Weekly Vulnerabilities Reports > June 3 to 9, 2013
Overview
91 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 38 products from 18 vendors including Linux, Apple, Debian, Google, and HP. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Resource Management Errors", "Permissions, Privileges, and Access Controls", and "Use After Free".
- 65 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 85 reported vulnerabilities are exploitable by an anonymous user.
- Linux has the most reported vulnerabilities, with 20 reported vulnerabilities.
- HP has the most reported critical vulnerabilities, with 12 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
14 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-06-06 | CVE-2013-2335 | HP | Remote Code Execution vulnerability in HP Data Protector Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1733. | 10.0 |
2013-06-06 | CVE-2013-2334 | HP | Remote Code Execution vulnerability in HP Data Protector Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1681. | 10.0 |
2013-06-06 | CVE-2013-2333 | HP | Remote Code Execution vulnerability in HP Data Protector Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680. | 10.0 |
2013-06-06 | CVE-2013-2332 | HP | Remote Code Execution vulnerability in HP Data Protector Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1654. | 10.0 |
2013-06-06 | CVE-2013-2331 | HP | Remote Code Execution vulnerability in HP Data Protector Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1652. | 10.0 |
2013-06-06 | CVE-2013-2330 | HP | Remote Code Execution vulnerability in HP Data Protector Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1638. | 10.0 |
2013-06-06 | CVE-2013-2329 | HP | Remote Code Execution vulnerability in HP Data Protector Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1637. | 10.0 |
2013-06-06 | CVE-2013-2328 | HP | Remote Code Execution vulnerability in HP Data Protector Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1636. | 10.0 |
2013-06-06 | CVE-2013-2327 | HP | Remote Code Execution vulnerability in HP Data Protector Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1635. | 10.0 |
2013-06-06 | CVE-2013-2326 | HP | Remote Code Execution vulnerability in HP Data Protector Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1634. | 10.0 |
2013-06-06 | CVE-2013-2325 | HP | Remote Code Execution vulnerability in HP Data Protector Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1633. | 10.0 |
2013-06-06 | CVE-2013-2324 | HP | Remote Code Execution vulnerability in HP Data Protector Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1629. | 10.0 |
2013-06-05 | CVE-2013-2863 | Google Debian | Buffer Errors vulnerability in Google Chrome Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 10.0 |
2013-06-05 | CVE-2013-0984 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message. | 9.3 |
18 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-06-07 | CVE-2013-2850 | Linux | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet. | 7.9 |
2013-06-08 | CVE-2011-2482 | Linux | Null Pointer Dereference vulnerability in Linux Kernel A certain Red Hat patch to the sctp_sock_migrate function in net/sctp/socket.c in the Linux kernel before 2.6.21, as used in Red Hat Enterprise Linux (RHEL) 5, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted SCTP packet. | 7.8 |
2013-06-06 | CVE-2013-3919 | ISC | Remote Denial of Service vulnerability in ISC Bind 9.6/9.8.5/9.9.3 resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone. | 7.8 |
2013-06-05 | CVE-2013-0509 | IBM | Buffer Errors vulnerability in IBM products Buffer overflow in the Transaction MIB agent in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) 4.0.0 before FP14 allows remote attackers to execute arbitrary code via a SQL transaction with a long table name that is not properly handled by a packet decoder. | 7.6 |
2013-06-05 | CVE-2013-0508 | IBM | Buffer Errors vulnerability in IBM products Multiple buffer overflows in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) 4.0.0 before FP14 and 4.0.1 before FP1 allow context-dependent attackers to execute arbitrary code or cause a denial of service via a long line in (1) hrfstable.idx, (2) hrdevice.idx, (3) hrstorage.idx, or (4) lotusmapfile in the SSM Config directory, or (5) .manifest.hive in the main agent directory. | 7.6 |
2013-06-08 | CVE-2011-1180 | Linux | Out-Of-Bounds Write vulnerability in Linux Kernel Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging connectivity to an IrDA infrared network and sending a large integer value for a (1) name length or (2) attribute length. | 7.5 |
2013-06-05 | CVE-2013-2865 | Google Debian | Security vulnerability in Google Chrome Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 7.5 |
2013-06-05 | CVE-2013-2864 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome The PDF functionality in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via unknown vectors. | 7.5 | |
2013-06-05 | CVE-2013-2862 | Google Debian | Buffer Errors vulnerability in Google Chrome Skia, as used in Google Chrome before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 7.5 |
2013-06-05 | CVE-2013-2861 | Debian | Resource Management Errors vulnerability in multiple products Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 7.5 |
2013-06-05 | CVE-2013-2860 | Debian | USE After Free vulnerability in multiple products Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process. | 7.5 |
2013-06-05 | CVE-2013-2859 | Debian | Security vulnerability in Google Chrome Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors. | 7.5 |
2013-06-05 | CVE-2013-2858 | Debian | USE After Free vulnerability in multiple products Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 7.5 |
2013-06-05 | CVE-2013-2857 | Debian | USE After Free vulnerability in multiple products Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of images. | 7.5 |
2013-06-05 | CVE-2013-2856 | Google Debian | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input. | 7.5 |
2013-06-05 | CVE-2013-2854 | Google Microsoft | Security vulnerability in Google Chrome Google Chrome before 27.0.1453.110 on Windows provides an incorrect handle to a renderer process in unspecified circumstances, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors. | 7.5 |
2013-06-05 | CVE-2013-3475 | IBM | Buffer Errors vulnerability in IBM Db2, DB2 Connect and Smart Analytics System 7600 Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors. | 7.2 |
2013-06-08 | CVE-2011-4348 | Linux | Race Condition vulnerability in Linux Kernel Race condition in the sctp_rcv function in net/sctp/input.c in the Linux kernel before 2.6.29 allows remote attackers to cause a denial of service (system hang) via SCTP packets. | 7.1 |
46 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-06-07 | CVE-2013-2852 | Linux | USE of Externally-Controlled Format String vulnerability in Linux Kernel Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. | 6.9 |
2013-06-05 | CVE-2013-3954 | Apple | Improper Input Validation vulnerability in Apple Iphone OS and mac OS X The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer. | 6.9 |
2013-06-08 | CVE-2011-2942 | Linux Redhat | A certain Red Hat patch to the __br_deliver function in net/bridge/br_forward.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging connectivity to a network interface that uses an Ethernet bridge device. | 6.8 |
2013-06-07 | CVE-2013-0144 | Qnap | Cross-Site Request Forgery (CSRF) vulnerability in Qnap Viostor Network Video Recorder 4.0.3 Cross-site request forgery (CSRF) vulnerability in cgi-bin/create_user.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a NEW USER action. | 6.8 |
2013-06-07 | CVE-2011-4604 | Linux | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel The bat_socket_read function in net/batman-adv/icmp_socket.c in the Linux kernel before 3.3 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted batman-adv ICMP packet. | 6.8 |
2013-06-05 | CVE-2013-1024 | Apple | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | 6.8 |
2013-06-05 | CVE-2013-1023 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1009. | 6.8 |
2013-06-05 | CVE-2013-1009 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1023. | 6.8 |
2013-06-05 | CVE-2013-0983 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text glyph in a URL encountered by Safari. | 6.8 |
2013-06-05 | CVE-2013-0975 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. | 6.8 |
2013-06-07 | CVE-2013-0143 | Qnap | Code Injection vulnerability in Qnap products cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string. | 6.5 |
2013-06-03 | CVE-2013-2970 | IBM | Unspecified vulnerability in IBM Qradar Security Information and Event Manager 7.0.0/7.0.1/7.1.0 Unspecified vulnerability in IBM QRadar Security Information and Event Manager (SIEM) 7.x before 7.1 MR2 Patch 1 allows remote authenticated users to execute operating-system commands via unknown vectors. | 6.5 |
2013-06-05 | CVE-2013-3955 | Apple | Improper Input Validation vulnerability in Apple products The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to cause a denial of service (memory corruption) or have unspecified other impact via an invalid file on an msdosfs filesystem. | 6.2 |
2013-06-07 | CVE-2013-2851 | Linux | USE of Externally-Controlled Format String vulnerability in Linux Kernel Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. | 6.0 |
2013-06-03 | CVE-2013-2317 | Fenrir INC | Cross-Site Scripting vulnerability in Apache OFBiz The Sleipnir Mobile application 2.9.1 and earlier and Sleipnir Mobile Black Edition application 2.9.1 and earlier for Android allow remote attackers to spoof the address bar via vectors involving the opening of a new window. | 5.8 |
2013-06-03 | CVE-2013-2316 | Yahoo | Address Bar Spoofing vulnerability in Yahoo! Browser for Android The Yahoo! Browser application 1.4.4 and earlier for Android allows remote attackers to spoof the address bar via vectors related to URL display, a different vulnerability than CVE-2013-2307. | 5.8 |
2013-06-08 | CVE-2011-3593 | Linux Redhat | Resource Management Errors vulnerability in multiple products A certain Red Hat patch to the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames. | 5.7 |
2013-06-09 | CVE-2013-4083 | Wireshark | Improper Input Validation vulnerability in Wireshark The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 5.0 |
2013-06-09 | CVE-2013-4082 | Wireshark Debian Opensuse | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted packet. | 5.0 |
2013-06-09 | CVE-2013-4081 | Wireshark Debian Opensuse | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet. | 5.0 |
2013-06-09 | CVE-2013-4080 | Wireshark | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark The dissect_r3_upstreamcommand_queryconfig function in epan/dissectors/packet-assa_r3.c in the Assa Abloy R3 dissector in Wireshark 1.8.x before 1.8.8 does not properly handle a zero-length item, which allows remote attackers to cause a denial of service (infinite loop, and CPU and memory consumption) via a crafted packet. | 5.0 |
2013-06-09 | CVE-2013-4079 | Opensuse Wireshark | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (infinite loop and application hang) via a crafted packet. | 5.0 |
2013-06-09 | CVE-2013-4078 | Wireshark Debian Opensuse | Improper Input Validation vulnerability in multiple products epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 5.0 |
2013-06-09 | CVE-2013-4077 | Debian Opensuse Wireshark | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c. | 5.0 |
2013-06-09 | CVE-2013-4076 | Debian Opensuse Wireshark | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 5.0 |
2013-06-09 | CVE-2013-4075 | Wireshark Debian Opensuse | Resource Management Errors vulnerability in multiple products epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 5.0 |
2013-06-09 | CVE-2013-4074 | Wireshark Debian Opensuse | Numeric Errors vulnerability in multiple products The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 5.0 |
2013-06-07 | CVE-2013-0142 | Qnap | Credentials Management vulnerability in Qnap products QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors. | 5.0 |
2013-06-05 | CVE-2013-3950 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable. | 5.0 |
2013-06-05 | CVE-2013-2855 | Google Debian | Buffer Errors vulnerability in Google Chrome The Developer Tools API in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 5.0 |
2013-06-07 | CVE-2013-2128 | Linux | Resource Exhaustion vulnerability in Linux Kernel The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service (system crash) via a crafted splice system call for a TCP socket. | 4.9 |
2013-06-05 | CVE-2013-3953 | Apple | Information Exposure vulnerability in Apple Iphone OS and mac OS X The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call. | 4.9 |
2013-06-05 | CVE-2013-0990 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors. | 4.9 |
2013-06-07 | CVE-2013-2146 | Linux | Improper Input Validation vulnerability in Linux Kernel arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. | 4.7 |
2013-06-08 | CVE-2011-3619 | Linux | Improper Input Validation vulnerability in Linux Kernel The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 3.0 does not properly handle invalid parameters, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by writing to a /proc/#####/attr/current file. | 4.6 |
2013-06-08 | CVE-2011-3347 | Redhat | VLAN Packets Handling Remote Denial of Service vulnerability in Redhat Enterprise Linux 6.0 A certain Red Hat patch to the be2net implementation in the kernel package before 2.6.32-218.el6 on Red Hat Enterprise Linux (RHEL) 6, when promiscuous mode is enabled, allows remote attackers to cause a denial of service (system crash) via non-member VLAN packets. | 4.6 |
2013-06-05 | CVE-2013-3951 | Apple | Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Watchos sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program. | 4.6 |
2013-06-07 | CVE-2013-1929 | Linux | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure. | 4.4 |
2013-06-08 | CVE-2011-4087 | Linux | Improper Initialization vulnerability in Linux Kernel The br_parse_ip_options function in net/bridge/br_netfilter.c in the Linux kernel before 2.6.39 does not properly initialize a certain data structure, which allows remote attackers to cause a denial of service by leveraging connectivity to a network interface that uses an Ethernet bridge device. | 4.3 |
2013-06-06 | CVE-2013-1205 | Cisco | Improper Authentication vulnerability in Cisco Webex Meetings Server The Event Center module in Cisco WebEx Meetings Server does not perform request authentication in all intended circumstances, which allows remote attackers to discover host keys and event passwords via crafted URLs, aka Bug ID CSCue62485. | 4.3 |
2013-06-05 | CVE-2013-3948 | Apple | Improper Input Validation vulnerability in Apple Iphone OS 6.1.3 Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary applications via a download-manifest itms-services:// URL that leverages an open redirect vulnerability within a trusted domain. | 4.3 |
2013-06-05 | CVE-2013-1013 | Apple | Improper Input Validation vulnerability in Apple Safari XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors. | 4.3 |
2013-06-05 | CVE-2013-1012 | Apple | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements. | 4.3 |
2013-06-03 | CVE-2013-0464 | IBM | Cross-Site Scripting vulnerability in IBM Eclipse Help System and Spss Data Collection Multiple cross-site scripting (XSS) vulnerabilities in IBM Eclipse Help System (IEHS) 3.4.3 and 3.6.2, as used in IBM SPSS Data Collection 6.0, 6.0.1, and 7.0, allow remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2013-06-03 | CVE-2013-0549 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Portal Cross-site scripting (XSS) vulnerability in the Web Content Manager - Web Content Viewer Portlet in the server in IBM WebSphere Portal 7.0.0.x through 7.0.0.2 CF22 and 8.0.0.x through 8.0.0.1 CF5, when the IBM Portlet API is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2013-06-08 | CVE-2011-4347 | Linux | Permissions, Privileges, and Access Controls vulnerability in Linux Kernel The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a KVM_ASSIGN_PCI_DEVICE operation. | 4.0 |
13 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-06-03 | CVE-2013-2950 | IBM | Code Injection vulnerability in IBM Websphere Portal CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 3.5 |
2013-06-08 | CVE-2011-1585 | Linux Suse | Permissions, Privileges, and Access Controls vulnerability in Linux Kernel The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user. | 3.3 |
2013-06-06 | CVE-2013-2318 | JIG | Permissions, Privileges, and Access Controls vulnerability in JIG Movatwitouch and Movatwitouch Paid The Content Provider in the MovatwiTouch application before 1.793 and MovatwiTouch Paid application before 1.793 for Android does not properly restrict access to authorization information, which allows attackers to hijack Twitter accounts via a crafted application. | 2.6 |
2013-06-07 | CVE-2013-0947 | RSA | Credentials Management vulnerability in RSA Authentication Manager 8.0 EMC RSA Authentication Manager 8.0 before P1 allows local users to discover cleartext operating-system passwords, HTTP plug-in proxy passwords, and SNMP communities by reading a (1) log file or (2) configuration file. | 2.1 |
2013-06-07 | CVE-2013-2148 | Linux | Resource Management Errors vulnerability in Linux Kernel The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor. | 2.1 |
2013-06-07 | CVE-2013-2147 | Linux Suse | Resource Management Errors vulnerability in Linux Kernel The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. | 2.1 |
2013-06-07 | CVE-2013-2141 | Linux | Resource Management Errors vulnerability in Linux Kernel The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. | 2.1 |
2013-06-05 | CVE-2013-3952 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_info system call for a kernel pipe handle. | 2.1 |
2013-06-05 | CVE-2013-3949 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper program that calls the posix_spawnattr_setflags function. | 2.1 |
2013-06-05 | CVE-2013-0985 | Apple | Improper Authentication vulnerability in Apple mac OS X Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line. | 2.1 |
2013-06-08 | CVE-2011-4098 | Linux | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel The fallocate implementation in the GFS2 filesystem in the Linux kernel before 3.2 relies on the page cache, which might allow local users to cause a denial of service by preallocating blocks in certain situations involving insufficient memory. | 1.9 |
2013-06-08 | CVE-2011-2693 | Redhat | Denial-Of-Service vulnerability in Redhat Enterprise Linux 6.0 The perf subsystem in the kernel package 2.6.32-122.el6.x86_64 in Red Hat Enterprise Linux (RHEL) 6 does not properly handle NMIs, which might allow local users to cause a denial of service (excessive log messages) via unspecified vectors. | 1.9 |
2013-06-05 | CVE-2013-0982 | Apple | Information Exposure vulnerability in Apple mac OS X and mac OS X Server The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation. | 1.7 |