Weekly Vulnerabilities Reports > March 18 to 24, 2013
Overview
79 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 70 products from 43 vendors including Siemens, Canonical, Puppet, Windriver, and Puppetlabs. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Code Injection".
- 65 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 18 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 52 reported vulnerabilities are exploitable by an anonymous user.
- Siemens has the most reported vulnerabilities, with 13 reported vulnerabilities.
- Canonical has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
4 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-03-20 | CVE-2013-0714 | Windriver | Improper Input Validation vulnerability in Windriver Vxworks IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to execute arbitrary code or cause a denial of service (daemon hang) via a crafted public-key authentication request. | 10.0 |
2013-03-19 | CVE-2013-0251 | Debian | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Debian Latd Stack-based buffer overflow in llogincircuit.cc in latd 1.25 through 1.30 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the llogin version. | 10.0 |
2013-03-20 | CVE-2013-1750 | Realnetworks | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer and Realplayer SP Heap-based buffer overflow in RealNetworks RealPlayer before 16.0.1.18 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a malformed MP4 file. | 9.3 |
2013-03-20 | CVE-2013-1640 | Puppet Canonical | The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request. | 9.0 |
13 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-03-20 | CVE-2013-0711 | Windriver | Improper Input Validation vulnerability in Windriver Vxworks IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to cause a denial of service (daemon outage) via a crafted authentication request. | 7.8 |
2013-03-21 | CVE-2013-0123 | Askia | SQL Injection vulnerability in Askia Askiaweb Multiple SQL injection vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to execute arbitrary SQL commands via (1) the nHistoryId parameter to WebProd/pages/pgHistory.asp or (2) the OrderBy parameter to WebProd/pages/pgadmin.asp. | 7.5 |
2013-03-20 | CVE-2013-2617 | Curl Project | Code Injection vulnerability in Curl Project Curl lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | 7.5 |
2013-03-20 | CVE-2013-2616 | Rubygems | Code Injection vulnerability in Rubygems Mini Magick 1.3.1 lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | 7.5 |
2013-03-20 | CVE-2013-2615 | Rubygems | Code Injection vulnerability in Rubygems Fastreader 1.0.8 lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | 7.5 |
2013-03-20 | CVE-2013-1875 | Rubygems | Code Injection vulnerability in Rubygems Command Wrap command_wrap.rb in the command_wrap Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL or filename. | 7.5 |
2013-03-20 | CVE-2013-1655 | Puppet Puppetlabs Ruby Lang | Improper Input Validation vulnerability in multiple products Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes." Per http://www.ubuntu.com/usn/usn-1759-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 " | 7.5 |
2013-03-20 | CVE-2013-1842 | Typo3 | SQL Injection vulnerability in Typo3 SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values." | 7.5 |
2013-03-20 | CVE-2013-0232 | Zoneminder | Unspecified vulnerability in Zoneminder includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function. | 7.5 |
2013-03-21 | CVE-2013-1052 | Canonical | Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu Linux 12.10 pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the PATH environment variable, which allows local users to gain privileges via unspecified vectors related to sudo. | 7.2 |
2013-03-20 | CVE-2013-0981 | Apple | Unspecified vulnerability in Apple Iphone OS and Tvos The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code. | 7.2 |
2013-03-20 | CVE-2012-5938 | IBM Conectiva Novell | Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Information Server The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations. | 7.2 |
2013-03-20 | CVE-2013-1653 | Puppet Puppetlabs Canonical | Arbitrary Code Execution vulnerability in Puppet Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request. | 7.1 |
52 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-03-18 | CVE-2013-1495 | Oracle | Link Following vulnerability in Oracle Support Tools asr in Oracle Auto Service Request in Oracle Support Tools before 4.3.2 allows local users to modify arbitrary files via a symlink attack on a predictable filename in /tmp. | 6.9 |
2013-03-21 | CVE-2013-2632 | Unspecified vulnerability in Google Chrome Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by the Bejeweled game. | 6.8 | |
2013-03-21 | CVE-2013-0126 | Verizon | Cross-Site Request Forgery (CSRF) vulnerability in Verizon products Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters. | 6.8 |
2013-03-21 | CVE-2013-0674 | Siemens | Buffer Errors vulnerability in Siemens Simatic Pcs7 and Wincc Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long parameter. | 6.8 |
2013-03-20 | CVE-2013-0713 | Windriver | Improper Input Validation vulnerability in Windriver Vxworks IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted pty request. | 6.8 |
2013-03-20 | CVE-2013-0712 | Windriver | Improper Input Validation vulnerability in Windriver Vxworks IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted packet. | 6.8 |
2013-03-19 | CVE-2013-0717 | NEC | Cross-Site Request Forgery (CSRF) vulnerability in NEC products Multiple cross-site request forgery (CSRF) vulnerabilities in the web-based management utility on the NEC AtermWR9500N, AtermWR8600N, AtermWR8370N, AtermWR8160N, AtermWM3600R, and AtermWM3450RN routers allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device. | 6.8 |
2013-03-19 | CVE-2013-0207 | Leighton Whiting Drupal | Cross-Site Request Forgery (CSRF) vulnerability in Leighton Whiting Mark Complete Cross-site request forgery (CSRF) vulnerability in the Mark Complete module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2013-03-19 | CVE-2013-0205 | Restful WEB Services Project | Cross-Site Request Forgery (CSRF) vulnerability in Restful web Services Project Restful web Services 7.X1.0/7.X1.1/7.X2.0 Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vectors. | 6.8 |
2013-03-20 | CVE-2013-2274 | Puppet Puppetlabs | Remote Code Execution vulnerability in Puppet Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report. | 6.5 |
2013-03-20 | CVE-2013-1843 | Typo3 | Resource Management Errors vulnerability in Typo3 Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.4 |
2013-03-21 | CVE-2013-0665 | Selinc | Permissions, Privileges, and Access Controls vulnerability in Selinc Acselerator Quickset Schweitzer Engineering Laboratories (SEL) AcSELerator QuickSet before 5.12.0.1 uses weak permissions for its Program Files directory, which allows local users to replace executable files, and consequently gain privileges, via standard filesystem operations. | 6.2 |
2013-03-21 | CVE-2013-0675 | Siemens | Buffer Errors vulnerability in Siemens Simatic Pcs7 and Wincc Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a denial of service via a crafted packet. | 6.1 |
2013-03-22 | CVE-2013-0335 | Openstack Canonical | Permissions, Privileges, and Access Controls vulnerability in multiple products OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port. | 6.0 |
2013-03-19 | CVE-2013-1863 | Samba | Permissions, Privileges, and Access Controls vulnerability in Samba Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, create, or delete arbitrary files via standard filesystem operations. | 6.0 |
2013-03-19 | CVE-2013-0226 | Zugec Ivan | Permissions, Privileges, and Access Controls vulnerability in Zugec Ivan Keyboard Shortcut Utility 7.X1.0 The Keyboard Shortcut Utility module 7.x-1.x before 7.x-1.1 for Drupal does not properly check node restrictions, which allows (1) remote authenticated users with the "view shortcuts" permission to read nodes or (2) remote authenticated users with the "admin shortcuts" permission to read, edit, or delete nodes via unspecified vectors. | 6.0 |
2013-03-19 | CVE-2013-0206 | GUY Bedford Drupal | Unspecified vulnerability in GUY Bedford Live CSS Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | 6.0 |
2013-03-21 | CVE-2013-0677 | Siemens | Information Exposure vulnerability in Siemens Simatic Pcs7 and Wincc The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file. | 5.8 |
2013-03-19 | CVE-2013-1856 | Rubyonrails | Improper Input Validation vulnerability in Rubyonrails Rails and Ruby ON Rails The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving (1) an external DTD or (2) an external entity declaration in conjunction with an entity reference. | 5.8 |
2013-03-19 | CVE-2013-0505 | IBM | Improper Input Validation vulnerability in IBM products IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors. | 5.5 |
2013-03-22 | CVE-2013-2640 | Mailup Wordpress | Permissions, Privileges, and Access Controls vulnerability in Mailup Wp-Mailup ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to "formData=save" requests, a different version than CVE-2013-0731. | 5.0 |
2013-03-22 | CVE-2013-0731 | Mailup Wordpress | Permissions, Privileges, and Access Controls vulnerability in Mailup Wp-Mailup ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks by setting the wordpress_logged_in cookie. | 5.0 |
2013-03-21 | CVE-2013-2633 | Matomo | Improper Input Validation vulnerability in Matomo Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters. | 5.0 |
2013-03-20 | CVE-2013-0716 | Windriver | Improper Input Validation vulnerability in Windriver Vxworks The web server in Wind River VxWorks 5.5 through 6.9 allows remote attackers to cause a denial of service (daemon crash) via a crafted URI. | 5.0 |
2013-03-20 | CVE-2013-1654 | Puppet Puppetlabs Canonical | Security Bypass vulnerability in Puppet Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors. | 5.0 |
2013-03-20 | CVE-2013-0332 | Zoneminder | Path Traversal vulnerability in Zoneminder Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. | 5.0 |
2013-03-19 | CVE-2013-2263 | Citrix | Permissions, Privileges, and Access Controls vulnerability in Citrix Access Gateway Unspecified vulnerability in Citrix Access Gateway Standard Edition 5.0.x before 5.0.4.223524 allows remote attackers to access network resources via unknown attack vectors. | 5.0 |
2013-03-21 | CVE-2013-0287 | Fedoraproject | Permissions, Privileges, and Access Controls vulnerability in Fedoraproject Sssd The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions. | 4.9 |
2013-03-20 | CVE-2013-1652 | Puppetlabs Puppet Canonical | Permissions, Privileges, and Access Controls vulnerability in multiple products Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors. | 4.9 |
2013-03-21 | CVE-2011-4515 | Siemens | Credentials Management vulnerability in Siemens Wincc TIA Portal 11.0 Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging (1) physical access or (2) Sm@rt Server access. | 4.6 |
2013-03-20 | CVE-2013-0977 | Apple | Security Bypass vulnerability in Apple Iphone OS and Tvos dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments. | 4.6 |
2013-03-19 | CVE-2013-0224 | Video Project Drupal | Configuration vulnerability in Video Project Video The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file. | 4.4 |
2013-03-22 | CVE-2013-2501 | Terillion Wordpress | Cross-Site Scripting vulnerability in Terillion Reviews Plugin Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field. | 4.3 |
2013-03-21 | CVE-2013-1844 | Matomo | Cross-Site Scripting vulnerability in Matomo Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-03-21 | CVE-2013-0124 | Askia | Cross-Site Scripting vulnerability in Askia Askiaweb Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to inject arbitrary web script or HTML via the (1) Number or (2) UpdatePage parameter to WebProd/cgi-bin/AskiaExt.dll. | 4.3 |
2013-03-21 | CVE-2012-5757 | IBM | Cross-Site Scripting vulnerability in IBM Rational Clearquest Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2013-03-21 | CVE-2013-1051 | Debian Canonical | Improper Input Validation vulnerability in multiple products apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories. | 4.3 |
2013-03-21 | CVE-2013-0670 | Siemens | Improper Input Validation vulnerability in Siemens Wincc TIA Portal 11.0 CRLF injection vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | 4.3 |
2013-03-21 | CVE-2013-0668 | Siemens | Cross-Site Scripting vulnerability in Siemens Wincc TIA Portal 11.0 Multiple cross-site scripting (XSS) vulnerabilities in the HMI web application in Siemens WinCC (TIA Portal) 11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2013-03-21 | CVE-2013-0667 | Siemens | Cross-Site Scripting vulnerability in Siemens Wincc TIA Portal 11.0 Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2013-03-19 | CVE-2013-1857 | Redhat Rubyonrails | Cross-Site Scripting vulnerability in multiple products The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence. | 4.3 |
2013-03-19 | CVE-2013-0506 | IBM | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-03-22 | CVE-2013-1838 | Openstack Canonical | Resource Management Errors vulnerability in multiple products OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function. | 4.0 |
2013-03-21 | CVE-2013-0679 | Siemens | Path Traversal vulnerability in Siemens Simatic Pcs7 and Wincc Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname. | 4.0 |
2013-03-21 | CVE-2013-0678 | Siemens | Credentials Management vulnerability in Siemens Simatic Pcs7 and Wincc Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query. | 4.0 |
2013-03-21 | CVE-2013-0676 | Siemens | Permissions, Privileges, and Access Controls vulnerability in Siemens Simatic Pcs7 and Wincc Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query. | 4.0 |
2013-03-21 | CVE-2013-0671 | Siemens | Path Traversal vulnerability in Siemens Wincc TIA Portal 11.0 Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to read HMI web-application source code and user-defined scripts via a crafted URL. | 4.0 |
2013-03-21 | CVE-2013-0669 | Siemens | Improper Input Validation vulnerability in Siemens Wincc TIA Portal 11.0 The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted HTTP request. | 4.0 |
2013-03-20 | CVE-2013-0715 | Windriver | Improper Input Validation vulnerability in Windriver Vxworks The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remote authenticated users to cause a denial of service (CLI session crash) via a crafted command string. | 4.0 |
2013-03-20 | CVE-2013-2275 | Puppet Puppetlabs Canonical | Security Bypass vulnerability in Puppet 'auth.conf' The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors. | 4.0 |
2013-03-19 | CVE-2013-0331 | Jenkins | Improper Input Validation vulnerability in Jenkins Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to cause a denial of service via a crafted payload. | 4.0 |
2013-03-19 | CVE-2013-0330 | Jenkins | Security Bypass vulnerability in Jenkins Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors. | 4.0 |
10 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-03-20 | CVE-2013-1766 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Libvirt libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors. | 3.6 |
2013-03-22 | CVE-2013-1840 | Openstack Amazon | Information Exposure vulnerability in Openstack Glance V1 The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image. | 3.5 |
2013-03-21 | CVE-2013-0453 | IBM | Cross-Site Scripting vulnerability in IBM Tivoli Endpoint Manager 8.0/8.1/8.2 Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli Endpoint Manager (TEM) before 8.2.1372 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2013-03-21 | CVE-2013-0672 | Siemens | Cross-Site Scripting vulnerability in Siemens Wincc TIA Portal 11.0 Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified data. | 3.5 |
2013-03-20 | CVE-2013-0980 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature. | 2.1 |
2013-03-20 | CVE-2013-0978 | Apple | Information Exposure vulnerability in Apple Iphone OS and Tvos The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code. | 2.1 |
2013-03-19 | CVE-2013-0227 | Mathijs Koenraadt Drupal | Cross-Site Scripting vulnerability in Mathijs Koenraadt Search API Sorts Cross-site scripting (XSS) vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels. | 2.1 |
2013-03-19 | CVE-2013-0225 | User Relationships Project Drupal | Cross-Site Scripting vulnerability in User Relationships Project User Relationships Cross-site scripting (XSS) vulnerability in the User Relationships module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for Drupal allows remote authenticated users with the "administer user relationships" permission to inject arbitrary web script or HTML via a relationship name. | 2.1 |
2013-03-21 | CVE-2013-1427 | Lighttpd Debian | Cryptographic Issues vulnerability in Lighttpd The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition. | 1.9 |
2013-03-20 | CVE-2013-0979 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink. | 1.9 |