Weekly Vulnerabilities Reports > July 8 to 14, 2013
Overview
3 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 4 products from 4 vendors including Apache, Oracle, Intel, and Microsoft. Vulnerabilities are notably categorized as "Out-of-bounds Write", "Code Injection", and "Credentials Management".
- 3 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities are exploitable by an anonymous user.
- Apache has the most reported vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
3 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2013-07-10 | CVE-2013-3163 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 10/8/9 Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151. | 8.8 |
| 2013-07-10 | CVE-2013-2115 | Apache | Code Injection vulnerability in Apache Struts Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. | 8.1 |
| 2013-07-08 | CVE-2013-4786 | Oracle Intel | Credentials Management vulnerability in multiple products The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC. | 7.5 |
0 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|