Weekly Vulnerabilities Reports > June 10 to 16, 2013
Overview
69 new vulnerabilities reported during this period, including 23 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 59 products from 21 vendors including X, Microsoft, HP, Cisco, and X ORG. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Numeric Errors", "Improper Input Validation", "Cross-site Scripting", and "Cryptographic Issues".
- 67 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 6 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 65 reported vulnerabilities are exploitable by an anonymous user.
- X has the most reported vulnerabilities, with 23 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 20 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
23 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-06-14 | CVE-2013-2338 | HP | Remote Unauthorized Access vulnerability in HP products Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) cards with firmware before 1.57 and 4 (aka iLO4) cards with firmware before 1.22, when Single-Sign-On (SSO) is used, allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
2013-06-14 | CVE-2013-3573 | HP | Improper Input Validation vulnerability in HP Insight Diagnostics 9.4.0.4710 HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors. | 10.0 |
2013-06-12 | CVE-2013-3343 | Adobe Microsoft Linux Apple | Buffer Errors vulnerability in Adobe Air, AIR SDK and Flash Player Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on Windows, before 10.3.183.90 and 11.x before 11.7.700.225 on Mac OS X, before 10.3.183.90 and 11.x before 11.2.202.291 on Linux, before 11.1.111.59 on Android 2.x and 3.x, and before 11.1.115.63 on Android 4.x; Adobe AIR before 3.7.0.2090 on Windows and Android and before 3.7.0.2100 on Mac OS X; and Adobe AIR SDK & Compiler before 3.7.0.2090 on Windows and before 3.7.0.2100 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 10.0 |
2013-06-12 | CVE-2013-3142 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3139. | 9.3 |
2013-06-12 | CVE-2013-3141 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer 8/9 Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3110. | 9.3 |
2013-06-12 | CVE-2013-3139 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3142. | 9.3 |
2013-06-12 | CVE-2013-3126 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 10/9 Microsoft Internet Explorer 9 and 10, when script debugging is enabled, does not properly handle objects in memory during the processing of script, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Internet Explorer Script Debug Vulnerability." | 9.3 |
2013-06-12 | CVE-2013-3125 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 10 Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3120. | 9.3 |
2013-06-12 | CVE-2013-3124 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 9 Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3117 and CVE-2013-3122. | 9.3 |
2013-06-12 | CVE-2013-3123 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 10/8/9 Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3111. | 9.3 |
2013-06-12 | CVE-2013-3122 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 9 Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3117 and CVE-2013-3124. | 9.3 |
2013-06-12 | CVE-2013-3121 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3139, and CVE-2013-3142. | 9.3 |
2013-06-12 | CVE-2013-3120 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 10 Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3125. | 9.3 |
2013-06-12 | CVE-2013-3119 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 10/9 Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3114. | 9.3 |
2013-06-12 | CVE-2013-3118 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 10 Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3120 and CVE-2013-3125. | 9.3 |
2013-06-12 | CVE-2013-3117 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 9 Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3122 and CVE-2013-3124. | 9.3 |
2013-06-12 | CVE-2013-3116 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer 7/8/9 Microsoft Internet Explorer 7 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | 9.3 |
2013-06-12 | CVE-2013-3114 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 10/9 Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3119. | 9.3 |
2013-06-12 | CVE-2013-3113 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3121, CVE-2013-3139, and CVE-2013-3142. | 9.3 |
2013-06-12 | CVE-2013-3112 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3113, CVE-2013-3121, CVE-2013-3139, and CVE-2013-3142. | 9.3 |
2013-06-12 | CVE-2013-3111 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 10/8/9 Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3123. | 9.3 |
2013-06-12 | CVE-2013-3110 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer 8/9 Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3141. | 9.3 |
2013-06-14 | CVE-2013-3576 | HP | OS Command Injection vulnerability in HP System Management Homepage ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en. | 9.0 |
6 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-06-14 | CVE-2013-3574 | HP | Improper Input Validation vulnerability in HP Insight Diagnostics 9.4.0.4710 Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter. | 7.8 |
2013-06-12 | CVE-2013-1331 | Microsoft | Classic Buffer Overflow vulnerability in Microsoft Office 2003/2011 Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability." | 7.8 |
2013-06-14 | CVE-2013-3958 | Siemens | Credentials Management vulnerability in Siemens Simatic Pcs7 and Wincc The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request. | 7.5 |
2013-06-14 | CVE-2013-3957 | Siemens | SQL Injection vulnerability in Siemens Simatic Pcs7 and Wincc SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2013-06-16 | CVE-2013-0148 | Faircom | Cryptographic Issues vulnerability in Faircom C-Treeace The Data Camouflage (aka FairCom Standard Encryption) algorithm in FairCom c-treeACE does not ensure that a decryption key is needed for accessing database contents, which allows context-dependent attackers to read cleartext database records by copying a database to another system that has a certain default configuration. | 7.1 |
2013-06-14 | CVE-2013-2783 | Ioserver | Improper Input Validation vulnerability in Ioserver 1.0.19.0 The DNP3 driver in IOServer drivers 1.0.19.0 allows remote attackers to cause a denial of service (infinite loop) or obtain unspecified control via crafted data to TCP port 20000. | 7.1 |
40 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-06-15 | CVE-2013-2066 | X X ORG | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvQueryPortAttributes function. | 6.8 |
2013-06-15 | CVE-2013-2005 | X | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in X Libxt X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors related to the (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut, (4) HandleNormal, and (5) HandleSelectionReplies functions. | 6.8 |
2013-06-15 | CVE-2013-2004 | X | Buffer Errors vulnerability in X Libx11 1.5.0/1.5.99.901 The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file. | 6.8 |
2013-06-15 | CVE-2013-2003 | X | Numeric Errors vulnerability in X Libxcursor Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate function. | 6.8 |
2013-06-15 | CVE-2013-2002 | X | Numeric Errors vulnerability in X Libxt Buffer overflow in X.org libXt 1.1.3 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the _XtResourceConfigurationEH function. | 6.8 |
2013-06-15 | CVE-2013-2001 | X | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in X Libxxf86Vm Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGetGammaRamp function. | 6.8 |
2013-06-15 | CVE-2013-2000 | X | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in X Libxxf86Dga Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XDGAQueryModes and (2) XDGASetMode functions. | 6.8 |
2013-06-15 | CVE-2013-1999 | X | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in X Libxvmc Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvMCGetDRInfo function. | 6.8 |
2013-06-15 | CVE-2013-1998 | X ORG | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in X.Org Libxi Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions. | 6.8 |
2013-06-15 | CVE-2013-1997 | X | Buffer Errors vulnerability in X Libx11 1.5.0/1.5.99.901 Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions. | 6.8 |
2013-06-15 | CVE-2013-1996 | X | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in X Libfs X.org libFS 1.0.4 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the FSOpenServer function. | 6.8 |
2013-06-15 | CVE-2013-1995 | X ORG | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in X.Org Libxi X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function. | 6.8 |
2013-06-15 | CVE-2013-2064 | Debian Oracle Canonical Opensuse Fedoraproject X | Numeric Errors vulnerability in multiple products Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. | 6.8 |
2013-06-15 | CVE-2013-2062 | X | Numeric Errors vulnerability in X Libxp 1.0.0/1.0.1 Multiple integer overflows in X.org libXp 1.0.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XpGetAttributes, (2) XpGetOneAttribute, (3) XpGetPrinterList, and (4) XpQueryScreens functions. | 6.8 |
2013-06-15 | CVE-2013-1992 | X | Numeric Errors vulnerability in X Libdmx Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) DMXGetScreenAttributes, (2) DMXGetWindowAttributes, and (3) DMXGetInputAttributes functions. | 6.8 |
2013-06-15 | CVE-2013-1991 | X | Numeric Errors vulnerability in X Libxxf86Dga Multiple integer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XDGAQueryModes and (2) XDGASetMode functions. | 6.8 |
2013-06-15 | CVE-2013-1990 | X | Numeric Errors vulnerability in X Libxvmc Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvMCListSurfaceTypes and (2) XvMCListSubpictureTypes functions. | 6.8 |
2013-06-15 | CVE-2013-1989 | X | Numeric Errors vulnerability in X Libxv Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvQueryPortAttributes, (2) XvListImageFormats, and (3) XvCreateImage function. | 6.8 |
2013-06-15 | CVE-2013-1988 | X | Numeric Errors vulnerability in X Libxres Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XResQueryClients and (2) XResQueryClientResources functions. | 6.8 |
2013-06-15 | CVE-2013-1987 | Canonical Opensuse X | Numeric Errors vulnerability in multiple products Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats, and (3) XRenderQueryPictIndexValues functions. | 6.8 |
2013-06-15 | CVE-2013-1986 | X | Numeric Errors vulnerability in X Libxrandr Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions. | 6.8 |
2013-06-15 | CVE-2013-1985 | X | Improper Input Validation vulnerability in X Libxinerama Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function. | 6.8 |
2013-06-15 | CVE-2013-1984 | X ORG | Numeric Errors vulnerability in X.Org Libxi Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions. | 6.8 |
2013-06-15 | CVE-2013-1983 | X | Numeric Errors vulnerability in X Libxfixes Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function. | 6.8 |
2013-06-15 | CVE-2013-1982 | X | Numeric Errors vulnerability in X Libxext Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XcupGetReservedColormapEntries, (2) XcupStoreColors, (3) XdbeGetVisualInfo, (4) XeviGetVisualInfo, (5) XShapeGetRectangles, and (6) XSyncListSystemCounters functions. | 6.8 |
2013-06-15 | CVE-2013-1981 | X Canonical | Numeric Errors vulnerability in multiple products Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions. | 6.8 |
2013-06-10 | CVE-2013-3641 | Pizzahut | Cryptographic Issues vulnerability in Pizzahut Pizza HUT Japan Official Order Application 1.1.0 The Pizza Hut Japan Official Order application before 1.1.1.a for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |
2013-06-10 | CVE-2013-2319 | Filemaker | Cryptographic Issues vulnerability in Filemaker PRO and Filemaker PRO Advanced FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |
2013-06-14 | CVE-2013-2336 | HP | Information Disclosure vulnerability in HP Service Manager and ServiceCenter HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
2013-06-14 | CVE-2013-3575 | HP | Improper Input Validation vulnerability in HP Insight Diagnostics 9.4.0.4710 hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter. | 5.0 |
2013-06-12 | CVE-2013-3381 | Cisco | Resource Management Errors vulnerability in Cisco Hosted Collaboration Solution Cisco Hosted Collaboration Mediation allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets on port 162, aka Bug ID CSCug85756. | 5.0 |
2013-06-12 | CVE-2013-3136 | Microsoft | Resource Management Errors vulnerability in Microsoft products The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability." | 4.4 |
2013-06-14 | CVE-2013-2337 | HP | Cross-Site Scripting vulnerability in HP Service Center and Service Manager Cross-site scripting (XSS) vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-06-14 | CVE-2013-3645 | Orchardproject | Cross-Site Scripting vulnerability in Orchardproject Orchard Cross-site scripting (XSS) vulnerability in the Orchard.Comments module in Orchard before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-06-14 | CVE-2013-3376 | Cisco | Improper Input Validation vulnerability in Cisco Video Surveillance Operations Manager Open redirect vulnerability in the help page in Cisco Video Surveillance Operations Manager allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCty74490. | 4.3 |
2013-06-14 | CVE-2013-3375 | Cisco | Cross-Site Scripting vulnerability in Cisco Prime Central FOR Hosted Collaboration Solution Cross-site scripting (XSS) vulnerability in the portal page in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCue23798. | 4.3 |
2013-06-13 | CVE-2013-3970 | Juniper | Cryptographic Issues vulnerability in Juniper products Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority (CA) certificate in the Trusted Server CAs list, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging control over that test CA. | 4.3 |
2013-06-10 | CVE-2013-3640 | Filemaker | Cross-Site Scripting vulnerability in Filemaker PRO and Filemaker PRO Advanced Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 12 and Pro Advanced before 12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-06-14 | CVE-2013-3959 | Siemens | Information Exposure vulnerability in Siemens Simatic Pcs7 and Wincc The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted URL parameters. | 4.0 |
2013-06-12 | CVE-2013-3380 | Cisco | Information Exposure vulnerability in Cisco Secure Access Control Server Solution Engine The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279. | 4.0 |
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|