Weekly Vulnerabilities Reports > October 28 to November 3, 2013

Overview

84 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 12 high severity vulnerabilities. This weekly summary report vulnerabilities in 79 products from 45 vendors including Mozilla, Redhat, Cisco, Novell, and Freedesktop. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Improper Input Validation", "Permissions, Privileges, and Access Controls", and "Cross-Site Request Forgery (CSRF)".

  • 72 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 16 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 69 reported vulnerabilities are exploitable by an anonymous user.
  • Mozilla has the most reported vulnerabilities, with 14 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 10 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

12 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-11-02 CVE-2013-6345 Novell Security vulnerability in Novell ZENworks Configuration Management

Unspecified vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 has unknown impact and attack vectors related to an "Application Exception."

10.0
2013-10-30 CVE-2013-5603 Mozilla Remote Code Execution vulnerability in Mozilla Firefox/Thunderbird/SeaMonkey

Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving HTML document templates.

10.0
2013-10-30 CVE-2013-5602 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla products

The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to direct proxies.

10.0
2013-10-30 CVE-2013-5601 Mozilla Remote Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors related to a memory allocation through the garbage collection (GC) API.

10.0
2013-10-30 CVE-2013-5600 Mozilla Remote Memory Corruption vulnerability in Mozilla Firefox/Thunderbird/SeaMonkey

Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors involving a blob: URL.

10.0
2013-10-30 CVE-2013-5599 Mozilla Remote Memory Corruption vulnerability in Mozilla Firefox/Thunderbird/SeaMonkey

Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a CANVAS element, a mozTextStyle attribute, and an onresize event.

10.0
2013-10-30 CVE-2013-5597 Mozilla Use After Free Memory Corruption vulnerability in Mozilla Firefox/Thunderbird/SeaMonkey

Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a state-change event during an update of the offline cache.

10.0
2013-10-30 CVE-2013-5592 Mozilla Remote Memory Corruption vulnerability in Mozilla Firefox

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2013-10-30 CVE-2013-5591 Mozilla Remote Memory Corruption vulnerability in Mozilla Firefox

Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2013-10-30 CVE-2013-5590 Mozilla Remote Memory Corruption vulnerability in Mozilla Firefox

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2013-10-28 CVE-2013-6288 Ingo Renner
Typo3
Cross Site Scripting and PHP Code Execution vulnerability in TYPO3 Apache Solr

Unspecified vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."

10.0
2013-10-30 CVE-2013-5604 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla products

The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via crafted documents.

9.3

12 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-11-02 CVE-2013-6349 Mcafee Code Injection vulnerability in Mcafee Email Gateway

McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors.

8.5
2013-11-02 CVE-2013-4401 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Libvirt

The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML.

8.5
2013-10-28 CVE-2013-6012 Juniper Improper Authentication vulnerability in Juniper Junos 12.1X44/12.1X45

Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote attackers to bypass authentication via unspecified vectors.

8.5
2013-10-30 CVE-2013-5598 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Firefox ESR

PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object.

8.3
2013-11-02 CVE-2013-6023 TVT Path Traversal vulnerability in TVT DVR and DVR Firmware

Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via ..

7.8
2013-10-31 CVE-2013-5547 Cisco Improper Input Validation vulnerability in Cisco products

Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269.

7.8
2013-10-31 CVE-2013-5546 Cisco Improper Input Validation vulnerability in Cisco products

The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component, aka Bug ID CSCud72509.

7.8
2013-10-31 CVE-2013-5545 Cisco Improper Input Validation vulnerability in Cisco products

The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936.

7.8
2013-10-31 CVE-2013-5543 Cisco Improper Input Validation vulnerability in Cisco products

Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by the Zone-Based Firewall (ZBFW) component, aka Bug ID CSCtt26470.

7.8
2013-10-29 CVE-2013-5741 Triplc Improper Input Validation vulnerability in Triplc Nano-10 PLC and Nano-10 PLC Firmware

Triangle Research International (aka Tri) Nano-10 PLC devices with firmware r81 and earlier do not properly handle large length values in MODBUS data, which allows remote attackers to cause a denial of service (transition to the interrupt state) via a crafted packet to TCP port 502.

7.8
2013-10-28 CVE-2013-4391 Freedesktop
Debian
Integer Overflow OR Wraparound vulnerability in multiple products

Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow.

7.5
2013-10-28 CVE-2013-2186 Redhat
Ubuntu
Improper Input Validation vulnerability in multiple products

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.

7.5

47 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-11-02 CVE-2013-6347 Novell Improper Authentication vulnerability in Novell Zenworks Configuration Management

Session fixation vulnerability in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors.

6.8
2013-11-02 CVE-2013-6346 Novell Cross-Site Request Forgery (CSRF) vulnerability in Novell Zenworks Configuration Management

Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2013-11-02 CVE-2013-4457 Thoughtbot OS Command Injection vulnerability in Thoughtbot Cocaine

The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation.

6.8
2013-11-01 CVE-2013-5977 Cart66 Cross-Site Request Forgery (CSRF) vulnerability in Cart66 Lite Plugin

Cross-site request forgery (CSRF) vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that (1) create or modify products or conduct cross-site scripting (XSS) attacks via the (2) Product name or (3) Price description field in a product save action via a request to wp-admin/admin.php.

6.8
2013-11-01 CVE-2013-2701 Linksalpha Cross-Site Request Forgery (CSRF) vulnerability in Linksalpha Social Sharing Toolkit Plugin 2.1.1

Cross-site request forgery (CSRF) vulnerability in the Social Sharing Toolkit plugin 2.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that manipulate plugin settings via unknown vectors.

6.8
2013-10-30 CVE-2013-5596 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla products

The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial of service (race condition and application crash) via a large HTML document containing IMG elements, as demonstrated by the Never-Ending Reddit on reddit.com.

6.8
2013-10-28 CVE-2013-3243 Opentext
SAP
Remote Code Injection vulnerability in ECM Suite

Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors.

6.8
2013-10-28 CVE-2013-2208 Andreas Krennmair Code Injection vulnerability in Andreas Krennmair TPP 1.3.1

tpp 1.3.1 allows remote attackers to execute arbitrary commands via a --exec command in a TPP template file.

6.8
2013-10-28 CVE-2012-6303 KTH
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file.

6.8
2013-10-28 CVE-2012-0826 Drupal Cross-Site Request Forgery (CSRF) vulnerability in Drupal

Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for requests that update feeds and possibly cause a denial of service (loss of updates due to rate limit) via unspecified vectors.

6.8
2013-10-28 CVE-2012-0825 Drupal Information Exposure vulnerability in Drupal

Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.

6.8
2013-10-28 CVE-2010-1159 Aircrack NG
Gentoo
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL packet.

6.8
2013-10-28 CVE-2013-6018 Tylertech Cross-Site Request Forgery (CSRF) vulnerability in Tylertech Taxweb 3.13.3.1

Cross-site request forgery (CSRF) vulnerability in login.jsp in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password.

6.8
2013-11-02 CVE-2013-2065 Opensuse
Ruby Lang
Permissions, Privileges, and Access Controls vulnerability in multiple products

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.

6.4
2013-11-01 CVE-2013-5551 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Adaptive Security Appliance Software

Cisco Adaptive Security Appliance (ASA) Software, when certain same-security-traffic and management-access options are enabled, allows remote authenticated users to cause a denial of service (stack overflow and device reload) by using the clientless SSL VPN portal for internal-resource browsing, aka Bug ID CSCui51199.

6.3
2013-10-28 CVE-2013-6014 Juniper Information Exposure vulnerability in Juniper Junos

Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when Proxy ARP is enabled on an unnumbered interface, allows remote attackers to perform ARP poisoning attacks and possibly obtain sensitive information via a crafted ARP message.

6.1
2013-11-02 CVE-2013-3631 Nas4Free Code Injection vulnerability in Nas4Free 9.1.0.1.798/9.1.0.1.804

NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature.

6.0
2013-10-28 CVE-2013-4394 Freedesktop
Debian
Incorrect Default Permissions vulnerability in multiple products

The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters."

5.9
2013-11-01 CVE-2013-5431 IBM Improper Input Validation vulnerability in IBM products

Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

5.8
2013-10-28 CVE-2013-6020 Tylertech Information Exposure vulnerability in Tylertech Taxweb 3.13.3.1

passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests to the (1) Assessor, (2) Recorder, or (3) Treasurer application.

5.8
2013-10-28 CVE-2013-5430 IBM Credentials Management vulnerability in IBM Security Appscan

The Jazz Team Server component in IBM Security AppScan Enterprise 8.x before 8.8 has a default username and password, which makes it easier for remote authenticated users to obtain unspecified access to this component by leveraging this credential information in an environment with applicable component installation details.

5.5
2013-11-02 CVE-2013-4416 XEN Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in XEN

The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply.

5.2
2013-11-02 CVE-2013-4494 XEN
Debian
Improper Input Validation vulnerability in multiple products

Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors.

5.2
2013-11-02 CVE-2013-4282 Spice Project
Redhat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.

5.0
2013-11-02 CVE-2013-1084 Novell Path Traversal vulnerability in Novell Zenworks Configuration Management 11.2.3

Directory traversal vulnerability in the GetFle method in the umaninv service in Novell ZENworks Configuration Management (ZCM) 11.2.3 allows remote attackers to read arbitrary files via a ..

5.0
2013-11-02 CVE-2013-6076 Strongswan Unspecified vulnerability in Strongswan

strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and charon daemon crash) via a crafted IKEv1 fragmentation packet.

5.0
2013-11-02 CVE-2013-6075 Strongswan Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Strongswan

The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an "insufficient length check" during identity comparison.

5.0
2013-11-01 CVE-2013-4484 Varnish Cache Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Varnish-Cache Varnish

Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI.

5.0
2013-10-28 CVE-2013-4402 Gnupg
Canonical
Improper Input Validation vulnerability in multiple products

The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.

5.0
2013-10-28 CVE-2013-6285 Tylertech Information Exposure vulnerability in Tylertech Taxweb 3.13.3.1

The search component in the Treasurer application in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to obtain sensitive query-structure information via an invalid search request, a different vulnerability than CVE-2013-6020.

5.0
2013-11-01 CVE-2013-3630 Moodle Code Injection vulnerability in Moodle

Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.

4.6
2013-11-02 CVE-2013-6348 Apache Cross-Site Scripting vulnerability in Apache Struts 2.3.15.3

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and (2) showConfig.action in config-browser/.

4.3
2013-11-02 CVE-2013-6111 Modpagespeed Cross-Site Scripting vulnerability in Modpagespeed MOD Pagespeed

Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.x, 1.0.22.7, 1.1.x, 1.24.1, 1.3.25.1 through 1.3.25.4, 1.4.26.1 through 1.4.26.4, 1.5.27.1 through 1.5.27.3, and 1.6.29.1 through 1.6.29.6 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-11-02 CVE-2013-6344 Novell Cross-Site Scripting vulnerability in Novell Zenworks Configuration Management

The ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows attackers to conduct cross-frame scripting attacks via unknown vectors.

4.3
2013-11-02 CVE-2013-2652 Andrew Simpson Cross-Site Scripting vulnerability in Andrew Simpson Webcollab

CRLF injection vulnerability in help/help_language.php in WebCollab 3.30 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the item parameter.

4.3
2013-11-01 CVE-2013-4447 MD Systems Cross-Site Scripting vulnerability in Md-Systems Simplenews

Cross-site scripting (XSS) vulnerability in the API in the Simplenews module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an email address.

4.3
2013-11-01 CVE-2013-5555 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Unified Communications Manager

Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349.

4.3
2013-11-01 CVE-2013-5548 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco IOS

The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795.

4.3
2013-10-30 CVE-2013-5595 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla products

The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct buffer overflow attacks via a crafted web page.

4.3
2013-10-30 CVE-2013-5593 Mozilla Improper Input Validation vulnerability in Mozilla products

The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct clickjacking attacks via vectors that trigger navigation off of a page containing this element.

4.3
2013-10-29 CVE-2013-5968 CA Cross-Site Scripting vulnerability in CA Siteminder and web Agents

Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (double quote) character.

4.3
2013-10-28 CVE-2013-6289 Ingo Renner
Typo3
Cross-Site Scripting vulnerability in Ingo Renner Apache Solr

Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-10-28 CVE-2013-5744 Fengoffice Cross-Site Scripting vulnerability in Fengoffice Feng Office

Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX parameter.

4.3
2013-10-28 CVE-2013-3704 Novell Cryptographic Issues vulnerability in Novell Libzypp

The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a more-trustworthy key.

4.3
2013-10-28 CVE-2012-4529 Redhat Session ID Information Disclosure vulnerability in Redhat products

The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id (1) via a man-in-the-middle attack or (2) by reading a log.

4.3
2013-10-28 CVE-2013-6019 Tylertech Cross-Site Scripting vulnerability in Tylertech Taxweb 3.13.3.1

Cross-site scripting (XSS) vulnerability in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to inject arbitrary web script or HTML via the accountNum parameter to an unspecified component.

4.3
2013-10-29 CVE-2013-4185 Openstack
Redhat
Cryptographic Issues vulnerability in multiple products

Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.

4.0

13 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-10-28 CVE-2012-4572 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat products

Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications' authorization decisions via a crafted application.

3.7
2013-11-02 CVE-2013-3617 Openbravo Permissions, Privileges, and Access Controls vulnerability in Openbravo ERP 2.40/2.50/3.0

The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue.

3.5
2013-11-02 CVE-2013-3285 EMC Cryptographic Issues vulnerability in EMC Networker

The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2) requests to RAP resources.

3.5
2013-11-01 CVE-2013-4713 Iodata Cross-Site Scripting vulnerability in Iodata Rockdisk and Rockdisk Firmware

Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-10-29 CVE-2013-4261 Openstack
Redhat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log.

3.5
2013-10-28 CVE-2012-0827 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal

The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors.

3.5
2013-11-02 CVE-2013-4477 Openstack Permissions, Privileges, and Access Controls vulnerability in Openstack Grizzly and Havana

The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.

3.3
2013-10-28 CVE-2013-4392 Freedesktop Link Following vulnerability in Freedesktop Systemd

systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.

3.3
2013-10-28 CVE-2013-2102 Redhat Improper Authentication vulnerability in Redhat Jboss Enterprise Portal Platform

The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service.

3.3
2013-10-28 CVE-2013-4393 Freedesktop Unspecified vulnerability in Freedesktop Systemd

journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor.

2.1
2013-11-02 CVE-2013-3287 EMC Cryptographic Issues vulnerability in EMC Unisphere

EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level of debug logging in LDAP configurations, allows local users to discover the cleartext LDAP bind password by reading the console.

1.9
2013-11-02 CVE-2013-4469 Openstack Resource Management Errors vulnerability in Openstack Folsom, Grizzly and Havana

OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance.

1.9
2013-10-28 CVE-2013-1056 Canonical Local Denial of Service vulnerability in X.Org X Server Xephyr

X.org X server 1.13.3 and earlier, when not run as root, allows local users to cause a denial of service (crash) or possibly gain privileges via vectors involving cached xkb files.

1.9