Weekly Vulnerabilities Reports > October 14 to 20, 2013

Overview

175 new vulnerabilities reported during this period, including 23 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 111 products from 30 vendors including Oracle, SUN, Cisco, IBM, and Google. Vulnerabilities are notably categorized as "Improper Input Validation", "Permissions, Privileges, and Access Controls", "Resource Management Errors", "Cross-site Scripting", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 153 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 132 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 114 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 21 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

23 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-10-19 CVE-2013-6026 D Link
Alphanetworks
Planex
Permissions, Privileges, and Access Controls vulnerability in multiple products

The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013.

10.0
2013-10-16 CVE-2013-5843 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JavaFX 2.2.40 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

10.0
2013-10-16 CVE-2013-5842 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5850.

10.0
2013-10-16 CVE-2013-5830 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

10.0
2013-10-16 CVE-2013-5829 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5809.

10.0
2013-10-16 CVE-2013-5824 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5832, and CVE-2013-5852.

10.0
2013-10-16 CVE-2013-5817 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI.

10.0
2013-10-16 CVE-2013-5814 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA.

10.0
2013-10-16 CVE-2013-5809 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5829.

10.0
2013-10-16 CVE-2013-5789 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5824, CVE-2013-5832, and CVE-2013-5852.

10.0
2013-10-16 CVE-2013-5788 Oracle Remote Security vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

10.0
2013-10-16 CVE-2013-5787 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5789, CVE-2013-5824, CVE-2013-5832, and CVE-2013-5852.

10.0
2013-10-16 CVE-2013-5782 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

10.0
2013-10-19 CVE-2013-6021 Watchguard Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Watchguard Fireware

Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie.

9.3
2013-10-16 CVE-2013-5850 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5842.

9.3
2013-10-16 CVE-2013-5846 Oracle Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, and JavaFX 2.2.40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.

9.3
2013-10-16 CVE-2013-5844 Oracle Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.

9.3
2013-10-16 CVE-2013-5838 Oracle Remote Security vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java SE Embedded 7u25 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

9.3
2013-10-16 CVE-2013-5832 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5824, and CVE-2013-5852.

9.3
2013-10-16 CVE-2013-5810 Oracle Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

9.3
2013-10-16 CVE-2013-5806 Oracle Remote Security vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE-2013-5805.

9.3
2013-10-16 CVE-2013-5805 Oracle Remote Security vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE-2013-5806.

9.3
2013-10-16 CVE-2013-5777 Oracle Remote Security vulnerability in Oracle Javafx, JDK and JRE

Unspecified vulnerability in the Java SE and JavaFX components in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-5775.

9.3

11 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-10-19 CVE-2013-6027 D Link Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in D-Link Dir-100

Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi.

8.5
2013-10-16 CVE-2013-5852 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5824, and CVE-2013-5832.

7.6
2013-10-19 CVE-2013-6129 Vbulletin Permissions, Privileges, and Access Controls vulnerability in Vbulletin 4.1/5.0.0

The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013.

7.5
2013-10-17 CVE-2013-4365 Apache
Debian
Suse
Opensuse
Out-Of-Bounds Write vulnerability in multiple products

Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.

7.5
2013-10-16 CVE-2013-2928 Google Security vulnerability in WebKit

Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5
2013-10-16 CVE-2013-5815 Oracle Remote Security vulnerability in Oracle Identity Analytics

Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 4.1 and 5.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.

7.5
2013-10-16 CVE-2013-5802 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP.

7.5
2013-10-16 CVE-2013-5775 Oracle Remote Security vulnerability in Oracle Javafx, JDK and JRE

Unspecified vulnerability in the Java SE and JavaFX components in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-5777.

7.5
2013-10-16 CVE-2013-5393 IBM Unspecified vulnerability in IBM Websphere Extreme Scale

The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors.

7.5
2013-10-16 CVE-2013-4830 HP Code Injection vulnerability in HP Service Manager 9.30/9.31/9.32

HP Service Manager 9.30 through 9.32 allows remote attackers to execute arbitrary code via an unspecified "injection" approach.

7.5
2013-10-16 CVE-2013-5030 Ruckuswireless Permissions, Privileges, and Access Controls vulnerability in Ruckuswireless Zoneflex 2942 and Zoneflex 2942 Firmware

Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow remote attackers to bypass authentication, and subsequently access certain configuration/ and maintenance/ scripts, by constructing a crafted URI after receiving an authentication error for an arbitrary login attempt.

7.2

120 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-10-16 CVE-2013-5781 Oracle Local SPARC Enterprise T4 Servers vulnerability in Oracle Sun Products Suite

Unspecified vulnerability in Oracle PARC Enterprise T4 Servers running Sun System Firmware before 8.3.0.b allows local users to affect confidentiality, integrity, and availability via vectors related to Sun System Firmware/Integrated Lights Out Manager (ILOM).

6.9
2013-10-19 CVE-2013-4712 Iodata Resource Management Errors vulnerability in Iodata products

I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessions, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.

6.8
2013-10-19 CVE-2012-4112 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System

The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted command parameters within the command-line interface, aka Bug ID CSCtr43330.

6.8
2013-10-17 CVE-2013-6013 Juniper Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Juniper Junos

Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet pass-through authentication on the firewall, might allow remote attackers to execute arbitrary code via a crafted telnet message.

6.8
2013-10-17 CVE-2013-4397 Redhat
Feep
Numeric Errors vulnerability in multiple products

Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow.

6.8
2013-10-16 CVE-2013-2927 Debian
Opensuse
Google
Resource Management Errors vulnerability in multiple products

Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to submission for FORM elements.

6.8
2013-10-16 CVE-2013-2926 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in the IndentOutdentCommand::tryIndentingAsListItem function in core/editing/IndentOutdentCommand.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to list elements.

6.8
2013-10-16 CVE-2013-2925 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger multiple conflicting uses of the same XMLHttpRequest object.

6.8
2013-10-16 CVE-2013-5835 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Open_UI.

6.8
2013-10-16 CVE-2013-5822 Oracle Remote Security vulnerability in Oracle Ilearning 5.2.1/6.0

Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 5.2.1 and 6.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Learner Administration.

6.8
2013-10-16 CVE-2013-5540 Cisco Resource Management Errors vulnerability in Cisco products

The file-upload feature in Cisco Identity Services Engine (ISE) allows remote authenticated users to cause a denial of service (disk consumption and administration-interface outage) by uploading many files, aka Bug ID CSCui67519.

6.8
2013-10-16 CVE-2013-5529 Cisco Improper Input Validation vulnerability in Cisco Webex Meetings Server

The deployment module in the server in Cisco WebEx Meeting Center does not properly validate the passphrase, which allows remote attackers to launch a deployment or cause a denial of service (deployment interruption) via a direct request, aka Bug ID CSCuf52200.

6.8
2013-10-14 CVE-2012-4121 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Nx-Os

Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574.

6.8
2013-10-14 CVE-2012-4077 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Nx-Os

Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651.

6.8
2013-10-14 CVE-2012-4076 Cisco Improper Input Validation vulnerability in Cisco Nx-Os

Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780.

6.8
2013-10-16 CVE-2013-5813 Oracle Remote Security vulnerability in Oracle WebCenter Content

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, 11.1.1.7.0, and 11.1.1.8.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Content Server.

6.4
2013-10-16 CVE-2013-5812 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.

6.4
2013-10-16 CVE-2013-5804 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Javadoc.

6.4
2013-10-16 CVE-2013-5783 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Swing.

6.4
2013-10-16 CVE-2013-5771 Oracle XML Parser Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality and availability via unknown vectors.

6.4
2013-10-16 CVE-2013-3829 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.

6.4
2013-10-16 CVE-2013-5535 Cisco Credentials Management vulnerability in Cisco products

The analytics page on Cisco Video Surveillance 4000 IP cameras has hardcoded credentials, which allows remote attackers to watch the video feed by leveraging knowledge of the password, aka Bug IDs CSCuj70402 and CSCuj70419.

6.4
2013-10-16 CVE-2013-5539 Cisco Improper Input Validation vulnerability in Cisco products

The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an arbitrary file type, and consequently conduct attacks against unspecified other systems, via a crafted file, aka Bug ID CSCui67511.

6.0
2013-10-19 CVE-2012-4117 Cisco Improper Input Validation vulnerability in Cisco Unified Computing System

The fabric-interconnect component in Cisco Unified Computing System (UCS) does not properly verify X.509 certificates, which allows man-in-the-middle attackers to watch SSL KVM video-channel traffic or modify this traffic via a crafted certificate, aka Bug ID CSCtr73033.

5.8
2013-10-19 CVE-2012-4114 Cisco Cryptographic Issues vulnerability in Cisco Unified Computing System

The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72949.

5.8
2013-10-16 CVE-2013-5761 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Integration - Scripting.

5.8
2013-10-16 CVE-2013-3831 Oracle SQL Injection vulnerability in Oracle Fusion Middleware 11.1.1.6.0

Unspecified vulnerability in the Oracle Portal component in Oracle Fusion Middleware 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Demos.

5.5
2013-10-16 CVE-2013-3814 Oracle Remote Security vulnerability in Oracle Industry Applications

Unspecified vulnerability in the Oracle Retail Invoice Matching component in Oracle Industry Applications 10.2, 11.0, 12.0, 12.0IN, 12.1, 13.0, 13.1, and 13.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to System Administration.

5.5
2013-10-16 CVE-2013-4831 HP Unspecified vulnerability in HP Service Manager 9.30/9.31/9.32

HP Service Manager 9.30 through 9.32 does not properly manage privileges, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

5.5
2013-10-17 CVE-2013-0500 IBM Improper Input Validation vulnerability in IBM products

IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or cause a denial of service (device crash) via a (1) CIFS, (2) HTTPS, (3) SCP, or (4) SFTP operation.

5.4
2013-10-16 CVE-2013-5866 Oracle Local Security vulnerability in Oracle Sunos 5.11.1

Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.

5.2
2013-10-17 CVE-2013-4689 Juniper Cross-Site Request Forgery (CSRF) vulnerability in Juniper Junos

J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators for requests that (1) create new administrator accounts or (2) have other unspecified impacts.

5.1
2013-10-17 CVE-2013-2254 Apache Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apache Org.Apache.Sling.Servlets.Post 2.2.0/2.3.0

The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java in org.apache.sling.servlets.post.bundle 2.2.0 and 2.3.0 in Apache Sling does not properly handle a NULL value that returned when the session does not have permissions to the root node, which allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.

5.0
2013-10-16 CVE-2013-3279 EMC Credentials Management vulnerability in EMC Atmos 2.1.3

EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection.

5.0
2013-10-16 CVE-2013-5867 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel Core - Server Infrastructure component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via vectors related to SISNAPI & Network Infrastructure.

5.0
2013-10-16 CVE-2013-5859 Oracle Remote Security vulnerability in Oracle Primavera products Suite 8.0.6/8.5

Unspecified vulnerability in the Instantis EnterpriseTrack component in Oracle Primavera Products Suite 8.0.6 and 8.5 allows remote attackers to affect confidentiality via unknown vectors.

5.0
2013-10-16 CVE-2013-5851 Oracle Remote Security vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP.

5.0
2013-10-16 CVE-2013-5848 Oracle Remote Security vulnerability in Oracle Javafx, JDK and JRE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and JavaFX 2.2.40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.

5.0
2013-10-16 CVE-2013-5841 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Portal, a different vulnerability than CVE-2013-5794.

5.0
2013-10-16 CVE-2013-5840 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.

5.0
2013-10-16 CVE-2013-5836 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Business Interlink.

5.0
2013-10-16 CVE-2013-5831 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5818 and CVE-2013-5819.

5.0
2013-10-16 CVE-2013-5826 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 6.3.0/6.3.1

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3 and 6.3.1 allows remote attackers to affect availability via unknown vectors related to Install / Installation.

5.0
2013-10-16 CVE-2013-5825 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP.

5.0
2013-10-16 CVE-2013-5823 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security.

5.0
2013-10-16 CVE-2013-5820 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS.

5.0
2013-10-16 CVE-2013-5819 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5818 and CVE-2013-5831.

5.0
2013-10-16 CVE-2013-5818 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5819 and CVE-2013-5831.

5.0
2013-10-16 CVE-2013-5816 Oracle Remote Security vulnerability in Oracle GlassFish Server

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote attackers to affect availability via unknown vectors related to Metro.

5.0
2013-10-16 CVE-2013-5801 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.

5.0
2013-10-16 CVE-2013-5794 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Portal, a different vulnerability than CVE-2013-5841.

5.0
2013-10-16 CVE-2013-5792 Oracle Techstack Remote Security vulnerability in Oracle E-Business Suite 12.1

Unspecified vulnerability in the Techstack component in Oracle E-Business Suite 12.1 allows remote attackers to affect confidentiality via unknown vectors related to Apache.

5.0
2013-10-16 CVE-2013-5778 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.

5.0
2013-10-16 CVE-2013-5776 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.

5.0
2013-10-16 CVE-2013-5774 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.

5.0
2013-10-16 CVE-2013-5765 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect availability via vectors related to XML Publisher.

5.0
2013-10-16 CVE-2013-3841 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Web Services.

5.0
2013-10-16 CVE-2013-3835 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Integration Broker.

5.0
2013-10-16 CVE-2013-3834 Oracle Remote Security vulnerability in Oracle Virtualization 5.0

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5 allows remote attackers to affect availability via unknown vectors related to ttaauxserv.

5.0
2013-10-16 CVE-2013-3828 Oracle Remote Security vulnerability in Oracle Web Services

Unspecified vulnerability in the Oracle Web Services component in Oracle Fusion Middleware 10.1.3.5.0 and 11.1.1.6.0 allows remote attackers to affect confidentiality via unknown vectors related to Test Page.

5.0
2013-10-16 CVE-2013-3827 Oracle Directory Traversal vulnerability in Oracle JavaServer Faces

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.

5.0
2013-10-16 CVE-2013-3826 Oracle Core RDBMS Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality via unknown vectors.

5.0
2013-10-16 CVE-2013-5538 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco products

The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506.

5.0
2013-10-16 CVE-2013-5864 Oracle
SUN
Local Security vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to USB hub driver.

4.9
2013-10-16 CVE-2013-5862 Oracle
SUN
Local Security vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers, a different vulnerability than CVE-2014-4215.

4.9
2013-10-16 CVE-2013-5807 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.

4.9
2013-10-16 CVE-2013-5394 IBM Improper Input Validation vulnerability in IBM Websphere Extreme Scale

The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to conduct phishing attacks via unspecified vectors.

4.9
2013-10-19 CVE-2012-4113 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System

The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line interface, aka Bug ID CSCtr43374.

4.6
2013-10-17 CVE-2013-4370 XEN Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in XEN

The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors that trigger a (1) use-after-free or (2) double free.

4.6
2013-10-17 CVE-2013-4371 XEN Resource Management Errors vulnerability in XEN

Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the realloc function fails, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors.

4.4
2013-10-19 CVE-2013-5702 Watchguard Cross-Site Scripting vulnerability in Watchguard Fireware and Watchguard System Manager

Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in WatchGuard WSM and Fireware before 11.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.

4.3
2013-10-19 CVE-2013-5372 IBM Resource Management Errors vulnerability in IBM Websphere Message Broker

The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities.

4.3
2013-10-19 CVE-2012-4116 Cisco Information Exposure vulnerability in Cisco Unified Computing System

The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete the authentication process for a server connection, by sniffing the network, aka Bug ID CSCtr72970.

4.3
2013-10-17 CVE-2013-6170 Juniper Improper Input Validation vulnerability in Juniper Junos

Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote attackers to cause a denial of service (RPD routing daemon crash) via a large number of crafted PIM (S,G) join requests.

4.3
2013-10-17 CVE-2013-6169 Process ONE Cryptographic Issues vulnerability in Process-One Ejabberd

The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack.

4.3
2013-10-17 CVE-2013-6015 Juniper Improper Input Validation vulnerability in Juniper Junos

Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a denial of service (flow daemon crash) via an unspecified sequence of TCP packets.

4.3
2013-10-17 CVE-2013-4363 Rubygems
Ruby Lang
Cryptographic Issues vulnerability in multiple products

Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.

4.3
2013-10-17 CVE-2013-4287 Redhat
Rubygems
Ruby Lang
Cryptographic Issues vulnerability in multiple products

Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.

4.3
2013-10-17 CVE-2013-5376 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" attack against an administrative user.

4.3
2013-10-17 CVE-2013-4389 Rubyonrails USE of Externally-Controlled Format String vulnerability in Rubyonrails Rails and Ruby ON Rails

Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.

4.3
2013-10-17 CVE-2013-3025 IBM Cross-Site Scripting vulnerability in IBM Rational Focal Point

Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.5.x and 6.6.x before 6.6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-10-16 CVE-2013-5863 Oracle Remote Security vulnerability in Oracle Sunos 5.11.1

Unspecified vulnerability in Oracle Solaris 11.1 allows remote attackers to affect integrity via vectors related to IPS repository daemon.

4.3
2013-10-16 CVE-2013-5861 Oracle Remote Security vulnerability in Oracle Sunos 5.11.1

Unspecified vulnerability in Oracle Solaris 11.1 allows remote attackers to affect availability via vectors related to Kernel/KSSL.

4.3
2013-10-16 CVE-2013-5849 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT.

4.3
2013-10-16 CVE-2013-5845 Oracle Remote Security vulnerability in Oracle Ilearning 5.2.1/6.0

Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 5.2.1 and 6.0 allows remote attackers to affect integrity via unknown vectors related to Learner Administration.

4.3
2013-10-16 CVE-2013-5839 SUN Remote Security vulnerability in SUN Sunos 5.10

Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Oracle Java Web Console.

4.3
2013-10-16 CVE-2013-5828 Oracle Remote Security vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 and 12.1.0.3 allows remote attackers to affect integrity via unknown vectors related to Storage Management.

4.3
2013-10-16 CVE-2013-5827 Oracle Remote Security vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Storage Management.

4.3
2013-10-16 CVE-2013-5800 Oracle Remote Security vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JGSS.

4.3
2013-10-16 CVE-2013-5799 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.2

Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.2 allows remote attackers to affect integrity via unknown vectors related to Security.

4.3
2013-10-16 CVE-2013-5798 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.2.0/11.1.2.1.0

Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0.0 and 11.1.2.1.0 allows remote attackers to affect integrity via unknown vectors related to End User Self Service.

4.3
2013-10-16 CVE-2013-5796 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Web Services.

4.3
2013-10-16 CVE-2013-5790 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS.

4.3
2013-10-16 CVE-2013-5784 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING.

4.3
2013-10-16 CVE-2013-5780 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.

4.3
2013-10-16 CVE-2013-5773 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.5

Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5.0 allows remote attackers to affect integrity via unknown vectors related to Servlet Runtime.

4.3
2013-10-16 CVE-2013-5766 Oracle Remote Security vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 and 12.1.0.3 allows remote attackers to affect integrity via unknown vectors related to DB Performance Advisories/UIs.

4.3
2013-10-16 CVE-2013-3837 Oracle
SUN
Remote Security vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows remote attackers to affect availability via unknown vectors related to Cacao.

4.3
2013-10-16 CVE-2013-3833 Oracle Remote Security vulnerability in Oracle Access Manager

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5.0 and 11.1.2.0.0 allows remote attackers to affect integrity via unknown vectors related to Authentication Engine.

4.3
2013-10-16 CVE-2013-3762 Oracle Remote Security vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2, 12.1.0.3, and 12.1.0.4 allows remote attackers to affect integrity via unknown vectors related to Schema Management.

4.3
2013-10-16 CVE-2013-4833 HP Cross-Site Scripting vulnerability in HP Service Manager 9.30/9.31/9.32

Cross-site scripting (XSS) vulnerability in HP Service Manager 9.30 through 9.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-10-15 CVE-2013-5913 Oxid Esales Cross-Site Scripting vulnerability in Oxid-Esales Eshop

Cross-site scripting (XSS) vulnerability in the getRecommSearch function in recommlist.php in OXID eShop before 4.6.7, Professional and Community Edition 4.7.x before 4.7.8, and Enterprise Edition 5.x before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via the searchrecomm parameter.

4.3
2013-10-14 CVE-2012-4099 Cisco Improper Input Validation vulnerability in Cisco Nx-Os

The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065.

4.3
2013-10-14 CVE-2012-4097 Cisco Improper Input Validation vulnerability in Cisco Nx-Os

The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message, aka Bug ID CSCtn13043.

4.3
2013-10-16 CVE-2013-5208 Infohr Cryptographic Issues vulnerability in Infohr HR Human Resource Information System 7.9

HR Systems Strategies info:HR HRIS 7.9 does not properly protect the database password, which allows local users to bypass intended database restrictions by accessing the USERPW registry key and bypassing an unspecified obfuscation technique.

4.1
2013-10-19 CVE-2013-6025 Sybase Code Injection vulnerability in Sybase Adaptive Server Enterprise 15.7

The XMLParse procedure in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 ESD 2 allows remote authenticated users to read arbitrary files via a SQL statement containing an XML document with an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

4.0
2013-10-19 CVE-2013-5534 Cisco Path Traversal vulnerability in Cisco Unity Connection

Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948.

4.0
2013-10-16 CVE-2013-5847 Oracle Remote Security vulnerability in Oracle Peoplesoft products 9.1/9.2

Unspecified vulnerability in the PeopleSoft Enterprise HRMS eCompensation component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to eCompensation.

4.0
2013-10-16 CVE-2013-5786 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5793.

4.0
2013-10-16 CVE-2013-5779 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect confidentiality via vectors related to PIA Core Technology.

4.0
2013-10-16 CVE-2013-5769 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1

Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 allows remote authenticated users to affect availability via unknown vectors related to Web Services.

4.0
2013-10-16 CVE-2013-5768 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect integrity via unknown vectors related to ActiveX Controls.

4.0
2013-10-16 CVE-2013-5767 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

4.0
2013-10-16 CVE-2013-3840 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Services.

4.0
2013-10-16 CVE-2013-3839 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

4.0
2013-10-16 CVE-2013-3838 Oracle SPARC Enterprise T & M Series Servers Security vulnerability in Oracle Sun Products Suite

Unspecified vulnerability in Oracle SPARC Enterprise T & M Series Servers running Sun System Firmware before 6.7.13 for SPARC T1, 7.4.6.c for SPARC T2, 8.3.0.b for SPARC T3 & T4, 9.0.0.d for SPARC T5 and 9.0.1.e for SPARC M5 allows local users to affect availability via unknown vectors related to Sun System Firmware/Hypervisor.

4.0
2013-10-16 CVE-2013-3832 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel Server Remote component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect integrity via unknown vectors related to File System Management.

4.0
2013-10-16 CVE-2013-3785 Oracle Remote Security vulnerability in Oracle Peoplesoft products 9.1

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Career's Home.

4.0
2013-10-16 CVE-2013-3766 Oracle Remote Security vulnerability in Oracle Primavera products Suite 8.1/8.2/8.3

Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.1, 8.2, and 8.3 allows remote authenticated users to affect integrity via unknown vectors related to Web Access.

4.0
2013-10-16 CVE-2013-4832 HP Information Exposure vulnerability in HP Service Manager 9.30/9.31/9.32

HP Service Manager 9.30 through 9.32 allows remote authenticated users to obtain sensitive information via unspecified vectors.

4.0

21 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-10-16 CVE-2013-3792 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.18, 4.0.20, 4.1.28, and 4.2.18 allows local users to affect availability via unknown vectors related to Core.

3.8
2013-10-16 CVE-2013-5857 Oracle Remote Security vulnerability in Oracle Industry Applications 4.5/4.6/5.0

Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, and 5.0 SP1a-b allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web.

3.6
2013-10-16 CVE-2013-5856 Oracle Remote Security vulnerability in Oracle Industry Applications

Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, 5.0 SP1a-b, 5.5 SP0, 5.5 SP0b, 5.5.1, and 6.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web.

3.6
2013-10-16 CVE-2013-5811 Oracle Remote Security vulnerability in Oracle Industry Applications 4.5/4.6/5.0

Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, and 5.0 SP1a-b allows remote authenticated users to affect confidentiality via unknown vectors related to Web.

3.5
2013-10-16 CVE-2013-5797 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.

3.5
2013-10-16 CVE-2013-5793 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5786.

3.5
2013-10-16 CVE-2013-3836 Oracle Remote Security vulnerability in Oracle Web Cache

Unspecified vulnerability in the Oracle Web Cache component in Oracle Fusion Middleware 11.1.1.6 and 11.1.1.7 allows remote authenticated users to affect confidentiality via vectors related to ESI/Partial Page Caching.

3.5
2013-10-16 CVE-2013-5541 Cisco Cross-Site Scripting vulnerability in Cisco products

Cross-site scripting (XSS) vulnerability in the file-upload interface in Cisco Identity Services Engine (ISE) allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename, aka Bug ID CSCui67495.

3.5
2013-10-16 CVE-2013-5390 IBM Cross-Site Scripting vulnerability in IBM Websphere Extreme Scale

Cross-site scripting (XSS) vulnerability in the monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-10-16 CVE-2013-5854 Oracle Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality via unknown vectors.

2.6
2013-10-16 CVE-2013-5803 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS.

2.6
2013-10-16 CVE-2013-5772 Oracle
SUN
Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat.

2.6
2013-10-16 CVE-2013-5762 Oracle Local Security vulnerability in Oracle Industry Applications 8.1.1.0

Unspecified vulnerability in the Oracle Siebel CTMS component in Oracle Industry Applications 8.1.1.x allows local users to affect confidentiality and availability via unknown vectors related to SC-OC Integration.

2.4
2013-10-17 CVE-2013-2190 Clutter Project
Opensuse
Permissions, Privileges, and Access Controls vulnerability in multiple products

The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c in Clutter, when resuming the system, does not properly handle XIQueryDevice errors when a device has "disappeared," which causes the gnome-shell to crash and allows physically proximate attackers to access the previous gnome-shell session via unspecified vectors.

2.1
2013-10-16 CVE-2013-5837 Oracle Remote Security vulnerability in Oracle Industry Applications

Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, 5.0 SP1a-b, 5.0.3, and 5.0.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Cognos.

2.1
2013-10-16 CVE-2013-5770 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.

2.1
2013-10-16 CVE-2013-3842 SUN Local Security vulnerability in SUN Sunos 5.10

Unspecified vulnerability Oracle Solaris 10 allows local users to affect confidentiality via vectors related to Oracle Configuration Manager (OCM).

2.1
2013-10-17 CVE-2013-4369 XEN NULL pointer Dereference Remote Denial of Service vulnerability in Xen

The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate configuration.

1.9
2013-10-17 CVE-2013-4368 XEN Information Exposure vulnerability in XEN

The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register.

1.9
2013-10-16 CVE-2013-5865 Oracle Local Security vulnerability in Oracle Sunos 5.11.1

Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect availability via unknown vectors related to Utility/User administration.

1.7
2013-10-16 CVE-2013-5791 Oracle Stack Buffer Overflow vulnerability in Oracle Fusion Middleware 8.4/8.4.1

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.

1.5