Weekly Vulnerabilities Reports > April 22 to 28, 2013

Overview

88 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 90 products from 37 vendors including Linux, IBM, Cisco, Ruby Lang, and HP. Vulnerabilities are notably categorized as "Information Exposure", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", and "Improper Input Validation".

  • 58 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 18 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 74 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 22 reported vulnerabilities.
  • Cisco has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

14 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-04-25 CVE-2013-1948 ROB Westgeest
Ruby Lang
Remote Command Injection vulnerability in ROB Westgeest Md2Pdf 0.0.1

converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.

10.0
2013-04-25 CVE-2013-1183 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products

Buffer overflow in the Intelligent Platform Management Interface (IPMI) functionality in the Manager component in Cisco Unified Computing System (UCS) 1.0 and 1.1 before 1.1(1j) and 1.2 before 1.2(1b) allows remote attackers to execute arbitrary code via malformed data in a UDP packet, aka Bug ID CSCtd32371.

10.0
2013-04-25 CVE-2013-0728 Hexagon Buffer Errors vulnerability in Hexagon Erdas Apollo Ecwp 13.00.0000

Multiple stack-based buffer overflows in NCSAddOn.dll in the ERDAS APOLLO ECWP plugin before 13.00.0001 for Internet Explorer, Firefox, and Chrome allow remote attackers to execute arbitrary code via a long property value.

10.0
2013-04-24 CVE-2013-3268 Novell Improper Authentication vulnerability in Novell Imanager

Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors.

10.0
2013-04-27 CVE-2013-0593 IBM Unspecified vulnerability in IBM Spss Samplepower 3.0.0.0

Unspecified vulnerability in the olch2x32 ActiveX control in IBM SPSS SamplePower 3.0 before 3.0-IM-S3SAMPC-WIN32-FP001 allows remote attackers to execute arbitrary code via unknown vectors.

9.3
2013-04-25 CVE-2013-1947 Kelly D Redding
Ruby Lang
OS Command Injection vulnerability in Kelly D. Redding Kelredd-Pruview 0.3.8

kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb.

9.3
2013-04-25 CVE-2013-1933 Documentcloud
Ruby Lang
OS Command Injection vulnerability in Documentcloud Karteek-Docsplit 0.5.4

The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename.

9.3
2013-04-25 CVE-2013-1192 Cisco Improper Input Validation vulnerability in Cisco products

The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802.

9.3
2013-04-25 CVE-2013-1185 Cisco Information Exposure vulnerability in Cisco products

The web interface in the Manager component in Cisco Unified Computing System (UCS) 1.x and 2.x before 2.0(2m) allows remote attackers to obtain sensitive information by reading a (1) technical-support bundle file or (2) on-device configuration backup, aka Bug ID CSCtq86543.

9.3
2013-04-25 CVE-2013-1182 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco products

The login page in the Web Console in the Manager component in Cisco Unified Computing System (UCS) before 1.0(2h), 1.1 before 1.1(1j), and 1.3(x) allows remote attackers to bypass LDAP authentication via a malformed request, aka Bug ID CSCtc91207.

9.3
2013-04-25 CVE-2013-3055 Lexmark Permissions, Privileges, and Access Controls vulnerability in Lexmark Markvision

Lexmark Markvision Enterprise before 1.8 provides a diagnostic interface on TCP port 9789, which allows remote attackers to execute arbitrary code, change the configuration, or obtain sensitive fleet-management information via unspecified vectors.

9.3
2013-04-22 CVE-2013-0138 Bitberry Software Memory Corruption vulnerability in BitZipper

BitZipper 2013 before Update 1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ZIP archive.

9.3
2013-04-25 CVE-2013-1180 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products

Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allows remote authenticated users to execute arbitrary code via a crafted SNMP request, aka Bug ID CSCtx54822.

9.0
2013-04-25 CVE-2013-1179 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products

Multiple buffer overflows in the (1) SNMP and (2) License Manager implementations in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allow remote authenticated users to execute arbitrary code via a crafted SNMP request, aka Bug ID CSCtx54830.

9.0

11 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-04-25 CVE-2013-1178 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products

Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices before 4.1(2)E1(1h), Nexus 3000 devices 5.x before 5.0(3)U3(1), Nexus 1000V devices 4.x before 4.2(1)SV1(5.1), MDS 9000 devices 4.x and 5.x before 5.2(4), Unified Computing System (UCS) 6100 and 6200 devices before 2.0(2m), and Connected Grid Router (CGR) 1000 devices before CG4(1) allow remote attackers to execute arbitrary code via malformed CDP packets, aka Bug IDs CSCtu10630, CSCtu10551, CSCtu10550, CSCtw56581, CSCtu10548, CSCtu10544, and CSCuf61275.

8.3
2013-04-25 CVE-2013-1184 Cisco Improper Input Validation vulnerability in Cisco products

The management API in the XML API management service in the Manager component in Cisco Unified Computing System (UCS) 1.x before 1.2(1b) allows remote attackers to cause a denial of service (service outage) via a malformed request, aka Bug ID CSCtg48206.

7.8
2013-04-25 CVE-2013-1181 Cisco Improper Input Validation vulnerability in Cisco products

Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexus 3000 devices 5.x before 5.0(3)U3(2), and Unified Computing System (UCS) 6200 devices before 2.0(1w) allows remote attackers to cause a denial of service (device reload) by sending a jumbo packet to the management interface, aka Bug IDs CSCtx17544, CSCts10593, and CSCtx95389.

7.8
2013-04-22 CVE-2013-2780 Siemens Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Siemens Simatic S7-1200 PLC

Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to UDP port 161 (aka the SNMP port).

7.8
2013-04-22 CVE-2013-0700 Siemens Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Siemens Simatic S7-1200 PLC

Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to TCP port 102 (aka the ISO-TSAP port).

7.8
2013-04-25 CVE-2013-1969 Xmlsoft Resource Management Errors vulnerability in Xmlsoft Libxml2 2.9.0

Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.

7.5
2013-04-25 CVE-2013-1915 Trustwave
Opensuse
Fedoraproject
Debian
XXE vulnerability in multiple products

ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.

7.5
2013-04-25 CVE-2013-0175 Erik Michaels Ober
Ruby Lang
Grape Project
Improper Input Validation vulnerability in multiple products

multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.

7.5
2013-04-25 CVE-2013-1186 Cisco Improper Authentication vulnerability in Cisco products

Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated Management Controller (IMC), aka Bug ID CSCts53746.

7.5
2013-04-26 CVE-2012-5220 HP Local Privilege Escalation vulnerability in HP Data Protector

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows local users to gain privileges via unknown vectors.

7.2
2013-04-24 CVE-2012-5218 HP Permissions, Privileges, and Access Controls vulnerability in HP Elitepad 900

HP ElitePad 900 PCs with BIOS F.0x before F.01 Update 1.0.0.8 do not enable the Secure Boot feature, which allows local users to bypass intended BIOS restrictions and boot unintended operating systems via unspecified vectors.

7.2

53 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-04-26 CVE-2013-0727 Bluemarblegeo Unspecified vulnerability in Bluemarblegeo Global Mapper 14.1.0

Multiple untrusted search path vulnerabilities in Global Mapper 14.1.0 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) ibfs32.dll file in the current working directory, as demonstrated by a directory that contains a .gmc, .gmg, .gmp, .gms, .gmw, or .opt file.

6.9
2013-04-26 CVE-2013-2709 Crunchify
Wordpress
Cross-Site Request Forgery (CSRF) vulnerability in Crunchify Foursquare-Checkins 1.0/1.1/1.2

Cross-site request forgery (CSRF) vulnerability in the FourSquare Checkins plugin before 1.3 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

6.8
2013-04-25 CVE-2013-0233 Plataformatec
Ruby Lang
Opensuse
Resource Management Errors vulnerability in multiple products

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.

6.8
2013-04-25 CVE-2013-2696 Crunchify
Wordpress
Cross-Site Request Forgery (CSRF) vulnerability in Crunchify All-In-On-Webmaster

Cross-site request forgery (CSRF) vulnerability in the All in One Webmaster plugin before 8.2.4 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

6.8
2013-04-25 CVE-2013-1215 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco products

The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295.

6.8
2013-04-25 CVE-2013-3269 Cybozu Cross-Site Request Forgery (CSRF) vulnerability in Cybozu Office

Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mobile passwords, a different vulnerability than CVE-2013-2305.

6.8
2013-04-25 CVE-2013-2305 Cybozu Cross-Site Request Forgery (CSRF) vulnerability in Cybozu Dezie, Cybozu Office and Mailwise

Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords.

6.8
2013-04-24 CVE-2013-1217 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS

The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105.

6.8
2013-04-24 CVE-2013-1088 Novell Cross-Site Request Forgery (CSRF) vulnerability in Novell Imanager

Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.

6.8
2013-04-24 CVE-2013-0543 IBM
HP
Linux
SUN
Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not properly validate user accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

6.8
2013-04-23 CVE-2012-5950 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Tririga Application Platform

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to hijack the authentication of arbitrary users for requests that modify data records via vectors involving (1) the html/en/default/ directory or (2) sqa/html/en/default/process/comm/saveProps.jsp.

6.8
2013-04-26 CVE-2013-1428 Tinc VPN Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tinc-Vpn Tinc

Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or possibly execute arbitrary code via a large TCP packet.

6.5
2013-04-26 CVE-2013-3240 Phpmyadmin Path Traversal vulnerability in PHPmyadmin 4.0.0

Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type.

6.5
2013-04-22 CVE-2013-3221 Rubyonrails Improper Input Validation vulnerability in Rubyonrails Rails and Ruby ON Rails

The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the "typed XML" feature and a MySQL database.

6.4
2013-04-26 CVE-2013-3238 Phpmyadmin Arbitrary PHP Code Execution vulnerability in phpMyAdmin

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.

6.0
2013-04-26 CVE-2013-2307 Yahoo Address Bar Spoofing vulnerability in Yahoo Yahoo! Browser 1.2.0/1.4.2

The Yahoo! Browser application before 1.4.3 for Android allows remote attackers to spoof the address bar via a crafted web site.

5.8
2013-04-26 CVE-2013-2306 JB Address Bar Spoofing vulnerability in jigbrowser+ for Android

The jigbrowser+ application before 1.6.4 for Android does not properly open windows, which allows remote attackers to spoof the address bar via a crafted web site.

5.8
2013-04-24 CVE-2013-0544 IBM
Linux
Path Traversal vulnerability in IBM Websphere Application Server

Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux and UNIX allows remote authenticated users to modify data via unspecified vectors.

5.5
2013-04-25 CVE-2013-2767 Citrix Unauthorized Access vulnerability in Citrix products

Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allows remote attackers to bypass intended intranet access restrictions via unknown vectors.

5.4
2013-04-25 CVE-2013-1949 Blinkwebeffects
Wordpress
HTML Injection vulnerability in Blinkwebeffects Social-Media-Widget 4.0

Social Media Widget (social-media-widget) plugin 4.0 for WordPress contains an externally introduced modification (Trojan Horse), which allows remote attackers to force the upload of arbitrary files.

5.0
2013-04-25 CVE-2012-4466 Ruby Lang Permissions, Privileges, and Access Controls vulnerability in Ruby-Lang Ruby

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.

5.0
2013-04-25 CVE-2012-4464 Ruby Lang Permissions, Privileges, and Access Controls vulnerability in Ruby-Lang Ruby 1.9.3/2.0/2.0.0

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466.

5.0
2013-04-24 CVE-2013-1214 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Contact Center Express Editor Software

The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug ID CSCuf77546.

5.0
2013-04-24 CVE-2013-1195 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco products

The time-based ACL implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly handle periodic statements for the time-range command, which allows remote attackers to bypass intended access restrictions by sending network traffic during denied time periods, aka Bug IDs CSCuf79091 and CSCug45850.

5.0
2013-04-23 CVE-2013-0584 IBM Information Exposure vulnerability in IBM Infosphere Replication Server

The Data Replication Dashboard component in IBM InfoSphere Replication Server 9.7 and 10.x before 10.2.0.0-b113 allows remote attackers to obtain a list of all user accounts, along with information about whether each account requires a password, via unspecified vectors.

5.0
2013-04-22 CVE-2013-3237 Linux Information Exposure vulnerability in Linux Kernel

The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

4.9
2013-04-22 CVE-2013-3236 Linux Information Exposure vulnerability in Linux Kernel

The vmci_transport_dgram_dequeue function in net/vmw_vsock/vmci_transport.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

4.9
2013-04-22 CVE-2013-3235 Linux Information Exposure vulnerability in Linux Kernel

net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

4.9
2013-04-22 CVE-2013-3234 Linux Information Exposure vulnerability in Linux Kernel

The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

4.9
2013-04-22 CVE-2013-3233 Linux Information Exposure vulnerability in Linux Kernel

The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

4.9
2013-04-22 CVE-2013-3232 Linux Information Exposure vulnerability in Linux Kernel

The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

4.9
2013-04-22 CVE-2013-3230 Linux Information Exposure vulnerability in Linux Kernel

The l2tp_ip6_recvmsg function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.9-rc7 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

4.9
2013-04-22 CVE-2013-3229 Linux Information Exposure vulnerability in Linux Kernel

The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

4.9
2013-04-22 CVE-2013-3228 Linux Information Exposure vulnerability in Linux Kernel

The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

4.9
2013-04-22 CVE-2013-3227 Linux Information Exposure vulnerability in Linux Kernel

The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

4.9
2013-04-22 CVE-2013-3226 Linux Information Exposure vulnerability in Linux Kernel

The sco_sock_recvmsg function in net/bluetooth/sco.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

4.9
2013-04-22 CVE-2013-3225 Linux Information Exposure vulnerability in Linux Kernel

The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

4.9
2013-04-22 CVE-2013-3224 Linux Information Exposure vulnerability in Linux Kernel

The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

4.9
2013-04-22 CVE-2013-3223 Linux Information Exposure vulnerability in Linux Kernel

The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

4.9
2013-04-22 CVE-2013-3222 Linux Information Exposure vulnerability in Linux Kernel

The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

4.9
2013-04-22 CVE-2013-3076 Linux Information Exposure vulnerability in Linux Kernel

The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c.

4.9
2013-04-24 CVE-2013-1957 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The clone_mnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNT_READONLY flag, which allows local users to bypass an intended read-only property of a filesystem by leveraging a separate mount namespace.

4.7
2013-04-22 CVE-2013-3231 Linux Information Exposure vulnerability in Linux Kernel

The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

4.7
2013-04-26 CVE-2013-3239 Phpmyadmin Code Injection vulnerability in PHPmyadmin

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.

4.6
2013-04-28 CVE-2012-5219 HP Cross-Site Scripting vulnerability in HP Managed Printing Administration 2.6.3/2.6.4

Cross-site scripting (XSS) vulnerability in HP Managed Printing Administration (MPA) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-04-27 CVE-2013-0569 IBM Cross-Site Scripting vulnerability in IBM Connections 4.5.0.0

Cross-site scripting (XSS) vulnerability in the Communities component in IBM Connections 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-04-25 CVE-2013-0338 Xmlsoft
Canonical
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.

4.3
2013-04-24 CVE-2013-0565 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server 8.5.0.0/8.5.0.1

Cross-site scripting (XSS) vulnerability in the RPC adapter for the Web 2.0 and Mobile toolkit in IBM WebSphere Application Server (WAS) 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted response.

4.3
2013-04-24 CVE-2013-0542 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via crafted field values.

4.3
2013-04-23 CVE-2013-0503 IBM Cross-Site Scripting vulnerability in IBM Lotus Connections

Cross-site scripting (XSS) vulnerability in the Bookmarks component in IBM Lotus Connections before 4.0 CR3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-04-23 CVE-2012-5949 IBM Cross-Site Scripting vulnerability in IBM Tririga Application Platform

Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject content, and conduct phishing attacks, via vectors involving (1) the html/en/default/ directory, (2) birt/frameset, (3) WebProcess.srv, (4) sqa/html/en/default/reportTemplate/reportTemplateOrderCols.jsp, or (5) a/html/en/default/om2/omObjectFinder.jsp.

4.3
2013-04-23 CVE-2012-5948 IBM Cross-Site Scripting vulnerability in IBM Tririga Application Platform

Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) WebProcess.srv, (2) the html/en/default/ directory, (3) Widget/resource, (4) birt/frameset, or (5) ganttlib/gantt-jws.jnlp.

4.3
2013-04-26 CVE-2013-3241 Phpmyadmin Unspecified vulnerability in PHPmyadmin 4.0.0

export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request.

4.0

10 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-04-28 CVE-2013-0553 IBM Command Execution vulnerability in IBM Sametime Clients

The client implementation in IBM Sametime 8.5.1 through 8.5.2.1, as used in Sametime Connect client, Sametime Advanced Connect client, Sametime Advanced Web client, and other products, allows remote authenticated users to send commands to individual chat users, or to all participants in a chat room, via a crafted Sametime Instant Message (IM).

3.5
2013-04-28 CVE-2013-0533 IBM Cross-Site Scripting vulnerability in IBM Lotus Sametime

Cross-site scripting (XSS) vulnerability in the Sametime Links server in IBM Sametime 8.0.2 through 8.5.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-04-24 CVE-2013-0540 IBM Improper Authentication vulnerability in IBM Websphere Application Server 8.5.0.0/8.5.0.1

IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session.

3.5
2013-04-27 CVE-2013-0571 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

2.9
2013-04-27 CVE-2013-0572 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors.

2.3
2013-04-24 CVE-2013-1956 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call.

2.1
2013-04-24 CVE-2013-1958 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restrictions by leveraging the time interval during which a user namespace has been created but a PID namespace has not been created.

1.9
2013-04-24 CVE-2013-0541 IBM
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Websphere Application Server

Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Windows, when a localOS registry is used in conjunction with WebSphere Identity Manger (WIM), allows local users to cause a denial of service (daemon crash) via unspecified vectors.

1.9
2013-04-24 CVE-2012-6140 Google Information Exposure vulnerability in Google Authenticator 0.86/0.87/0.91

pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than CVE-2013-0258.

1.9
2013-04-22 CVE-2013-0122 Avast Improper Input Validation vulnerability in Avast Avast! Mobile Security 2.0.4304

The avast! Mobile Security application before 2.0.4400 for Android allows attackers to cause a denial of service (application crash) via a crafted application that sends an intent to com.avast.android.mobilesecurity.app.scanner.DeleteFileActivity with zero arguments.

1.9