Weekly Vulnerabilities Reports > May 20 to 26, 2013

Overview

94 new vulnerabilities reported during this period, including 27 critical vulnerabilities and 15 high severity vulnerabilities. This weekly summary report vulnerabilities in 73 products from 32 vendors including Microsoft, Apple, Google, Opensuse, and Debian. Vulnerabilities are notably categorized as "Resource Management Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", and "Improper Input Validation".

  • 84 reported vulnerabilities are remotely exploitables.
  • 8 reported vulnerabilities have public exploit available.
  • 11 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 88 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 37 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 23 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

27 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-05-23 CVE-2012-4697 Turck Credentials Management vulnerability in Turck products

TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have hardcoded accounts, which allows remote attackers to obtain administrative access via an FTP session.

10.0
2013-05-23 CVE-2013-2781 3S Software Resource Management Errors vulnerability in 3S-Software Codesys Gateway-Server 2.3.9.27

Use-after-free vulnerability in the server application in 3S CODESYS Gateway 2.3.9.27 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors.

10.0
2013-05-24 CVE-2013-1022 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted mvhd atoms in a movie file.

9.3
2013-05-24 CVE-2013-1021 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG data in a movie file.

9.3
2013-05-24 CVE-2013-1020 Apple
Microsoft
Resource Management Errors vulnerability in Apple Quicktime

Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JPEG data in a movie file.

9.3
2013-05-24 CVE-2013-1019 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS and Quicktime

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.

9.3
2013-05-24 CVE-2013-1018 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.

9.3
2013-05-24 CVE-2013-1017 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file.

9.3
2013-05-24 CVE-2013-1016 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.263 encoding.

9.3
2013-05-24 CVE-2013-1015 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TeXML file.

9.3
2013-05-24 CVE-2013-0989 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP3 file.

9.3
2013-05-24 CVE-2013-0988 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FPX file.

9.3
2013-05-24 CVE-2013-0987 Apple
Microsoft
Resource Management Errors vulnerability in Apple Quicktime

Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QTIF file.

9.3
2013-05-24 CVE-2013-0986 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and Quicktime

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file.

9.3
2013-05-23 CVE-2012-6558 Heaventools Buffer Errors vulnerability in Heaventools PE Explorer 1.99.6

Heap-based buffer overflow in HeavenTools PE Explorer 1.99 R6 allows remote attackers to execute arbitrary code via the size value for a string in the resource section of a Portable Executable (PE) file.

9.3
2013-05-23 CVE-2012-6553 Angusj Buffer Errors vulnerability in Angusj Resource Hacker 3.6.0.92

Heap-based buffer overflow in Resource Hacker 3.6.0.92 allows remote attackers to execute arbitrary code via a Portable Executable (PE) file with a resource section containing a string that has many tab or line feed characters.

9.3
2013-05-20 CVE-2013-1010 Apple
Microsoft
Resource Management Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

9.3
2013-05-20 CVE-2013-1008 Apple
Microsoft
Resource Management Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

9.3
2013-05-20 CVE-2013-1007 Apple
Microsoft
Resource Management Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

9.3
2013-05-20 CVE-2013-1006 Apple
Microsoft
Resource Management Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

9.3
2013-05-20 CVE-2013-1005 Apple
Microsoft
Resource Management Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

9.3
2013-05-20 CVE-2013-1004 Apple
Microsoft
Resource Management Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

9.3
2013-05-20 CVE-2013-1003 Apple
Microsoft
Resource Management Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

9.3
2013-05-20 CVE-2013-1002 Apple
Microsoft
Resource Management Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

9.3
2013-05-20 CVE-2013-1001 Apple
Microsoft
Resource Management Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

9.3
2013-05-20 CVE-2013-1000 Apple
Microsoft
Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

9.3
2013-05-20 CVE-2013-0999 Apple
Microsoft
Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

9.3

15 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-05-24 CVE-2013-3633 Siemens Permissions, Privileges, and Access Controls vulnerability in Siemens products

A vulnerability has been identified in SCALANCE X-200 switch family (incl.

8.0
2013-05-25 CVE-2013-3561 Debian
Opensuse
Wireshark
Numeric Errors vulnerability in multiple products

Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.

7.8
2013-05-24 CVE-2013-3634 Siemens Improper Input Validation vulnerability in Siemens products

A vulnerability has been identified in SCALANCE X-200 switch family (incl.

7.5
2013-05-23 CVE-2012-6560 Freenac Improper Input Validation vulnerability in Freenac 3.0.2

SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter.

7.5
2013-05-22 CVE-2013-2846 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840.

7.5
2013-05-22 CVE-2013-2845 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

The Web Audio implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

7.5
2013-05-22 CVE-2013-2844 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style resolution.

7.5
2013-05-22 CVE-2013-2843 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of speech data.

7.5
2013-05-22 CVE-2013-2842 Apple
Google
Resource Management Errors vulnerability in multiple products

Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.

7.5
2013-05-22 CVE-2013-2841 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of Pepper resources.

7.5
2013-05-22 CVE-2013-2840 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2846.

7.5
2013-05-22 CVE-2013-2839 Google Resource Management Errors vulnerability in Google Chrome

Google Chrome before 27.0.1453.93 does not properly perform a cast of an unspecified variable during handling of clipboard data, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5
2013-05-22 CVE-2013-2837 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5
2013-05-22 CVE-2013-2836 Google Security vulnerability in Google Chrome

Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.93 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5
2013-05-22 CVE-2013-3496 Infotecs Permissions, Privileges, and Access Controls vulnerability in Infotecs products

Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.

7.2

49 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-05-24 CVE-2013-3660 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."

6.9
2013-05-21 CVE-2013-2007 Qemu Permissions, Privileges, and Access Controls vulnerability in Qemu 1.4.1

The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.

6.9
2013-05-21 CVE-2013-1964 XEN Permissions, Privileges, and Access Controls vulnerability in XEN

Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors.

6.9
2013-05-23 CVE-2012-6562 Elgg Permissions, Privileges, and Access Controls vulnerability in Elgg

engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts.

6.8
2013-05-22 CVE-2013-2847 Google Race Condition vulnerability in Google Chrome

Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors.

6.8
2013-05-20 CVE-2013-3270 EMC Permissions, Privileges, and Access Controls vulnerability in EMC Celerra Control Station and VNX Control Station

EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 have an incorrect group ownership for unspecified script files, which allows local users to gain privileges by leveraging nasadmin group membership.

6.8
2013-05-20 CVE-2013-1011 Apple
Microsoft
Resource Management Errors vulnerability in Apple Itunes

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

6.8
2013-05-20 CVE-2013-0998 Apple
Microsoft
Resource Management Errors vulnerability in Apple Itunes

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

6.8
2013-05-20 CVE-2013-0997 Apple
Microsoft
Resource Management Errors vulnerability in Apple Itunes

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

6.8
2013-05-20 CVE-2013-0996 Apple
Microsoft
Resource Management Errors vulnerability in Apple Itunes

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

6.8
2013-05-20 CVE-2013-0995 Apple
Microsoft
Resource Management Errors vulnerability in Apple Itunes

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

6.8
2013-05-20 CVE-2013-0994 Apple
Microsoft
Resource Management Errors vulnerability in Apple Itunes

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

6.8
2013-05-20 CVE-2013-0993 Apple
Microsoft
Resource Management Errors vulnerability in Apple Itunes

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

6.8
2013-05-20 CVE-2013-0992 Apple
Microsoft
Resource Management Errors vulnerability in multiple products

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

6.8
2013-05-20 CVE-2013-0991 Apple
Microsoft
Resource Management Errors vulnerability in Apple Itunes

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

6.8
2013-05-23 CVE-2012-6554 A51Dev Improper Input Validation vulnerability in A51Dev Activecollab Chat Module

functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with the eval switch.

6.5
2013-05-21 CVE-2013-2059 Openstack Improper Authentication vulnerability in Openstack Keystone 2012.1/2013.1

OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.

6.0
2013-05-21 CVE-2007-6746 Canonical Improper Input Validation vulnerability in Canonical Telepathy-Idle and Ubuntu Linux

telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2013-05-25 CVE-2013-3562 Debian
Opensuse
Wireshark
Numeric Errors vulnerability in multiple products

Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.

5.0
2013-05-25 CVE-2013-3560 Debian
Opensuse
Wireshark
USE of Externally-Controlled Format String vulnerability in multiple products

The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

5.0
2013-05-25 CVE-2013-3559 Debian
Opensuse
Wireshark
Numeric Errors vulnerability in multiple products

epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.

5.0
2013-05-25 CVE-2013-3558 Wireshark
Debian
Opensuse
Numeric Errors vulnerability in multiple products

The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

5.0
2013-05-25 CVE-2013-3557 Wireshark
Debian
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

5.0
2013-05-25 CVE-2013-3556 Wireshark
Debian
Opensuse
Improper Input Validation vulnerability in multiple products

The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

5.0
2013-05-25 CVE-2013-3555 Debian
Opensuse
Wireshark
Improper Input Validation vulnerability in multiple products

epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

5.0
2013-05-25 CVE-2013-2083 Moodle Improper Input Validation vulnerability in Moodle

The MoodleQuickForm class in lib/formslib.php in Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly handle a certain array-element syntax, which allows remote attackers to bypass intended form-data filtering via a crafted request.

5.0
2013-05-25 CVE-2013-2082 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request.

5.0
2013-05-23 CVE-2011-4518 Microsys Path Traversal vulnerability in Microsys Promotic

Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors.

5.0
2013-05-23 CVE-2013-1204 Cisco Resource Management Errors vulnerability in Cisco IOS XR

Memory leak in the SNMP process in Cisco IOS XR allows remote attackers to cause a denial of service (memory consumption or process reload) by sending many port-162 UDP packets, aka Bug ID CSCug80345.

5.0
2013-05-22 CVE-2013-2848 Google Information Exposure vulnerability in Google Chrome

The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors.

5.0
2013-05-22 CVE-2013-2838 Google Buffer Errors vulnerability in Google Chrome

Google V8, as used in Google Chrome before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5.0
2013-05-20 CVE-2013-0145 Vercot Buffer Errors vulnerability in Vercot Serva32 2.1.0

Buffer overflow in the TFTPD service in Serva32 2.1.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in a read request.

5.0
2013-05-24 CVE-2013-3661 Microsoft Path Traversal vulnerability in Microsoft products

The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.

4.9
2013-05-25 CVE-2013-2081 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not consider "don't send" attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data.

4.3
2013-05-23 CVE-2011-4520 Microsys Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsys Promotic

Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.

4.3
2013-05-23 CVE-2011-4519 Microsys Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsys Promotic

Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.

4.3
2013-05-23 CVE-2012-6563 Elgg Permissions, Privileges, and Access Controls vulnerability in Elgg

engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.

4.3
2013-05-23 CVE-2012-6561 Elgg Cross-Site Scripting vulnerability in Elgg

Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php.

4.3
2013-05-23 CVE-2012-6559 Freenac Cross-Site Scripting vulnerability in Freenac 3.0.2

Multiple cross-site scripting (XSS) vulnerabilities in FreeNAC 3.02 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) mac, (3) graphtype, (4) name, or (5) type parameter to stats.php; or (6) comment parameter to deviceadd.php.

4.3
2013-05-23 CVE-2012-6557 Zodiacdm
Vanillaforums
Cross-Site Scripting vulnerability in Zodiacdm Aboutme-Plugin 1.1.1

Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) AboutMe/RealName, (2) AboutMe/Name, (3) AboutMe/Quote, (4) AboutMe/Loc, (5) AboutMe/Emp, (6) AboutMe/JobTit, (7) AboutMe/HS, (8) AboutMe/Col, (9) AboutMe/Bio, (10) AboutMe/Inter, (11) AboutMe/Mus, (12) AboutMe/Gam, (13) AboutMe/Mov, (14) AboutMe/FTV, or (15) AboutMe/Bks parameter to the Edit My Details page.

4.3
2013-05-23 CVE-2012-6556 Jspautsch
Vanillaforums
Cross-Site Scripting vulnerability in Jspautsch Firstlastnames 1.1.1

Multiple cross-site scripting (XSS) vulnerabilities in the FirstLastNames plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) User/FirstName or (2) User/LastName parameter to the edit user page.

4.3
2013-05-23 CVE-2012-6555 Sahotataran
Vanillaforums
Cross-Site Scripting vulnerability in Sahotataran Latestcomment 1.1

Cross-site scripting (XSS) vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote attackers to inject arbitrary web script or HTML via the discussion title.

4.3
2013-05-22 CVE-2013-2849 Google Cross-Site Scripting vulnerability in Google Chrome

Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.

4.3
2013-05-22 CVE-2013-2311 Web2Py Cross-Site Scripting vulnerability in Web2Py

Cross-site scripting (XSS) vulnerability in static/js/share.js (aka the social bookmarking widget) in Web2py before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-05-22 CVE-2013-0942 EMC
Microsoft
Apache
Cross-Site Scripting vulnerability in EMC RSA Authentication Agent 7.1

Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-05-21 CVE-2012-6137 Redhat Credentials Management vulnerability in Redhat products

rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials.

4.3
2013-05-20 CVE-2013-1014 Apple
Microsoft
Improper Input Validation vulnerability in Apple Itunes

Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.

4.3
2013-05-25 CVE-2013-2080 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

The core_grade component in Moodle through 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly consider the existence of hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role and reading the Gradebook Overview report.

4.0
2013-05-25 CVE-2013-2079 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

mod/assign/locallib.php in the assignment module in Moodle 2.3.x before 2.3.7 and 2.4.x before 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download (aka downloadall) requests, which allows remote authenticated users to read other users' assignments by leveraging the student role.

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-05-22 CVE-2013-0941 RSA
Apache
Microsoft
Cryptographic Issues vulnerability in RSA products

EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.

2.1
2013-05-21 CVE-2013-2006 Openstack Information Exposure vulnerability in Openstack Keystone 2013.1.1

OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.

2.1
2013-05-21 CVE-2013-1977 Openstack Permissions, Privileges, and Access Controls vulnerability in Openstack Devstack

OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.

2.1