Weekly Vulnerabilities Reports > November 18 to 24, 2013

Overview

181 new vulnerabilities reported during this period, including 26 critical vulnerabilities and 30 high severity vulnerabilities. This weekly summary report vulnerabilities in 137 products from 69 vendors including Ffmpeg, IBM, Redhat, Opensuse, and Cisco. Vulnerabilities are notably categorized as "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", and "Numeric Errors".

  • 147 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 35 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 157 reported vulnerabilities are exploitable by an anonymous user.
  • Ffmpeg has the most reported vulnerabilities, with 20 reported vulnerabilities.
  • Ffmpeg has the most reported critical vulnerabilities, with 16 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

26 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-11-23 CVE-2013-0864 Ffmpeg Numeric Errors vulnerability in Ffmpeg

The gif_copy_img_rect function in libavcodec/gifdec.c in FFmpeg before 1.1.2 performs an incorrect calculation for an "end pointer," which allows remote attackers to have an unspecified impact via crafted GIF data that triggers an out-of-bounds array access.

10.0
2013-11-23 CVE-2013-4265 Ffmpeg Memory Corruption vulnerability in FFmpeg

The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a "wrong return code" and a resultant NULL pointer dereference.

10.0
2013-11-23 CVE-2013-0873 Ffmpeg Improper Input Validation vulnerability in Ffmpeg

The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid channel count, related to "freeing invalid addresses."

10.0
2013-11-23 CVE-2013-0872 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The swr_init function in libswresample/swresample.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid or unsupported (1) input or (2) output channel layout, related to an out-of-bounds array access.

10.0
2013-11-20 CVE-2013-6822 SAP Unspecified vulnerability in SAP Netweaver

GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue.

10.0
2013-11-20 CVE-2013-4495 Adaptivecomputing Code Injection vulnerability in Adaptivecomputing Torque Resource Manager

The send_the_mail function in server/svr_mail.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 4.2.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the email (-M switch) to qsub.

10.0
2013-11-24 CVE-2013-5458 IBM Arbitrary Code Execution vulnerability in IBM Java 7.0.0.0

Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows remote attackers to execute arbitrary code via unspecified vectors.

9.3
2013-11-24 CVE-2013-5457 IBM Arbitrary Code Execution vulnerability in IBM Java 6.0.0.0/6.0.1.0/7.0.0.0

Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to execute arbitrary code via unspecified vectors.

9.3
2013-11-24 CVE-2013-5456 IBM Arbitrary Code Execution vulnerability in IBM Java 7.0.0.0

The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block.

9.3
2013-11-23 CVE-2013-0869 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted H.264 data, related to an SPS and slice mismatch and an out-of-bounds array access.

9.3
2013-11-23 CVE-2013-0868 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) "len==0 cases."

9.3
2013-11-23 CVE-2013-0867 Ffmpeg Improper Input Validation vulnerability in Ffmpeg

The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1.2 does not properly check when the pixel format changes, which allows remote attackers to have unspecified impact via crafted H.264 video data, related to an out-of-bounds array access.

9.3
2013-11-23 CVE-2013-0866 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large number of channels in an AAC file, which triggers an out-of-bounds array access.

9.3
2013-11-23 CVE-2013-0865 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood Studios VQA Video file, which triggers an out-of-bounds write.

9.3
2013-11-23 CVE-2013-0863 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

Buffer overflow in the rle_decode function in libavcodec/sanm.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via crafted LucasArts Smush video data.

9.3
2013-11-23 CVE-2013-0862 Ffmpeg Numeric Errors vulnerability in Ffmpeg

Multiple integer overflows in the process_frame_obj function in libavcodec/sanm.c in FFmpeg before 1.1.2 allow remote attackers to have an unspecified impact via crafted image dimensions in LucasArts Smush video data, which triggers an out-of-bounds array access.

9.3
2013-11-23 CVE-2013-0878 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The advance_line function in libavcodec/targa.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted Targa image data, related to an out-of-bounds array access.

9.3
2013-11-23 CVE-2013-0877 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The old_codec37 function in libavcodec/sanm.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted LucasArts Smush data that has a large size when decoded, related to an out-of-bounds array access.

9.3
2013-11-23 CVE-2013-0876 Ffmpeg Numeric Errors vulnerability in Ffmpeg

Multiple integer overflows in the (1) old_codec37 and (2) old_codec47 functions in libavcodec/sanm.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via crafted LucasArts Smush data, which triggers an out-of-bounds array access.

9.3
2013-11-23 CVE-2013-0875 Ffmpeg Numeric Errors vulnerability in Ffmpeg

The ff_add_png_paeth_prediction function in libavcodec/pngdec.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via a crafted PNG image, related to an out-of-bounds array access.

9.3
2013-11-23 CVE-2013-0874 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The (1) doubles2str and (2) shorts2str functions in libavcodec/tiff.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via a crafted TIFF image, related to an out-of-bounds array access.

9.3
2013-11-20 CVE-2013-6820 SAP Unspecified vulnerability in SAP Netweaver Development Infrastructure

Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors.

9.3
2013-11-18 CVE-2013-6632 Google
Debian
Numeric Errors vulnerability in Google Chrome

Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013.

9.3
2013-11-23 CVE-2013-6866 Sybase Code Injection vulnerability in Sybase Adaptive Server Enterprise 15.0.3/15.5/15.7

SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR736689.

9.0
2013-11-23 CVE-2013-6865 Sybase Code Injection vulnerability in Sybase Adaptive Server Enterprise 15.0.3/15.5/15.7

SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR732989.

9.0
2013-11-23 CVE-2013-6863 Sybase Permissions, Privileges, and Access Controls vulnerability in Sybase Adaptive Server Enterprise 15.0.3/15.5/15.7

SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to gain privileges via unspecified vectors.

9.0

30 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-11-23 CVE-2013-6859 Sybase Improper Authentication vulnerability in Sybase Adaptive Server Enterprise 15.0.3/15.5/15.7

SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3.

8.5
2013-11-23 CVE-2013-6375 XEN
Opensuse
Permissions, Privileges, and Access Controls vulnerability in multiple products

Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "inverted boolean parameter."

7.9
2013-11-23 CVE-2013-6868 Sybase Information Exposure vulnerability in Sybase Adaptive Server Enterprise 15.0.3/15.5/15.7

SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unspecified vectors.

7.8
2013-11-23 CVE-2013-6862 Sybase Unspecified vulnerability in Sybase Adaptive Server Enterprise 15.0.3/15.5/15.7

Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a denial of service via unspecified vectors.

7.8
2013-11-22 CVE-2013-5998 Dlink Denial of Service vulnerability in Dlink Des-3800 and Des-3800 Firmware

Unspecified vulnerability in the Web manager implementation on D-Link Japan DES-3800 devices with firmware before R4.50B58 allows remote attackers to cause a denial of service (device hang) via unknown vectors, a different vulnerability than CVE-2013-5997.

7.8
2013-11-18 CVE-2013-4510 Tryton Path Traversal vulnerability in Tryton 3.0.0

Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report.

7.8
2013-11-20 CVE-2013-4559 Lighttpd
Debian
Opensuse
Permissions, Privileges, and Access Controls vulnerability in multiple products

lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.

7.6
2013-11-19 CVE-2013-2271 Dlink Permissions, Privileges, and Access Controls vulnerability in Dlink Dsl-2740B and Dsl-2740B Firmware

The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.cgi.

7.6
2013-11-23 CVE-2013-6869 SAP SQL Injection vulnerability in SAP Netweaver 7.30

SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2013-11-23 CVE-2013-4547 Nginx
Suse
Opensuse
Improper Encoding OR Escaping of Output vulnerability in multiple products

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.

7.5
2013-11-23 CVE-2013-4263 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

libavfilter in FFmpeg before 2.0.1 has unspecified impact and remote vectors related to a crafted "plane," which triggers an out-of-bounds heap write.

7.5
2013-11-23 CVE-2013-4473 Freedesktop
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.

7.5
2013-11-20 CVE-2013-6830 Pineapp Code Injection vulnerability in Pineapp Mail-Secure 5099Sk

admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms allows remote attackers to execute arbitrary commands via shell metacharacters in the nsserver parameter during an nslookup operation.

7.5
2013-11-20 CVE-2013-6829 Pineapp Code Injection vulnerability in Pineapp Mail-Secure

admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation.

7.5
2013-11-20 CVE-2013-5607 Mozilla Numeric Errors vulnerability in Mozilla products

Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741.

7.5
2013-11-20 CVE-2013-4386 Redhat
Theforeman
SQL Injection vulnerability in multiple products

Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter.

7.5
2013-11-19 CVE-2013-6631 Google Use After Free Remote Code Execution vulnerability in Google Chrome

Use-after-free vulnerability in the Channel::SendRTCPPacket function in voice_engine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger the absence of certain statistics initialization, leading to the skipping of a required DeRegisterExternalTransport call.

7.5
2013-11-18 CVE-2013-5605 Mozilla Improper Input Validation vulnerability in Mozilla Network Security Services

Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets.

7.5
2013-11-18 CVE-2013-1741 Mozilla Numeric Errors vulnerability in Mozilla Network Security Services 3.15/3.15.1/3.15.2

Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value.

7.5
2013-11-18 CVE-2013-4557 Spip Code Injection vulnerability in Spip

The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter.

7.5
2013-11-18 CVE-2013-4480 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Network Satellite

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.

7.5
2013-11-23 CVE-2013-1813 Redhat
T Mobile
Busybox
Permissions, Privileges, and Access Controls vulnerability in multiple products

util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.

7.2
2013-11-20 CVE-2013-6831 Pineapp Permissions, Privileges, and Access Controls vulnerability in Pineapp Mail-Secure 5099Sk

PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms has a sudoers file that does not properly restrict user specifications, which allows local users to gain privileges via a sudo command that leverages access to the qmailq account.

7.2
2013-11-20 CVE-2013-6282 Linux Improper Input Validation vulnerability in Linux Kernel

The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.

7.2
2013-11-18 CVE-2013-5972 Vmware Permissions, Privileges, and Access Controls vulnerability in VMWare Player and Workstation

VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors.

7.2
2013-11-23 CVE-2013-6867 Sybase Unspecified vulnerability in Sybase Adaptive Server Enterprise 15.7

Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a denial of service via unspecified vectors.

7.1
2013-11-22 CVE-2013-2811 Catapultsoftware
GE
Improper Input Validation vulnerability in multiple products

The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet.

7.1
2013-11-20 CVE-2013-4563 Linux Numeric Errors vulnerability in Linux Kernel

The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline.

7.1
2013-11-18 CVE-2013-6801 Microsoft Resource Management Errors vulnerability in Microsoft Word 2003

Microsoft Word 2003 SP2 and SP3 on Windows XP SP3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed .doc file containing an embedded image, as demonstrated by word2003forkbomb.doc, related to a "fork bomb" issue.

7.1
2013-11-18 CVE-2013-3876 Microsoft Improper Input Validation vulnerability in Microsoft products

DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify server X.509 certificates, which allows man-in-the-middle attackers to spoof servers and read encrypted domain credentials via a crafted certificate.

7.1

107 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-11-20 CVE-2013-4588 Linux
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function.

6.9
2013-11-18 CVE-2013-6689 Cisco Improper Input Validation vulnerability in Cisco Unified Communications Manager

Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.

6.9
2013-11-24 CVE-2013-5375 IBM Security Bypass vulnerability in IBM Java

Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and 5.0.0 before SR16 FP4 allows remote attackers to access restricted classes via unspecified vectors related to XML and XSL.

6.8
2013-11-24 CVE-2013-4041 IBM Security Bypass vulnerability in IBM Java

Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors.

6.8
2013-11-23 CVE-2013-4164 Ruby Lang Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ruby-Lang Ruby

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.

6.8
2013-11-23 CVE-2013-6860 Sybase Unspecified vulnerability in Sybase Adaptive Server Enterprise 15.0.3/15.5/15.7

Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to obtain sensitive information via unspecified vectors.

6.8
2013-11-23 CVE-2013-4407 Http Body Project Remote Command Injection vulnerability in CPAN HTTP::Body::MultiPart Module

HTTP::Body::Multipart in the HTTP-Body 1.08, 1.17, and earlier module for Perl uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.

6.8
2013-11-22 CVE-2013-5997 Dlink Denial of Service vulnerability in Dlink Des-3800 and Des-3800 Firmware

Unspecified vulnerability in the SSH implementation on D-Link Japan DES-3800 devices with firmware before R4.50B58 allows remote authenticated users to cause a denial of service (device hang) via unknown vectors, a different vulnerability than CVE-2013-5998.

6.8
2013-11-22 CVE-2013-6852 HP Cross-Site Request Forgery (CSRF) vulnerability in HP 2620-24-Poe+ Switch

Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method.

6.8
2013-11-21 CVE-2013-6173 EMC Cross-Site Request Forgery (CSRF) vulnerability in EMC Document Sciences Xpression 4.1/4.2/4.5

Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions in (1) xAdmin or (2) xDashboard.

6.8
2013-11-21 CVE-2013-5993 Lockon Cross-Site Request Forgery (CSRF) vulnerability in Lockon Ec-Cube

Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals.

6.8
2013-11-20 CVE-2013-6826 Fortinet Cross-Site Request Forgery (CSRF) vulnerability in Fortinet products

cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.

6.8
2013-11-20 CVE-2013-6817 SAP Buffer Errors vulnerability in SAP Network Interface Router 7.30

Heap-based buffer overflow in SAP Network Interface Router (SAProuter) 7.30 allows remote attackers to cause a denial of service and execute arbitrary code via crafted NI Route messages.

6.8
2013-11-20 CVE-2013-5730 Dlink Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dsl-2740B and Dsl-2740B Firmware

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or disable Wireless MAC Address Filters via a wlFltMode action to wlmacflt.cmd, (2) enable or disable firewall protections via a request to scdmz.cmd, or (3) enable or disable remote management via a save action to scsrvcntr.cmd.

6.8
2013-11-20 CVE-2013-3095 Dlink Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir865L and Dir865L Firmware

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR865L router (Rev.

6.8
2013-11-19 CVE-2013-6797 Sunil Nanda Cross-Site Request Forgery (CSRF) vulnerability in Sunil Nanda Blue Wrench Video Widget

Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url parameter in the bw-videos page to wp-admin/admin.php, as demonstrated by embedding a URL to a JavaScript file.

6.8
2013-11-18 CVE-2013-6686 Cisco Improper Input Validation vulnerability in Cisco IOS

The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568.

6.8
2013-11-18 CVE-2013-5556 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Nexus 1000V

The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted "install all iso" arguments, aka Bug ID CSCui21340.

6.8
2013-11-18 CVE-2013-4843 HP Information Disclosure vulnerability in HP products

Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors.

6.8
2013-11-18 CVE-2013-3694 Blackberry
Apple
Microsoft
Cross-Site Request Forgery (CSRF) vulnerability in Blackberry Link

BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create arbitrary files via IPv6 WebDAV requests, as demonstrated by a CSRF attack involving DNS rebinding.

6.8
2013-11-18 CVE-2013-3406 Cisco Improper Input Validation vulnerability in Cisco Service Portal 9.4.1

The "Files Available for Download" implementation in the Cisco Intelligent Automation for Cloud component in Cisco Services Portal 9.4(1) allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCug65687.

6.8
2013-11-18 CVE-2013-4555 Spip Cross-Site Request Forgery (CSRF) vulnerability in Spip

Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors.

6.8
2013-11-18 CVE-2013-2114 Mediawiki Unspecified vulnerability in Mediawiki

Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.

6.8
2013-11-21 CVE-2013-6176 EMC SQL Injection vulnerability in EMC Document Sciences Xpression 4.1/4.2/4.5

Multiple SQL injection vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote authenticated users to execute arbitrary SQL commands via unspecified input to a (1) xAdmin or (2) xDashboard form.

6.5
2013-11-20 CVE-2013-6828 Pineapp Improper Authentication vulnerability in Pineapp Mail-Secure

admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter.

6.4
2013-11-20 CVE-2013-6823 SAP Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver

GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors.

6.4
2013-11-20 CVE-2013-6818 SAP Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver Logviewer 6.30

SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors.

6.4
2013-11-23 CVE-2013-2561 Redhat
Openfabrics
Link Following vulnerability in multiple products

OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/.

6.3
2013-11-23 CVE-2013-4214 Nagios
Redhat
Link Following vulnerability in multiple products

rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.

6.3
2013-11-23 CVE-2013-2029 Redhat Link Following vulnerability in Redhat Openstack 3.0

nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/.

6.3
2013-11-22 CVE-2013-6692 Cisco Resource Management Errors vulnerability in Cisco IOS XE

Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka Bug ID CSCuh04949.

6.3
2013-11-18 CVE-2013-6688 Cisco Path Traversal vulnerability in Cisco Unified Communications Manager

Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.

6.3
2013-11-23 CVE-2013-4482 Scientificlinux
Redhat
Local Privilege Escalation vulnerability in LuCI

Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories.

6.2
2013-11-20 CVE-2013-4591 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a getxattr system call for the system.nfs4_acl extended attribute of a pathname on an NFSv4 filesystem.

6.2
2013-11-23 CVE-2013-6864 Sybase Path Traversal vulnerability in Sybase Adaptive Server Enterprise 15.0.3/15.5/15.7

Directory traversal vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to affect confidentiality, integrity, and availability via unspecified vectors.

6.1
2013-11-23 CVE-2013-1058 Canonical Cryptographic Issues vulnerability in Canonical Maas and Ubuntu Linux

maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack.

5.8
2013-11-22 CVE-2013-5999 Kingsoft Cryptographic Issues vulnerability in Kingsoft Kdrive 1.21.0.1878

Kingsoft KDrive Personal before 1.21.0.1880 on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.8
2013-11-21 CVE-2013-6174 EMC Improper Input Validation vulnerability in EMC Document Sciences Xpression 4.1/4.2/4.5

Multiple open redirect vulnerabilities in xAdmin in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters.

5.8
2013-11-20 CVE-2013-6814 SAP Improper Input Validation vulnerability in SAP Netweaver

The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors.

5.8
2013-11-18 CVE-2013-6802 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

Google Chrome before 31.0.1650.57 allows remote attackers to bypass intended sandbox restrictions by leveraging access to a renderer process, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013, a different vulnerability than CVE-2013-6632.

5.8
2013-11-18 CVE-2013-5606 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Network Security Services 3.15/3.15.1/3.15.2

The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate.

5.8
2013-11-18 CVE-2013-6798 Blackberry
Microsoft
Apple
Permissions, Privileges, and Access Controls vulnerability in Blackberry Link

BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user account for execution of Peer Manager in certain situations involving successive logins with different accounts, which allows context-dependent attackers to bypass intended restrictions on remote file-access folders via IPv6 WebDAV requests, a different vulnerability than CVE-2013-3694.

5.8
2013-11-18 CVE-2013-4551 XEN Improper Input Validation vulnerability in XEN

Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of service (host crash) via unspecified vectors related to "guest VMX instruction execution."

5.7
2013-11-21 CVE-2013-5995 Lockon Information Exposure vulnerability in Lockon Ec-Cube

data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses.

5.5
2013-11-22 CVE-2013-6693 Cisco Buffer Errors vulnerability in Cisco IOS

The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID CSCue22345.

5.4
2013-11-23 CVE-2013-0861 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The avcodec_decode_audio4 function in libavcodec/utils.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 allows remote attackers to trigger memory corruption via vectors related to the channel layout.

5.0
2013-11-23 CVE-2013-4474 Canonical
Freedesktop
Improper Input Validation vulnerability in multiple products

Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.

5.0
2013-11-23 CVE-2010-3443 Quassel IRC
Canonical
Resource Management Errors vulnerability in multiple products

ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows remote attackers to cause a denial of service (unresponsive IRC) via multiple Client-To-Client Protocol (CTCP) requests in a PRIVMSG message.

5.0
2013-11-22 CVE-2013-6699 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Wireless LAN Controller

The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read, aka Bug ID CSCuh81880.

5.0
2013-11-22 CVE-2013-6312 IBM Unspecified vulnerability in IBM products

Unspecified vulnerability in IBM Rational Service Tester 8.3.x and 8.5.x before 8.5.1 and Rational Performance Tester 8.3.x and 8.5.x before 8.5.1 allows remote attackers to read arbitrary files via unknown vectors.

5.0
2013-11-21 CVE-2013-5994 Lockon Information Exposure vulnerability in Lockon Ec-Cube

data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.

5.0
2013-11-20 CVE-2013-6827 Pineapp Path Traversal vulnerability in Pineapp Mail-Secure

Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter.

5.0
2013-11-20 CVE-2013-6821 SAP Path Traversal vulnerability in SAP Netweaver

Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors.

5.0
2013-11-20 CVE-2013-6815 SAP Improper Input Validation vulnerability in SAP Netweaver

The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue.

5.0
2013-11-20 CVE-2013-4560 Lighttpd
Debian
Opensuse
USE After Free vulnerability in multiple products

Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.

5.0
2013-11-20 CVE-2013-4487 GNU
Opensuse
Numeric Errors vulnerability in multiple products

Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.

5.0
2013-11-20 CVE-2013-4466 GNU Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Gnutls

Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.

5.0
2013-11-19 CVE-2013-6630 Google Numeric Errors vulnerability in Google Chrome

The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

5.0
2013-11-19 CVE-2013-6629 Google
Oracle
Artifex
Information Exposure vulnerability in Google Chrome

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

5.0
2013-11-18 CVE-2013-3407 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Server Provisioner 6.3.0/6.4.0

The web interface in Cisco Server Provisioner 6.4.0 Patch 5-1301292331 and earlier does not require authentication for unspecified pages, which allows remote attackers to obtain sensitive information via a direct request, aka Bug ID CSCug65664.

5.0
2013-11-18 CVE-2013-3030 IBM Improper Input Validation vulnerability in IBM Cognos Business Intelligence

The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers to cause a denial of service (temporary gateway outage) via crafted HTTP requests.

5.0
2013-11-18 CVE-2013-2032 Mediawiki
Fedoraproject
Gentoo
Permissions, Privileges, and Access Controls vulnerability in multiple products

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.

5.0
2013-11-23 CVE-2013-6861 Sybase Unspecified vulnerability in Sybase Adaptive Server Enterprise 15.0.3/15.5/15.7

Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unspecified vectors.

4.9
2013-11-21 CVE-2013-6834 Freebsd Improper Input Validation vulnerability in Freebsd

The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call.

4.9
2013-11-21 CVE-2013-6833 Freebsd Improper Input Validation vulnerability in Freebsd

The qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call.

4.9
2013-11-21 CVE-2013-6832 Freebsd Information Exposure vulnerability in Freebsd

The nand_ioctl function in sys/dev/nand/nand_geom.c in the nand driver in the kernel in FreeBSD 10 and earlier does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call.

4.9
2013-11-22 CVE-2013-2823 Catapultsoftware
GE
Improper Input Validation vulnerability in multiple products

The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line.

4.7
2013-11-18 CVE-2013-6799 Apple Buffer Errors vulnerability in Apple mac OS X 10.9

Apple Mac OS X 10.9 allows local users to cause a denial of service (memory corruption or panic) by creating a hard link to a directory.

4.7
2013-11-18 CVE-2013-5193 Apple Credentials Management vulnerability in Apple Iphone OS

The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials.

4.7
2013-11-18 CVE-2013-1057 Canonical Improper Input Validation vulnerability in Canonical Maas and Ubuntu Linux

Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current working directory.

4.4
2013-11-23 CVE-2013-0860 Ffmpeg Improper Input Validation vulnerability in Ffmpeg

The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data.

4.3
2013-11-23 CVE-2013-0221 Redhat
Opensuse
Improper Input Validation vulnerability in multiple products

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.

4.3
2013-11-23 CVE-2013-6858 Openstack
Opensuse
Canonical
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.

4.3
2013-11-23 CVE-2013-4264 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote attackers to cause a denial of service (out-of-bounds heap write) via a G2M4 encoded file.

4.3
2013-11-23 CVE-2013-4589 Novell
Graphicsmagick
Fedoraproject
Denial Of Service vulnerability in GraphicsMagick 'ExportAlphaQuantumType()' Function

The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image.

4.3
2013-11-23 CVE-2013-4545 Haxx Cryptographic Issues vulnerability in Haxx Curl and Libcurl

cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

4.3
2013-11-23 CVE-2013-0281 Redhat
Clusterlabs
Resource Management Errors vulnerability in multiple products

Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service (connection blocking).

4.3
2013-11-22 CVE-2013-6342 Tweet Blender Cross-Site Scripting vulnerability in Tweet-Blender

Cross-site scripting (XSS) vulnerability in the Tweet Blender plugin before 4.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tb_tab_index parameter to wp-admin/options-general.php.

4.3
2013-11-22 CVE-2013-6698 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Wireless LAN Controller

The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf77821.

4.3
2013-11-22 CVE-2013-6694 Cisco Improper Input Validation vulnerability in Cisco IOS

The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918.

4.3
2013-11-22 CVE-2013-3288 EMC Cross-Site Scripting vulnerability in EMC RSA Data Protection Manager Appliance

Cross-site scripting (XSS) vulnerability on the EMC RSA Data Protection Manager (DPM) appliance 3.2.x before 3.2.4.2 and 3.5.x before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2013-11-21 CVE-2013-6175 EMC Cross-Site Scripting vulnerability in EMC Document Sciences Xpression 4.1/4.2/4.5

Multiple cross-site scripting (XSS) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to inject arbitrary web script or HTML via unspecified input to a (1) xAdmin or (2) xDashboard form.

4.3
2013-11-21 CVE-2013-5996 Lockon Cross-Site Scripting vulnerability in Lockon Ec-Cube

Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values.

4.3
2013-11-21 CVE-2013-5992 Lockon Cross-Site Scripting vulnerability in Lockon Ec-Cube

Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output.

4.3
2013-11-21 CVE-2013-5991 Lockon Information Exposure vulnerability in Lockon Ec-Cube

The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log output.

4.3
2013-11-20 CVE-2013-6819 SAP Cross-Site Scripting vulnerability in SAP Netweaver

Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-11-20 CVE-2013-6816 SAP Cross-Site Scripting vulnerability in SAP Netweaver

Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-11-20 CVE-2013-6074 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an attached SVG file.

4.3
2013-11-20 CVE-2013-5966 Zkoss Cross-Site Scripting vulnerability in Zkoss ZK Framework

Cross-site scripting (XSS) vulnerability in ZK Framework before 5.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-11-20 CVE-2013-5215 Foscam Cross-Site Scripting vulnerability in Foscam Wireless IP Camera

Cross-site scripting (XSS) vulnerability in the web interface "WiFi scan" option in FOSCAM Wireless IP Cameras allows remote attackers to inject arbitrary web script or HTML via the SSID.

4.3
2013-11-20 CVE-2013-4579 Linux Cryptographic Issues vulnerability in Linux Kernel

The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations.

4.3
2013-11-20 CVE-2013-4507 Collectiveaccess Cross-Site Scripting vulnerability in Collectiveaccess Pawtucket and Providence

Cross-site scripting (XSS) vulnerability in CollectiveAccess Providence and Pawtucket before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-11-19 CVE-2013-6042 Softaculous Cross-Site Scripting vulnerability in Softaculous Webuzo

Cross-site scripting (XSS) vulnerability in filemanager/login.php in the File Manager module in Softaculous Webuzo before 2.1.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter.

4.3
2013-11-19 CVE-2013-4519 Reviewboard Cross-Site Scripting vulnerability in Reviewboard Review Board

Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file.

4.3
2013-11-19 CVE-2013-0741 Percipientstudios Cross-Site Scripting vulnerability in Percipientstudios Imagen

Cross-site scripting (XSS) vulnerability in imagegen.ashx in Percipient Studios ImageGen before 2.9.0 for Umbraco CMS allows remote attackers to inject arbitrary web script or HTML via the font parameter.

4.3
2013-11-18 CVE-2013-5417 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via HTTP response data.

4.3
2013-11-18 CVE-2013-4006 IBM Cryptographic Issues vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.5.1 uses weak permissions for unspecified files, which allows local users to obtain sensitive information via standard filesystem operations.

4.3
2013-11-18 CVE-2013-5454 IBM Information Exposure vulnerability in IBM Websphere Portal

IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL.

4.3
2013-11-18 CVE-2013-4842 HP Cross-Site Scripting vulnerability in HP products

Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-11-18 CVE-2013-1418 MIT
Debian
Opensuse
Null Pointer Dereference vulnerability in multiple products

The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.

4.3
2013-11-18 CVE-2013-4556 Spip Cross-Site Scripting vulnerability in Spip

Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter.

4.3
2013-11-18 CVE-2013-4204 Google Cross-Site Scripting vulnerability in Google web Toolkit

Multiple cross-site scripting (XSS) vulnerabilities in the JUnit files in the GWTTestCase in Google Web Toolkit (GWT) before 2.5.1 RC1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-11-18 CVE-2013-2031 Gentoo
Mediawiki
Cross-Site Scripting vulnerability in multiple products

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox.

4.3
2013-11-23 CVE-2013-4485 Redhat
Fedoraproject
Improper Input Validation vulnerability in multiple products

389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.

4.0
2013-11-20 CVE-2013-4592 Linux Resource Management Errors vulnerability in Linux Kernel

Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots.

4.0
2013-11-18 CVE-2013-4034 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Cognos Business Intelligence

IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

4.0
2013-11-18 CVE-2013-6800 MIT Remote Denial of Service vulnerability in MIT Kerberos 5

An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418.

4.0

18 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-11-23 CVE-2012-0787 Redhat
Augeas
The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when using the backup save option, or (3) .augnew file when using the newfile save option.
3.7
2013-11-21 CVE-2013-6177 EMC Path Traversal vulnerability in EMC Document Sciences Xpression 4.1/4.2/4.5

Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users to read arbitrary files by leveraging xDashboard access.

3.5
2013-11-20 CVE-2013-1417 MIT Improper Input Validation vulnerability in MIT Kerberos 5

do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.

3.5
2013-11-19 CVE-2013-5223 Dlink Cross-Site Scripting vulnerability in Dlink Dsl-2760U

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev.

3.5
2013-11-18 CVE-2013-5418 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2013-11-18 CVE-2013-5414 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server

The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in opportunistic circumstances by accessing resources in between a migration and a role evaluation.

3.5
2013-11-18 CVE-2013-5425 IBM Cross-Site Scripting vulnerability in IBM Websphere Virtual Enterprise

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Virtual Enterprise 6.1 before 6.1.1.6 and 7.0 before 7.0.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2013-11-23 CVE-2013-4459 Robert Ancell
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account.

3.3
2013-11-23 CVE-2012-6607 Augeas Path Traversal vulnerability in Augeas

The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786.

3.3
2013-11-23 CVE-2012-0786 Augeas Link Following vulnerability in Augeas

The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file.

3.3
2013-11-18 CVE-2013-2061 Openvpn
Opensuse
Information Exposure vulnerability in multiple products

The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.

2.6
2013-11-23 CVE-2013-0222 Opensuse
Redhat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.

2.1
2013-11-23 CVE-2013-4354 Openstack Improper Input Validation vulnerability in Openstack Image Registry and Delivery Service (Glance)

The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.

2.1
2013-11-23 CVE-2013-4509 Ibus Project
Opensuse
Credentials Management vulnerability in multiple products

The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.

1.9
2013-11-23 CVE-2013-6384 Openstack Information Exposure Through LOG Files vulnerability in Openstack Ceilometer

(1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB password) by reading the log file.

1.9
2013-11-23 CVE-2013-0223 Opensuse
Redhat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.

1.9
2013-11-23 CVE-2013-4481 Scientificlinux
Redhat
Race Condition vulnerability in multiple products

Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."

1.9
2013-11-18 CVE-2013-4425 Osirix Viewer Credentials Management vulnerability in Osirix-Viewer Osirix and Osirix MD

The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtain the private key.

1.9