Weekly Vulnerabilities Reports > April 8 to 14, 2013
Overview
69 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 24 high severity vulnerabilities. This weekly summary report vulnerabilities in 85 products from 33 vendors including Cisco, Microsoft, Adobe, Apple, and Redhat. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Cross-site Scripting", and "Improper Authentication".
- 53 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 10 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 62 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 12 reported vulnerabilities.
- Adobe has the most reported critical vulnerabilities, with 7 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
13 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-04-10 | CVE-2013-1386 | Adobe | Memory Corruption vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 12.0.2.122 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1384. | 10.0 |
2013-04-10 | CVE-2013-1385 | Adobe | Permissions, Privileges, and Access Controls vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 12.0.2.122 does not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors. | 10.0 |
2013-04-10 | CVE-2013-1384 | Adobe | Memory Corruption vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 12.0.2.122 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1386. | 10.0 |
2013-04-10 | CVE-2013-1383 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player Buffer overflow in Adobe Shockwave Player before 12.0.2.122 allows attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2013-04-10 | CVE-2013-1380 | Adobe Apple Microsoft Linux | Memory Corruption vulnerability in Adobe Air, Adobe AIR SDK and Flash Player Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1378. | 10.0 |
2013-04-10 | CVE-2013-1379 | Adobe Linux Novell Opensuse Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 do not properly initialize pointer arrays, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 10.0 |
2013-04-10 | CVE-2013-1378 | Adobe Apple Microsoft Linux | Buffer Errors vulnerability in Adobe Air, Adobe AIR SDK and Flash Player Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1380. | 10.0 |
2013-04-12 | CVE-2013-0501 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Cognos Disclosure Management 10.2.0 The EdrawSoft EDOFFICE.EDOfficeCtrl.1 ActiveX control, as used in Edraw Office Viewer Component, the client in IBM Cognos Disclosure Management (CDM) 10.2.0, and other products, allows remote attackers to read arbitrary files, or download an arbitrary program onto a client machine and execute this program, via a crafted web site. | 9.3 |
2013-04-12 | CVE-2012-5937 | IBM | Remote Command Execution vulnerability in IBM Sterling B2B Integrator Unspecified vulnerability in the CLA2 server in IBM Gentran Integration Suite 4.3, Sterling Integrator 5.0 and 5.1, and Sterling B2B Integrator 5.2, as used in IBM Sterling File Gateway 1.1 through 2.2 and other products, allows remote attackers to execute arbitrary commands via unknown vectors. | 9.3 |
2013-04-11 | CVE-2013-1169 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Meetingplace web Conferencing Server 7.1/8.0/8.5 Cisco Unified MeetingPlace Web Conferencing Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 2, and 8.5 before 8.5MR3 Patch 1, when the Remember Me option is used, does not properly verify cookies, which allows remote attackers to impersonate users via a crafted login request, aka Bug ID CSCuc64846. | 9.3 |
2013-04-09 | CVE-2013-1304 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1303 and CVE-2013-1338. | 9.3 |
2013-04-09 | CVE-2013-1303 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1304 and CVE-2013-1338. | 9.3 |
2013-04-09 | CVE-2013-1296 | Microsoft | Code Injection vulnerability in Microsoft Remote Desktop Connection 6.1/7.0 The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 and 7.0 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a web page that triggers access to a deleted object, and allows remote RDP servers to execute arbitrary code via unspecified vectors that trigger access to a deleted object, aka "RDP ActiveX Control Remote Code Execution Vulnerability." | 9.3 |
24 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-04-13 | CVE-2013-2596 | Linux Motorola | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program. | 7.8 |
2013-04-11 | CVE-2013-2779 | Cisco | Improper Input Validation vulnerability in Cisco products Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 MVPN (aka MVPNv6) packets, aka Bug ID CSCub34945, a different vulnerability than CVE-2013-1164. | 7.8 |
2013-04-11 | CVE-2013-1166 | Cisco | Improper Input Validation vulnerability in Cisco products Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service (card reload) by sending many SIP packets, aka Bug ID CSCuc65609. | 7.8 |
2013-04-11 | CVE-2013-1165 | Cisco | Improper Input Validation vulnerability in Cisco products Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) allows remote attackers to cause a denial of service (card reload) by sending many crafted L2TP packets, aka Bug ID CSCtz23293. | 7.8 |
2013-04-11 | CVE-2013-1164 | Cisco | Unspecified vulnerability in Cisco products Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 multicast packets, aka Bug ID CSCtz97563. | 7.8 |
2013-04-11 | CVE-2013-1155 | Cisco | Improper Authentication vulnerability in Cisco Firewall Services Module Software The auth-proxy functionality in Cisco Firewall Services Module (FWSM) software 3.1 and 3.2 before 3.2(20.1), 4.0 before 4.0(15.2), and 4.1 before 4.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCtg02624. | 7.8 |
2013-04-11 | CVE-2013-1168 | Cisco | Authentication Bypass vulnerability in Cisco Unified MeetingPlace The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885. | 7.6 |
2013-04-12 | CVE-2013-3050 | Zapms | SQL Injection vulnerability in Zapms 1.33/1.40 SQL injection vulnerability in ZAPms 1.41 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter to product. | 7.5 |
2013-04-12 | CVE-2013-0314 | Redhat | Improper Authentication vulnerability in Redhat Jboss Enterprise Portal Platform 5.2.2 The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets. | 7.5 |
2013-04-11 | CVE-2013-1170 | Cisco | Credentials Management vulnerability in Cisco products The Cisco Prime Network Control System (NCS) appliance with software before 1.1.1.24 has a default password for the database user account, which makes it easier for remote attackers to change the configuration or cause a denial of service (service disruption) via unspecified vectors, aka Bug ID CSCtz30468. | 7.5 |
2013-04-10 | CVE-2013-1388 | Adobe | Unspecified vulnerability in Adobe Coldfusion Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to obtain administrator-console access via unknown vectors. | 7.5 |
2013-04-10 | CVE-2013-1387 | Adobe | Unspecified vulnerability in Adobe Coldfusion Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to impersonate users via unknown vectors. | 7.5 |
2013-04-09 | CVE-2013-1898 | Digineo | Code Injection vulnerability in Digineo Thumbshooter 0.1.5 lib/thumbshooter.rb in the Thumbshooter 0.1.5 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | 7.5 |
2013-04-09 | CVE-2013-1802 | DAN Kubb | Permissions, Privileges, and Access Controls vulnerability in DAN Kubb Extlib The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156. | 7.5 |
2013-04-09 | CVE-2013-1801 | John Nunemaker | Permissions, Privileges, and Access Controls vulnerability in John Nunemaker Httparty The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156. | 7.5 |
2013-04-09 | CVE-2013-1800 | John Nunemaker | Permissions, Privileges, and Access Controls vulnerability in John Nunemaker Crack The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156. | 7.5 |
2013-04-09 | CVE-2013-0285 | Nori GEM Project | Improper Input Validation vulnerability in Nori GEM Project Nori GEM The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156. | 7.5 |
2013-04-09 | CVE-2013-2778 | Chatelao | Cross-Site Request Forgery (CSRF) vulnerability in Chatelao PHP Address Book 8.2.5 Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1. | 7.5 |
2013-04-09 | CVE-2013-0135 | Chatelao | SQL Injection vulnerability in Chatelao PHP Address Book 8.2.5 Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php. | 7.5 |
2013-04-09 | CVE-2013-0078 | Microsoft | Improper Input Validation vulnerability in Microsoft Windows Defender The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerability." | 7.2 |
2013-04-08 | CVE-2013-0109 | Nvidia | Buffer Errors vulnerability in Nvidia Display Driver 307.00/310.00 The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not properly handle exceptions, which allows local users to gain privileges or cause a denial of service (memory overwrite) via a crafted application. | 7.2 |
2013-04-11 | CVE-2013-1167 | Cisco | Path Traversal vulnerability in Cisco products Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not properly handled during the processing of encapsulation, aka Bug ID CSCtt11558. | 7.1 |
2013-04-09 | CVE-2013-1291 | Microsoft | Improper Input Validation vulnerability in Microsoft products win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms13-036 "How could an attacker exploit the vulnerability? There are multiple means that could allow an attacker to exploit this vulnerability. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. | 7.1 |
2013-04-08 | CVE-2013-0131 | Nvidia | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nvidia GPU Driver Buffer overflow in the NVIDIA GPU driver before 304.88, 310.x before 310.44, and 313.x before 313.30 for the X Window System on UNIX, when NoScanout mode is enabled, allows remote authenticated users to execute arbitrary code via a large ARGB cursor. | 7.1 |
30 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-04-12 | CVE-2012-3532 | Redhat | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss Enterprise Portal Platform Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2013-04-09 | CVE-2013-1790 | Freedesktop | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freedesktop Poppler poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function. | 6.8 |
2013-04-09 | CVE-2013-1788 | Freedesktop | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freedesktop Poppler poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc. | 6.8 |
2013-04-09 | CVE-2012-6134 | Omniauth Oauth2 Project | Cross-Site Request Forgery (CSRF) vulnerability in Omniauth-Oauth2 Project Omniauth-Oauth2 Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state. | 6.8 |
2013-04-08 | CVE-2013-0111 | Nvidia | Local Privilege Escalation vulnerability in Nvidia Driver 310.00 daemonu.exe (aka the NVIDIA Update Service Daemon), as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program. | 6.8 |
2013-04-08 | CVE-2013-0110 | Nvidia | Local Privilege Escalation vulnerability in Nvidia Driver 310.00 nvSCPAPISvr.exe in the NVIDIA Stereoscopic 3D Driver service, as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program. | 6.8 |
2013-04-11 | CVE-2013-1173 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Anyconnect Secure Mobility Client Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14143. | 6.6 |
2013-04-11 | CVE-2013-1172 | Cisco | Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14153. | 6.6 |
2013-04-13 | CVE-2013-3051 | Qualcomm Motorola | Configuration vulnerability in multiple products The TrustZone kernel, when used in conjunction with a certain Motorola build of Android 4.1.2, on Motorola Razr HD, Razr M, and Atrix HD devices with the Qualcomm MSM8960 chipset does not verify the association between a certain physical-address argument and a memory region, which allows local users to unlock the bootloader by using kernel mode to perform crafted 0x9 and 0x2 SMC operations, a different vulnerability than CVE-2013-2596. | 6.2 |
2013-04-11 | CVE-2013-1189 | Cisco | Improper Input Validation vulnerability in Cisco Ubr10012 Cisco Universal Broadband (aka uBR) 10000 series routers, when an IPv4/IPv6 dual-stack modem is used, allow remote attackers to cause a denial of service (routing-engine reload) via unspecified changes to IP address assignments, aka Bug ID CSCue15313. | 5.7 |
2013-04-10 | CVE-2013-1912 | Haproxy | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Haproxy Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring. | 5.1 |
2013-04-12 | CVE-2013-0315 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Portal Platform 5.2.2 The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack. | 5.0 |
2013-04-12 | CVE-2013-0282 | Openstack | Improper Authentication vulnerability in Openstack Keystone OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions. | 5.0 |
2013-04-12 | CVE-2013-0270 | Openstack | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openstack Keystone OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token. | 5.0 |
2013-04-12 | CVE-2012-6139 | Xmlsoft Opensuse | libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c. | 5.0 |
2013-04-10 | CVE-2013-2716 | Puppet Puppetlabs | Cryptographic Issues vulnerability in multiple products Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when upgrading from older 1.2.x or 2.0.x versions, which allows remote attackers to obtain console access via a crafted cookie. | 5.0 |
2013-04-09 | CVE-2013-1282 | Microsoft | Improper Input Validation vulnerability in Microsoft products The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote attackers to cause a denial of service (memory consumption and service outage) via a crafted query, aka "Memory Consumption Vulnerability." | 5.0 |
2013-04-09 | CVE-2013-1821 | Ruby Lang | Improper Input Validation vulnerability in Ruby-Lang Ruby lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack. | 5.0 |
2013-04-09 | CVE-2013-0284 | Newrelic | Information Exposure vulnerability in Newrelic Ruby Agent Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information (database credentials and SQL statements) by sniffing the network and deserializing the data. | 5.0 |
2013-04-09 | CVE-2013-1284 | Microsoft | Race Condition vulnerability in Microsoft Windows 8, Windows RT and Windows Server 2012 Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms13-031 "What might an attacker use the vulnerability to do? An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory." | 4.9 |
2013-04-12 | CVE-2013-1920 | XEN | Permissions, Privileges, and Access Controls vulnerability in XEN Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to inject arbitrary events and gain privileges via unspecified vectors. | 4.4 |
2013-04-10 | CVE-2013-1815 | Redhat | Credentials Management vulnerability in Redhat Openstack Essex, Openstack Folsom and Packstack PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file. | 4.4 |
2013-04-08 | CVE-2013-2777 | Apple Todd Miller | Permissions, Privileges, and Access Controls vulnerability in multiple products sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. | 4.4 |
2013-04-08 | CVE-2013-2776 | Todd Miller Apple | Permissions, Privileges, and Access Controls vulnerability in multiple products sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. | 4.4 |
2013-04-08 | CVE-2013-1776 | Apple Todd Miller | Permissions, Privileges, and Access Controls vulnerability in multiple products sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. | 4.4 |
2013-04-10 | CVE-2013-2766 | Splunk | Cross-Site Scripting vulnerability in Splunk Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 through 4.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-04-09 | CVE-2013-1289 | Microsoft | Cross-Site Scripting vulnerability in Microsoft products Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability." | 4.3 |
2013-04-09 | CVE-2013-1789 | Freedesktop | Denial of Service vulnerability in Poppler splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions. | 4.3 |
2013-04-09 | CVE-2012-6097 | Fedorahosted | Information Exposure vulnerability in Fedorahosted Cronie 1.4.8 File descriptor leak in cronie 1.4.8, when running in certain environments, might allow local users to read restricted files, as demonstrated by reading /etc/crontab. | 4.3 |
2013-04-09 | CVE-2013-0134 | Airdroid | Cross-Site Scripting vulnerability in Airdroid Cross-site scripting (XSS) vulnerability in the web interface in AirDroid allows remote attackers to inject arbitrary web script or HTML via a crafted text message that is transmitted by a managed phone. | 4.3 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-04-09 | CVE-2013-1290 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft Sharepoint Server 2013 Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability." | 3.5 |
2013-04-10 | CVE-2012-6120 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Openstack Essex and Openstack Folsom Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files. | 2.1 |