Vulnerability Summary for the Week of March 11, 2013

Released
Mar 20, 2013
Document ID
SB13-077

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
360systems -- image_server_2000360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a hardcoded password for the root account, which makes it easier for remote attackers to execute arbitrary code, or modify video content or scheduling, via an SSH session.2013-03-1110.0CVE-2012-4702
adobe -- adobe_airInteger overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors.2013-03-1310.0CVE-2013-0646
adobe -- adobe_airUse-after-free vulnerability in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors.2013-03-1310.0CVE-2013-0650
adobe -- adobe_airAdobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.2013-03-1310.0CVE-2013-1371
adobe -- adobe_airHeap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors.2013-03-1310.0CVE-2013-1375
adobe -- acrobat_readerUnspecified vulnerability in Adobe Reader 11.0.02 allows remote attackers to execute arbitrary code via vectors related to a "break into the sandbox," as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013.2013-03-117.5CVE-2013-2549
adobe -- acrobat_readerUnspecified vulnerability in Adobe Reader 11.0.02 allows attackers to bypass the sandbox protection mechanism via unknown vectors, as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013.2013-03-117.5CVE-2013-2550
adobe -- flash_playerAdobe Flash Player 11.6.602.171 on Windows allows remote attackers to execute arbitrary code via vectors that leverage an "overflow," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.2013-03-1110.0CVE-2013-2555
advantech -- advantech_studioAbsolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function.2013-03-117.8CVE-2013-1627
apple -- mac_os_xIOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted graphics image.2013-03-159.3CVE-2013-0976
bitcoin -- bitcoin-qtThe alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature data, but relies on a hash of this signature, which allows remote attackers to cause a denial of service (resource consumption) via a valid modified signature for a circulating alert.2013-03-127.8CVE-2012-4684
bitcoin -- bitcoin-qtbitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing multiple OP_CHECKSIG script opcodes.2013-03-127.8CVE-2013-2292
debian -- cfingerdBuffer overflow in the RFC1413 (ident) client in cfingerd 1.4.3-3 allows remote IDENT servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted response.2013-03-1310.0CVE-2013-1049
google -- chromeWebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion."2013-03-117.5CVE-2013-0912
hp -- systems_insight_managerUnspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-1998.2013-03-117.5CVE-2012-1997
hp -- systems_insight_managerUnspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows remote authenticated users to obtain sensitive information or modify data via unknown vectors.2013-03-118.5CVE-2012-1999
microsoft -- silverlightMicrosoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."2013-03-129.3CVE-2013-0074
microsoft -- office_filter_packMicrosoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."2013-03-129.3CVE-2013-0079
microsoft -- sharepoint_foundationMicrosoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."2013-03-127.5CVE-2013-0080
microsoft -- sharepoint_foundationDirectory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."2013-03-127.5CVE-2013-0084
microsoft -- sharepoint_foundationBuffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."2013-03-127.8CVE-2013-0085
microsoft -- internet_explorerUse-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer OnResize Use After Free Vulnerability."2013-03-129.3CVE-2013-0087
microsoft -- internet_explorerUse-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer saveHistory Use After Free Vulnerability."2013-03-129.3CVE-2013-0088
microsoft -- internet_explorerUse-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability."2013-03-129.3CVE-2013-0089
microsoft -- internet_explorerUse-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability."2013-03-129.3CVE-2013-0090
microsoft -- internet_explorerUse-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability."2013-03-129.3CVE-2013-0091
microsoft -- internet_explorerUse-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer GetMarkupPtr Use After Free Vulnerability."2013-03-129.3CVE-2013-0092
microsoft -- internet_explorerUse-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer onBeforeCopy Use After Free Vulnerability."2013-03-129.3CVE-2013-0093
microsoft -- internet_explorerUse-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer removeChild Use After Free Vulnerability."2013-03-129.3CVE-2013-0094
microsoft -- windows_7The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.2013-03-127.2CVE-2013-1285
microsoft -- windows_7The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.2013-03-127.2CVE-2013-1286
microsoft -- windows_7The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.2013-03-127.2CVE-2013-1287
microsoft -- internet_explorerUse-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CTreeNode Use After Free Vulnerability."2013-03-129.3CVE-2013-1288
microsoft -- internet_explorerUnspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.2013-03-1110.0CVE-2013-2551
microsoft -- internet_explorerUnspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.2013-03-117.5CVE-2013-2552
microsoft -- windows_7Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912.2013-03-117.2CVE-2013-2553
microsoft -- windows_7Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787.2013-03-117.5CVE-2013-2554
microsoft -- windows_7Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.2013-03-117.5CVE-2013-2556
microsoft -- internet_explorerThe sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.2013-03-117.5CVE-2013-2557
microsoft -- windows_8Unspecified vulnerability in Microsoft Windows 8 allows remote attackers to cause a denial of service (reboot) or possibly have unknown other impact via a crafted TrueType Font (TTF) file, as demonstrated by the 120612-69701-01.dmp error report.2013-03-1210.0CVE-2013-2558
novell -- zenworks_mobile_managementDirectory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter.2013-03-117.5CVE-2013-1081
openafs -- openafsBuffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry.2013-03-137.5CVE-2013-1794
piwigo -- piwigoCross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.2013-03-137.6CVE-2013-1468
redhat -- jboss_enterprise_application_platformThe default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.2013-03-127.5CVE-2012-5629

Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- qpidThe default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.2013-03-136.8CVE-2012-4446
apache -- qpidThe AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.2013-03-135.0CVE-2012-4458
apache -- qpidInteger overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.2013-03-135.0CVE-2012-4459
apache -- qpidThe serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.2013-03-135.0CVE-2012-4460
apache -- cxfApache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.2013-03-125.0CVE-2013-0239
apache -- raveThe users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.2013-03-134.0CVE-2013-1814
apple -- safariWebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0961.2013-03-156.8CVE-2013-0960
apple -- safariWebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960.2013-03-156.8CVE-2013-0961
apple -- mac_os_xThe Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.2013-03-156.4CVE-2013-0966
apple -- mac_os_xCoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site.2013-03-154.3CVE-2013-0967
apple -- mac_os_xLogin Window in Apple Mac OS X before 10.8.3 does not prevent application launching with the VoiceOver feature, which allows physically proximate attackers to bypass authentication and make arbitrary System Preferences changes via unspecified use of the keyboard.2013-03-154.9CVE-2013-0969
apple -- mac_os_xMessages in Apple Mac OS X before 10.8.3 allows remote attackers to bypass the FaceTime call-confirmation prompt via a crafted FaceTime: URL.2013-03-154.3CVE-2013-0970
apple -- mac_os_xUse-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document.2013-03-156.8CVE-2013-0971
apple -- mac_os_xSoftware Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream.2013-03-156.8CVE-2013-0973
bitcoin -- bitcoin-qtThe penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 allows remote attackers to determine associations between wallet addresses and IP addresses via a series of large Bitcoin transactions with insufficient fees.2013-03-125.0CVE-2013-2272
bitcoin -- bitcoin-qtbitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain potentially sensitive information about returned change by leveraging certain predictability in the outputs of a Bitcoin transaction.2013-03-125.0CVE-2013-2273
bitcoin -- bitcoin-qtThe CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attackers to cause a denial of service (disk I/O consumption) via a Bitcoin transaction with many inputs corresponding to many different parts of the stored block chain.2013-03-125.0CVE-2013-2293
boost -- boostboost::locale::utf::utf_traits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes.2013-03-125.0CVE-2013-0252
condor_project -- condoraviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a denial of service (condor_schedd restart) via square brackets in the cproc option.2013-03-134.3CVE-2012-4462
david_king -- vinoVino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.2013-03-124.6CVE-2011-1164
david_king -- vinoVino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks.2013-03-125.1CVE-2011-1165
emerson -- deltav_se3006_sd_plus_controllerThe Emerson DeltaV SE3006 through 11.3.1, DeltaV VE3005 through 10.3.1 and 11.x through 11.3.1, and DeltaV VE3006 through 10.3.1 and 11.x through 11.3.1 allow remote attackers to cause a denial of service (device restart) via a crafted packet on (1) TCP port 23, (2) UDP port 161, or (3) TCP port 513.2013-03-116.1CVE-2012-4703
fedoraproject -- 389_directory_server389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence.2013-03-135.0CVE-2013-0312
firebirdsql -- firebirdStack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information.2013-03-156.8CVE-2013-2492
freeradius -- freeradiusmodules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.2013-03-126.0CVE-2011-4966
fusionforge -- fusionforge(1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump_update.pl, (7) plugins/scmbzr/common/BzrPlugin.class.php, (8) plugins/scmcvs/common/CVSPlugin.class.php, (9) plugins/scmcvs/cronjobs/cvs.php, (10) plugins/scmcvs/cronjobs/ssh_create.php, (11) plugins/scmgit/common/GitPlugin.class.php, (12) plugins/scmsvn/common/SVNPlugin.class.php, (13) plugins/wiki/cronjobs/create_groups.php, (14) utils/cvs1/cvscreate.sh, and (15) utils/include.pl in FusionForge 5.0, 5.1, and 5.2 allows local users to change arbitrary file permissions, obtain sensitive information, and have other unspecified impacts via a (1) symlink or (2) hard link attack on certain files.2013-03-136.9CVE-2013-1423
ganglia -- ganglia-webMultiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2013-03-134.3CVE-2013-0275
hp -- systems_insight_managerUnspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows remote attackers to modify data via unknown vectors.2013-03-114.3CVE-2012-1996
hp -- systems_insight_managerUnspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-1997.2013-03-116.8CVE-2012-1998
inkscape -- inkscapeInkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.2013-03-124.4CVE-2012-6076
microsoft -- sharepoint_foundationCross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."2013-03-124.3CVE-2013-0083
microsoft -- sharepoint_foundationMicrosoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."2013-03-125.0CVE-2013-0086
microsoft -- officeOutlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability."2013-03-125.0CVE-2013-0095
openafs -- openafsInteger overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow.2013-03-135.0CVE-2013-1795
piwigo -- piwigoDirectory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.2013-03-134.0CVE-2013-1469
privoxy -- privoxyPrivoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.2013-03-115.8CVE-2013-2503
redhat -- automatic_bug_reporting_toolabrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes."2013-03-126.9CVE-2012-5660
redhat -- aeolus_conductorThe Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting.2013-03-125.5CVE-2012-6118
redhat -- enterprise_virtualization_managerThe MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors.2013-03-124.0CVE-2013-0168
tibco -- spotfire_statistics_servicesThe Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request.2013-03-155.0CVE-2013-2371
tibco -- spotfire_web_playerCross-site scripting (XSS) vulnerability in the Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2013-03-154.3CVE-2013-2372
tibco -- spotfire_web_playerThe Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.2013-03-156.4CVE-2013-2373

Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- commons_fileuploadThe default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.2013-03-153.3CVE-2013-0248
hp -- systems_insight_managerUnspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows local users to obtain sensitive information or modify data via unknown vectors.2013-03-113.2CVE-2012-1995
linux -- linux_kernelnet/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability and providing a (1) new or (2) updated state.2013-03-152.1CVE-2012-6536
linux -- linux_kernelnet/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.2013-03-151.9CVE-2012-6537
linux -- linux_kernelThe copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.2013-03-151.9CVE-2012-6538
linux -- linux_kernelThe dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.2013-03-151.9CVE-2012-6539
linux -- linux_kernelThe do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.2013-03-151.9CVE-2012-6540
linux -- linux_kernelThe ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.2013-03-151.9CVE-2012-6541
linux -- linux_kernelThe llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument.2013-03-151.9CVE-2012-6542
linux -- linux_kernelThe l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.2013-03-151.9CVE-2012-6543
linux -- linux_kernelThe Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation.2013-03-151.9CVE-2012-6544
linux -- linux_kernelThe Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.2013-03-151.9CVE-2012-6545
linux -- linux_kernelThe ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.2013-03-151.9CVE-2012-6546
linux -- linux_kernelThe __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.2013-03-151.9CVE-2012-6547
linux -- linux_kernelThe udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.2013-03-151.9CVE-2012-6548
linux -- linux_kernelThe isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.2013-03-151.9CVE-2012-6549
redhat -- cloudforms_cloud_engineaeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file.2013-03-122.1CVE-2012-5509
redhat -- automatic_bug_reporting_toolUntrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary Python modules by modifying the PYTHONPATH environment variable to reference a malicious Python module.2013-03-123.7CVE-2012-5659
redhat -- enterprise_virtualization_managerThe domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file.2013-03-122.1CVE-2012-6115
redhat -- cloudforms_cloud_engineAeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file.2013-03-122.1CVE-2012-6117
redhat -- enterprise_mrgThe report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability.2013-03-152.1CVE-2013-2546
redhat -- enterprise_mrgThe crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.2013-03-152.1CVE-2013-2547
redhat -- enterprise_mrgThe crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.2013-03-152.1CVE-2013-2548

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.