Weekly Vulnerabilities Reports > October 21 to 27, 2013

Overview

98 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 15 high severity vulnerabilities. This weekly summary report vulnerabilities in 71 products from 37 vendors including Apple, Cisco, IBM, Mozilla, and Redhat. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Cryptographic Issues", "Numeric Errors", and "Cross-site Scripting".

  • 75 reported vulnerabilities are remotely exploitables.
  • 5 reported vulnerabilities have public exploit available.
  • 15 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 89 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 36 reported vulnerabilities.
  • Cisco has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-10-24 CVE-2013-6245 Sybase Remote Code Execution vulnerability in SAP Sybase Adaptive Server Enterprise

Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3.

10.0
2013-10-22 CVE-2013-5446 IBM Security vulnerability in IBM products

The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors.

10.0
2013-10-25 CVE-2013-5530 Cisco OS Command Injection vulnerability in Cisco Identity Services Engine Software

The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511.

9.0

15 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-10-21 CVE-2013-5542 Cisco Resource Management Errors vulnerability in Cisco Adaptive Security Appliance Software

Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.2), 8.7 before 8.7(1.8), 9.0 before 9.0(3.6), and 9.1 before 9.1(2.8) allows remote attackers to cause a denial of service (firewall-session disruption or device reload) via crafted ICMP packets, aka Bug ID CSCui77398.

8.5
2013-10-26 CVE-2013-6016 F5 Improper Input Validation vulnerability in F5 products

The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.4.1; and WebAccelerator 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.3.0 might change a TCP connection to the ESTABLISHED state before receiving the ACK packet, which allows remote attackers to cause a denial of service (SIGFPE or assertion failure and TMM restart) via unspecified vectors.

7.8
2013-10-24 CVE-2013-5537 Cisco Improper Input Validation vulnerability in Cisco products

The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service (management GUI outage) via multiple TCP connections, aka Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635.

7.8
2013-10-27 CVE-2013-0337 Nginx Permissions, Privileges, and Access Controls vulnerability in Nginx

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.

7.5
2013-10-26 CVE-2013-6284 SAP Unspecified vulnerability in SAP ERP Central Component

Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code via unspecified vectors, related to a "code injection vulnerability."

7.5
2013-10-25 CVE-2013-6283 Videolan Improper Input Validation vulnerability in Videolan VLC Media Player

VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file.

7.5
2013-10-25 CVE-2013-3280 EMC Permissions, Privileges, and Access Controls vulnerability in EMC RSA Authentication Agent 7.1/7.1.1

EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet Information Services has a fail-open design, which allows remote attackers to bypass intended access restrictions via vectors that trigger an agent crash.

7.5
2013-10-24 CVE-2013-5179 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments.

7.5
2013-10-24 CVE-2013-5135 Apple USE of Externally-Controlled Format String vulnerability in Apple Remote Desktop and mac OS X

Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.

7.5
2013-10-23 CVE-2013-6243 Landing Pages Project SQL Injection vulnerability in Landing Pages Project Landing Pages Plugin

SQL injection vulnerability in the Landing Pages plugin 1.2.3, before 20131009, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the "post" parameter to index.php.

7.5
2013-10-24 CVE-2013-5148 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Keynote

Apple Keynote before 6.0 does not properly handle the interaction between Keynote presentation mode and the Screen Lock implementation, which allows physically proximate attackers to obtain access by visiting an unattended workstation on which this mode was enabled during a sleep operation.

7.2
2013-10-25 CVE-2013-5549 Cisco Unspecified vulnerability in Cisco IOS XR

Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCuh30380.

7.1
2013-10-24 CVE-2013-5172 Apple Numeric Errors vulnerability in Apple mac OS X

The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by an IPSec connection.

7.1
2013-10-22 CVE-2013-5428 IBM Permissions, Privileges, and Access Controls vulnerability in IBM products

IBM WebSphere DataPower XC10 appliances 2.5.0 do not require authentication for all administrative actions, which allows remote attackers to cause a denial of service via unspecified vectors.

7.1
2013-10-21 CVE-2013-5970 Vmware Improper Input Validation vulnerability in VMWare ESX and Esxi

hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 allows remote attackers to cause a denial of service (hostd-vmdb service outage) by modifying management traffic.

7.1

65 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-10-26 CVE-2013-5914 Polarssl Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Polarssl

Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet.

6.8
2013-10-26 CVE-2013-4885 Nmap
Opensuse
Arbitrary File Write vulnerability in Nmap

The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences.

6.8
2013-10-26 CVE-2011-4106 Binarymoon Improper Input Validation vulnerability in Binarymoon Timthumb 1.09/1.15/1.99

TimThumb (timthumb.php) before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache directory, as exploited in the wild in August 2011.

6.8
2013-10-25 CVE-2013-4957 Puppet Code Injection vulnerability in Puppet Enterprise

The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specific type.

6.8
2013-10-25 CVE-2013-5424 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Flex System Manager 1.3.0

IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-level account.

6.8
2013-10-25 CVE-2013-5522 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Catalyst 3750-X and IOS

Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286.

6.8
2013-10-24 CVE-2013-5143 Apple Certificate Validation Security Bypass vulnerability in Apple Mac OS X Server

The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback certificate.

6.8
2013-10-24 CVE-2013-1734 Mozilla Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla

Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via an update action.

6.8
2013-10-24 CVE-2013-1733 Mozilla Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla 4.4

Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs via vectors involving a midair-collision token.

6.8
2013-10-24 CVE-2013-5170 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

6.8
2013-10-24 CVE-2013-5168 Apple Improper Input Validation vulnerability in Apple mac OS X

Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL.

6.8
2013-10-23 CVE-2013-4422 Quassel IRC SQL Injection vulnerability in Quassel-Irc Quassel IRC

SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.

6.8
2013-10-22 CVE-2013-5703 Draytek OS Command Injection vulnerability in Draytek Vigor 2700 Router and Vigor 2700 Router Firmware

The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js.

6.8
2013-10-21 CVE-2013-5971 Vmware Permissions, Privileges, and Access Controls vulnerability in VMWare Vcenter Server

Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors.

6.8
2013-10-24 CVE-2013-5175 Apple Improper Input Validation vulnerability in Apple mac OS X

The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file.

6.6
2013-10-24 CVE-2013-5165 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured.

6.4
2013-10-24 CVE-2013-4299 Linux
Redhat
Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.

6.0
2013-10-24 CVE-2013-3244 SAP Code Injection vulnerability in SAP ERP Central Component

Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request.

6.0
2013-10-25 CVE-2013-6128 Wellintech Permissions, Privileges, and Access Controls vulnerability in Wellintech Kingview 3.0/6.5.30.2010.18018/6.52

The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the single pathname argument, as demonstrated by a directory traversal attack.

5.8
2013-10-25 CVE-2013-6127 Wellintech Path Traversal vulnerability in Wellintech Kingview

The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the two pathname arguments, as demonstrated by a directory traversal attack.

5.8
2013-10-24 CVE-2013-5189 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended security configuration after the completion of an update.

5.8
2013-10-24 CVE-2013-4390 Apache Improper Input Validation vulnerability in Apache Sling and Sling Auth Core Component

Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS."

5.8
2013-10-21 CVE-2012-4115 Cisco Cryptographic Issues vulnerability in Cisco Unified Computing System

The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72964.

5.8
2013-10-24 CVE-2013-5184 Apple Resource Management Errors vulnerability in Apple mac OS X

The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presence in an 802.11 network's coverage area.

5.7
2013-10-22 CVE-2013-5544 Cisco Resource Management Errors vulnerability in Cisco Adaptive Security Appliance Software

The VPN authentication functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (device reload) by sending many username-from-cert IKE requests, aka Bug ID CSCua91108.

5.4
2013-10-27 CVE-2013-4302 Mediawiki Permissions, Privileges, and Access Controls vulnerability in Mediawiki

(1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ApiMain.php, (5) ApiQueryDeletedrevs.php, (6) ApiTokens.php, and (7) ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow remote attackers to obtain CSRF tokens and bypass the cross-site request forgery (CSRF) protection mechanism via a JSONP request to wiki/api.php.

5.0
2013-10-27 CVE-2013-4301 Mediawiki Information Exposure vulnerability in Mediawiki

includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to obtain sensitive information via a "<" (open angle bracket) character in the lang parameter to w/load.php, which reveals the installation path in an error message.

5.0
2013-10-25 CVE-2013-4965 Puppet Improper Authentication vulnerability in Puppet Enterprise

Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force attack.

5.0
2013-10-25 CVE-2013-4434 Dropbear SSH Project Numeric Errors vulnerability in Dropbear SSH Project Dropbear SSH

Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames.

5.0
2013-10-25 CVE-2013-4421 Dropbear SSH Project Numeric Errors vulnerability in Dropbear SSH Project Dropbear SSH

The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed.

5.0
2013-10-25 CVE-2013-5531 Cisco Improper Authentication vulnerability in Cisco Identity Services Engine Software 1.0/1.1

Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405.

5.0
2013-10-25 CVE-2013-5521 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Identity Services Engine Software

Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of requests within one session, aka Bug ID CSCue94287.

5.0
2013-10-24 CVE-2013-5536 Cisco Improper Input Validation vulnerability in Cisco Secure Access Control System

Cisco Secure Access Control System (ACS) does not properly implement an incoming-packet firewall rule, which allows remote attackers to cause a denial of service (process crash) via a flood of crafted packets, aka Bug ID CSCui51521.

5.0
2013-10-24 CVE-2013-5130 Apple Information Exposure vulnerability in Apple Safari

WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by leveraging LocalStorage/ files.

5.0
2013-10-24 CVE-2013-6246 Dell Permissions, Privileges, and Access Controls vulnerability in Dell Quest ONE Password Manager 5.0

The Dell Quest One Password Manager, possibly 5.0, allows remote attackers to bypass CAPTCHA protections and obtain sensitive information (user's full name) by sending a login request with a valid domain and username but without the CaptchaType, UseCaptchaEveryTime, and CaptchaResponse parameters.

5.0
2013-10-24 CVE-2013-5182 Apple Cryptographic Issues vulnerability in Apple mac OS X

Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message.

5.0
2013-10-24 CVE-2013-5178 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence.

5.0
2013-10-24 CVE-2013-5167 Apple Configuration vulnerability in Apple mac OS X

CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers.

5.0
2013-10-24 CVE-2013-4295 Apache Information Exposure vulnerability in Apache Shindig 2.5.0

The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

5.0
2013-10-24 CVE-2013-6244 SAP Information Disclosure vulnerability in SAP NetWeaver Web Dynpro Live Update XML External Entity

The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

5.0
2013-10-22 CVE-2013-1739 Mozilla Unspecified vulnerability in Mozilla Network Security Services

Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure.

5.0
2013-10-21 CVE-2013-4450 Nodejs Improper Input Validation vulnerability in Nodejs

The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response.

5.0
2013-10-25 CVE-2013-1067 Canonical Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu Linux

Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file.

4.9
2013-10-24 CVE-2013-5192 Apple Improper Input Validation vulnerability in Apple mac OS X

The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number.

4.9
2013-10-24 CVE-2013-5177 Apple Numeric Errors vulnerability in Apple mac OS X

The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure.

4.9
2013-10-24 CVE-2013-5176 Apple Numeric Errors vulnerability in Apple mac OS X

The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error.

4.9
2013-10-24 CVE-2013-5174 Apple Numeric Errors vulnerability in Apple mac OS X

Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation.

4.9
2013-10-24 CVE-2013-5166 Apple Unspecified vulnerability in Apple mac OS X

The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application.

4.9
2013-10-25 CVE-2013-4465 Simplemachines Arbitrary File Upload vulnerability in SMF

Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

4.6
2013-10-22 CVE-2013-5550 Cisco Improper Input Validation vulnerability in Cisco Unified Computing System

The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via crafted command parameters that trigger hardware-component write operations, aka Bug ID CSCtq86549.

4.6
2013-10-27 CVE-2013-4122 CMU
GNU
Numeric Errors vulnerability in CMU Cyrus-Sasl

Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.

4.3
2013-10-26 CVE-2013-1445 Dlitz Cryptographic Issues vulnerability in Dlitz Pycrypto

The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.

4.3
2013-10-25 CVE-2013-6281 Dhtmlx Cross-Site Scripting vulnerability in Dhtmlx Dhtmlxspreadsheet 2.0

Cross-site scripting (XSS) vulnerability in codebase/spreadsheet.php in the Spreadsheet (dhtmlxSpreadsheet) plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "page" parameter.

4.3
2013-10-25 CVE-2013-6280 Linksalpha Cross-Site Scripting vulnerability in Linksalpha Social Sharing Toolkit Plugin

Cross-site scripting (XSS) vulnerability in Social Sharing Toolkit plugin before 2.1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-10-24 CVE-2013-1743 Mozilla Cross-Site Scripting vulnerability in Mozilla Bugzilla

Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the (1) summary or (2) real name field.

4.3
2013-10-24 CVE-2013-1742 Mozilla Cross-Site Scripting vulnerability in Mozilla Bugzilla

Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) sortkey parameter.

4.3
2013-10-24 CVE-2013-5190 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by interfering with the revocation-check procedure.

4.3
2013-10-24 CVE-2013-5185 Apple Cryptographic Issues vulnerability in Apple mac OS X

The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network.

4.3
2013-10-24 CVE-2013-5181 Apple Cryptographic Issues vulnerability in Apple mac OS X

The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network.

4.3
2013-10-24 CVE-2013-5180 Apple Cryptographic Issues vulnerability in Apple mac OS X

The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of these values, related to a compiler-optimization issue.

4.3
2013-10-24 CVE-2013-5136 Apple Information Exposure vulnerability in Apple Remote Desktop

Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session.

4.3
2013-10-23 CVE-2013-2651 Boltwire Cross-Site Scripting vulnerability in Boltwire

Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) "p" or (2) content parameter to index.php.

4.3
2013-10-22 CVE-2013-5389 IBM Cross-Site Scripting vulnerability in IBM Lotus Domino 8.5.3.0/9.0.0.0

Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK2X.

4.3
2013-10-22 CVE-2013-5388 IBM Cross-Site Scripting vulnerability in IBM Lotus Domino 8.5.3.0/9.0.0.0

Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK5F.

4.3
2013-10-24 CVE-2013-5188 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the hibernating state.

4.0

15 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-10-27 CVE-2013-4428 Openstack
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID.

3.5
2013-10-25 CVE-2013-3989 IBM Cryptographic Issues vulnerability in IBM Security Appscan

IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext AppScan Source database password in a response, which allows remote authenticated users to obtain sensitive information, and subsequently conduct man-in-the-middle attacks, by examining the response content.

3.5
2013-10-24 CVE-2013-5171 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration.

3.3
2013-10-24 CVE-2013-5164 Apple Race Condition vulnerability in Apple Iphone OS

Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane.

3.3
2013-10-24 CVE-2013-5144 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference.

3.3
2013-10-24 CVE-2013-4373 Redhat Improper Input Validation vulnerability in Redhat Jboss Operations Network 3.1.2

The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files.

3.2
2013-10-24 CVE-2013-5183 Apple Information Exposure vulnerability in Apple mac OS X

Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network.

2.6
2013-10-24 CVE-2013-2236 Quagga Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Quagga

Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA.

2.6
2013-10-24 CVE-2013-5191 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions.

2.1
2013-10-24 CVE-2013-5186 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state.

2.1
2013-10-24 CVE-2013-5173 Apple Cryptographic Issues vulnerability in Apple mac OS X

The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers.

2.1
2013-10-24 CVE-2013-5162 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.

2.1
2013-10-24 CVE-2013-4293 Redhat Cryptographic Issues vulnerability in Redhat Jboss Operations Network 3.1.2

The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive information by reading the log files.

2.1
2013-10-24 CVE-2013-5187 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state.

1.9
2013-10-24 CVE-2013-5169 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen.

1.9