Weekly Vulnerabilities Reports > April 8 to 14, 2013

Overview

81 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 29 high severity vulnerabilities. This weekly summary report vulnerabilities in 97 products from 35 vendors including Microsoft, Cisco, Adobe, Redhat, and Apple. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Improper Authentication", and "Race Condition".

  • 59 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 12 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 75 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 17 reported vulnerabilities.
  • Adobe has the most reported critical vulnerabilities, with 7 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

13 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-04-10 CVE-2013-1386 Adobe Memory Corruption vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 12.0.2.122 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1384.

10.0
2013-04-10 CVE-2013-1385 Adobe Permissions, Privileges, and Access Controls vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 12.0.2.122 does not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors.

10.0
2013-04-10 CVE-2013-1384 Adobe Memory Corruption vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 12.0.2.122 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1386.

10.0
2013-04-10 CVE-2013-1383 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

Buffer overflow in Adobe Shockwave Player before 12.0.2.122 allows attackers to execute arbitrary code via unspecified vectors.

10.0
2013-04-10 CVE-2013-1380 Adobe
Apple
Microsoft
Linux
Google
Memory Corruption vulnerability in Adobe Air, Adobe AIR SDK and Flash Player

Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1378.

10.0
2013-04-10 CVE-2013-1379 Adobe
Linux
Google
Novell
Opensuse
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 do not properly initialize pointer arrays, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10.0
2013-04-10 CVE-2013-1378 Adobe
Apple
Microsoft
Linux
Google
Buffer Errors vulnerability in Adobe Air, Adobe AIR SDK and Flash Player

Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1380.

10.0
2013-04-12 CVE-2013-0501 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Cognos Disclosure Management 10.2.0

The EdrawSoft EDOFFICE.EDOfficeCtrl.1 ActiveX control, as used in Edraw Office Viewer Component, the client in IBM Cognos Disclosure Management (CDM) 10.2.0, and other products, allows remote attackers to read arbitrary files, or download an arbitrary program onto a client machine and execute this program, via a crafted web site.

9.3
2013-04-12 CVE-2012-5937 IBM Remote Command Execution vulnerability in IBM Sterling B2B Integrator

Unspecified vulnerability in the CLA2 server in IBM Gentran Integration Suite 4.3, Sterling Integrator 5.0 and 5.1, and Sterling B2B Integrator 5.2, as used in IBM Sterling File Gateway 1.1 through 2.2 and other products, allows remote attackers to execute arbitrary commands via unknown vectors.

9.3
2013-04-11 CVE-2013-1169 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Meetingplace web Conferencing Server 7.1/8.0/8.5

Cisco Unified MeetingPlace Web Conferencing Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 2, and 8.5 before 8.5MR3 Patch 1, when the Remember Me option is used, does not properly verify cookies, which allows remote attackers to impersonate users via a crafted login request, aka Bug ID CSCuc64846.

9.3
2013-04-09 CVE-2013-1304 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1303 and CVE-2013-1338.

9.3
2013-04-09 CVE-2013-1303 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1304 and CVE-2013-1338.

9.3
2013-04-09 CVE-2013-1296 Microsoft Code Injection vulnerability in Microsoft Remote Desktop Connection 6.1/7.0

The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 and 7.0 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a web page that triggers access to a deleted object, and allows remote RDP servers to execute arbitrary code via unspecified vectors that trigger access to a deleted object, aka "RDP ActiveX Control Remote Code Execution Vulnerability."

9.3

29 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-04-11 CVE-2013-2779 Cisco Improper Input Validation vulnerability in Cisco products

Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 MVPN (aka MVPNv6) packets, aka Bug ID CSCub34945, a different vulnerability than CVE-2013-1164.

7.8
2013-04-11 CVE-2013-1166 Cisco Improper Input Validation vulnerability in Cisco products

Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service (card reload) by sending many SIP packets, aka Bug ID CSCuc65609.

7.8
2013-04-11 CVE-2013-1165 Cisco Improper Input Validation vulnerability in Cisco products

Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) allows remote attackers to cause a denial of service (card reload) by sending many crafted L2TP packets, aka Bug ID CSCtz23293.

7.8
2013-04-11 CVE-2013-1164 Cisco Unspecified vulnerability in Cisco products

Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 multicast packets, aka Bug ID CSCtz97563.

7.8
2013-04-11 CVE-2013-1155 Cisco Improper Authentication vulnerability in Cisco Firewall Services Module Software

The auth-proxy functionality in Cisco Firewall Services Module (FWSM) software 3.1 and 3.2 before 3.2(20.1), 4.0 before 4.0(15.2), and 4.1 before 4.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCtg02624.

7.8
2013-04-11 CVE-2013-1152 Cisco Denial of Service vulnerability in Cisco products

Cisco Adaptive Security Appliances (ASA) devices with software 9.0 before 9.0(1.2) allow remote attackers to cause a denial of service (device reload) via a crafted field in a DNS message, aka Bug ID CSCuc80080.

7.8
2013-04-11 CVE-2013-1150 Cisco Improper Authentication vulnerability in Cisco products

The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5.3), 8.5 and 8.6 before 8.6(1.10), 8.7 before 8.7(1.4), 9.0 before 9.0(1.1), and 9.1 before 9.1(1.2) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCud16590.

7.8
2013-04-11 CVE-2013-1149 Cisco Denial of Service vulnerability in Multiple Cisco Products

Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.28), 8.1 and 8.2 before 8.2(5.35), 8.3 before 8.3(2.34), 8.4 before 8.4(4.11), 8.6 before 8.6(1.10), and 8.7 before 8.7(1.3), and Cisco Firewall Services Module (FWSM) software 3.1 and 3.2 before 3.2(24.1) and 4.0 and 4.1 before 4.1(11.1), allow remote attackers to cause a denial of service (device reload) via a crafted IKEv1 message, aka Bug IDs CSCub85692 and CSCud20267.

7.8
2013-04-11 CVE-2013-1168 Cisco Authentication Bypass vulnerability in Cisco Unified MeetingPlace

The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885.

7.6
2013-04-12 CVE-2013-3050 Zapms SQL Injection vulnerability in Zapms 1.33/1.40

SQL injection vulnerability in ZAPms 1.41 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter to product.

7.5
2013-04-12 CVE-2013-0314 Redhat Improper Authentication vulnerability in Redhat Jboss Enterprise Portal Platform 5.2.2

The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets.

7.5
2013-04-11 CVE-2013-1170 Cisco Credentials Management vulnerability in Cisco products

The Cisco Prime Network Control System (NCS) appliance with software before 1.1.1.24 has a default password for the database user account, which makes it easier for remote attackers to change the configuration or cause a denial of service (service disruption) via unspecified vectors, aka Bug ID CSCtz30468.

7.5
2013-04-10 CVE-2013-0927 Google Link Following vulnerability in Google Chrome OS

Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c read_config implementation that loads the contents of the .pangorc file in the user's home directory, and the file referenced by the PANGO_RC_FILE environment variable, which allows attackers to bypass intended access restrictions via crafted configuration data.

7.5
2013-04-10 CVE-2013-1388 Adobe Unspecified vulnerability in Adobe Coldfusion

Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to obtain administrator-console access via unknown vectors.

7.5
2013-04-10 CVE-2013-1387 Adobe Unspecified vulnerability in Adobe Coldfusion

Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to impersonate users via unknown vectors.

7.5
2013-04-09 CVE-2013-1898 Digineo Code Injection vulnerability in Digineo Thumbshooter 0.1.5

lib/thumbshooter.rb in the Thumbshooter 0.1.5 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

7.5
2013-04-09 CVE-2013-1802 DAN Kubb Permissions, Privileges, and Access Controls vulnerability in DAN Kubb Extlib

The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.

7.5
2013-04-09 CVE-2013-1801 John Nunemaker Permissions, Privileges, and Access Controls vulnerability in John Nunemaker Httparty

The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156.

7.5
2013-04-09 CVE-2013-1800 John Nunemaker Permissions, Privileges, and Access Controls vulnerability in John Nunemaker Crack

The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.

7.5
2013-04-09 CVE-2013-0285 Nori GEM Project Improper Input Validation vulnerability in Nori GEM Project Nori GEM

The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.

7.5
2013-04-09 CVE-2013-2778 Chatelao Cross-Site Request Forgery (CSRF) vulnerability in Chatelao PHP Address Book 8.2.5

Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1.

7.5
2013-04-09 CVE-2013-0135 Chatelao SQL Injection vulnerability in Chatelao PHP Address Book 8.2.5

Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php.

7.5
2013-04-09 CVE-2013-1295 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."

7.2
2013-04-09 CVE-2013-0078 Microsoft Improper Input Validation vulnerability in Microsoft Windows Defender

The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerability."

7.2
2013-04-08 CVE-2013-0109 Nvidia Buffer Errors vulnerability in Nvidia Display Driver 307.00/310.00

The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not properly handle exceptions, which allows local users to gain privileges or cause a denial of service (memory overwrite) via a crafted application.

7.2
2013-04-11 CVE-2013-1167 Cisco Path Traversal vulnerability in Cisco products

Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not properly handled during the processing of encapsulation, aka Bug ID CSCtt11558.

7.1
2013-04-11 CVE-2013-1151 Cisco Improper Input Validation vulnerability in Cisco Adaptive Security Appliance Software

Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5), 8.5 before 8.5(1.17), 8.6 before 8.6(1.10), and 8.7 before 8.7(1.3) allow remote attackers to cause a denial of service (device reload) via a crafted certificate, aka Bug ID CSCuc72408.

7.1
2013-04-09 CVE-2013-1291 Microsoft Improper Input Validation vulnerability in Microsoft products

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms13-036 "How could an attacker exploit the vulnerability? There are multiple means that could allow an attacker to exploit this vulnerability. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website.

7.1
2013-04-08 CVE-2013-0131 Nvidia Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nvidia GPU Driver

Buffer overflow in the NVIDIA GPU driver before 304.88, 310.x before 310.44, and 313.x before 313.30 for the X Window System on UNIX, when NoScanout mode is enabled, allows remote authenticated users to execute arbitrary code via a large ARGB cursor.

7.1

36 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-04-13 CVE-2013-2596 Linux
Motorola
Qualcomm
Numeric Errors vulnerability in Linux Kernel

Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.

6.9
2013-04-09 CVE-2013-1293 Microsoft Local Privilege Escalation vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability." Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

6.9
2013-04-09 CVE-2013-1292 Microsoft Race Condition vulnerability in Microsoft products

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."

6.9
2013-04-09 CVE-2013-1283 Microsoft Race Condition vulnerability in Microsoft products

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."

6.9
2013-04-12 CVE-2012-3532 Redhat Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss Enterprise Portal Platform

Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2013-04-09 CVE-2013-1790 Freedesktop Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freedesktop Poppler

poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function.

6.8
2013-04-09 CVE-2013-1788 Freedesktop Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freedesktop Poppler

poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.

6.8
2013-04-09 CVE-2012-6134 Omniauth Oauth2 Project Cross-Site Request Forgery (CSRF) vulnerability in Omniauth-Oauth2 Project Omniauth-Oauth2

Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state.

6.8
2013-04-08 CVE-2013-0111 Nvidia Local Privilege Escalation vulnerability in Nvidia Driver 310.00

daemonu.exe (aka the NVIDIA Update Service Daemon), as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program.

6.8
2013-04-08 CVE-2013-0110 Nvidia Local Privilege Escalation vulnerability in Nvidia Driver 310.00

nvSCPAPISvr.exe in the NVIDIA Stereoscopic 3D Driver service, as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program.

6.8
2013-04-11 CVE-2013-1173 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Anyconnect Secure Mobility Client

Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14143.

6.6
2013-04-11 CVE-2013-1172 Cisco Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client

The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14153.

6.6
2013-04-13 CVE-2013-3051 Qualcomm
Motorola
Configuration vulnerability in multiple products

The TrustZone kernel, when used in conjunction with a certain Motorola build of Android 4.1.2, on Motorola Razr HD, Razr M, and Atrix HD devices with the Qualcomm MSM8960 chipset does not verify the association between a certain physical-address argument and a memory region, which allows local users to unlock the bootloader by using kernel mode to perform crafted 0x9 and 0x2 SMC operations, a different vulnerability than CVE-2013-2596.

6.2
2013-04-09 CVE-2013-0253 Apache Configuration vulnerability in Apache Maven 3.0.4

The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

5.8
2013-04-11 CVE-2013-1189 Cisco Improper Input Validation vulnerability in Cisco Ubr10012

Cisco Universal Broadband (aka uBR) 10000 series routers, when an IPv4/IPv6 dual-stack modem is used, allow remote attackers to cause a denial of service (routing-engine reload) via unspecified changes to IP address assignments, aka Bug ID CSCue15313.

5.7
2013-04-10 CVE-2013-1912 Haproxy Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Haproxy

Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring.

5.1
2013-04-12 CVE-2013-0315 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Portal Platform 5.2.2

The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack.

5.0
2013-04-12 CVE-2013-0282 Openstack Improper Authentication vulnerability in Openstack Keystone

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.

5.0
2013-04-12 CVE-2013-0270 Openstack Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openstack Keystone

OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token.

5.0
2013-04-12 CVE-2012-6139 Xmlsoft
Opensuse
libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.
5.0
2013-04-10 CVE-2013-2716 Puppet
Puppetlabs
Cryptographic Issues vulnerability in multiple products

Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when upgrading from older 1.2.x or 2.0.x versions, which allows remote attackers to obtain console access via a crafted cookie.

5.0
2013-04-09 CVE-2013-1282 Microsoft Improper Input Validation vulnerability in Microsoft products

The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote attackers to cause a denial of service (memory consumption and service outage) via a crafted query, aka "Memory Consumption Vulnerability."

5.0
2013-04-09 CVE-2013-1821 Ruby Lang Improper Input Validation vulnerability in Ruby-Lang Ruby

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.

5.0
2013-04-09 CVE-2013-0284 Newrelic Information Exposure vulnerability in Newrelic Ruby Agent

Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information (database credentials and SQL statements) by sniffing the network and deserializing the data.

5.0
2013-04-09 CVE-2013-1294 Microsoft Race Condition vulnerability in Microsoft products

Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms13-031 "What might an attacker use the vulnerability to do? An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory."

4.9
2013-04-09 CVE-2013-1284 Microsoft Race Condition vulnerability in Microsoft Windows 8, Windows RT and Windows Server 2012

Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms13-031 "What might an attacker use the vulnerability to do? An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory."

4.9
2013-04-12 CVE-2013-1920 XEN Permissions, Privileges, and Access Controls vulnerability in XEN

Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to inject arbitrary events and gain privileges via unspecified vectors.

4.4
2013-04-10 CVE-2013-1815 Redhat Credentials Management vulnerability in Redhat Openstack Essex, Openstack Folsom and Packstack

PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file.

4.4
2013-04-08 CVE-2013-2777 Apple
Todd Miller
Permissions, Privileges, and Access Controls vulnerability in multiple products

sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal.

4.4
2013-04-08 CVE-2013-2776 Todd Miller
Apple
Permissions, Privileges, and Access Controls vulnerability in multiple products

sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal.

4.4
2013-04-08 CVE-2013-1776 Apple
Todd Miller
Permissions, Privileges, and Access Controls vulnerability in multiple products

sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal.

4.4
2013-04-10 CVE-2013-2766 Splunk Cross-Site Scripting vulnerability in Splunk

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 through 4.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-04-09 CVE-2013-1289 Microsoft Cross-Site Scripting vulnerability in Microsoft products

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."

4.3
2013-04-09 CVE-2013-1789 Freedesktop Denial of Service vulnerability in Poppler

splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions.

4.3
2013-04-09 CVE-2012-6097 Fedorahosted Information Exposure vulnerability in Fedorahosted Cronie 1.4.8

File descriptor leak in cronie 1.4.8, when running in certain environments, might allow local users to read restricted files, as demonstrated by reading /etc/crontab.

4.3
2013-04-09 CVE-2013-0134 Airdroid Cross-Site Scripting vulnerability in Airdroid

Cross-site scripting (XSS) vulnerability in the web interface in AirDroid allows remote attackers to inject arbitrary web script or HTML via a crafted text message that is transmitted by a managed phone.

4.3

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-04-09 CVE-2013-1290 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Sharepoint Server 2013

Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."

3.5
2013-04-10 CVE-2012-6120 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Openstack Essex and Openstack Folsom

Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files.

2.1
2013-04-09 CVE-2012-5635 Gluster
Redhat
Permissions, Privileges, and Access Controls vulnerability in multiple products

The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417.

2.1