Weekly Vulnerabilities Reports > January 13 to 19, 2014

Overview

217 new vulnerabilities reported during this period, including 26 critical vulnerabilities and 22 high severity vulnerabilities. This weekly summary report vulnerabilities in 161 products from 65 vendors including Oracle, Microsoft, Apple, Linux, and Redhat. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Input Validation", and "Resource Management Errors".

  • 186 reported vulnerabilities are remotely exploitables.
  • 6 reported vulnerabilities have public exploit available.
  • 26 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 151 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 118 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 10 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

26 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-01-16 CVE-2014-0650 Cisco Improper Input Validation vulnerability in Cisco Secure Access Control System

The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID CSCue65962.

10.0
2014-01-16 CVE-2014-0648 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System

The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187.

10.0
2014-01-15 CVE-2014-0496 Adobe
Apple
Microsoft
Resource Management Errors vulnerability in Adobe Acrobat

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.

10.0
2014-01-15 CVE-2014-0495 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat

Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0493.

10.0
2014-01-15 CVE-2014-0493 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat

Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0495.

10.0
2014-01-15 CVE-2014-0492 Adobe
Apple
Microsoft
Linux
Permissions, Privileges, and Access Controls vulnerability in Adobe Air, Adobe AIR SDK and Flash Player

Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to defeat the ASLR protection mechanism by leveraging an "address leak."

10.0
2014-01-15 CVE-2014-0491 Adobe
Apple
Microsoft
Linux
Permissions, Privileges, and Access Controls vulnerability in Adobe Air, Adobe AIR SDK and Flash Player

Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to bypass unspecified protection mechanisms via unknown vectors.

10.0
2014-01-15 CVE-2014-1201 Lorex Technology
Lorextechnology
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter.

10.0
2014-01-15 CVE-2014-0428 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA.

10.0
2014-01-15 CVE-2014-0422 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI.

10.0
2014-01-15 CVE-2014-0415 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0418, and CVE-2014-0424.

10.0
2014-01-15 CVE-2014-0410 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424.

10.0
2014-01-15 CVE-2013-5907 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

10.0
2014-01-15 CVE-2013-2820 Sierrawireless Improper Authentication vulnerability in Sierrawireless products

The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388.

10.0
2014-01-19 CVE-2013-3483 Hexagon Buffer Errors vulnerability in Hexagon Erdas ER Viewer 11.04/13.0.1.1298/13.00.0001

Stack-based buffer overflow in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ERS file.

9.3
2014-01-19 CVE-2013-3482 Hexagon Buffer Errors vulnerability in Hexagon Erdas ER Viewer 11.04/13.0.1.1298/13.00.0001

Stack-based buffer overflow in the rf_report_error function in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in an ERS file.

9.3
2014-01-15 CVE-2014-0260 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."

9.3
2014-01-15 CVE-2014-0259 Microsoft Buffer Errors vulnerability in Microsoft Office Compatibility Pack and Word

Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."

9.3
2014-01-15 CVE-2014-0258 Microsoft Buffer Errors vulnerability in Microsoft Office Compatibility Pack, Word and Word Viewer

Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."

9.3
2014-01-15 CVE-2013-5889 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424.

9.3
2014-01-15 CVE-2014-0417 Oracle Unspecified vulnerability in Oracle Javafx, JDK and JRE

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JavaFX 2.2.45; and Java SE Embedded 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

9.3
2014-01-15 CVE-2014-0408 Oracle
Apple
Unspecified vulnerability in Oracle JRE 1.7.0

Unspecified vulnerability in Oracle Java SE 7u45, when running on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

9.3
2014-01-15 CVE-2014-0385 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 7u45, when installing on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.

9.3
2014-01-15 CVE-2013-5893 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

9.3
2014-01-15 CVE-2013-2819 Sierrawireless Credentials Management vulnerability in Sierrawireless products

The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action.

9.3
2014-01-16 CVE-2014-0649 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System

The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180.

9.0

22 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-01-15 CVE-2014-0387 Oracle
Mozilla
Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

7.6
2014-01-19 CVE-2013-2185 Apache
Redhat
Improper Input Validation vulnerability in multiple products

** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186.

7.5
2014-01-17 CVE-2014-0792 Sonatype Code Injection vulnerability in Sonatype Nexus

Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types.

7.5
2014-01-16 CVE-2012-6626 Brian Cabunac SQL Injection vulnerability in Brian Cabunac Browser TO Email Phone Message System 1.0

SQL injection vulnerability in verify-user.php in b2ePMS 1.0 allows remote attackers to execute arbitrary SQL commands via the username field.

7.5
2014-01-16 CVE-2012-6625 Vasthtml SQL Injection vulnerability in Vasthtml Forumpress

SQL injection vulnerability in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the groupid parameter in an editgroup action.

7.5
2014-01-16 CVE-2013-6646 Google
Apple
Linux
Opensuse
Debian
Microsoft
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the shutting down of a worker process.

7.5
2014-01-16 CVE-2013-6644 Google
Apple
Linux
Microsoft
Opensuse
Debian
USE After Free vulnerability in multiple products

Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5
2014-01-16 CVE-2013-6643 Google
Apple
Linux
Opensuse
Microsoft
Debian
Improper Authentication vulnerability in multiple products

The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog.

7.5
2014-01-16 CVE-2013-6641 Google
Apple
Linux
Microsoft
Opensuse
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of the past names map of a FORM element.

7.5
2014-01-15 CVE-2013-5878 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.

7.5
2014-01-15 CVE-2013-5785 Oracle Remote Security vulnerability in Oracle Reports Developer

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.6, 11.1.1.7, and 11.1.2.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security and Authentication.

7.5
2014-01-15 CVE-2014-1466 CSP Mysql User Manager Project SQL Injection vulnerability in CSP Mysql User Manager Project CSP Mysql User Manager 2.3

SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page.

7.5
2014-01-15 CVE-2014-1206 Openwebanalytics SQL Injection vulnerability in Openwebanalytics Open web Analytics

SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php.

7.5
2014-01-15 CVE-2014-0424 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, and CVE-2014-0418.

7.5
2014-01-15 CVE-2014-0373 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability.

7.5
2014-01-15 CVE-2013-2827 Wellintech Code Injection vulnerability in Wellintech Kingalarm&Event, Kinggraphic and Kingscada

An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value.

7.5
2014-01-15 CVE-2014-0262 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows 7 and Windows Server 2008

win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Server 2008 R2 SP1 does not properly consider thread-owned objects during the processing of window handles, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."

7.2
2014-01-15 CVE-2014-0615 Juniper Permissions, Privileges, and Access Controls vulnerability in Juniper Junos

Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows local users to gain privileges via vectors related to "certain combinations of Junos OS CLI commands and arguments."

7.2
2014-01-15 CVE-2013-3830 Oracle Remote Security vulnerability in Oracle Hyperion Interactive Reporting 11.1.2.1/11.1.2.2

Unspecified vulnerability in the Hyperion Strategic Finance component in Oracle Hyperion 11.1.2.1 and 11.1.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server.

7.1
2014-01-15 CVE-2014-0617 Juniper Denial of Service vulnerability in Juniper Junos 'SRX Series Services' Gateway

Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before 11.4R9, and 12.1R before 12.1R7 on SRX Series service gateways allows remote attackers to cause a denial of service (flowd crash) via a crafted IP packet.

7.1
2014-01-15 CVE-2014-0616 Juniper Race Condition vulnerability in Juniper Junos

Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R4-S2, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows remote attackers to cause a denial of service (rdp crash) via a large BGP UPDATE message which immediately triggers a withdraw message to be sent, as demonstrated by a long AS_PATH and a large number of BGP Communities.

7.1
2014-01-15 CVE-2014-0613 Juniper Unspecified vulnerability in Juniper Junos

The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2-S2, and 13.3 before 13.3R1, when xnm-ssl or xnm-clear-text is enabled, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

7.1

125 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-01-14 CVE-2013-6123 Codeaurora
Qualcomm
Improper Input Validation vulnerability in multiple products

Multiple array index errors in drivers/media/video/msm/server/msm_cam_server.c in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges by leveraging camera device-node access, related to the (1) msm_ctrl_cmd_done, (2) msm_ioctl_server, and (3) msm_server_send_ctrl functions.

6.9
2014-01-17 CVE-2014-1211 Vmware Cross-Site Request Forgery (CSRF) vulnerability in VMWare Vcloud Director 5.1.0/5.1.1/5.1.2

Cross-site request forgery (CSRF) vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.

6.8
2014-01-17 CVE-2013-7204 Conceptronic Cross-Site Request Forgery (CSRF) vulnerability in Conceptronic Cipcamptiwl and Cipcamptiwl 1.0 Firmware

Cross-site request forgery (CSRF) vulnerability in set_users.cgi in Conceptronic CIPCAMPTIWL Camera 1.0 with firmware 21.37.2.49 allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users.

6.8
2014-01-16 CVE-2012-6631 Vessio Cross-Site Request Forgery (CSRF) vulnerability in Vessio Netbill 1.2

Cross-site request forgery (CSRF) vulnerability in accounts/admin/index.php in Vessio NetBill 1.2 allows remote attackers to hijack the authentication of administrators for requests that add accounts via a new-client action.

6.8
2014-01-16 CVE-2012-6629 Xyzscripts Cross-Site Request Forgery (CSRF) vulnerability in Xyzscripts Newsletter Manager 1.0/1.0.1/1.0.2

Multiple cross-site request forgery (CSRF) vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change an email address or (2) conduct script insertion attacks.

6.8
2014-01-16 CVE-2013-6645 Google
Microsoft
Apple
Linux
Opensuse
Debian
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving certain print-preview and tab-switch actions that interact with a speech input element.

6.8
2014-01-16 CVE-2014-1473 Mcafee Cross-Site Request Forgery (CSRF) vulnerability in Mcafee vulnerability Manager 7.0.11/7.5.4/7.5.5

Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of users for requests that modify HTML via unspecified vectors related to the "response web page."

6.8
2014-01-15 CVE-2013-5882 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.

6.8
2014-01-15 CVE-2013-5879 Oracle Local Security vulnerability in Oracle Fusion Middleware 8.4/8.4.1

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Maintenance.

6.8
2014-01-15 CVE-2013-5870 Redhat
HP
Oracle
Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.
6.8
2014-01-15 CVE-2013-5860 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

6.8
2014-01-15 CVE-2013-7107 Icinga Cross-Site Request Forgery (CSRF) vulnerability in Icinga

Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to hijack the authentication of users for unspecified commands via unspecified vectors, as demonstrated by bypassing authentication requirements for CVE-2013-7106.

6.8
2014-01-15 CVE-2013-5904 Oracle
Redhat
HP
Unspecified vulnerability in Oracle Java SE 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
6.8
2014-01-15 CVE-2013-7106 Icinga Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Icinga

Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the (1) display_nav_table, (2) page_limit_selector, (3) print_export_link, or (4) page_num_selector function in cgi/cgiutils.c; (5) status_page_num_selector function in cgi/status.c; or (6) display_command_expansion function in cgi/config.c.

6.5
2014-01-15 CVE-2013-7205 Nagios Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nagios

Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read.

6.4
2014-01-15 CVE-2013-2826 Wellintech Permissions, Privileges, and Access Controls vulnerability in Wellintech Kingalarm&Event, Kinggraphic and Kingscada

WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP port 8130.

6.4
2014-01-16 CVE-2014-0667 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System

The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows remote authenticated users to read arbitrary files via a request to this interface, aka Bug ID CSCud75169.

6.3
2014-01-15 CVE-2014-0400 Oracle Remote Security vulnerability in Oracle Internet Directory

Unspecified vulnerability in the Oracle Internet Directory component in Oracle Fusion Middleware 11.1.1.6 and 11.1.1.7 allows remote authenticated users to affect confidentiality via vectors related to OID LDAP server.

6.3
2014-01-15 CVE-2013-5834 SUN Local Security vulnerability in SUN Sunos 5.8

Unspecified vulnerability in Oracle Solaris 8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to ps.

6.2
2014-01-13 CVE-2010-0746 Fedoraproject Path Traversal vulnerability in Fedoraproject Fedora 11/12

Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as used in Fedora 11 and 12 and possibly other operating systems, allows local users to gain privileges via ..

6.2
2014-01-18 CVE-2013-1740 Mozilla Cryptographic Issues vulnerability in Mozilla Network Security Services

The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.

5.8
2014-01-15 CVE-2014-0403 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0375.

5.8
2014-01-15 CVE-2014-0375 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0403.

5.8
2014-01-15 CVE-2013-5890 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Payroll component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3, and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Exception Reporting.

5.5
2014-01-15 CVE-2014-0423 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans.

5.5
2014-01-15 CVE-2014-0372 Oracle SQL Injection vulnerability in Oracle products

Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to DM Others.

5.5
2014-01-15 CVE-2014-0367 Oracle Remote Security vulnerability in Oracle Hyperion 11.1.2.1/11.1.2.2/11.1.2.3

Unspecified vulnerability in the Hyperion Essbase Administration Services component in Oracle Hyperion 11.1.2.1, 11.1.2.2, and 11.1.2.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Admin Console.

5.5
2014-01-15 CVE-2013-7108 Nagios
Icinga
Improper Input Validation vulnerability in multiple products

Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.

5.5
2014-01-15 CVE-2013-5897 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 6.0.0/6.1.0/6.1.1.0

Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.0, 6.1, and 6.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Manage Data Cache.

5.5
2014-01-15 CVE-2014-0419 Oracle Remote Security vulnerability in Oracle Secure Global Desktop

Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization SGD before 4.63 with December 2013 PSU, 4.71, 5.0 with December 2013 PSU, and 5.10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration Console and Workspace Web Applications.

5.1
2014-01-15 CVE-2014-0418 Redhat
Oracle
HP
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, and CVE-2014-0424.
5.1
2014-01-15 CVE-2013-5906 Redhat
Oracle
HP
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install, a different vulnerability than CVE-2013-5905.
5.1
2014-01-15 CVE-2013-5905 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install, a different vulnerability than CVE-2013-5906.

5.1
2014-01-15 CVE-2013-5902 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2014-0410, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424.

5.1
2014-01-18 CVE-2013-6425 Pixman
Canonical
Debian
Redhat
Opensuse
Integer Underflow (Wrap OR Wraparound) vulnerability in multiple products

Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

5.0
2014-01-18 CVE-2013-6424 X ORG Numeric Errors vulnerability in X.Org X Server

Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

5.0
2014-01-16 CVE-2013-6642 Google Unspecified vulnerability in Google Chrome

Google Chrome through 32.0.1700.23 on Android allows remote attackers to spoof the address bar via unspecified vectors.

5.0
2014-01-16 CVE-2013-7294 Libreswan Improper Input Validation vulnerability in Libreswan

The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a denial of service (restart) via an IKEv2 I1 notification without a KE payload.

5.0
2014-01-15 CVE-2013-7293 Asus Improper Access Control vulnerability in Asus Wl-330Nul

The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname.

5.0
2014-01-15 CVE-2013-5887 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect availability via unknown vectors related to Deployment.

5.0
2014-01-15 CVE-2013-5884 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality via vectors related to CORBA.

5.0
2014-01-15 CVE-2013-5880 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 12.2.0/12.2.1/12.2.2

Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.

5.0
2014-01-15 CVE-2013-5877 Oracle Remote Security vulnerability in Oracle products

Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, and 12.2.1 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.

5.0
2014-01-15 CVE-2013-5873 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Integration Broker.

5.0
2014-01-15 CVE-2013-5869 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.6.0/11.1.1.7.0/11.1.1.8.0

Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.6.0, 11.1.1.7.0, and 11.1.1.8.0 allows remote attackers to affect confidentiality via unknown vectors related to Page Service.

5.0
2014-01-15 CVE-2013-5853 Oracle Core RDBMS Remote Security vulnerability in Oracle Database Server 11.1.0.7/11.2.0.3/12.1.0.1

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect availability via unknown vectors.

5.0
2014-01-15 CVE-2013-5795 Oracle Remote Security vulnerability in Oracle products

Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, 12.2.2, and 12.2.3 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.

5.0
2014-01-15 CVE-2014-0443 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.52

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity via unknown vectors related to Security.

5.0
2014-01-15 CVE-2014-0441 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect availability via unknown vectors related to Integration Broker.

5.0
2014-01-15 CVE-2014-0416 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS.

5.0
2014-01-15 CVE-2014-0398 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Discoverer.

5.0
2014-01-15 CVE-2014-0396 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Portal - Web Services.

5.0
2014-01-15 CVE-2014-0395 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Updates Environment Mgmt, a different vulnerability than CVE-2014-0394.

5.0
2014-01-15 CVE-2014-0394 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Updates Environment Mgmt, a different vulnerability than CVE-2014-0395.

5.0
2014-01-15 CVE-2014-0391 Oracle Remote Security vulnerability in Oracle Identity Manager

Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.0, and 11.1.2.1 allows remote attackers to affect confidentiality via unknown vectors related to End User Self Service.

5.0
2014-01-15 CVE-2014-0376 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP.

5.0
2014-01-15 CVE-2014-0369 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Java Integration, a different vulnerability than CVE-2015-0366.

5.0
2014-01-15 CVE-2014-0368 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and Java SE Embedded 7u45, allows remote attackers to affect confidentiality via unknown vectors related to Networking.

5.0
2014-01-15 CVE-2013-5910 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security.

5.0
2014-01-15 CVE-2013-5899 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.

5.0
2014-01-15 CVE-2013-5896 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect availability via vectors related to CORBA.

5.0
2014-01-15 CVE-2013-5895 Redhat
HP
Oracle
Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX.
5.0
2014-01-15 CVE-2013-5876 Oracle
SUN
Local Security vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2014-0447.

4.9
2014-01-15 CVE-2013-5833 SUN Local Security vulnerability in SUN Sunos 5.8/5.9

Unspecified vulnerability in Oracle Solaris 8 and 9 allows local users to affect availability via unknown vectors related to Filesystem.

4.9
2014-01-15 CVE-2013-5909 Oracle Remote Security vulnerability in Oracle Peoplesoft products 9.1/9.2

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Org and Workforce Dev.

4.9
2014-01-13 CVE-2013-7239 Memcached Improper Authentication vulnerability in Memcached

memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.

4.8
2014-01-18 CVE-2014-1438 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application.

4.7
2014-01-15 CVE-2013-5888 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, when running with GNOME, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

4.6
2014-01-15 CVE-2013-5821 Oracle
SUN
Local Security vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via vectors related to RPC.

4.6
2014-01-19 CVE-2013-1438 Dave Coffin NULL Pointer Dereference Denial of Service vulnerability in LibRaw

Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference.

4.3
2014-01-19 CVE-2013-4231 Libtiff Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libtiff

Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c.

4.3
2014-01-17 CVE-2014-1207 Vmware Denial of Service vulnerability in VMWare ESX and Esxi

VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (NULL pointer dereference) by intercepting and modifying Network File Copy (NFC) traffic.

4.3
2014-01-17 CVE-2013-7243 GET Simple Cross-Site Scripting vulnerability in Get-Simple Getsimple CMS 3.1.2/3.2.3

Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) post-menu field to edit.php or (2) Display name field to settings.php.

4.3
2014-01-16 CVE-2012-6632 Vessio Cross-Site Scripting vulnerability in Vessio Netbill 1.2

Multiple cross-site scripting (XSS) vulnerabilities in Vessio NetBill 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) file title to accounts/admin/index.php or (3) comment parameter in the support page to accounts/index2.php.

4.3
2014-01-16 CVE-2012-6630 Rick Mead Cross-Site Scripting vulnerability in Rick Mead Media Library Categories 1.1.1

Multiple cross-site scripting (XSS) vulnerabilities in the Media Library Categories plugin 1.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) bulk parameter to media-library-categories/add.php or (2) q parameter to media-library-categories/view.php.

4.3
2014-01-16 CVE-2012-6628 Xyzscripts Cross-Site Scripting vulnerability in Xyzscripts Newsletter Manager 1.0/1.0.1/1.0.2

Multiple cross-site scripting (XSS) vulnerabilities in the Newsletter Manager plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) xyz_em_campName to admin/create_campaign.php or (2) admin/edit_campaign.php, (3) xyz_em_email parameter to admin/edit_email.php, (4) xyz_em_exportbatchSize parameter to import_export.php, or (5) pagination limit in the Newsletter Manager options.

4.3
2014-01-16 CVE-2012-6627 Xyzscripts Cross-Site Scripting vulnerability in Xyzscripts Newsletter Manager 1.0/1.0.1/1.0.2

Cross-site scripting (XSS) vulnerability in admin/test_mail.php in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2014-01-16 CVE-2012-6624 Mightymess Cross-Site Scripting vulnerability in Mightymess Soundcloud IS Gold 2.1

Cross-site scripting (XSS) vulnerability in the SoundCloud Is Gold plugin 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter in a soundcloud_is_gold_player_preview action to wp-admin/admin-ajax.php.

4.3
2014-01-16 CVE-2012-6623 Vasthtml Cross-Site Scripting vulnerability in Vasthtml Forumpress

Cross-site scripting (XSS) vulnerability in fs-admin/wpf-add-forum.php in the ForumPress WP Forum Server plugin before 1.7.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the groupid parameter in an addforum action to wp-admin/admin.php.

4.3
2014-01-16 CVE-2012-6622 Vasthtml Cross-Site Scripting vulnerability in Vasthtml Forumpress

Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action.

4.3
2014-01-16 CVE-2012-6621 GET Simple Cross-Site Scripting vulnerability in Get-Simple Getsimple CMS

Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Custom Permalink Structure fields in admin/settings.php; (3) path parameter to admin/upload.php; (4) err parameter to admin/theme.php; (5) error parameter to admin/pages.php; or (6) success or (7) err parameter to admin/index.php.

4.3
2014-01-16 CVE-2012-6620 Horde Cross-Site Scripting vulnerability in Horde Kronolith H4

Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-01-16 CVE-2013-6325 IBM Improper Input Validation vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote attackers to cause a denial of service (resource consumption) via a crafted request to a web services endpoint.

4.3
2014-01-16 CVE-2014-0666 Cisco Path Traversal vulnerability in Cisco Jabber

Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056.

4.3
2014-01-16 CVE-2013-6786 Allegrosoft
D Link
Huawei
Sitecom
TP Link
Zyxel
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page.

4.3
2014-01-16 CVE-2014-1472 Mcafee Cross-Site Scripting vulnerability in Mcafee vulnerability Manager 7.0.11/7.5.4/7.5.5

Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-01-15 CVE-2013-6142 Aveva Resource Management Errors vulnerability in Aveva Clearscada 2010/2013

DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages.

4.3
2014-01-15 CVE-2013-5886 Oracle Remote Security vulnerability in Oracle Peoplesoft products 9.1/9.2

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote attackers to affect integrity via unknown vectors related to Common Application Objects.

4.3
2014-01-15 CVE-2014-0445 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2014-0381.

4.3
2014-01-15 CVE-2014-0434 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 6.0.0/6.1.0/6.1.1.0

Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.0, 6.1, and 6.1.1 allows remote attackers to affect integrity via unknown vectors related to Installation.

4.3
2014-01-15 CVE-2014-0433 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.

4.3
2014-01-15 CVE-2014-0390 SUN Remote Security vulnerability in SUN Sunos 5.10

Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Java Web Console.

4.3
2014-01-15 CVE-2014-0389 Oracle Remote Security vulnerability in Oracle Ilearning 6.0

Unspecified vulnerability in Oracle iLearning 6.0 allows remote attackers to affect integrity via unknown vectors related to Learner Pages.

4.3
2014-01-15 CVE-2014-0382 Oracle
HP
Redhat
Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect availability via unknown vectors related to JavaFX.
4.3
2014-01-15 CVE-2014-0380 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to MultiChannel Framework (MCF).

4.3
2014-01-15 CVE-2014-0379 Oracle HTML Injection vulnerability in Oracle products

Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect integrity via unknown vectors related to DM Others.

4.3
2014-01-15 CVE-2014-0374 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.6.0

Unspecified vulnerability in the Oracle Portal component in Oracle Fusion Middleware 11.1.1.6 allows remote attackers to affect integrity via unknown vectors related to Page Parameters and Events.

4.3
2014-01-15 CVE-2013-5901 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.2.0/11.1.2.1.0

Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0 and 11.1.2.1 allows remote attackers to affect confidentiality via unknown vectors related to Identity Console.

4.3
2014-01-15 CVE-2013-5900 Oracle Remote Security vulnerability in Oracle Identity Manager

Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.0, and 11.1.2.1 allows remote attackers to affect integrity via unknown vectors related to End User Self Service.

4.3
2014-01-15 CVE-2014-0378 Oracle Local Security vulnerability in Oracle Database Server

Unspecified vulnerability in the Spatial component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors.

4.1
2014-01-17 CVE-2013-7295 Torproject Cryptographic Issues vulnerability in Torproject TOR

Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors.

4.0
2014-01-16 CVE-2013-6687 Cisco Credentials Management vulnerability in Cisco Webex Meetings Server

The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source code, aka Bug ID CSCul33876.

4.0
2014-01-15 CVE-2014-0261 Microsoft Improper Input Validation vulnerability in Microsoft Dynamics AX 2009/2012/4.0

Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remote authenticated users to cause a denial of service (instance outage) via crafted data to an Application Object Server (AOS) instance, aka "Query Filter DoS Vulnerability."

4.0
2014-01-15 CVE-2014-0665 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Identity Services Engine Software

The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCul83904.

4.0
2014-01-15 CVE-2013-5881 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2014-0431.

4.0
2014-01-15 CVE-2013-5858 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2015-0370.

4.0
2014-01-15 CVE-2014-0440 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect availability via vectors related to PIA Core Technology.

4.0
2014-01-15 CVE-2014-0439 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Report Distribution.

4.0
2014-01-15 CVE-2014-0438 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Panel Processor.

4.0
2014-01-15 CVE-2014-0435 Oracle Remote Security vulnerability in Oracle Supply Chain Products Suite

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, and 6.3.2 allows remote authenticated users to affect availability via unknown vectors related to Data, Domain & Function Security.

4.0
2014-01-15 CVE-2014-0425 Oracle Remote Security vulnerability in Oracle Peoplesoft products 9.2

Unspecified vulnerability in the PeopleSoft Enterprise SCM Services Procurement component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.

4.0
2014-01-15 CVE-2014-0412 Mysql
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

4.0
2014-01-15 CVE-2014-0411 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.

4.0
2014-01-15 CVE-2014-0402 Mysql
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.

4.0
2014-01-15 CVE-2014-0401 Oracle
Mysql
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.

4.0
2014-01-15 CVE-2014-0399 Oracle Remote Security vulnerability in Oracle Supply Chain Products Suite

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3, 6.3.1, and 6.3.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Data, Domain & Function Security.

4.0
2014-01-15 CVE-2014-0392 Oracle Remote Security vulnerability in Oracle Peoplesoft products 9.1/9.2

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.

4.0
2014-01-15 CVE-2014-0388 Oracle Remote Security vulnerability in Oracle Peoplesoft products 9.1/9.2

Unspecified vulnerability in the PeopleSoft Enterprise HRMS Human Resources component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Org and Workforce Dev.

4.0
2014-01-15 CVE-2014-0386 Oracle
Mysql
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

4.0
2014-01-15 CVE-2014-0377 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via vectors related to SYS tables.

4.0
2014-01-15 CVE-2014-0366 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Attachments.

4.0
2014-01-15 CVE-2014-0031 Apache Permissions, Privileges, and Access Controls vulnerability in Apache Cloudstack

The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.

4.0
2014-01-15 CVE-2013-5898 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-0375 and CVE-2014-0403.

4.0
2014-01-15 CVE-2013-5894 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

4.0
2014-01-15 CVE-2013-5891 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.

4.0

44 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-01-16 CVE-2013-6725 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL.

3.5
2014-01-16 CVE-2013-6330 IBM Information Exposure vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.

3.5
2014-01-15 CVE-2013-5871 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 20.1.1

Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle Supply Chain Products Suite 20.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web General, a different vulnerability than CVE-2013-5868 and CVE-2014-0444.

3.5
2014-01-15 CVE-2013-5868 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 20.1.1

Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle Supply Chain Products Suite 20.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web General, a different vulnerability than CVE-2013-5871 and CVE-2014-0444.

3.5
2014-01-15 CVE-2013-5764 Oracle Remote Security vulnerability in Oracle Database Server 11.1.0.7/11.2.0.3/12.1.0.1

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect availability via unknown vectors.

3.5
2014-01-15 CVE-2014-0444 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 20.1.1

Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle Supply Chain Products Suite 20.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web General, a different vulnerability than CVE-2013-5868 and CVE-2013-5871.

3.5
2014-01-15 CVE-2014-0437 Mysql
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

3.5
2014-01-15 CVE-2014-0431 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5881.

3.5
2014-01-15 CVE-2014-0427 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.

3.5
2014-01-15 CVE-2014-0407 Oracle Local Security vulnerability in Oracle VM VirtualBox

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0405.

3.5
2014-01-15 CVE-2014-0405 Oracle Local Security vulnerability in Oracle VM VirtualBox

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0407.

3.5
2014-01-15 CVE-2014-0383 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.2.0/11.1.2.1.0

Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0 and 11.1.2.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Identity Console.

3.5
2014-01-15 CVE-2014-0371 Oracle Cross-Site Scripting vulnerability in Oracle products

Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote authenticated users to affect integrity via unknown vectors related to DM Others.

3.5
2014-01-15 CVE-2013-5892 Oracle Local Security vulnerability in Oracle VM VirtualBox

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.

3.5
2014-01-13 CVE-2013-7292 Vasco Improper Authentication vulnerability in Vasco Identikey Authentication Server 3.4

VASCO IDENTIKEY Authentication Server (IAS) 3.4.x allows remote authenticated users to bypass Active Directory (AD) authentication by entering only a DIGIPASS one-time password, instead of the intended combination of this one-time password and a multiple-time AD password.

3.5
2014-01-19 CVE-2013-2142 Libimobiledevice Link Following vulnerability in Libimobiledevice 1.1.4

userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME are not set, allows local users to overwrite arbitrary files via a symlink attack on (1) HostCertificate.pem, (2) HostPrivateKey.pem, (3) libimobiledevicerc, (4) RootCertificate.pem, or (5) RootPrivateKey.pem in /tmp/root/.config/libimobiledevice/.

3.3
2014-01-17 CVE-2014-1208 Vmware Local Denial Of Service vulnerability in Multiple VMWare Products

VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of service (VMX process disruption) by using an invalid port.

3.3
2014-01-15 CVE-2014-0393 Oracle
Mysql
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.

3.3
2014-01-15 CVE-2013-5883 SUN Local Security vulnerability in SUN Sunos 5.8

Unspecified vulnerability in Oracle Solaris 8 allows local users to affect integrity and availability via unknown vectors related to Kernel.

3.2
2014-01-15 CVE-2014-0430 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.

2.8
2014-01-15 CVE-2014-0420 Oracle
Redhat
Canonical
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.

2.8
2014-01-15 CVE-2014-0370 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel Life Sciences component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Clinical Trip Report.

2.8
2014-01-15 CVE-2013-6398 Apache Permissions, Privileges, and Access Controls vulnerability in Apache Cloudstack

The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request.

2.8
2014-01-19 CVE-2013-4375 Qemu
XEN
Resource Management Errors vulnerability in multiple products

The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors.

2.7
2014-01-15 CVE-2013-5875 Oracle Local Security vulnerability in Oracle Sunos 5.11.1

Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect integrity and availability via vectors related to Role Based Access Control (RBAC).

2.7
2014-01-19 CVE-2013-7078 Typo3 Cross-Site Scripting vulnerability in Typo3

Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message.

2.6
2014-01-19 CVE-2013-0244 Drupal Cross-Site Scripting vulnerability in Drupal

Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are used to select DOM elements.

2.6
2014-01-18 CVE-2013-2037 Canonical
Httplib2 Project
Improper Input Validation vulnerability in multiple products

httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

2.6
2014-01-16 CVE-2013-2139 Fedoraproject
Opensuse
Cisco
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions.

2.6
2014-01-15 CVE-2013-5808 Oracle Remote Security vulnerability in Oracle Fusion Middleware 4.0

Unspecified vulnerability in the Oracle iPlanet Web Proxy Server component in Oracle Fusion Middleware 4.0 allows remote attackers to affect confidentiality via unknown vectors related to Administration.

2.6
2014-01-15 CVE-2014-0381 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2014-0445.

2.6
2014-01-15 CVE-2013-5908 Mysql
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.

2.6
2014-01-14 CVE-2014-0591 ISC Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in ISC Bind

The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature.

2.6
2014-01-15 CVE-2014-0406 Oracle Local Security vulnerability in Oracle VM VirtualBox

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0404.

2.4
2014-01-15 CVE-2014-0404 Oracle Local Security vulnerability in Oracle VM VirtualBox

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0406.

2.4
2014-01-18 CVE-2014-1445 Linux Resource Management Errors vulnerability in Linux Kernel

The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call.

2.1
2014-01-15 CVE-2013-5872 Oracle
SUN
Local Security vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to Name Service Cache Daemon (NSCD).

2.1
2014-01-18 CVE-2014-1446 Linux Resource Management Errors vulnerability in Linux Kernel

The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.

1.9
2014-01-13 CVE-2013-7291 Memcached Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Memcached

memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an "unbounded key print" during logging, related to an issue that was "quickly grepped out of the source tree," a different vulnerability than CVE-2013-0179 and CVE-2013-7290.

1.8
2014-01-13 CVE-2013-7290 Memcached Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Memcached

The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr, a different vulnerability than CVE-2013-0179.

1.8
2014-01-13 CVE-2013-0179 Memcached Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Memcached

The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr.

1.8
2014-01-18 CVE-2014-1444 Linux Resource Management Errors vulnerability in Linux Kernel

The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call.

1.7
2014-01-15 CVE-2013-5885 Oracle Local Security vulnerability in Oracle Sunos 5.11.1

Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect integrity via unknown vectors related to Audit.

1.7
2014-01-15 CVE-2013-5874 Oracle Local Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows local users to affect confidentiality via unknown vectors related to Logging.

1.7