Weekly Vulnerabilities Reports > March 18 to 24, 2013

Overview

101 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 16 high severity vulnerabilities. This weekly summary report vulnerabilities in 79 products from 46 vendors including Linux, Siemens, Canonical, Puppet, and Drupal. Vulnerabilities are notably categorized as "Improper Input Validation", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Resource Management Errors".

  • 73 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 20 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 74 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 14 reported vulnerabilities.
  • Debian has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

5 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-03-20 CVE-2013-0714 Windriver Improper Input Validation vulnerability in Windriver Vxworks

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to execute arbitrary code or cause a denial of service (daemon hang) via a crafted public-key authentication request.

10.0
2013-03-19 CVE-2013-0251 Debian Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Debian Latd

Stack-based buffer overflow in llogincircuit.cc in latd 1.25 through 1.30 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the llogin version.

10.0
2013-03-18 CVE-2013-0915 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome OS

The GPU process in Google Chrome OS before 25.0.1364.173 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an "overflow."

10.0
2013-03-20 CVE-2013-1750 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer and Realplayer SP

Heap-based buffer overflow in RealNetworks RealPlayer before 16.0.1.18 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a malformed MP4 file.

9.3
2013-03-20 CVE-2013-1640 Puppet
Canonical
Remote Code Execution vulnerability in Puppet

The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.

9.0

16 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-03-20 CVE-2013-0711 Windriver Improper Input Validation vulnerability in Windriver Vxworks

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to cause a denial of service (daemon outage) via a crafted authentication request.

7.8
2013-03-21 CVE-2013-0123 Askia SQL Injection vulnerability in Askia Askiaweb

Multiple SQL injection vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to execute arbitrary SQL commands via (1) the nHistoryId parameter to WebProd/pages/pgHistory.asp or (2) the OrderBy parameter to WebProd/pages/pgadmin.asp.

7.5
2013-03-21 CVE-2013-2279 Siteminder Agent FOR Sharepoint
Siteminder Federation
Siteminder FOR Secure Proxy Server
Improper Input Validation vulnerability in multiple products

CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain privileges.

7.5
2013-03-20 CVE-2013-2617 Curl Project Code Injection vulnerability in Curl Project Curl

lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

7.5
2013-03-20 CVE-2013-2616 Rubygems Code Injection vulnerability in Rubygems Mini Magick 1.3.1

lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

7.5
2013-03-20 CVE-2013-2615 Rubygems Code Injection vulnerability in Rubygems Fastreader 1.0.8

lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

7.5
2013-03-20 CVE-2013-1875 Rubygems Code Injection vulnerability in Rubygems Command Wrap

command_wrap.rb in the command_wrap Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL or filename.

7.5
2013-03-20 CVE-2013-1655 Puppet
Puppetlabs
Ruby Lang
Improper Input Validation vulnerability in multiple products

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes." Per http://www.ubuntu.com/usn/usn-1759-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 "

7.5
2013-03-20 CVE-2013-1842 Typo3 SQL Injection vulnerability in Typo3

SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."

7.5
2013-03-20 CVE-2013-0232 Zoneminder Unspecified vulnerability in Zoneminder

includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function.

7.5
2013-03-19 CVE-2013-0329 Jenkins Cross-Site Request Forgery vulnerability in Jenkins

Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to bypass the CSRF protection mechanism via unknown attack vectors.

7.5
2013-03-21 CVE-2013-1052 Canonical Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu Linux 12.10

pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the PATH environment variable, which allows local users to gain privileges via unspecified vectors related to sudo.

7.2
2013-03-20 CVE-2013-0981 Apple Unspecified vulnerability in Apple Iphone OS and Tvos

The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code.

7.2
2013-03-20 CVE-2012-5938 IBM
Conectiva
Novell
Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Information Server

The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations.

7.2
2013-03-18 CVE-2013-0913 Linux Numeric Errors vulnerability in Linux Kernel

Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition.

7.2
2013-03-20 CVE-2013-1653 Puppet
Puppetlabs
Canonical
Arbitrary Code Execution vulnerability in Puppet

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request.

7.1

66 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-03-22 CVE-2013-1860 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device.

6.9
2013-03-22 CVE-2013-1828 Linux Improper Input Validation vulnerability in Linux Kernel

The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call.

6.9
2013-03-18 CVE-2013-1495 Oracle Link Following vulnerability in Oracle Support Tools

asr in Oracle Auto Service Request in Oracle Support Tools before 4.3.2 allows local users to modify arbitrary files via a symlink attack on a predictable filename in /tmp.

6.9
2013-03-22 CVE-2013-1865 Openstack
Canonical
Improper Authentication vulnerability in multiple products

OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.

6.8
2013-03-22 CVE-2013-1797 Linux Resource Management Errors vulnerability in Linux Kernel

Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.

6.8
2013-03-22 CVE-2013-1796 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application.

6.8
2013-03-21 CVE-2013-2632 Google Unspecified vulnerability in Google Chrome

Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by the Bejeweled game.

6.8
2013-03-21 CVE-2013-0126 Verizon Cross-Site Request Forgery (CSRF) vulnerability in Verizon products

Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters.

6.8
2013-03-21 CVE-2013-0674 Siemens Buffer Errors vulnerability in Siemens Simatic Pcs7 and Wincc

Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long parameter.

6.8
2013-03-20 CVE-2013-0713 Windriver Improper Input Validation vulnerability in Windriver Vxworks

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted pty request.

6.8
2013-03-20 CVE-2013-0712 Windriver Improper Input Validation vulnerability in Windriver Vxworks

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted packet.

6.8
2013-03-19 CVE-2013-0717 NEC Cross-Site Request Forgery (CSRF) vulnerability in NEC products

Multiple cross-site request forgery (CSRF) vulnerabilities in the web-based management utility on the NEC AtermWR9500N, AtermWR8600N, AtermWR8370N, AtermWR8160N, AtermWM3600R, and AtermWM3450RN routers allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device.

6.8
2013-03-19 CVE-2013-0327 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins

Cross-site request forgery (CSRF) vulnerability in Jenkins master in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to hijack the authentication of users via unknown vectors.

6.8
2013-03-19 CVE-2013-0207 Leighton Whiting
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in Leighton Whiting Mark Complete

Cross-site request forgery (CSRF) vulnerability in the Mark Complete module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2013-03-19 CVE-2013-0205 Drupal Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vectors.
6.8
2013-03-20 CVE-2013-2274 Puppet
Puppetlabs
Remote Code Execution vulnerability in Puppet

Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.

6.5
2013-03-20 CVE-2013-1843 Typo3 Resource Management Errors vulnerability in Typo3

Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

6.4
2013-03-22 CVE-2013-1848 Linux Improper Input Validation vulnerability in Linux Kernel

fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application.

6.2
2013-03-22 CVE-2013-1827 Linux NULL Pointer Dereference Local Denial of Service vulnerability in Linux Kernel

net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call.

6.2
2013-03-22 CVE-2013-1826 Linux NULL Pointer Dereference Local Denial of Service vulnerability in Linux Kernel

The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability.

6.2
2013-03-22 CVE-2013-1798 Linux Improper Input Validation vulnerability in Linux Kernel

The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application.

6.2
2013-03-21 CVE-2013-0665 Selinc Permissions, Privileges, and Access Controls vulnerability in Selinc Acselerator Quickset

Schweitzer Engineering Laboratories (SEL) AcSELerator QuickSet before 5.12.0.1 uses weak permissions for its Program Files directory, which allows local users to replace executable files, and consequently gain privileges, via standard filesystem operations.

6.2
2013-03-21 CVE-2013-0675 Siemens Buffer Errors vulnerability in Siemens Simatic Pcs7 and Wincc

Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a denial of service via a crafted packet.

6.1
2013-03-22 CVE-2013-0335 Openstack
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.

6.0
2013-03-19 CVE-2013-1863 Samba Permissions, Privileges, and Access Controls vulnerability in Samba

Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, create, or delete arbitrary files via standard filesystem operations.

6.0
2013-03-19 CVE-2013-0226 Zugec Ivan Permissions, Privileges, and Access Controls vulnerability in Zugec Ivan Keyboard Shortcut Utility 7.X1.0

The Keyboard Shortcut Utility module 7.x-1.x before 7.x-1.1 for Drupal does not properly check node restrictions, which allows (1) remote authenticated users with the "view shortcuts" permission to read nodes or (2) remote authenticated users with the "admin shortcuts" permission to read, edit, or delete nodes via unspecified vectors.

6.0
2013-03-19 CVE-2013-0206 GUY Bedford
Drupal
Unspecified vulnerability in GUY Bedford Live CSS

Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

6.0
2013-03-21 CVE-2013-0677 Siemens Information Exposure vulnerability in Siemens Simatic Pcs7 and Wincc

The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file.

5.8
2013-03-19 CVE-2013-1856 Rubyonrails Improper Input Validation vulnerability in Rubyonrails Rails and Ruby ON Rails

The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving (1) an external DTD or (2) an external entity declaration in conjunction with an entity reference.

5.8
2013-03-19 CVE-2013-0505 IBM Improper Input Validation vulnerability in IBM products

IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors.

5.5
2013-03-22 CVE-2013-2640 Mailup
Wordpress
Permissions, Privileges, and Access Controls vulnerability in Mailup Wp-Mailup

ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to "formData=save" requests, a different version than CVE-2013-0731.

5.0
2013-03-22 CVE-2013-0731 Mailup
Wordpress
Permissions, Privileges, and Access Controls vulnerability in Mailup Wp-Mailup

ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks by setting the wordpress_logged_in cookie.

5.0
2013-03-21 CVE-2013-2633 Matomo Improper Input Validation vulnerability in Matomo

Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters.

5.0
2013-03-20 CVE-2013-0716 Windriver Improper Input Validation vulnerability in Windriver Vxworks

The web server in Wind River VxWorks 5.5 through 6.9 allows remote attackers to cause a denial of service (daemon crash) via a crafted URI.

5.0
2013-03-20 CVE-2013-1654 Puppet
Puppetlabs
Canonical
Security Bypass vulnerability in Puppet

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors.

5.0
2013-03-20 CVE-2013-0332 Zoneminder Path Traversal vulnerability in Zoneminder

Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a ..

5.0
2013-03-19 CVE-2013-1854 Rubyonrails
Redhat
Improper Input Validation vulnerability in multiple products

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.

5.0
2013-03-19 CVE-2013-2263 Citrix Permissions, Privileges, and Access Controls vulnerability in Citrix Access Gateway

Unspecified vulnerability in Citrix Access Gateway Standard Edition 5.0.x before 5.0.4.223524 allows remote attackers to access network resources via unknown attack vectors.

5.0
2013-03-21 CVE-2013-0287 Fedoraproject Permissions, Privileges, and Access Controls vulnerability in Fedoraproject Sssd

The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.

4.9
2013-03-20 CVE-2013-1652 Puppetlabs
Puppet
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors.

4.9
2013-03-22 CVE-2013-1792 Linux Race Condition vulnerability in Linux Kernel

Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads.

4.7
2013-03-21 CVE-2011-4515 Siemens Credentials Management vulnerability in Siemens Wincc TIA Portal 11.0

Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging (1) physical access or (2) Sm@rt Server access.

4.6
2013-03-20 CVE-2013-0977 Apple Security Bypass vulnerability in Apple Iphone OS and Tvos

dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments.

4.6
2013-03-19 CVE-2013-0224 Video Project
Drupal
Configuration vulnerability in Video Project Video

The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file.

4.4
2013-03-22 CVE-2013-2501 Terillion
Wordpress
Cross-Site Scripting vulnerability in Terillion Reviews Plugin

Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field.

4.3
2013-03-21 CVE-2013-1844 Matomo Cross-Site Scripting vulnerability in Matomo

Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-03-21 CVE-2013-0124 Askia Cross-Site Scripting vulnerability in Askia Askiaweb

Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to inject arbitrary web script or HTML via the (1) Number or (2) UpdatePage parameter to WebProd/cgi-bin/AskiaExt.dll.

4.3
2013-03-21 CVE-2012-5757 IBM Cross-Site Scripting vulnerability in IBM Rational Clearquest

Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2013-03-21 CVE-2013-1051 Debian
Canonical
Improper Input Validation vulnerability in multiple products

apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.

4.3
2013-03-21 CVE-2013-0670 Siemens Improper Input Validation vulnerability in Siemens Wincc TIA Portal 11.0

CRLF injection vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

4.3
2013-03-21 CVE-2013-0668 Siemens Cross-Site Scripting vulnerability in Siemens Wincc TIA Portal 11.0

Multiple cross-site scripting (XSS) vulnerabilities in the HMI web application in Siemens WinCC (TIA Portal) 11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2013-03-21 CVE-2013-0667 Siemens Cross-Site Scripting vulnerability in Siemens Wincc TIA Portal 11.0

Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2013-03-19 CVE-2013-1857 Redhat
Rubyonrails
Cross-Site Scripting vulnerability in multiple products

The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence.

4.3
2013-03-19 CVE-2013-1855 Rubyonrails
Redhat
Cross-Site Scripting vulnerability in multiple products

The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.

4.3
2013-03-19 CVE-2013-0506 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-03-19 CVE-2013-0328 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins

Cross-site scripting (XSS) vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-03-22 CVE-2013-1838 Openstack
Canonical
Resource Management Errors vulnerability in multiple products

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.

4.0
2013-03-21 CVE-2013-0679 Siemens Path Traversal vulnerability in Siemens Simatic Pcs7 and Wincc

Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname.

4.0
2013-03-21 CVE-2013-0678 Siemens Credentials Management vulnerability in Siemens Simatic Pcs7 and Wincc

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query.

4.0
2013-03-21 CVE-2013-0676 Siemens Permissions, Privileges, and Access Controls vulnerability in Siemens Simatic Pcs7 and Wincc

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query.

4.0
2013-03-21 CVE-2013-0671 Siemens Path Traversal vulnerability in Siemens Wincc TIA Portal 11.0

Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to read HMI web-application source code and user-defined scripts via a crafted URL.

4.0
2013-03-21 CVE-2013-0669 Siemens Improper Input Validation vulnerability in Siemens Wincc TIA Portal 11.0

The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted HTTP request.

4.0
2013-03-20 CVE-2013-0715 Windriver Improper Input Validation vulnerability in Windriver Vxworks

The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remote authenticated users to cause a denial of service (CLI session crash) via a crafted command string.

4.0
2013-03-20 CVE-2013-2275 Puppet
Puppetlabs
Canonical
Security Bypass vulnerability in Puppet 'auth.conf'

The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors.

4.0
2013-03-19 CVE-2013-0331 Jenkins Improper Input Validation vulnerability in Jenkins

Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to cause a denial of service via a crafted payload.

4.0
2013-03-19 CVE-2013-0330 Jenkins Security Bypass vulnerability in Jenkins

Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors.

4.0

14 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-03-22 CVE-2013-0914 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call.

3.6
2013-03-20 CVE-2013-1766 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Libvirt

libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors.

3.6
2013-03-22 CVE-2013-1840 Openstack
Amazon
Information Exposure vulnerability in Openstack Glance V1

The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.

3.5
2013-03-21 CVE-2013-0453 IBM Cross-Site Scripting vulnerability in IBM Tivoli Endpoint Manager 8.0/8.1/8.2

Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli Endpoint Manager (TEM) before 8.2.1372 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2013-03-21 CVE-2013-0672 Siemens Cross-Site Scripting vulnerability in Siemens Wincc TIA Portal 11.0

Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified data.

3.5
2013-03-20 CVE-2013-0980 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature.

2.1
2013-03-20 CVE-2013-0978 Apple Information Exposure vulnerability in Apple Iphone OS and Tvos

The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code.

2.1
2013-03-19 CVE-2013-0227 Mathijs Koenraadt
Drupal
Cross-Site Scripting vulnerability in Mathijs Koenraadt Search API Sorts

Cross-site scripting (XSS) vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels.

2.1
2013-03-19 CVE-2013-0225 User Relationships Project
Drupal
Cross-Site Scripting vulnerability in User Relationships Project User Relationships

Cross-site scripting (XSS) vulnerability in the User Relationships module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for Drupal allows remote authenticated users with the "administer user relationships" permission to inject arbitrary web script or HTML via a relationship name.

2.1
2013-03-22 CVE-2013-2636 Linux Resource Management Errors vulnerability in Linux Kernel

net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.

1.9
2013-03-22 CVE-2013-2635 Linux Resource Management Errors vulnerability in Linux Kernel

The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.

1.9
2013-03-22 CVE-2013-2634 Linux Resource Management Errors vulnerability in Linux Kernel

net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.

1.9
2013-03-21 CVE-2013-1427 Lighttpd
Debian
Cryptographic Issues vulnerability in Lighttpd

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.

1.9
2013-03-20 CVE-2013-0979 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink.

1.9