper Input Validation", and "Numeric Errors".

  • 70 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 14 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 90 reported vulnerabilities are exploitable by an anonymous user.
  • HP has the most reported vulnerabilities, with 17 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

11 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-03-09 CVE-2012-5209 HP Unspecified vulnerability in HP products

Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1659.

10.0
2013-03-09 CVE-2012-5201 HP Unspecified vulnerability in HP products

Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1611.

10.0
2013-03-08 CVE-2013-1491 Oracle Code Injection vulnerability in Oracle JDK and JRE

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013.

10.0
2013-03-08 CVE-2013-1488 Oracle Code Injection vulnerability in Oracle JDK and JRE

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.

10.0
2013-03-08 CVE-2013-0402 Oracle Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle Javafx, JDK and JRE

Heap-based buffer overflow in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via unspecified vectors related to JavaFX, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.

10.0
2013-03-08 CVE-2013-0401 Oracle Code Injection vulnerability in Oracle JDK and JRE

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013.

10.0
2013-03-05 CVE-2013-1493 Oracle
SUN
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.

10.0
2013-03-05 CVE-2013-0809 Oracle
SUN
Remote Code Execution vulnerability in Oracle Java SE

Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493.

10.0
2013-03-05 CVE-2013-0710 Kingsoft Buffer Errors vulnerability in Kingsoft Writer 2007 and Writer 2010

Buffer overflow in Kingsoft Writer 2007 and 2010 before 2724 allows remote attackers to execute arbitrary code via a crafted RTF document.

9.3
2013-03-05 CVE-2012-4858 IBM Improper Input Validation vulnerability in IBM Cognos Business Intelligence

IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 does not properly validate Java serialized input, which allows remote attackers to execute arbitrary commands via unspecified vectors.

9.3
2013-03-09 CVE-2012-5207 HP Unspecified vulnerability in HP products

Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1661.

9.0

27 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-03-09 CVE-2012-5215 HP Information Disclosure vulnerability in Multiple HP LaserJet Pro Printers

Unspecified vulnerability on the HP LaserJet Pro M1212nf, M1213nf, M1214nfh, M1216nfh, M1217nfw, and M1219nf, and HotSpot LaserJet Pro M1218nfs, with firmware before 20130211; LaserJet Pro CP1025nw with firmware before 20130212; and LaserJet Pro P1102w and P1606dn with firmware before 20130213 allows remote attackers to modify data or cause a denial of service via unknown vectors.

8.8
2013-03-09 CVE-2012-5213 HP Information Disclosure vulnerability in HP products

Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1662.

7.8
2013-03-07 CVE-2013-2487 Debian
Opensuse
Wireshark
Numeric Errors vulnerability in multiple products

epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (4) dissect_storeans, (5) dissect_storereq, (6) dissect_storeddataspecifier, (7) dissect_fetchreq, (8) dissect_findans, (9) dissect_diagnosticinfo, (10) dissect_diagnosticresponse, (11) dissect_reload_messagecontents, and (12) dissect_reload_message functions, a different vulnerability than CVE-2013-2486.

7.8
2013-03-09 CVE-2013-2496 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data.

7.5
2013-03-09 CVE-2013-2495 Ffmpeg Numeric Errors vulnerability in Ffmpeg

The iff_read_header function in iff.c in libavformat in FFmpeg through 1.1.3 does not properly handle data sizes for Interchange File Format (IFF) data during operations involving a CMAP chunk or a video codec, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) or possibly have unspecified other impact via a crafted header.

7.5
2013-03-09 CVE-2012-5214 HP Denial of Service vulnerability in HP Service Center 6.2.8

Unspecified vulnerability in HP ServiceCenter 6.2.8 before 6.2.8.10 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.

7.5
2013-03-09 CVE-2012-5211 HP Unspecified vulnerability in HP Intelligent Management Center User Access Manager

Unspecified vulnerability in HP Intelligent Management Center (iMC) User Access Manager (UAM) before 5.2 E0402 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1643.

7.5
2013-03-09 CVE-2012-5210 HP Unspecified vulnerability in HP Tacacs+ Authentication Manager 5.1

Unspecified vulnerability in HP Intelligent Management Center (iMC) TACACS+ Authentication Manager (TAM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1646.

7.5
2013-03-09 CVE-2012-5208 HP Unspecified vulnerability in HP products

Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1615.

7.5
2013-03-09 CVE-2012-5206 HP Unspecified vulnerability in HP products

Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1660.

7.5
2013-03-09 CVE-2012-5205 HP Unspecified vulnerability in HP products

Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1650.

7.5
2013-03-09 CVE-2012-5204 HP Unspecified vulnerability in HP products

Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1614.

7.5
2013-03-09 CVE-2012-5203 HP Unspecified vulnerability in HP products

Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1613.

7.5
2013-03-09 CVE-2012-5202 HP Unspecified vulnerability in HP products

Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1612.

7.5
2013-03-08 CVE-2013-0249 Haxx
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message.

7.5
2013-03-06 CVE-2013-1635 PHP Permissions, Privileges, and Access Controls vulnerability in PHP

ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory.

7.5
2013-03-05 CVE-2013-0911 Google Path Traversal vulnerability in Google Chrome

Directory traversal vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to have an unspecified impact via vectors related to databases.

7.5
2013-03-05 CVE-2013-0910 Google Improper Authentication vulnerability in Google Chrome

Google Chrome before 25.0.1364.152 does not properly manage the interaction between the browser process and renderer processes during authorization of the loading of a plug-in, which makes it easier for remote attackers to bypass intended access restrictions via vectors involving a blocked plug-in.

7.5
2013-03-05 CVE-2013-0908 Google Security vulnerability in Google Chrome

Google Chrome before 25.0.1364.152 does not properly manage bindings of extension processes, which has unspecified impact and attack vectors.

7.5
2013-03-05 CVE-2013-0907 Google Race Condition vulnerability in Google Chrome

Race condition in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media threads.

7.5
2013-03-05 CVE-2013-0906 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

The IndexedDB implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

7.5
2013-03-05 CVE-2013-0905 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG animation.

7.5
2013-03-05 CVE-2013-0904 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

The Web Audio implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

7.5
2013-03-05 CVE-2013-0903 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of browser navigation.

7.5
2013-03-05 CVE-2013-0902 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5
2013-03-08 CVE-2013-1050 Gnome Permissions, Privileges, and Access Controls vulnerability in Gnome Screensaver 3.5.4/3.5.5/3.6.0

The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation.

7.2
2013-03-05 CVE-2013-0292 Freedesktop Improper Input Validation vulnerability in Freedesktop Dbus-Glib

The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.

7.2

44 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-03-08 CVE-2011-2504 Xfree86 Local Privilege Escalation vulnerability in XFree86 x11perf

Untrusted search path vulnerability in x11perfcomp in XFree86 x11perf before 1.5.4 allows local users to gain privileges via unspecified Trojan horse code in the current working directory.

6.9
2013-03-05 CVE-2013-1775 Todd Miller
Apple
Permissions, Privileges, and Access Controls vulnerability in multiple products

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.

6.9
2013-03-05 CVE-2011-4355 GNU Permissions, Privileges, and Access Controls vulnerability in GNU GDB

GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts.

6.9
2013-03-09 CVE-2012-5212 HP Information Disclosure vulnerability in HP products

Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1663.

6.8
2013-03-07 CVE-2013-1153 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Infrastructure

Cross-site request forgery (CSRF) vulnerability in the web interface in Cisco Prime Infrastructure allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCue84676.

6.8
2013-03-05 CVE-2013-0288 Arthurdejong Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Arthurdejong Nss-Pam-Ldapd

nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer overflow related to incorrect use of the FD_SET macro.

6.8
2013-03-08 CVE-2013-1762 Stunnel Code Injection vulnerability in Stunnel

stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.

6.6
2013-03-07 CVE-2013-2486 Debian
Opensuse
Wireshark
Numeric Errors vulnerability in multiple products

The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet.

6.1
2013-03-07 CVE-2013-2485 Debian
Opensuse
Wireshark
Denial of Service vulnerability in Wireshark FCSP Dissector

The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.

6.1
2013-03-07 CVE-2013-2482 Wireshark
Opensuse
Denial of Service vulnerability in Wireshark AMPQ Dissector

The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.

6.1
2013-03-07 CVE-2013-2476 Wireshark
Opensuse
Resource Management Errors vulnerability in multiple products

The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short.

6.1
2013-03-05 CVE-2012-6026 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Aironet Access Point Software

The HTTP Profiler on the Cisco Aironet Access Point with software 15.2 and earlier does not properly manage buffers, which allows remote attackers to cause a denial of service (device reload) via crafted HTTP requests, aka Bug ID CSCuc62460.

6.1
2013-03-07 CVE-2011-4318 Dovecot Improper Input Validation vulnerability in Dovecot

Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.

5.8
2013-03-06 CVE-2012-5770 IBM Configuration vulnerability in IBM Tivoli Application Dependency Discovery Manager 7.2.0.0/7.2.1/7.2.1.3

The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic via a brute-force attack.

5.8
2013-03-05 CVE-2013-0931 RSA
Microsoft
Configuration vulnerability in RSA Authentication Agent for Windows 7.1/7.1.1

EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a screensaved session by entering a PIN after timeout expiration.

5.4
2013-03-08 CVE-2012-4066 Eucalyptus Improper Authentication vulnerability in Eucalyptus

The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots.

5.0
2013-03-07 CVE-2013-1154 Cisco Resource Management Errors vulnerability in Cisco products

The Cisco Small Business 200 Series Smart Switch 1.2.7.76 and earlier, Small Business 300 Series Managed Switch 1.2.7.76 and earlier, and Small Business 500 Series Stackable Managed Switch 1.2.7.76 and earlier allow remote attackers to cause a denial of service (SSL/TLS layer outage) via malformed (1) SSH or (2) SSL packets, aka Bug ID CSCua30246.

5.0
2013-03-07 CVE-2010-5107 Openbsd Denial of Service vulnerability in OpenSSH

The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.

5.0
2013-03-07 CVE-2013-2488 Wireshark
Debian
Opensuse
Improper Input Validation vulnerability in multiple products

The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location.

5.0
2013-03-06 CVE-2013-1643 PHP Information Exposure vulnerability in PHP

The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.

5.0
2013-03-05 CVE-2013-0909 Google Information Exposure vulnerability in Google Chrome

The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors.

5.0
2013-03-05 CVE-2013-0198 Thekelleys Improper Input Validation vulnerability in Thekelleys Dnsmasq

Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries.

5.0
2013-03-05 CVE-2012-3411 Thekelleys
Redhat
Improper Input Validation vulnerability in multiple products

Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.

5.0
2013-03-05 CVE-2013-1415 MIT
Opensuse
Null Pointer Dereference vulnerability in multiple products

The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.

5.0
2013-03-05 CVE-2012-4840 IBM Code Injection vulnerability in IBM Cognos Business Intelligence

IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to conduct XPath injection attacks, and call XPath extension functions, via unspecified vectors.

5.0
2013-03-05 CVE-2012-1016 MIT Null Pointer Dereference vulnerability in MIT Kerberos 5

The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.

5.0
2013-03-07 CVE-2013-0151 XEN Permissions, Privileges, and Access Controls vulnerability in XEN 4.2.0/4.2.1

The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause a denial of service (long-duration page mappings and host OS crash) by leveraging administrative access to an HVM guest in a domain with a large number of VCPUs.

4.6
2013-03-06 CVE-2013-1819 Linux Improper Input Validation vulnerability in Linux Kernel

The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map.

4.6
2013-03-06 CVE-2013-1048 Debian Permissions, Privileges, and Access Controls vulnerability in Debian Apache2

The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.

4.6
2013-03-08 CVE-2013-0261 Openstack Permissions, Privileges, and Access Controls vulnerability in Openstack Essex and Folsom

(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.

4.4
2013-03-08 CVE-2011-4969 Jquery Cross-Site Scripting vulnerability in Jquery

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.

4.3
2013-03-08 CVE-2013-0308 GIT SCM Improper Input Validation vulnerability in Git-Scm GIT

The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

4.3
2013-03-08 CVE-2011-3201 Oracle
Gnome
Redhat
Information Exposure vulnerability in multiple products

GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.

4.3
2013-03-08 CVE-2013-1656 Spreecommerce Improper Input Validation vulnerability in Spreecommerce Spree

Spree Commerce 1.0.x through 1.3.2 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the (1) payment_method parameter to core/app/controllers/spree/admin/payment_methods_controller.rb; and the (2) promotion_action parameter to promotion_actions_controller.rb, (3) promotion_rule parameter to promotion_rules_controller.rb, and (4) calculator_type parameter to promotions_controller.rb in promo/app/controllers/spree/admin/, related to unsafe use of the constantize function.

4.3
2013-03-07 CVE-2013-2493 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome Frame 15.0.874.121/16.0.912.63

The Hook_Terminate function in chrome_frame/protocol_sink_wrap.cc in the Google Chrome Frame plugin before 26.0.1410.28 for Internet Explorer does not properly handle attach tab requests, which allows user-assisted remote attackers to cause a denial of service (application crash) via an _blank value for the target attribute of an A element.

4.3
2013-03-07 CVE-2013-0215 XEN Permissions, Privileges, and Access Controls vulnerability in XEN

oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly consider the state of the Xenstore ring during read operations, which allows guest OS users to cause a denial of service (daemon crash and host-control outage, or memory consumption) or obtain sensitive control-plane data by leveraging guest administrative access.

4.3
2013-03-07 CVE-2012-5053 Trimble Cross-Site Scripting vulnerability in Trimble products

Cross-site scripting (XSS) vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-03-06 CVE-2013-1140 Cisco Information Exposure vulnerability in Cisco Security Monitoring Analysis and Response System

The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093.

4.3
2013-03-05 CVE-2012-4855 IBM Denial Of Service vulnerability in IBM WebSphere Commerce

Unspecified vulnerability in the web services framework in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to cause a denial of service (login outage) via unknown vectors.

4.3
2013-03-05 CVE-2012-4835 IBM Cross-Site Scripting vulnerability in IBM Cognos Business Intelligence

Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-03-05 CVE-2012-2193 IBM Cross-Site Scripting vulnerability in IBM Cognos Business Intelligence

Cross-site scripting (XSS) vulnerability in Query Studio in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-03-05 CVE-2012-2177 IBM Cross-Site Scripting vulnerability in IBM Cognos Business Intelligence

Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors related to the search feature.

4.3
2013-03-08 CVE-2013-2506 Spreecommerce Permissions, Privileges, and Access Controls vulnerability in Spreecommerce Spree

app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves.

4.0
2013-03-05 CVE-2012-4837 IBM Information Exposure vulnerability in IBM Cognos Business Intelligence

IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors.

4.0

14 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-03-09 CVE-2012-5200 HP Cross-Site Scripting vulnerability in HP products

Cross-site scripting (XSS) vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-03-06 CVE-2012-5942 IBM Cross-Site Scripting vulnerability in IBM Tivoli Application Dependency Discovery Manager 7.2.0.0/7.2.1/7.2.1.3

Cross-site scripting (XSS) vulnerability in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors.

3.5
2013-03-06 CVE-2012-5939 IBM Cross-Site Scripting vulnerability in IBM Tivoli Application Dependency Discovery Manager 7.2.0.0/7.2.1/7.2.1.3

Cross-site scripting (XSS) vulnerability in Welcome.do in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2013-03-05 CVE-2012-4836 IBM Cross-Site Scripting vulnerability in IBM Cognos Business Intelligence

Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is not properly handled during rendering of stored data.

3.5
2013-03-07 CVE-2013-2484 Debian
Opensuse
Wireshark
Denial of Service vulnerability in Wireshark CIMD Dissector

The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.

3.3
2013-03-07 CVE-2013-2483 Wireshark
Debian
Opensuse
Numeric Errors vulnerability in multiple products

The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invalid count value in ACN_DMP_ADT_D_RE DMP data.

3.3
2013-03-07 CVE-2013-2480 Debian
Opensuse
Wireshark
Denial of Service vulnerability in Wireshark RTPS And RTPS2 Dissectors

The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet.

3.3
2013-03-07 CVE-2013-2479 Wireshark
Opensuse
Denial of Service vulnerability in Wireshark MPLS Echo Dissector

The dissect_mpls_echo_tlv_dd_map function in epan/dissectors/packet-mpls-echo.c in the MPLS Echo dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via invalid Sub-tlv data.

3.3
2013-03-07 CVE-2013-2478 Debian
Opensuse
Wireshark
Numeric Errors vulnerability in multiple products

The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\0' characters in a string.

3.3
2013-03-07 CVE-2013-2477 Wireshark
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

3.3
2013-03-07 CVE-2013-2475 Wireshark
Opensuse
Denial of Service vulnerability in Wireshark TCP Dissector

The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.

3.3
2013-03-07 CVE-2013-2481 Wireshark
Debian
Opensuse
Numeric Errors vulnerability in multiple products

Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value.

2.9
2013-03-08 CVE-2013-0266 Openstack Race Condition vulnerability in Openstack Essex and Folsom

manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.

2.1
2013-03-06 CVE-2013-0200 HP
Redhat
Link Following vulnerability in multiple products

HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.

1.9