Vulnerability Summary for the Week of November 12, 2012
Released
Nov 19, 2012
Document ID
SB12-324
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- adobe_air | Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. | 2012-11-13 | 10.0 | CVE-2012-5285 |
| adobe -- adobe_air | Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. | 2012-11-13 | 10.0 | CVE-2012-5286 |
| adobe -- adobe_air | Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. | 2012-11-13 | 10.0 | CVE-2012-5287 |
| adobe -- adobe_air | Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 has unknown impact and attack vectors. | 2012-11-13 | 10.0 | CVE-2012-5673 |
| apple -- quicktime | Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted REGION record in a PICT file. | 2012-11-09 | 9.3 | CVE-2011-1374 |
| apple -- quicktime | Use-after-free vulnerability in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with a crafted _qtactivex_ parameter in an OBJECT element. | 2012-11-09 | 9.3 | CVE-2012-3751 |
| apple -- quicktime | Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime TeXML file. | 2012-11-09 | 9.3 | CVE-2012-3752 |
| apple -- quicktime | Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type. | 2012-11-09 | 9.3 | CVE-2012-3753 |
| apple -- quicktime | Use-after-free vulnerability in the Clear method in the ActiveX control in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | 2012-11-09 | 9.3 | CVE-2012-3754 |
| apple -- quicktime | Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Targa image. | 2012-11-09 | 9.3 | CVE-2012-3755 |
| apple -- quicktime | Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rnet box in an MP4 movie file. | 2012-11-09 | 9.3 | CVE-2012-3756 |
| apple -- quicktime | Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file. | 2012-11-09 | 9.3 | CVE-2012-3757 |
| apple -- quicktime | Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted transform attribute in a text3GTrack element in a QuickTime TeXML file. | 2012-11-09 | 9.3 | CVE-2012-3758 |
| broadcom -- bcm4325 | The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element. | 2012-11-14 | 7.8 | CVE-2012-2619 |
| c3-ilex -- eoscada | EOSDataServer.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service by sending a large amount of data to TCP port 24006. | 2012-11-13 | 7.8 | CVE-2012-1811 |
| c3-ilex -- eoscada | eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service by sending a large amount of data to TCP port 12000. | 2012-11-13 | 7.8 | CVE-2012-1813 |
| ibm -- websphere_application_server | IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors. | 2012-11-14 | 7.5 | CVE-2012-4850 |
| libproxy_project -- libproxy | Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file. | 2012-11-11 | 10.0 | CVE-2012-4504 |
| libproxy_project -- libproxy | Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a different vulnerability than CVE-2012-4504. | 2012-11-11 | 10.0 | CVE-2012-4505 |
| microsoft -- windows_7 | Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability." | 2012-11-13 | 9.3 | CVE-2012-1527 |
| microsoft -- windows_7 | Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability." | 2012-11-13 | 9.3 | CVE-2012-1528 |
| microsoft -- internet_explorer | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability." | 2012-11-13 | 9.3 | CVE-2012-1538 |
| microsoft -- internet_explorer | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreePos Use After Free Vulnerability." | 2012-11-13 | 9.3 | CVE-2012-1539 |
| microsoft -- excel | Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SerAuxErrBar Heap Overflow Vulnerability." | 2012-11-13 | 9.3 | CVE-2012-1885 |
| microsoft -- excel | Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability." | 2012-11-13 | 9.3 | CVE-2012-1886 |
| microsoft -- excel | Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability." | 2012-11-13 | 9.3 | CVE-2012-1887 |
| microsoft -- .net_framework | The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability." | 2012-11-13 | 9.3 | CVE-2012-1895 |
| microsoft -- .net_framework | Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability." | 2012-11-13 | 7.9 | CVE-2012-2519 |
| microsoft -- windows_7 | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." | 2012-11-13 | 7.2 | CVE-2012-2530 |
| microsoft -- excel | Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Stack Overflow Vulnerability." | 2012-11-13 | 9.3 | CVE-2012-2543 |
| microsoft -- windows_7 | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." | 2012-11-13 | 7.2 | CVE-2012-2553 |
| microsoft -- internet_explorer | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreeNode Use After Free Vulnerability." | 2012-11-13 | 9.3 | CVE-2012-4775 |
| microsoft -- .net_framework | The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability." | 2012-11-13 | 9.3 | CVE-2012-4776 |
| microsoft -- .net_framework | The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "WPF Reflection Optimization Vulnerability." | 2012-11-13 | 9.3 | CVE-2012-4777 |
| symantec -- antivirus | The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of CAB archives, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file. | 2012-11-14 | 9.3 | CVE-2012-4953 |
| verifone -- vericentre_web_console | Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter. | 2012-11-15 | 7.5 | CVE-2012-4951 |
| vmware -- ovf_tool | Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file. | 2012-11-14 | 9.3 | CVE-2012-3569 |
| vmware -- player | VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application. | 2012-11-14 | 8.3 | CVE-2012-5458 |
| vmware -- player | Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a "system folder." | 2012-11-14 | 7.9 | CVE-2012-5459 |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| advance_productivity_software -- dte_axiom | Advanced Productivity Software DTE Axiom before 12.3.3 does not validate the registration ID, which allows remote attackers to bypass authentication and read or modify data about users, customers, and projects via unspecified vectors. | 2012-11-09 | 6.4 | CVE-2012-2455 |
| apple -- safari | html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108. | 2012-11-15 | 4.3 | CVE-2012-5851 |
| bestpractical -- rtfm | FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors. | 2012-11-11 | 4.0 | CVE-2012-4731 |
| bestpractical -- rt | Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks. | 2012-11-11 | 6.8 | CVE-2012-4732 |
| bestpractical -- rt | Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to a crafted link. | 2012-11-11 | 5.0 | CVE-2012-4734 |
| bestpractical -- rt | Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client. | 2012-11-11 | 5.0 | CVE-2012-4884 |
| c3-ilex -- eoscada | EOSCoreScada.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service (daemon restart) by sending data to TCP port (1) 5050 or (2) 24004. | 2012-11-13 | 5.0 | CVE-2012-1810 |
| c3-ilex -- eoscada | eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to obtain sensitive cleartext information via a session on TCP port 12000. | 2012-11-13 | 5.0 | CVE-2012-1812 |
| dell -- openmanage_server_administrator | Cross-site scripting (XSS) vulnerability in Dell OpenManage Server Administrator (OMSA) before 6.5.0.1, 7.0 before 7.0.0.1, and 7.1 before 7.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2012-11-15 | 4.3 | CVE-2012-4955 |
| drupal -- drupal | Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions." | 2012-11-11 | 6.8 | CVE-2012-4553 |
| drupal -- drupal | The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file. | 2012-11-11 | 5.0 | CVE-2012-4554 |
| emc -- rsa_data_protection_manager_software_server | Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2012-11-15 | 4.3 | CVE-2012-4612 |
| emc -- rsa_data_protection_manager_appliance | EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 does not properly restrict the number of authentication attempts by a user account, which makes it easier for local users to bypass intended access restrictions via a brute-force attack. | 2012-11-15 | 6.9 | CVE-2012-4613 |
| esri -- arcgis | SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service. | 2012-11-14 | 6.5 | CVE-2012-4949 |
| fortinet -- fortigate-1000c | The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities. | 2012-11-14 | 5.3 | CVE-2012-4948 |
| ibm -- websphere_application_server | The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSphere Virtual Enterprise, allows remote attackers to cause a denial of service (daemon outage) via a crafted request. | 2012-11-14 | 5.0 | CVE-2012-3330 |
| ibm -- cognos_business_intelligence | IBM Cognos Business Intelligence (BI) 8.4 and 8.4.1 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted request containing a zero-valued byte. | 2012-11-14 | 4.0 | CVE-2012-4847 |
| ibm -- websphere_application_server | Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. | 2012-11-14 | 4.3 | CVE-2012-4851 |
| ibm -- websphere_application_server | Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger information disclosure. | 2012-11-14 | 6.8 | CVE-2012-4853 |
| isc -- inn | The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | 2012-11-11 | 6.8 | CVE-2012-3523 |
| joomla -- joomla! | Joomla! 2.5.x before 2.5.8 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection." | 2012-11-11 | 4.3 | CVE-2012-5827 |
| kde -- kde | khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read. | 2012-11-11 | 6.4 | CVE-2012-4513 |
| kde -- kde | rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part." | 2012-11-11 | 5.0 | CVE-2012-4514 |
| kde -- kde | Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated. | 2012-11-11 | 6.8 | CVE-2012-4515 |
| lars_hjemli -- cgit | Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command. | 2012-11-11 | 6.0 | CVE-2012-4548 |
| libtiff -- libtiff | ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. | 2012-11-11 | 6.8 | CVE-2012-4564 |
| mantisbt -- mantisbt | MantisBT before 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass intended access restrictions and make status changes by leveraging a blank value for a per-status setting. | 2012-11-15 | 5.5 | CVE-2012-5522 |
| mantisbt -- mantisbt | core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing permission to view that bug. | 2012-11-15 | 5.5 | CVE-2012-5523 |
| microsoft -- .net_framework | Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability." | 2012-11-13 | 5.0 | CVE-2012-1896 |
| microsoft -- ftp_service | Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability." | 2012-11-13 | 5.0 | CVE-2012-2532 |
| mozilla -- bugzilla | Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the Version field. | 2012-11-16 | 4.3 | CVE-2012-4189 |
| mozilla -- bugzilla | Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 allows remote attackers to read attachment descriptions from private bugs via an obsolete=1 insert action. | 2012-11-16 | 5.0 | CVE-2012-4197 |
| mozilla -- bugzilla | The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 has a different outcome for a groups request depending on whether a group exists, which allows remote authenticated users to discover private group names by observing whether a call throws an error. | 2012-11-16 | 4.0 | CVE-2012-4198 |
| mozilla -- bugzilla | template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 generates JavaScript function calls containing private product names or private component names in certain circumstances involving custom-field visibility control, which allows remote attackers to obtain sensitive information by reading HTML source code. | 2012-11-16 | 4.3 | CVE-2012-4199 |
| mozilla -- bugzilla | Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209. | 2012-11-16 | 4.3 | CVE-2012-5883 |
| mozilla -- bugzilla | The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows remote attackers to obtain sensitive information about the saved searches of arbitrary users via an XMLRPC request or a JSONRPC request, a different vulnerability than CVE-2012-4198. | 2012-11-16 | 5.0 | CVE-2012-5884 |
| oberthur -- id-one_cosmo | Unspecified vulnerability on Oberthur ID-One COSMO 5.2, 5.2a, and 64 smart cards makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the generation of non-compliant public keys. | 2012-11-14 | 4.0 | CVE-2012-5860 |
| openstack -- essex | The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482. | 2012-11-11 | 5.5 | CVE-2012-4573 |
| openstack -- essex | The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573. | 2012-11-11 | 5.5 | CVE-2012-5482 |
| phome -- empirecms | Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template. | 2012-11-15 | 6.8 | CVE-2012-5777 |
| redhat -- icedtea-web | Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, and 1.3.x before 1.3.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." | 2012-11-11 | 6.8 | CVE-2012-4540 |
| yahoo -- yui | Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207. | 2012-11-16 | 4.3 | CVE-2012-5881 |
| yahoo -- yui | Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208. | 2012-11-16 | 4.3 | CVE-2012-5882 |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| bestpractical -- rt | Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors. | 2012-11-11 | 3.5 | CVE-2012-4730 |
| microsoft -- iis | Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability." | 2012-11-13 | 2.1 | CVE-2012-2531 |
| vanillaforums -- vanilla_forums | The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue. | 2012-11-15 | 3.5 | CVE-2012-4954 |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.