Weekly Vulnerabilities Reports > December 9 to 15, 2013

Overview

181 new vulnerabilities reported during this period, including 24 critical vulnerabilities and 25 high severity vulnerabilities. This weekly summary report vulnerabilities in 185 products from 71 vendors including Ffmpeg, Microsoft, Cisco, Fedoraproject, and Opensuse. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Input Validation", and "Code Injection".

  • 151 reported vulnerabilities are remotely exploitables.
  • 12 reported vulnerabilities have public exploit available.
  • 35 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 164 reported vulnerabilities are exploitable by an anonymous user.
  • Ffmpeg has the most reported vulnerabilities, with 25 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 8 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

24 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-12-14 CVE-2013-7105 Fujitsu Buffer Errors vulnerability in Fujitsu Interstage Application Server and Interstage Studio

Buffer overflow in the Interstage HTTP Server log functionality, as used in Fujitsu Interstage Application Server 9.0.0, 9.1.0, 9.2.0, 9.3.1, and 10.0.0; and Interstage Studio 9.0.0, 9.1.0, 9.2.0, and 10.0.0, has unspecified impact and attack vectors related to "ihsrlog/rotatelogs."

10.0
2013-12-13 CVE-2013-7095 SAP Unspecified vulnerability in SAP Customer Relationship Management 7.02

The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue.

10.0
2013-12-12 CVE-2013-2751 Netgear Code Injection vulnerability in Netgear Raidiator

Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."

10.0
2013-12-12 CVE-2013-6810 EMC Code Injection vulnerability in EMC Connectrix Manager 11.2.1/12.0.1/12.0.3

The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable file.

10.0
2013-12-11 CVE-2013-6671 Mozilla
Canonical
Redhat
Suse
Opensuse
Fedoraproject
Code Injection vulnerability in multiple products

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.

10.0
2013-12-11 CVE-2013-5618 Mozilla
Fedoraproject
Suse
Opensuse
Canonical
Redhat
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection.

10.0
2013-12-11 CVE-2013-5613 Mozilla
Fedoraproject
Suse
Opensuse
Redhat
Canonical
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function.

10.0
2013-12-11 CVE-2013-5610 Mozilla
Oracle
Fedoraproject
Canonical
Opensuse
Suse
Out-Of-Bounds Write vulnerability in multiple products

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2013-12-11 CVE-2013-5609 Mozilla
Fedoraproject
Suse
Opensuse
Canonical
Redhat
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
10.0
2013-12-11 CVE-2013-5334 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 12.0.7.148 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5333.

10.0
2013-12-11 CVE-2013-5333 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 12.0.7.148 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5334.

10.0
2013-12-10 CVE-2013-3623 Supermicro Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Supermicro Intelligent Platform Management Firmware 2.24/2.26

Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1) sess_sid or (2) ACT parameter.

10.0
2013-12-13 CVE-2013-4988 Icofx Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Icofx

Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file.

9.3
2013-12-11 CVE-2013-5332 Adobe
Apple
Microsoft
Linux
Code Injection vulnerability in Adobe Air, AIR SDK and Flash Player

Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

9.3
2013-12-11 CVE-2013-5331 Adobe
Apple
Microsoft
Linux
Code Injection vulnerability in Adobe Air, AIR SDK and Flash Player

Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow remote attackers to execute arbitrary code via crafted .swf content that leverages an unspecified "type confusion," as exploited in the wild in December 2013.

9.3
2013-12-11 CVE-2013-5056 Microsoft USE After Free vulnerability in Microsoft products

Use-after-free vulnerability in the Scripting Runtime Object Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that is visited with Internet Explorer, aka "Use-After-Free Vulnerability in Microsoft Scripting Runtime Object Library."

9.3
2013-12-11 CVE-2013-5052 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 7

Microsoft Internet Explorer 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2013-12-11 CVE-2013-5051 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10/11

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2013-12-11 CVE-2013-5049 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2013-12-11 CVE-2013-5048 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-5047.

9.3
2013-12-11 CVE-2013-5047 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-5048.

9.3
2013-12-14 CVE-2013-7104 Mcafee OS Command Injection vulnerability in Mcafee Email Gateway 7.6

McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands by specifying them in the value attribute in a (1) Command or (2) Script XML element.

9.0
2013-12-14 CVE-2013-7103 Mcafee OS Command Injection vulnerability in Mcafee Email Gateway 7.6

McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a (1) TestFile XML element or the (2) hostname.

9.0
2013-12-10 CVE-2013-3622 Supermicro Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Supermicro Intelligent Platform Management Firmware 2.24/2.26

Buffer overflow in logout.cgi in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allows remote authenticated users to execute arbitrary code via the SID parameter.

9.0

25 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-12-14 CVE-2013-6271 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWORD_QUALITY_UNSPECIFIED option.

8.8
2013-12-10 CVE-2013-7043 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco products

Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic.

8.3
2013-12-10 CVE-2013-4408 Samba Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba

Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet.

8.3
2013-12-11 CVE-2013-3900 Microsoft Improper Input Validation vulnerability in Microsoft products

The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability."

7.6
2013-12-13 CVE-2013-7096 SAP SQL Injection vulnerability in SAP EMR Unwired

Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2013-12-13 CVE-2013-7094 SAP SQL Injection vulnerability in SAP Netweaver 7.30

SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2013-12-13 CVE-2013-6839 Instantsoft SQL Injection vulnerability in Instantsoft Instantcms 1.10.3

SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id].

7.5
2013-12-12 CVE-2013-6421 Projectsprouts Code Injection vulnerability in Projectsprouts Sprout 0.7.246

The unpack_zip function in archive_unpacker.rb in the sprout gem 0.7.246 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a (1) filename or (2) path.

7.5
2013-12-12 CVE-2013-6054 Uclouvain Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Uclouvain Openjpeg

Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045.

7.5
2013-12-12 CVE-2013-6045 Uclouvain Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Uclouvain Openjpeg

Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors.

7.5
2013-12-11 CVE-2013-5619 Opensuse
Suse
Mozilla
Canonical
Fedoraproject
Oracle
Integer Overflow OR Wraparound vulnerability in multiple products

Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.

7.5
2013-12-11 CVE-2013-5616 Mozilla
Fedoraproject
Suse
Opensuse
Redhat
Canonical
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.

7.5
2013-12-11 CVE-2013-5615 Mozilla
Canonical
Suse
Opensuse
Fedoraproject
The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors.
7.5
2013-12-09 CVE-2013-6985 Enorth SQL Injection vulnerability in Enorth Webpublisher CMS 5.0

SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth Webpublisher CMS, possibly 5.0 and earlier, allows remote attackers to execute arbitrary SQL commands via the thisday parameter.

7.5
2013-12-09 CVE-2013-5354 Sharetronix SQL Injection vulnerability in Sharetronix 3.1.1

Multiple SQL injection vulnerabilities in Sharetronix 3.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) fb_user_id or (2) tw_user_id parameter to signup.

7.5
2013-12-09 CVE-2013-4376 X2Go Code Injection vulnerability in X2Go Server 4.0.0.0/4.0.0.1

The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server before 4.0.0.2 allows remote attackers to execute arbitrary code via unspecified vectors, related to the path to libx2go-server-db-sqlite3-wrapper.pl.

7.5
2013-12-09 CVE-2013-1349 Os4Ed Code Injection vulnerability in Os4Ed Opensis

Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter.

7.5
2013-12-09 CVE-2011-4351 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x before 0.7.8, and 0.8.x before 0.8.8 allows remote attackers to execute arbitrary code via unspecified vectors.

7.5
2013-12-09 CVE-2011-3941 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The decode_mb function in libavcodec/error_resilience.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to an uninitialized block index, which triggers an out-of-bounds write.

7.5
2013-12-14 CVE-2013-4587 Linux Improper Input Validation vulnerability in Linux Kernel

Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.

7.2
2013-12-11 CVE-2013-3907 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

portcls.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Port-Class Driver Double Fetch Vulnerability."

7.2
2013-12-11 CVE-2013-3902 Microsoft Resource Management Errors vulnerability in Microsoft Windows 7 and Windows Server 2008

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1 and Windows 7 SP1 on 64-bit platforms allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms13-101 "Affected Software Windows 7 for 32-bit Systems Service Pack 1 (2893984)"

7.2
2013-12-11 CVE-2013-3899 Microsoft Improper Input Validation vulnerability in Microsoft Windows Server 2003 and Windows XP

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate addresses, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."

7.2
2013-12-09 CVE-2013-4400 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Libvirt 1.1.2/1.1.3

virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments.

7.2
2013-12-13 CVE-2013-6958 Juniper Denial of Service vulnerability in Juniper Netscreen-5200, Netscreen-5400 and Screenos

Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.

7.1

117 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-12-11 CVE-2013-5058 Microsoft Integer Overflow OR Wraparound vulnerability in Microsoft products

Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges via a crafted application, aka "Win32k Integer Overflow Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms13-101 "Win32k Integer Overflow Vulnerability - CVE-2013-5058 A denial of service vulnerability exists in the way that the Win32k.sys kernel-mode driver handles objects in memory.

6.9
2013-12-11 CVE-2013-3878 Microsoft Buffer Errors vulnerability in Microsoft Windows Server 2003 and Windows XP

Stack-based buffer overflow in the LRPC client in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges by operating an LRPC server that sends a crafted LPC port message, aka "LRPC Client Buffer Overrun Vulnerability."

6.9
2013-12-10 CVE-2013-6840 Siemens Permissions, Privileges, and Access Controls vulnerability in Siemens Comos

Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors.

6.9
2013-12-14 CVE-2013-6710 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Training Center

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567.

6.8
2013-12-14 CVE-2013-4000 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Cognos Command Center 10.0/10.1

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) start or (2) stop services.

6.8
2013-12-14 CVE-2013-7069 Beyondgrep Code Injection vulnerability in Beyondgrep ACK

ack 2.00 through 2.11_02 allows remote attackers to execute arbitrary code via a (1) --pager, (2) --regex, or (3) --output option in a .ackrc file in a directory to be searched.

6.8
2013-12-13 CVE-2013-6400 XEN Permissions, Privileges, and Access Controls vulnerability in XEN

Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors.

6.8
2013-12-13 CVE-2013-7050 Devscripts Devel Team Code Injection vulnerability in Devscripts Devel Team Devscripts

The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.

6.8
2013-12-13 CVE-2012-5394 Mediawiki Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki

Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading.

6.8
2013-12-12 CVE-2013-2752 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear Raidiator

Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users.

6.8
2013-12-12 CVE-2013-1978 Gimp
Gnome
Redhat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.

6.8
2013-12-12 CVE-2013-1913 Gimp
Gnome
Redhat
Numeric Errors vulnerability in multiple products

Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump.

6.8
2013-12-11 CVE-2013-5059 Microsoft Code Injection vulnerability in Microsoft Office web Apps and Sharepoint Server

Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerabilities."

6.8
2013-12-10 CVE-2013-5447 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Forms Viewer

Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value.

6.8
2013-12-09 CVE-2013-6427 HP Code Injection vulnerability in HP Linux Imaging and Printing Project

upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.

6.8
2013-12-09 CVE-2013-6180 EMC Permissions, Privileges, and Access Controls vulnerability in EMC RSA Netwitness Nextgen and RSA Security Analytics

EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent.

6.8
2013-12-09 CVE-2013-5355 Sharetronix Cross-Site Request Forgery (CSRF) vulnerability in Sharetronix 3.1.1

Multiple cross-site request forgery (CSRF) vulnerabilities in Sharetronix 3.1.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settings or (2) create new administrative users via unspecified vectors.

6.8
2013-12-09 CVE-2013-7024 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

6.8
2013-12-09 CVE-2013-7023 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.

6.8
2013-12-09 CVE-2013-7022 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.

6.8
2013-12-09 CVE-2013-7021 Ffmpeg Resource Management Errors vulnerability in Ffmpeg

The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure the availability of FIFO content, which allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact via crafted data.

6.8
2013-12-09 CVE-2013-7020 Ffmpeg
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.

6.8
2013-12-09 CVE-2013-7019 Ffmpeg Improper Input Validation vulnerability in Ffmpeg

The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

6.8
2013-12-09 CVE-2013-7018 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

6.8
2013-12-09 CVE-2013-7017 Ffmpeg Unspecified vulnerability in Ffmpeg

libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via crafted JPEG2000 data.

6.8
2013-12-09 CVE-2013-7016 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

6.8
2013-12-09 CVE-2013-7015 Ffmpeg Improper Input Validation vulnerability in Ffmpeg

The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash Screen Video data.

6.8
2013-12-09 CVE-2013-7014 Ffmpeg Numeric Errors vulnerability in Ffmpeg

Integer signedness error in the add_bytes_l2_c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted PNG data.

6.8
2013-12-09 CVE-2013-7013 Ffmpeg Numeric Errors vulnerability in Ffmpeg

The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.

6.8
2013-12-09 CVE-2013-7012 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

6.8
2013-12-09 CVE-2013-7011 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.

6.8
2013-12-09 CVE-2013-7010 Ffmpeg Numeric Errors vulnerability in Ffmpeg

Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.

6.8
2013-12-09 CVE-2013-7009 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data.

6.8
2013-12-09 CVE-2013-7008 Ffmpeg Unspecified vulnerability in Ffmpeg

The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data.

6.8
2013-12-09 CVE-2013-1953 Autotrace Project Numeric Errors vulnerability in Autotrace Project Autotrace 0.31.1

Integer underflow in the input_bmp_reader function in input-bmp.c in AutoTrace 0.31.1 allows context-dependent attackers to have an unspecified impact via a small value in the biSize field in the header of a BMP file, which triggers a buffer overflow.

6.8
2013-12-09 CVE-2011-3950 Ffmpeg Unspecified vulnerability in Ffmpeg

The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via a crafted value in the reference pictures number.

6.8
2013-12-09 CVE-2011-3949 Ffmpeg Unspecified vulnerability in Ffmpeg

The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data.

6.8
2013-12-09 CVE-2011-3946 Ffmpeg Resource Management Errors vulnerability in Ffmpeg

The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop.

6.8
2013-12-09 CVE-2011-3944 Ffmpeg Unspecified vulnerability in Ffmpeg

The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data.

6.8
2013-12-09 CVE-2011-3935 Ffmpeg Unspecified vulnerability in Ffmpeg

The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to a crafted image size.

6.8
2013-12-09 CVE-2011-3934 Ffmpeg Resource Management Errors vulnerability in Ffmpeg

Double free vulnerability in the vp3_update_thread_context function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data.

6.8
2013-12-13 CVE-2013-7092 Mcafee SQL Injection vulnerability in Mcafee Email Gateway 7.6

Multiple SQL injection vulnerabilities in /admin/cgi-bin/rpc/doReport/18 in McAfee Email Gateway 7.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) events_col, (2) event_id, (3) reason, (4) events_order, (5) emailstatus_order, or (6) emailstatus_col JSON keys.

6.5
2013-12-13 CVE-2013-7038 GNU Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Libmicrohttpd

The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read.

6.4
2013-12-14 CVE-2013-6368 Linux
Redhat
Improper Input Validation vulnerability in Linux Kernel

The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.

6.2
2013-12-11 CVE-2013-5046 Microsoft Improper Input Validation vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 7 through 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability."

6.2
2013-12-11 CVE-2013-5045 Microsoft Improper Input Validation vulnerability in Microsoft Internet Explorer 10/11

Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability."

6.2
2013-12-09 CVE-2013-7027 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header.

6.1
2013-12-14 CVE-2013-6971 Cisco Improper Input Validation vulnerability in Cisco Webex Training Center

Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140.

5.8
2013-12-14 CVE-2013-6967 Cisco Improper Input Validation vulnerability in Cisco Webex Sales Center

Open redirect vulnerability in the mobile-browser subsystem in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36020.

5.8
2013-12-14 CVE-2013-6959 Cisco Improper Input Validation vulnerability in Cisco Webex Sales Center

Open redirect vulnerability in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul25557.

5.8
2013-12-14 CVE-2013-7085 Devscripts Devel Team Improper Input Validation vulnerability in Devscripts Devel Team Devscripts 2.13.5

Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename.

5.8
2013-12-14 CVE-2013-6391 Openstack
Canonical
Redhat
Improper Privilege Management vulnerability in multiple products

The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request.

5.8
2013-12-11 CVE-2013-5611 Oracle
Fedoraproject
Canonical
Suse
Opensuse
Opensuse Project
Mozilla
Security Bypass vulnerability in Mozilla Firefox

Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.

5.8
2013-12-09 CVE-2013-6171 Dovecot Improper Authentication vulnerability in Dovecot

checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server.

5.8
2013-12-14 CVE-2013-6367 Linux Numeric Errors vulnerability in Linux Kernel

The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.

5.7
2013-12-14 CVE-2013-6376 Linux Numeric Errors vulnerability in Linux Kernel

The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode.

5.2
2013-12-13 CVE-2013-7039 GNU Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Libmicrohttpd

Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header.

5.1
2013-12-14 CVE-2013-6972 Cisco Information Exposure vulnerability in Cisco Webex Training Center

Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126.

5.0
2013-12-14 CVE-2013-6970 Cisco Information Exposure vulnerability in Cisco Webex Meeting Center

Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information by reading verbose error messages within server responses, aka Bug ID CSCul35928.

5.0
2013-12-14 CVE-2013-6968 Cisco Information Exposure vulnerability in Cisco Webex Training Center

Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a series of requests, aka Bug ID CSCul36003.

5.0
2013-12-14 CVE-2013-6965 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Webex Training Center

The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183.

5.0
2013-12-14 CVE-2013-6709 Cisco Information Exposure vulnerability in Cisco Webex Training Center

The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul57111.

5.0
2013-12-14 CVE-2013-6411 Openttd Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openttd

The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD 0.3.6 through 1.3.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) by crashing an aircraft outside of the map.

5.0
2013-12-14 CVE-2013-5107 Rockmongo Path Traversal vulnerability in Rockmongo

Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a ..

5.0
2013-12-14 CVE-2013-1364 Zabbix Improper Authentication vulnerability in Zabbix

The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter.

5.0
2013-12-13 CVE-2013-7093 SAP Improper Authentication vulnerability in SAP Network Interface Router 39.3

SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors.

5.0
2013-12-13 CVE-2013-6809 Philippe Jounin USE of Externally-Controlled Format String vulnerability in Philippe Jounin Tftpd32

Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remote File field.

5.0
2013-12-13 CVE-2013-6048 Munin Monitoring Improper Input Validation vulnerability in Munin-Monitoring Munin

The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.

5.0
2013-12-13 CVE-2013-7091 Zimbra Path Traversal vulnerability in Synacor Zimbra Collaboration Suite

Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a ..

5.0
2013-12-12 CVE-2013-6052 Uclouvain Information Exposure vulnerability in Uclouvain Openjpeg

OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.

5.0
2013-12-12 CVE-2013-4458 GNU
Suse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results.

5.0
2013-12-12 CVE-2013-1447 Uclouvain Unspecified vulnerability in Uclouvain Openjpeg

OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors related to NULL pointer dereferences, division-by-zero, and other errors.

5.0
2013-12-12 CVE-2011-4971 Memcached Numeric Errors vulnerability in Memcached

Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet.

5.0
2013-12-12 CVE-2013-7030 Cisco Cryptographic Issues vulnerability in Cisco Unified Communications Manager

** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file.

5.0
2013-12-10 CVE-2013-6708 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Cloud Portal 9.4

Cisco Cloud Portal 9.4 allows remote attackers to read files of unspecified types via a direct request, aka Bug IDs CSCuj08426 and CSCui60889.

5.0
2013-12-11 CVE-2013-3903 Microsoft Improper Input Validation vulnerability in Microsoft products

Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to cause a denial of service (reboot) via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."

4.7
2013-12-09 CVE-2013-7026 Linux Race Condition vulnerability in Linux Kernel

Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted application that uses shmctl IPC_RMID operations in conjunction with other shm system calls.

4.7
2013-12-09 CVE-2013-6431 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The fib6_add function in net/ipv6/ip6_fib.c in the Linux kernel before 3.11.5 does not properly implement error-code encoding, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for an IPv6 SIOCADDRT ioctl call.

4.7
2013-12-10 CVE-2013-7042 Novell Permissions, Privileges, and Access Controls vulnerability in Novell Suse Lifecycle Management Server

SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors.

4.6
2013-12-09 CVE-2013-6432 Linux NULL Pointer Dereference Local Denial of Service vulnerability in Linux Kernel

The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging unspecified privileges to execute a crafted application.

4.6
2013-12-14 CVE-2013-6973 Cisco Information Exposure vulnerability in Cisco Webex Training Center

Cisco WebEx Training Center allows remote attackers to discover registration IDs via a crafted URL, aka Bug ID CSCul57121.

4.3
2013-12-14 CVE-2013-6969 Cisco Improper Input Validation vulnerability in Cisco Webex Training Center

The training-registration page in Cisco WebEx Training Center allows remote attackers to modify unspecified fields via unknown vectors, aka Bug ID CSCul35990.

4.3
2013-12-14 CVE-2013-6963 Cisco Cross-Site Scripting vulnerability in Cisco Webex Training Center

Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36207.

4.3
2013-12-14 CVE-2013-6962 Cisco Cross-Site Scripting vulnerability in Cisco Webex Meeting Center

Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36228.

4.3
2013-12-14 CVE-2013-6961 Cisco Cross-Site Scripting vulnerability in Cisco Webex Meeting Center

Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36237.

4.3
2013-12-14 CVE-2013-6960 Cisco Cross-Site Scripting vulnerability in Cisco Webex Meeting Center

Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248.

4.3
2013-12-14 CVE-2013-6711 Cisco Cross-Site Scripting vulnerability in Cisco Webex Sales Center

Cross-site scripting (XSS) vulnerability in the product-creation administrative page in Cisco WebEx Sales Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul25540.

4.3
2013-12-14 CVE-2013-5438 IBM Cross-Site Scripting vulnerability in IBM Flex System Manager 1.1.0/1.3.0

Cross-site scripting (XSS) vulnerability in the web server in IBM Flex System Manager (FSM) 1.1.0 through 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-12-14 CVE-2013-4845 HP Cross-Site Scripting vulnerability in HP Officejet PRO 8500 and Officejet PRO 8500 Firmware

Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka A909) All-in-One printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-12-14 CVE-2013-4001 IBM Improper Authentication vulnerability in IBM Cognos Command Center 10.0/10.1

Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie.

4.3
2013-12-14 CVE-2013-4520 Xmlsoft Unspecified vulnerability in Xmlsoft Libxslt

xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type.

4.3
2013-12-14 CVE-2013-6051 Quagga Unspecified vulnerability in Quagga 0.99.21

The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update.

4.3
2013-12-13 CVE-2013-6359 Munin Monitoring Improper Input Validation vulnerability in Munin-Monitoring Munin

Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name.

4.3
2013-12-13 CVE-2012-6151 Apple
Canonical
NET Snmp
Resource Management Errors vulnerability in multiple products

Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.

4.3
2013-12-13 CVE-2013-6957 Juniper Cross-Site Scripting vulnerability in Juniper products

Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web server.

4.3
2013-12-13 CVE-2013-6005 Cybozu Cross-Site Scripting vulnerability in Cybozu Dezie

Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Cancel button.

4.3
2013-12-13 CVE-2013-4569 Mediawiki Information Exposure vulnerability in Mediawiki

The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote attackers to obtain sensitive information (revision-deleted IPs) via the Recent Changes page.

4.3
2013-12-13 CVE-2013-4568 Mediawiki HTML Injection vulnerability in Mediawiki CSS Tags

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression" containing (1) full width characters or (2) IPA extensions, which are converted and rendered by Internet Explorer.

4.3
2013-12-13 CVE-2013-4567 Mediawiki HTML Injection vulnerability in Mediawiki CSS Tags

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \b (backspace) character in CSS.

4.3
2013-12-12 CVE-2013-1812 Fedoraproject
Janrain
Resource Management Errors vulnerability in multiple products

The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.

4.3
2013-12-11 CVE-2013-6673 Fedoraproject
Mozilla
Suse
Opensuse
Canonical
Cryptographic Issues vulnerability in multiple products

Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.

4.3
2013-12-11 CVE-2013-6672 Opensuse
Suse
Mozilla
Linux
Canonical
Oracle
Fedoraproject
Information Exposure vulnerability in multiple products

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations.

4.3
2013-12-11 CVE-2013-5614 Mozilla
Fedoraproject
Oracle
Canonical
Redhat
Opensuse
Suse
Improper Restriction of Rendered UI Layers OR Frames vulnerability in multiple products

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.

4.3
2013-12-11 CVE-2013-5612 Mozilla
Fedoraproject
Oracle
Canonical
Redhat
Opensuse
Suse
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.

4.3
2013-12-11 CVE-2013-5072 Microsoft Cross-Site Scripting vulnerability in Microsoft Exchange Server 2010/2013

Cross-site scripting (XSS) vulnerability in Outlook Web Access in Microsoft Exchange Server 2010 SP2 and SP3 and 2013 Cumulative Update 2 and 3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability."

4.3
2013-12-11 CVE-2013-5057 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Office 2007/2010

hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM component on a web site that is visited with Internet Explorer, as exploited in the wild in December 2013, aka "HXDS ASLR Vulnerability."

4.3
2013-12-11 CVE-2013-5054 Microsoft Information Exposure vulnerability in Microsoft Office and Office 2013 RT

Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in 2013, aka "Token Hijacking Vulnerability."

4.3
2013-12-11 CVE-2013-5042 Microsoft Cross-Site Scripting vulnerability in Microsoft products

Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbitrary web script or HTML via crafted Forever Frame transport protocol data, aka "SignalR XSS Vulnerability."

4.3
2013-12-10 CVE-2012-3047 Cisco Cross-Site Scripting vulnerability in Cisco products

Cross-site scripting (XSS) vulnerability in the web-wizard setup page on Cisco Scientific Atlanta D20 and D30 cable modems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-12-10 CVE-2013-3710 Novell Cryptographic Issues vulnerability in Novell Suse Lifecycle Management Server

SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere.

4.3
2013-12-10 CVE-2013-6224 Livezilla Cross-Site Scripting vulnerability in Livezilla

Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to the admins visitor information panel, or (3) a text message in a chat session, which is saved in the archive section.

4.3
2013-12-09 CVE-2013-6039 Nagiosql Cross-Site Scripting vulnerability in Nagiosql 3.2

Multiple cross-site scripting (XSS) vulnerabilities in NagiosQL 3.2 SP2 allow remote attackers to inject arbitrary web script or HTML via the txtSearch parameter to (1) admin/hostdependencies.php, (2) admin/hosts.php, or other unspecified pages that allow search input, related to the search functionality in functions/content_class.php.

4.3
2013-12-14 CVE-2013-6428 Openstack Permissions, Privileges, and Access Controls vulnerability in Openstack Heat 2013.2/5.0.0

The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenant_id in the request path.

4.0
2013-12-14 CVE-2013-6426 Openstack Permissions, Privileges, and Access Controls vulnerability in Openstack Heat 2013.2/5.0.0

The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method.

4.0
2013-12-13 CVE-2013-5676 Sonarsource Cryptographic Issues vulnerability in Sonarsource Jenkins Plugin

The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure.

4.0
2013-12-12 CVE-2013-4566 MOD NSS Project
Redhat
Permissions, Privileges, and Access Controls vulnerability in multiple products

mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.

4.0
2013-12-09 CVE-2013-6404 Quassel IRC Permissions, Privileges, and Access Controls vulnerability in Quassel-Irc Quassel IRC

Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/.

4.0

15 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-12-09 CVE-2013-4270 Linux Improper Input Validation vulnerability in Linux Kernel

The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restrictions via a crafted application.

3.6
2013-12-09 CVE-2013-2930 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application.

3.6
2013-12-14 CVE-2013-6964 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Webex Meeting Center

Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197.

3.5
2013-12-10 CVE-2013-5404 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in the search implementation in IBM Rational Quality Manager (RQM) 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational Team Concert, Rational Requirements Composer, and other products, allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IFRAME element.

3.5
2013-12-10 CVE-2013-6237 Islonline Information Exposure vulnerability in Islonline ISL Desktop Plugin and ISL Light

The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 and earlier allows remote authenticated users to obtain sensitive information by pasting the clipboard contents that have been copied by another user in the session.

3.5
2013-12-09 CVE-2013-7025 Sonicwall Cross-Site Scripting vulnerability in Sonicwall products

Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.

3.5
2013-12-09 CVE-2013-2929 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h.

3.3
2013-12-14 CVE-2013-3043 IBM Path Traversal vulnerability in IBM products

Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files.

2.1
2013-12-14 CVE-2013-3042 IBM Path Traversal vulnerability in IBM products

Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files.

2.1
2013-12-13 CVE-2013-6956 Juniper Cross-Site Scripting vulnerability in Juniper IVE OS

Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

2.1
2013-12-13 CVE-2013-6394 Percona
Opensuse
Cryptographic Issues vulnerability in multiple products

Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks.

2.1
2013-12-13 CVE-2013-0348 Open Source Development Team
Fedoraproject
Gentoo
Opensuse
Acme
Permissions, Privileges, and Access Controls vulnerability in multiple products

thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.

2.1
2013-12-12 CVE-2013-6986 Zippyyum Cryptographic Issues vulnerability in Zippyyum Subway Ordering for California 3.4

The ZippyYum Subway CA Kiosk app 3.4 for iOS uses cleartext storage in SQLite cache databases, which allows attackers to obtain sensitive information by reading data elements, as demonstrated by password elements.

2.1
2013-12-09 CVE-2013-3929 Cmsmadesimple Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple 1.11.9

Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS Made Simple (CMSMS) 1.11.9 allows remote authenticated users with the "Modify Events" permission to inject arbitrary web script or HTML via the handler parameter.

2.1
2013-12-12 CVE-2013-5763 Oracle Stack Buffer Overflow vulnerability in Oracle Fusion Middleware 8.4

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Maintenance.

1.5