Weekly Vulnerabilities Reports > September 16 to 22, 2013

Overview

128 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 12 high severity vulnerabilities. This weekly summary report vulnerabilities in 139 products from 30 vendors including Apple, Cisco, Mozilla, IBM, and Wireshark. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Cross-site Scripting", and "Resource Management Errors".

  • 110 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 23 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 115 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 52 reported vulnerabilities.
  • HP has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

16 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-09-20 CVE-2010-5290 Adobe Credentials Management vulnerability in Adobe Coldfusion

The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file, a different vulnerability than CVE-2010-2861.

10.0
2013-09-18 CVE-2013-1719 Mozilla Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2013-09-17 CVE-2013-5754 Dahuasecurity Permissions, Privileges, and Access Controls vulnerability in Dahuasecurity products

The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612.

10.0
2013-09-17 CVE-2013-3612 Dahuasecurity Credentials Management vulnerability in Dahuasecurity products

Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.

10.0
2013-09-16 CVE-2013-4813 HP Code Injection vulnerability in HP Identity Driven Manager and Procurve Manager

The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745.

10.0
2013-09-16 CVE-2013-4812 HP Improper Input Validation vulnerability in HP Identity Driven Manager and Procurve Manager

UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.

10.0
2013-09-16 CVE-2013-4811 HP Improper Input Validation vulnerability in HP Identity Driven Manager and Procurve Manager

UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.

10.0
2013-09-16 CVE-2013-4810 HP Code Injection vulnerability in HP products

HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760.

9.8
2013-09-19 CVE-2013-5139 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS

The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.

9.3
2013-09-19 CVE-2013-1035 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes

The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

9.3
2013-09-18 CVE-2013-3893 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer

Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.

9.3
2013-09-18 CVE-2013-1738 Mozilla Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration.

9.3
2013-09-18 CVE-2013-1724 Mozilla Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a destroyed SELECT element.

9.3
2013-09-18 CVE-2013-1721 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox and Seamonkey

Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 24.0 and SeaMonkey before 2.21, allows remote attackers to execute arbitrary code via a crafted web site.

9.3
2013-09-17 CVE-2013-3614 Dahuasecurity Permissions, Privileges, and Access Controls vulnerability in Dahuasecurity products

Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack.

9.3
2013-09-16 CVE-2013-5369 IBM Code Injection vulnerability in IBM Spss Analytical Decision Management 6.1.0.0/6.2.0.0/7.0.0.0

IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 might allow remote attackers to execute arbitrary code by deploying and accessing a service.

9.3

12 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-09-16 CVE-2013-4049 IBM Arbitrary File Upload vulnerability in IBM Spss Analytical Decision Management 6.1.0.0/6.2.0.0/7.0.0.0

Unrestricted file upload vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to execute arbitrary code by uploading and accessing a JSP file.

8.5
2013-09-17 CVE-2013-5709 Siemens Numeric Errors vulnerability in Siemens products

The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value.

8.3
2013-09-20 CVE-2013-3473 Cisco Improper Authentication vulnerability in Cisco Prime Central FOR Hosted Collaboration Solution Assurance

The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance before 9.1.1 does not properly determine the existence of an authenticated session, which allows remote attackers to discover usernames and passwords via an HTTP request, aka Bug ID CSCud32600.

7.8
2013-09-19 CVE-2013-5140 Apple Improper Input Validation vulnerability in Apple Iphone OS

The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.

7.8
2013-09-17 CVE-2013-3615 Dahuasecurity Credentials Management vulnerability in Dahuasecurity products

Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack.

7.8
2013-09-17 CVE-2013-3613 Dahuasecurity Improper Authentication vulnerability in Dahuasecurity products

Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port.

7.8
2013-09-16 CVE-2013-5674 Moodle Code Injection vulnerability in Moodle 2.5.0/2.5.1

badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter.

7.5
2013-09-16 CVE-2013-4313 Moodle SQL Injection vulnerability in Moodle

Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string.

7.5
2013-09-16 CVE-2013-4809 HP SQL Injection vulnerability in HP Identity Driven Manager and Procurve Manager

Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter.

7.5
2013-09-20 CVE-2013-4068 IBM Buffer Errors vulnerability in IBM Lotus Domino and Lotus Inotes

Buffer overflow in iNotes in IBM Domino 8.5.3 before FP5 IF1 and 9.0 before IF4 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka SPR PTHN9ADPA8.

7.1
2013-09-19 CVE-2013-5155 Apple Improper Input Validation vulnerability in Apple Iphone OS

The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.

7.1
2013-09-19 CVE-2013-5141 Apple Numeric Errors vulnerability in Apple Iphone OS

The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability."

7.1

89 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-09-17 CVE-2013-2297 Eucalyptus Credentials Management vulnerability in Eucalyptus Eustore

Eucalyptus EuStore sets a blank root password in the default configuration of EMI 3868652036, EMI 0400376721, EMI 2425352071, and EMI 1347115203, which allows local users to gain privileges via unspecified vectors, a related issue to CVE-2013-2069.

6.9
2013-09-20 CVE-2013-4053 IBM Improper Input Validation vulnerability in IBM products

The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly verify X.509 certificates, which allows remote attackers to obtain privileged access via unspecified vectors.

6.8
2013-09-20 CVE-2012-4082 Cisco Improper Input Validation vulnerability in Cisco Unified Computing System

MCTools in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to gain privileges by entering crafted command-line parameters on a Fabric Interconnect device, aka Bug ID CSCtg20749.

6.8
2013-09-20 CVE-2013-1130 Cisco
Apple
Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client

Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619.

6.8
2013-09-20 CVE-2013-4709 IIJ Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IIJ products

Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 with firmware before 2.82, SEIL/X1 with firmware before 4.32, SEIL/X2 with firmware before 4.32, SEIL/B1 with firmware before 4.32, SEIL/Turbo with firmware before 2.16, and SEIL/neu 2FE Plus with firmware before 2.16 allows remote attackers to execute arbitrary code via a crafted L2TP message.

6.8
2013-09-19 CVE-2013-5128 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8
2013-09-19 CVE-2013-5127 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8
2013-09-19 CVE-2013-5126 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8
2013-09-19 CVE-2013-5125 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8
2013-09-19 CVE-2013-1047 Apple Buffer Errors vulnerability in Apple Iphone OS, Itunes and Safari

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8
2013-09-19 CVE-2013-1046 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8
2013-09-19 CVE-2013-1045 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8
2013-09-19 CVE-2013-1044 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8
2013-09-19 CVE-2013-1043 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8
2013-09-19 CVE-2013-1042 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8
2013-09-19 CVE-2013-1041 Apple Buffer Errors vulnerability in Apple Iphone OS, Itunes and Safari

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8
2013-09-19 CVE-2013-1040 Apple Buffer Errors vulnerability in Apple Iphone OS, Itunes and Safari

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8
2013-09-19 CVE-2013-1039 Apple Buffer Errors vulnerability in Apple Iphone OS, Itunes and Safari

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8
2013-09-19 CVE-2013-1038 Apple Buffer Errors vulnerability in Apple Iphone OS, Itunes and Safari

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8
2013-09-19 CVE-2013-1037 Apple Buffer Errors vulnerability in Apple Iphone OS, Itunes and Safari

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8
2013-09-19 CVE-2013-1036 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS

Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

6.8
2013-09-18 CVE-2013-1731 Mozilla
Google
Improper Input Validation vulnerability in Mozilla Firefox

Untrusted search path vulnerability in the GL tracing functionality in Mozilla Firefox before 24.0 on Android allows attackers to execute arbitrary code via a Trojan horse .so file in a world-writable directory.

6.8
2013-09-18 CVE-2013-1720 Mozilla Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer over-read) by triggering use of this stack in its empty state.

6.8
2013-09-16 CVE-2013-4234 Konstanty Bialkowski
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted ABC.

6.8
2013-09-16 CVE-2013-4233 Konstanty Bialkowski
Debian
Numeric Errors vulnerability in multiple products

Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow.

6.8
2013-09-16 CVE-2013-5494 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco products

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified MeetingPlace Solution, as used in Unified MeetingPlace Web Conferencing and Unified MeetingPlace, allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCui45209 and CSCui44674.

6.8
2013-09-16 CVE-2013-1032 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and Quicktime

QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file.

6.8
2013-09-16 CVE-2013-1027 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package.

6.8
2013-09-16 CVE-2013-1026 Apple Buffer Errors vulnerability in Apple Iphone OS and mac OS X

Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.

6.8
2013-09-16 CVE-2013-1025 Apple Buffer Errors vulnerability in Apple Iphone OS and mac OS X

Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.

6.8
2013-09-20 CVE-2013-4707 Dlink Permissions, Privileges, and Access Controls vulnerability in Dlink Des-3810 and Des-3810 Firmware

The SSH implementation on D-Link Japan DES-3810 devices with firmware before R2.20.011 allows remote authenticated users to cause a denial of service (device hang) by leveraging login access.

6.3
2013-09-20 CVE-2013-4706 Dlink Permissions, Privileges, and Access Controls vulnerability in Dlink Dwl-2100Ap and Dwl-2100Ap Firmware

The SSH implementation on the D-Link Japan DWL-2100AP with firmware before R252JP-RC572 allows remote authenticated users to cause a denial of service (reboot) by leveraging login access.

6.3
2013-09-19 CVE-2013-5145 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.

6.3
2013-09-16 CVE-2013-5496 Cisco Improper Input Validation vulnerability in Cisco Nx-Os

Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551.

6.3
2013-09-19 CVE-2011-2391 Apple Improper Input Validation vulnerability in Apple Iphone OS, Itunes and mac OS X

The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.

6.1
2013-09-20 CVE-2012-4074 Cisco Credentials Management vulnerability in Cisco Unified Computing System

The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain sensitive information or modify the data stream by leveraging knowledge of this key, aka Bug ID CSCte90338.

5.8
2013-09-20 CVE-2012-4073 Cisco Cryptographic Issues vulnerability in Cisco Unified Computing System

The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332.

5.8
2013-09-19 CVE-2013-0957 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox.

5.8
2013-09-16 CVE-2013-1028 Apple Improper Input Validation vulnerability in Apple Iphone OS and mac OS X

The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate.

5.8
2013-09-16 CVE-2012-6087 Moodle Improper Input Validation vulnerability in Moodle

repository/s3/S3.php in the Amazon S3 library in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to an incorrect CURLOPT_SSL_VERIFYHOST value.

5.8
2013-09-17 CVE-2013-2296 Eucalyptus Permissions, Privileges, and Access Controls vulnerability in Eucalyptus

Walrus in Eucalyptus before 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket operations, which allows remote authenticated users to bypass intended restrictions on (1) modifying the logging setting, (2) modifying the versioning setting, or (3) accessing activity logs via a request.

5.5
2013-09-16 CVE-2013-1033 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access.

5.5
2013-09-19 CVE-2013-1121 Cisco Resource Management Errors vulnerability in Cisco Nx-Os

The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554.

5.4
2013-09-16 CVE-2013-5650 Juniper Improper Input Validation vulnerability in Juniper products

Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5, 4.3 before 4.3r6 and 4.4 before 4.4r3, when a hardware SSL acceleration card is enabled, allows remote attackers to cause a denial of service (device hang) via a crafted packet.

5.4
2013-09-19 CVE-2013-5157 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon.

5.0
2013-09-16 CVE-2013-5751 SAP Path Traversal vulnerability in SAP Netweaver

Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.

5.0
2013-09-16 CVE-2013-4315 Djangoproject Path Traversal vulnerability in Djangoproject Django

Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_ROOTS setting followed by a ..

5.0
2013-09-16 CVE-2013-4132 KDE
Opensuse
Cryptographic Issues vulnerability in multiple products

KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.

5.0
2013-09-16 CVE-2013-4123 Squid Cache
Opensuse
Improper Input Validation vulnerability in multiple products

client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.

5.0
2013-09-16 CVE-2013-5720 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5.0
2013-09-19 CVE-2013-5142 Apple Information Exposure vulnerability in Apple Iphone OS

The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.

4.9
2013-09-16 CVE-2013-1029 Apple Improper Input Validation vulnerability in Apple mac OS X

The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser.

4.9
2013-09-19 CVE-2013-5138 Apple Denial of Service vulnerability in Apple iPhone/iPad/iPod touch Prior to iOS 7

IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application.

4.7
2013-09-20 CVE-2012-4081 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Unified Computing System

MCServer in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (application crash) via invalid MCTools parameters, aka Bug ID CSCtg20734.

4.6
2013-09-20 CVE-2012-4093 Cisco Improper Input Validation vulnerability in Cisco Unified Computing System

The Manager component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via an invalid Smart Call Home contact address, aka Bug ID CSCtl00186.

4.6
2013-09-20 CVE-2013-4815 Microfocus Cross-Site Scripting vulnerability in Microfocus Arcsight Enterprise Security Manager

Cross-site scripting (XSS) vulnerability in the web interface in HP ArcSight Enterprise Security Manager (ESM) before 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-09-20 CVE-2013-4052 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-09-20 CVE-2013-0596 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-09-20 CVE-2013-5501 Cisco Cross-Site Scripting vulnerability in Cisco Mediasense

Cross-site scripting (XSS) vulnerability in the oraservice page in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj23328.

4.3
2013-09-20 CVE-2013-5500 Cisco Cross-Site Scripting vulnerability in Cisco Mediasense

Multiple cross-site scripting (XSS) vulnerabilities in the oraadmin service page in Cisco MediaSense allow remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuj23320, CSCuj23324, CSCuj23333, and CSCuj23338.

4.3
2013-09-20 CVE-2012-4072 Cisco Improper Input Validation vulnerability in Cisco Unified Computing System

The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers, and read keyboard and mouse events, by leveraging knowledge of this certificate's private key, aka Bug ID CSCte90327.

4.3
2013-09-19 CVE-2013-5497 Cisco Improper Authentication vulnerability in Cisco Intrusion Prevention System

The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly handle user tokens, which allows remote attackers to cause a denial of service (intermittent MainApp hang) via a crafted management-interface connection request, aka Bug ID CSCuf20148.

4.3
2013-09-19 CVE-2013-5159 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.

4.3
2013-09-19 CVE-2013-5156 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon.

4.3
2013-09-19 CVE-2013-5154 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application.

4.3
2013-09-19 CVE-2013-5152 Apple Improper Input Validation vulnerability in Apple Iphone OS

Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.

4.3
2013-09-19 CVE-2013-5151 Apple Cross-Site Scripting vulnerability in Apple Iphone OS

Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file.

4.3
2013-09-19 CVE-2013-5149 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process.

4.3
2013-09-19 CVE-2013-5131 Apple Cross-Site Scripting vulnerability in Apple Iphone OS

Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2013-09-19 CVE-2013-5129 Apple Cross-Site Scripting vulnerability in Apple Iphone OS

Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.

4.3
2013-09-19 CVE-2013-1034 Apple Cross-Site Scripting vulnerability in Apple OS X Server

Multiple cross-site scripting (XSS) vulnerabilities in Wiki Server in Apple Mac OS X Server before 2.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-09-18 CVE-2013-1728 Mozilla Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors.

4.3
2013-09-18 CVE-2013-1723 Mozilla Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after widget-memory reallocation.

4.3
2013-09-17 CVE-2013-5711 Slickremix Cross-Site Scripting vulnerability in Slickremix Design Approval System Plugin

Cross-site scripting (XSS) vulnerability in admin/walkthrough/walkthrough.php in the Design Approval System plugin before 3.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter.

4.3
2013-09-17 CVE-2013-4766 Eucalyptus Information Exposure vulnerability in Eucalyptus

The gather log service in Eucalyptus before 3.3.1 allows remote attackers to read log files via an unspecified request to the (1) Cluster Controller (CC) or (2) Node Controller (NC) component.

4.3
2013-09-17 CVE-2013-2788 Subnet Improper Input Validation vulnerability in Subnet Substation Server 2.7.0033/2.8.0106

The DNP3 Slave service in SUBNET Solutions SubSTATION Server 2.7.0033 and 2.8.0106 allows remote attackers to cause a denial of service (unhandled exception and process crash) via unspecified vectors.

4.3
2013-09-17 CVE-2012-4067 Eucalyptus Resource Management Errors vulnerability in Eucalyptus

Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service (memory, thread, and CPU consumption) via a crafted XML message containing a DTD, as demonstrated by a bucket-logging request.

4.3
2013-09-16 CVE-2013-1439 Libraw NULL Pointer Dereference Denial of Service vulnerability in LibRaw

The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file.

4.3
2013-09-16 CVE-2013-4047 IBM Cross-Site Scripting vulnerability in IBM Spss Analytical Decision Management 6.1.0.0/6.2.0.0/7.0.0.0

Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote attackers to inject arbitrary web script or HTML via a crafted link.

4.3
2013-09-16 CVE-2013-5495 Cisco Cross-Site Scripting vulnerability in Cisco Unified Meetingplace

Cross-site scripting (XSS) vulnerability in the web framework in the Application Server in Cisco Unified MeetingPlace allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui44681.

4.3
2013-09-16 CVE-2013-4704 Chamanet Cross-Site Scripting vulnerability in Chamanet Chamacargo 7.0000

Cross-site scripting (XSS) vulnerability in ChamaNet ChamaCargo 7.0000 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-09-16 CVE-2013-4341 Moodle Cross-site Scripting vulnerability in Moodle

Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed.

4.3
2013-09-16 CVE-2013-5722 Wireshark Denial of Service vulnerability in Wireshark LDAP Dissector

Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2013-09-16 CVE-2013-5721 Wireshark Improper Input Validation vulnerability in Wireshark

The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2013-09-16 CVE-2013-5719 Wireshark Resource Management Errors vulnerability in Wireshark

epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

4.3
2013-09-16 CVE-2013-5718 Wireshark Permissions, Privileges, and Access Controls vulnerability in Wireshark

The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2013-09-16 CVE-2013-5717 Wireshark Improper Input Validation vulnerability in Wireshark 1.10.0/1.10.1

The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c.

4.3
2013-09-20 CVE-2012-4083 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Unified Computing System

Multiple buffer overflows in the administrative web interface in Cisco Unified Computing System (UCS) allow remote authenticated users to cause a denial of service (memory corruption and session termination) via long string values for unspecified parameters, aka Bug ID CSCtg20751.

4.0
2013-09-18 CVE-2013-1727 Mozilla
Google
Cross-Site Scripting vulnerability in Mozilla Firefox

Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file.

4.0

11 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-09-19 CVE-2013-5147 Apple Race Condition vulnerability in Apple Iphone OS

Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.

3.7
2013-09-16 CVE-2013-4048 IBM Cross-Site Scripting vulnerability in IBM Spss Analytical Decision Management 6.1.0.0/6.2.0.0/7.0.0.0

Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving addition of script to a page.

3.5
2013-09-16 CVE-2013-4277 Apache Permissions, Privileges, and Access Controls vulnerability in Apache Subversion

Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.

3.3
2013-09-16 CVE-2013-1031 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver.

3.3
2013-09-19 CVE-2013-5137 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.

2.6
2013-09-18 CVE-2013-1729 Mozilla
Apple
Information Exposure vulnerability in Mozilla Firefox

The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element.

2.6
2013-09-19 CVE-2013-5158 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors.

2.1
2013-09-19 CVE-2013-5153 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.

2.1
2013-09-16 CVE-2013-4183 Openstack Information Exposure vulnerability in Openstack Cinder 2013.1.1/2013.1.2

The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors.

2.1
2013-09-16 CVE-2013-1030 Apple Information Exposure vulnerability in Apple mac OS X

mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process.

2.1
2013-09-19 CVE-2013-5150 Apple Information Exposure vulnerability in Apple Iphone OS

The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.

1.9