Vulnerability Summary for the Week of March 18, 2013
Released
Mar 25, 2013
Document ID
SB13-084
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple -- mac_os_x | IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted graphics image. | 2013-03-15 | 9.3 | CVE-2013-0976 |
| apple -- apple_tv | The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code. | 2013-03-20 | 7.2 | CVE-2013-0981 |
| askia -- askiaweb | Multiple SQL injection vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to execute arbitrary SQL commands via (1) the nHistoryId parameter to WebProd/pages/pgHistory.asp or (2) the OrderBy parameter to WebProd/pages/pgadmin.asp. | 2013-03-21 | 7.5 | CVE-2013-0123 |
| canonical -- ubuntu_linux | pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the PATH environment variable, which allows local users to gain privileges via unspecified vectors related to sudo. | 2013-03-21 | 7.2 | CVE-2013-1052 |
| cloudbees -- jenkins | Unspecified vulnerability in CloudBees Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to bypass the CSRF protection mechanism via unknown attack vectors. | 2013-03-19 | 7.5 | CVE-2013-0329 |
| debian -- latd | Stack-based buffer overflow in llogincircuit.cc in latd 1.25 through 1.30 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the llogin version. | 2013-03-19 | 10.0 | CVE-2013-0251 |
| foscam -- fi8919w | Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) web credentials or (2) Wi-Fi credentials. | 2013-03-15 | 7.8 | CVE-2013-2560 |
| google -- chrome | The GPU process in Google Chrome OS before 25.0.1364.173 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an "overflow." | 2013-03-18 | 10.0 | CVE-2013-0915 |
| ibm -- infosphere_information_server | The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations. | 2013-03-20 | 7.2 | CVE-2012-5938 |
| linux -- linux_kernel | Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition. | 2013-03-18 | 7.2 | CVE-2013-0913 |
| puppetlabs -- puppet | The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request. | 2013-03-20 | 9.0 | CVE-2013-1640 |
| puppetlabs -- puppet | Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request. | 2013-03-20 | 7.1 | CVE-2013-1653 |
| puppetlabs -- puppet | Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes." | 2013-03-20 | 7.5 | CVE-2013-1655 |
| realnetworks -- realplayer | Heap-based buffer overflow in RealNetworks RealPlayer before 16.0.1.18 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a malformed MP4 file. | 2013-03-20 | 9.3 | CVE-2013-1750 |
| rubygems -- command_wrap | command_wrap.rb in the command_wrap Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL or filename. | 2013-03-20 | 7.5 | CVE-2013-1875 |
| rubygems -- fastreader | lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | 2013-03-20 | 7.5 | CVE-2013-2615 |
| rubygems -- mini_magick | lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | 2013-03-20 | 7.5 | CVE-2013-2616 |
| rubygems -- curl | lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | 2013-03-20 | 7.5 | CVE-2013-2617 |
| siteminder_agent_for_sharepoint -- 2010 | CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain privileges. | 2013-03-21 | 7.5 | CVE-2013-2279 |
| typo3 -- typo3 | SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values." | 2013-03-20 | 7.5 | CVE-2013-1842 |
| windriver -- vxworks | IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to cause a denial of service (daemon outage) via a crafted authentication request. | 2013-03-20 | 7.8 | CVE-2013-0711 |
| windriver -- vxworks | IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to execute arbitrary code or cause a denial of service (daemon hang) via a crafted public-key authentication request. | 2013-03-20 | 10.0 | CVE-2013-0714 |
| zoneminder -- zoneminder | includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function. | 2013-03-20 | 7.5 | CVE-2013-0232 |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple -- safari | WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0961. | 2013-03-15 | 6.8 | CVE-2013-0960 |
| apple -- safari | WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960. | 2013-03-15 | 6.8 | CVE-2013-0961 |
| apple -- mac_os_x | The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI. | 2013-03-15 | 6.4 | CVE-2013-0966 |
| apple -- mac_os_x | CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site. | 2013-03-15 | 4.3 | CVE-2013-0967 |
| apple -- mac_os_x | Login Window in Apple Mac OS X before 10.8.3 does not prevent application launching with the VoiceOver feature, which allows physically proximate attackers to bypass authentication and make arbitrary System Preferences changes via unspecified use of the keyboard. | 2013-03-15 | 4.9 | CVE-2013-0969 |
| apple -- mac_os_x | Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document. | 2013-03-15 | 6.8 | CVE-2013-0971 |
| apple -- mac_os_x | Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream. | 2013-03-15 | 6.8 | CVE-2013-0973 |
| apple -- apple_tv | dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments. | 2013-03-20 | 4.6 | CVE-2013-0977 |
| askia -- askiaweb | Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to inject arbitrary web script or HTML via the (1) Number or (2) UpdatePage parameter to WebProd/cgi-bin/AskiaExt.dll. | 2013-03-21 | 4.3 | CVE-2013-0124 |
| citrix -- access_gateway | Unspecified vulnerability in Citrix Access Gateway Standard Edition 5.0.x before 5.0.4.223524 allows remote attackers to access network resources via unknown attack vectors. | 2013-03-19 | 5.0 | CVE-2013-2263 |
| cloudbees -- jenkins | Cross-site request forgery (CSRF) vulnerability in Jenkins master in CloudBees Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to hijack the authentication of users via unknown vectors. | 2013-03-19 | 6.8 | CVE-2013-0327 |
| cloudbees -- jenkins | Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-03-19 | 4.3 | CVE-2013-0328 |
| cloudbees -- jenkins | Unspecified vulnerability in CloudBees Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors. | 2013-03-19 | 4.0 | CVE-2013-0330 |
| cloudbees -- jenkins | CloudBees Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to cause a denial of service via a crafted payload. | 2013-03-19 | 4.0 | CVE-2013-0331 |
| debian -- apt | apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories. | 2013-03-21 | 4.3 | CVE-2013-1051 |
| fedoraproject -- sssd | The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions. | 2013-03-21 | 4.9 | CVE-2013-0287 |
| firebirdsql -- firebird | Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information. | 2013-03-15 | 6.8 | CVE-2013-2492 |
| google -- chrome | Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by the Bejeweled game. | 2013-03-21 | 6.8 | CVE-2013-2632 |
| guy_bedford -- live_css | Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | 2013-03-19 | 6.0 | CVE-2013-0206 |
| ibm -- rational_clearquest | Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2013-03-21 | 4.3 | CVE-2012-5757 |
| ibm -- sterling_multi-channel_fulfillment_solution | IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors. | 2013-03-19 | 5.5 | CVE-2013-0505 |
| ibm -- sterling_multi-channel_fulfillment_solution | Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2013-03-19 | 4.3 | CVE-2013-0506 |
| leighton_whiting -- mark_complete | Cross-site request forgery (CSRF) vulnerability in the Mark Complete module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2013-03-19 | 6.8 | CVE-2013-0207 |
| linux -- linux_kernel | Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads. | 2013-03-22 | 4.7 | CVE-2013-1792 |
| linux -- linux_kernel | The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application. | 2013-03-22 | 6.8 | CVE-2013-1796 |
| linux -- linux_kernel | Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. | 2013-03-22 | 6.8 | CVE-2013-1797 |
| linux -- linux_kernel | The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. | 2013-03-22 | 6.2 | CVE-2013-1798 |
| linux -- linux_kernel | The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability. | 2013-03-22 | 6.2 | CVE-2013-1826 |
| linux -- linux_kernel | net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call. | 2013-03-22 | 6.2 | CVE-2013-1827 |
| linux -- linux_kernel | The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call. | 2013-03-22 | 6.9 | CVE-2013-1828 |
| linux -- linux_kernel | fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application. | 2013-03-22 | 6.2 | CVE-2013-1848 |
| linux -- linux_kernel | Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device. | 2013-03-22 | 6.9 | CVE-2013-1860 |
| mailup -- wp-mailup | ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks by setting the wordpress_logged_in cookie. NOTE: this is due to an incomplete fix for a similar issue that was fixed in 1.3.2. | 2013-03-22 | 5.0 | CVE-2013-0731 |
| mailup -- wp-mailup | ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to "formData=save" requests, a different version than CVE-2013-0731. | 2013-03-22 | 5.0 | CVE-2013-2640 |
| nec -- atermwm3450rn | Multiple cross-site request forgery (CSRF) vulnerabilities in the web-based management utility on the NEC AtermWR9500N, AtermWR8600N, AtermWR8370N, AtermWR8160N, AtermWM3600R, and AtermWM3450RN routers allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device. | 2013-03-19 | 6.8 | CVE-2013-0717 |
| piwik -- piwik | Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-03-21 | 4.3 | CVE-2013-1844 |
| piwik -- piwik | Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters. | 2013-03-21 | 5.0 | CVE-2013-2633 |
| puppetlabs -- puppet | Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors. | 2013-03-20 | 4.9 | CVE-2013-1652 |
| puppetlabs -- puppet | Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors. | 2013-03-20 | 5.0 | CVE-2013-1654 |
| puppetlabs -- puppet | Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report. | 2013-03-20 | 6.5 | CVE-2013-2274 |
| puppetlabs -- puppet | The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors. | 2013-03-20 | 4.0 | CVE-2013-2275 |
| restful_web_services_project -- restws | Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vectors. | 2013-03-19 | 6.8 | CVE-2013-0205 |
| rubyonrails -- ruby_on_rails | The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method. | 2013-03-19 | 5.0 | CVE-2013-1854 |
| rubyonrails -- ruby_on_rails | The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences. | 2013-03-19 | 4.3 | CVE-2013-1855 |
| rubyonrails -- ruby_on_rails | The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving (1) an external DTD or (2) an external entity declaration in conjunction with an entity reference. | 2013-03-19 | 5.8 | CVE-2013-1856 |
| rubyonrails -- ruby_on_rails | The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence. | 2013-03-19 | 4.3 | CVE-2013-1857 |
| samba -- samba | Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, create, or delete arbitrary files via standard filesystem operations. | 2013-03-19 | 6.0 | CVE-2013-1863 |
| selinc -- acselerator_quickset | Schweitzer Engineering Laboratories (SEL) AcSELerator QuickSet before 5.12.0.1 uses weak permissions for its Program Files directory, which allows local users to replace executable files, and consequently gain privileges, via standard filesystem operations. | 2013-03-21 | 6.2 | CVE-2013-0665 |
| siemens -- wincc_tia_portal | Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging (1) physical access or (2) Sm@rt Server access. | 2013-03-21 | 4.6 | CVE-2011-4515 |
| siemens -- wincc_tia_portal | Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2013-03-21 | 4.3 | CVE-2013-0667 |
| siemens -- wincc_tia_portal | Multiple cross-site scripting (XSS) vulnerabilities in the HMI web application in Siemens WinCC (TIA Portal) 11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2013-03-21 | 4.3 | CVE-2013-0668 |
| siemens -- wincc_tia_portal | The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted HTTP request. | 2013-03-21 | 4.0 | CVE-2013-0669 |
| siemens -- wincc_tia_portal | CRLF injection vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | 2013-03-21 | 4.3 | CVE-2013-0670 |
| siemens -- wincc_tia_portal | Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to read HMI web-application source code and user-defined scripts via a crafted URL. | 2013-03-21 | 4.0 | CVE-2013-0671 |
| siemens -- simatic_pcs7 | Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long parameter. | 2013-03-21 | 6.8 | CVE-2013-0674 |
| siemens -- simatic_pcs7 | Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a denial of service via a crafted packet. | 2013-03-21 | 6.1 | CVE-2013-0675 |
| siemens -- simatic_pcs7 | Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query. | 2013-03-21 | 4.0 | CVE-2013-0676 |
| siemens -- simatic_pcs7 | The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file. | 2013-03-21 | 5.8 | CVE-2013-0677 |
| siemens -- simatic_pcs7 | Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query. | 2013-03-21 | 4.0 | CVE-2013-0678 |
| siemens -- simatic_pcs7 | Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname. | 2013-03-21 | 4.0 | CVE-2013-0679 |
| tibco -- spotfire_statistics_services | The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request. | 2013-03-15 | 5.0 | CVE-2013-2371 |
| tibco -- spotfire_web_player | Cross-site scripting (XSS) vulnerability in the Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-03-15 | 4.3 | CVE-2013-2372 |
| tibco -- spotfire_web_player | The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | 2013-03-15 | 6.4 | CVE-2013-2373 |
| typo3 -- typo3 | Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2013-03-20 | 6.4 | CVE-2013-1843 |
| verizon -- fios_actiontec_mi424wr-gen31_router | Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters. | 2013-03-21 | 6.8 | CVE-2013-0126 |
| video_project -- video | The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file. | 2013-03-19 | 4.4 | CVE-2013-0224 |
| windriver -- vxworks | IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted packet. | 2013-03-20 | 6.8 | CVE-2013-0712 |
| windriver -- vxworks | IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted pty request. | 2013-03-20 | 6.8 | CVE-2013-0713 |
| windriver -- vxworks | The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remote authenticated users to cause a denial of service (CLI session crash) via a crafted command string. | 2013-03-20 | 4.0 | CVE-2013-0715 |
| windriver -- vxworks | The web server in Wind River VxWorks 5.5 through 6.9 allows remote attackers to cause a denial of service (daemon crash) via a crafted URI. | 2013-03-20 | 5.0 | CVE-2013-0716 |
| zoneminder -- zoneminder | Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter. | 2013-03-20 | 5.0 | CVE-2013-0332 |
| zugec_ivan -- keyboard_shortcut_utility | The Keyboard Shortcut Utility module 7.x-1.x before 7.x-1.1 for Drupal does not properly check node restrictions, which allows (1) remote authenticated users with the "view shortcuts" permission to read nodes or (2) remote authenticated users with the "admin shortcuts" permission to read, edit, or delete nodes via unspecified vectors. | 2013-03-19 | 6.0 | CVE-2013-0226 |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| N/A -- N/A | The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. | 2013-03-15 | 2.6 | CVE-2013-2566 |
| apache -- commons_fileupload | The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack. | 2013-03-15 | 3.3 | CVE-2013-0248 |
| apple -- apple_tv | The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code. | 2013-03-20 | 2.1 | CVE-2013-0978 |
| apple -- iphone_os | lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink. | 2013-03-20 | 1.9 | CVE-2013-0979 |
| apple -- iphone_os | The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature. | 2013-03-20 | 2.1 | CVE-2013-0980 |
| ibm -- tivoli_endpoint_manager | Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli Endpoint Manager (TEM) before 8.2.1372 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2013-03-21 | 3.5 | CVE-2013-0453 |
| lighttpd -- lighttpd | The configuration file for the FastCGI PHP support for lighthttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition. | 2013-03-21 | 1.9 | CVE-2013-1427 |
| linux -- linux_kernel | net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability and providing a (1) new or (2) updated state. | 2013-03-15 | 2.1 | CVE-2012-6536 |
| linux -- linux_kernel | net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. | 2013-03-15 | 1.9 | CVE-2012-6537 |
| linux -- linux_kernel | The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. | 2013-03-15 | 1.9 | CVE-2012-6538 |
| linux -- linux_kernel | The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | 2013-03-15 | 1.9 | CVE-2012-6539 |
| linux -- linux_kernel | The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | 2013-03-15 | 1.9 | CVE-2012-6540 |
| linux -- linux_kernel | The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | 2013-03-15 | 1.9 | CVE-2012-6541 |
| linux -- linux_kernel | The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. | 2013-03-15 | 1.9 | CVE-2012-6542 |
| linux -- linux_kernel | The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | 2013-03-15 | 1.9 | CVE-2012-6543 |
| linux -- linux_kernel | The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. | 2013-03-15 | 1.9 | CVE-2012-6544 |
| linux -- linux_kernel | The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. | 2013-03-15 | 1.9 | CVE-2012-6545 |
| linux -- linux_kernel | The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | 2013-03-15 | 1.9 | CVE-2012-6546 |
| linux -- linux_kernel | The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | 2013-03-15 | 1.9 | CVE-2012-6547 |
| linux -- linux_kernel | The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. | 2013-03-15 | 1.9 | CVE-2012-6548 |
| linux -- linux_kernel | The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. | 2013-03-15 | 1.9 | CVE-2012-6549 |
| linux -- linux_kernel | The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. | 2013-03-22 | 3.6 | CVE-2013-0914 |
| linux -- linux_kernel | net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | 2013-03-22 | 1.9 | CVE-2013-2634 |
| linux -- linux_kernel | The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | 2013-03-22 | 1.9 | CVE-2013-2635 |
| linux -- linux_kernel | net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. | 2013-03-22 | 1.9 | CVE-2013-2636 |
| mathijs_koenraadt -- search_api_sorts | Cross-site scripting (XSS) vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels. | 2013-03-19 | 2.1 | CVE-2013-0227 |
| oracle -- auto_service_request | asr in Oracle Auto Service Request allows local users to modify arbitrary files via a symlink attack on a predictable filename in /tmp. | 2013-03-18 | 1.9 | CVE-2013-1495 |
| redhat -- libvirt | libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors. | 2013-03-20 | 3.6 | CVE-2013-1766 |
| redhat -- enterprise_mrg | The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability. | 2013-03-15 | 2.1 | CVE-2013-2546 |
| redhat -- enterprise_mrg | The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. | 2013-03-15 | 2.1 | CVE-2013-2547 |
| redhat -- enterprise_mrg | The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. | 2013-03-15 | 2.1 | CVE-2013-2548 |
| siemens -- wincc_tia_portal | Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified data. | 2013-03-21 | 3.5 | CVE-2013-0672 |
| user_relationships_project -- user_relationships | Cross-site scripting (XSS) vulnerability in the User Relationships module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for Drupal allows remote authenticated users with the "administer user relationships" permission to inject arbitrary web script or HTML via a relationship name. | 2013-03-19 | 2.1 | CVE-2013-0225 |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.