Weekly Vulnerabilities Reports > March 18 to 24, 2013

Overview

79 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 70 products from 43 vendors including Siemens, Canonical, Puppet, Windriver, and Puppetlabs. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Code Injection".

  • 65 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 18 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 52 reported vulnerabilities are exploitable by an anonymous user.
  • Siemens has the most reported vulnerabilities, with 13 reported vulnerabilities.
  • Canonical has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

4 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-03-20 CVE-2013-0714 Windriver Improper Input Validation vulnerability in Windriver Vxworks

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to execute arbitrary code or cause a denial of service (daemon hang) via a crafted public-key authentication request.

10.0
2013-03-19 CVE-2013-0251 Debian Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Debian Latd

Stack-based buffer overflow in llogincircuit.cc in latd 1.25 through 1.30 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the llogin version.

10.0
2013-03-20 CVE-2013-1750 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer and Realplayer SP

Heap-based buffer overflow in RealNetworks RealPlayer before 16.0.1.18 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a malformed MP4 file.

9.3
2013-03-20 CVE-2013-1640 Puppet
Canonical
The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.
9.0

13 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-03-20 CVE-2013-0711 Windriver Improper Input Validation vulnerability in Windriver Vxworks

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to cause a denial of service (daemon outage) via a crafted authentication request.

7.8
2013-03-21 CVE-2013-0123 Askia SQL Injection vulnerability in Askia Askiaweb

Multiple SQL injection vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to execute arbitrary SQL commands via (1) the nHistoryId parameter to WebProd/pages/pgHistory.asp or (2) the OrderBy parameter to WebProd/pages/pgadmin.asp.

7.5
2013-03-20 CVE-2013-2617 Curl Project Code Injection vulnerability in Curl Project Curl

lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

7.5
2013-03-20 CVE-2013-2616 Rubygems Code Injection vulnerability in Rubygems Mini Magick 1.3.1

lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

7.5
2013-03-20 CVE-2013-2615 Rubygems Code Injection vulnerability in Rubygems Fastreader 1.0.8

lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

7.5
2013-03-20 CVE-2013-1875 Rubygems Code Injection vulnerability in Rubygems Command Wrap

command_wrap.rb in the command_wrap Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL or filename.

7.5
2013-03-20 CVE-2013-1655 Puppet
Puppetlabs
Ruby Lang
Improper Input Validation vulnerability in multiple products

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes." Per http://www.ubuntu.com/usn/usn-1759-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 "

7.5
2013-03-20 CVE-2013-1842 Typo3 SQL Injection vulnerability in Typo3

SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."

7.5
2013-03-20 CVE-2013-0232 Zoneminder Unspecified vulnerability in Zoneminder

includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function.

7.5
2013-03-21 CVE-2013-1052 Canonical Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu Linux 12.10

pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the PATH environment variable, which allows local users to gain privileges via unspecified vectors related to sudo.

7.2
2013-03-20 CVE-2013-0981 Apple Unspecified vulnerability in Apple Iphone OS and Tvos

The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code.

7.2
2013-03-20 CVE-2012-5938 IBM
Conectiva
Novell
Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Information Server

The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations.

7.2
2013-03-20 CVE-2013-1653 Puppet
Puppetlabs
Canonical
Arbitrary Code Execution vulnerability in Puppet

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request.

7.1

52 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-03-18 CVE-2013-1495 Oracle Link Following vulnerability in Oracle Support Tools

asr in Oracle Auto Service Request in Oracle Support Tools before 4.3.2 allows local users to modify arbitrary files via a symlink attack on a predictable filename in /tmp.

6.9
2013-03-21 CVE-2013-2632 Google Unspecified vulnerability in Google Chrome

Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by the Bejeweled game.

6.8
2013-03-21 CVE-2013-0126 Verizon Cross-Site Request Forgery (CSRF) vulnerability in Verizon products

Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters.

6.8
2013-03-21 CVE-2013-0674 Siemens Buffer Errors vulnerability in Siemens Simatic Pcs7 and Wincc

Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long parameter.

6.8
2013-03-20 CVE-2013-0713 Windriver Improper Input Validation vulnerability in Windriver Vxworks

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted pty request.

6.8
2013-03-20 CVE-2013-0712 Windriver Improper Input Validation vulnerability in Windriver Vxworks

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted packet.

6.8
2013-03-19 CVE-2013-0717 NEC Cross-Site Request Forgery (CSRF) vulnerability in NEC products

Multiple cross-site request forgery (CSRF) vulnerabilities in the web-based management utility on the NEC AtermWR9500N, AtermWR8600N, AtermWR8370N, AtermWR8160N, AtermWM3600R, and AtermWM3450RN routers allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device.

6.8
2013-03-19 CVE-2013-0207 Leighton Whiting
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in Leighton Whiting Mark Complete

Cross-site request forgery (CSRF) vulnerability in the Mark Complete module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2013-03-19 CVE-2013-0205 Restful WEB Services Project Cross-Site Request Forgery (CSRF) vulnerability in Restful web Services Project Restful web Services 7.X1.0/7.X1.1/7.X2.0

Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vectors.

6.8
2013-03-20 CVE-2013-2274 Puppet
Puppetlabs
Remote Code Execution vulnerability in Puppet

Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.

6.5
2013-03-20 CVE-2013-1843 Typo3 Resource Management Errors vulnerability in Typo3

Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

6.4
2013-03-21 CVE-2013-0665 Selinc Permissions, Privileges, and Access Controls vulnerability in Selinc Acselerator Quickset

Schweitzer Engineering Laboratories (SEL) AcSELerator QuickSet before 5.12.0.1 uses weak permissions for its Program Files directory, which allows local users to replace executable files, and consequently gain privileges, via standard filesystem operations.

6.2
2013-03-21 CVE-2013-0675 Siemens Buffer Errors vulnerability in Siemens Simatic Pcs7 and Wincc

Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a denial of service via a crafted packet.

6.1
2013-03-22 CVE-2013-0335 Openstack
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.

6.0
2013-03-19 CVE-2013-1863 Samba Permissions, Privileges, and Access Controls vulnerability in Samba

Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, create, or delete arbitrary files via standard filesystem operations.

6.0
2013-03-19 CVE-2013-0226 Zugec Ivan Permissions, Privileges, and Access Controls vulnerability in Zugec Ivan Keyboard Shortcut Utility 7.X1.0

The Keyboard Shortcut Utility module 7.x-1.x before 7.x-1.1 for Drupal does not properly check node restrictions, which allows (1) remote authenticated users with the "view shortcuts" permission to read nodes or (2) remote authenticated users with the "admin shortcuts" permission to read, edit, or delete nodes via unspecified vectors.

6.0
2013-03-19 CVE-2013-0206 GUY Bedford
Drupal
Unspecified vulnerability in GUY Bedford Live CSS

Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

6.0
2013-03-21 CVE-2013-0677 Siemens Information Exposure vulnerability in Siemens Simatic Pcs7 and Wincc

The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file.

5.8
2013-03-19 CVE-2013-1856 Rubyonrails Improper Input Validation vulnerability in Rubyonrails Rails and Ruby ON Rails

The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving (1) an external DTD or (2) an external entity declaration in conjunction with an entity reference.

5.8
2013-03-19 CVE-2013-0505 IBM Improper Input Validation vulnerability in IBM products

IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors.

5.5
2013-03-22 CVE-2013-2640 Mailup
Wordpress
Permissions, Privileges, and Access Controls vulnerability in Mailup Wp-Mailup

ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to "formData=save" requests, a different version than CVE-2013-0731.

5.0
2013-03-22 CVE-2013-0731 Mailup
Wordpress
Permissions, Privileges, and Access Controls vulnerability in Mailup Wp-Mailup

ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks by setting the wordpress_logged_in cookie.

5.0
2013-03-21 CVE-2013-2633 Matomo Improper Input Validation vulnerability in Matomo

Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters.

5.0
2013-03-20 CVE-2013-0716 Windriver Improper Input Validation vulnerability in Windriver Vxworks

The web server in Wind River VxWorks 5.5 through 6.9 allows remote attackers to cause a denial of service (daemon crash) via a crafted URI.

5.0
2013-03-20 CVE-2013-1654 Puppet
Puppetlabs
Canonical
Security Bypass vulnerability in Puppet

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors.

5.0
2013-03-20 CVE-2013-0332 Zoneminder Path Traversal vulnerability in Zoneminder

Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a ..

5.0
2013-03-19 CVE-2013-2263 Citrix Permissions, Privileges, and Access Controls vulnerability in Citrix Access Gateway

Unspecified vulnerability in Citrix Access Gateway Standard Edition 5.0.x before 5.0.4.223524 allows remote attackers to access network resources via unknown attack vectors.

5.0
2013-03-21 CVE-2013-0287 Fedoraproject Permissions, Privileges, and Access Controls vulnerability in Fedoraproject Sssd

The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.

4.9
2013-03-20 CVE-2013-1652 Puppetlabs
Puppet
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors.

4.9
2013-03-21 CVE-2011-4515 Siemens Credentials Management vulnerability in Siemens Wincc TIA Portal 11.0

Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging (1) physical access or (2) Sm@rt Server access.

4.6
2013-03-20 CVE-2013-0977 Apple Security Bypass vulnerability in Apple Iphone OS and Tvos

dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments.

4.6
2013-03-19 CVE-2013-0224 Video Project
Drupal
Configuration vulnerability in Video Project Video

The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file.

4.4
2013-03-22 CVE-2013-2501 Terillion
Wordpress
Cross-Site Scripting vulnerability in Terillion Reviews Plugin

Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field.

4.3
2013-03-21 CVE-2013-1844 Matomo Cross-Site Scripting vulnerability in Matomo

Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-03-21 CVE-2013-0124 Askia Cross-Site Scripting vulnerability in Askia Askiaweb

Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to inject arbitrary web script or HTML via the (1) Number or (2) UpdatePage parameter to WebProd/cgi-bin/AskiaExt.dll.

4.3
2013-03-21 CVE-2012-5757 IBM Cross-Site Scripting vulnerability in IBM Rational Clearquest

Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2013-03-21 CVE-2013-1051 Debian
Canonical
Improper Input Validation vulnerability in multiple products

apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.

4.3
2013-03-21 CVE-2013-0670 Siemens Improper Input Validation vulnerability in Siemens Wincc TIA Portal 11.0

CRLF injection vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

4.3
2013-03-21 CVE-2013-0668 Siemens Cross-Site Scripting vulnerability in Siemens Wincc TIA Portal 11.0

Multiple cross-site scripting (XSS) vulnerabilities in the HMI web application in Siemens WinCC (TIA Portal) 11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2013-03-21 CVE-2013-0667 Siemens Cross-Site Scripting vulnerability in Siemens Wincc TIA Portal 11.0

Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2013-03-19 CVE-2013-1857 Redhat
Rubyonrails
Cross-Site Scripting vulnerability in multiple products

The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence.

4.3
2013-03-19 CVE-2013-0506 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-03-22 CVE-2013-1838 Openstack
Canonical
Resource Management Errors vulnerability in multiple products

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.

4.0
2013-03-21 CVE-2013-0679 Siemens Path Traversal vulnerability in Siemens Simatic Pcs7 and Wincc

Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname.

4.0
2013-03-21 CVE-2013-0678 Siemens Credentials Management vulnerability in Siemens Simatic Pcs7 and Wincc

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query.

4.0
2013-03-21 CVE-2013-0676 Siemens Permissions, Privileges, and Access Controls vulnerability in Siemens Simatic Pcs7 and Wincc

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query.

4.0
2013-03-21 CVE-2013-0671 Siemens Path Traversal vulnerability in Siemens Wincc TIA Portal 11.0

Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to read HMI web-application source code and user-defined scripts via a crafted URL.

4.0
2013-03-21 CVE-2013-0669 Siemens Improper Input Validation vulnerability in Siemens Wincc TIA Portal 11.0

The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted HTTP request.

4.0
2013-03-20 CVE-2013-0715 Windriver Improper Input Validation vulnerability in Windriver Vxworks

The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remote authenticated users to cause a denial of service (CLI session crash) via a crafted command string.

4.0
2013-03-20 CVE-2013-2275 Puppet
Puppetlabs
Canonical
Security Bypass vulnerability in Puppet 'auth.conf'

The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors.

4.0
2013-03-19 CVE-2013-0331 Jenkins Improper Input Validation vulnerability in Jenkins

Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to cause a denial of service via a crafted payload.

4.0
2013-03-19 CVE-2013-0330 Jenkins Security Bypass vulnerability in Jenkins

Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors.

4.0

10 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-03-20 CVE-2013-1766 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Libvirt

libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors.

3.6
2013-03-22 CVE-2013-1840 Openstack
Amazon
Information Exposure vulnerability in Openstack Glance V1

The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.

3.5
2013-03-21 CVE-2013-0453 IBM Cross-Site Scripting vulnerability in IBM Tivoli Endpoint Manager 8.0/8.1/8.2

Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli Endpoint Manager (TEM) before 8.2.1372 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2013-03-21 CVE-2013-0672 Siemens Cross-Site Scripting vulnerability in Siemens Wincc TIA Portal 11.0

Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified data.

3.5
2013-03-20 CVE-2013-0980 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature.

2.1
2013-03-20 CVE-2013-0978 Apple Information Exposure vulnerability in Apple Iphone OS and Tvos

The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code.

2.1
2013-03-19 CVE-2013-0227 Mathijs Koenraadt
Drupal
Cross-Site Scripting vulnerability in Mathijs Koenraadt Search API Sorts

Cross-site scripting (XSS) vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels.

2.1
2013-03-19 CVE-2013-0225 User Relationships Project
Drupal
Cross-Site Scripting vulnerability in User Relationships Project User Relationships

Cross-site scripting (XSS) vulnerability in the User Relationships module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for Drupal allows remote authenticated users with the "administer user relationships" permission to inject arbitrary web script or HTML via a relationship name.

2.1
2013-03-21 CVE-2013-1427 Lighttpd
Debian
Cryptographic Issues vulnerability in Lighttpd

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.

1.9
2013-03-20 CVE-2013-0979 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink.

1.9