Vulnerability Summary for the Week of December 9, 2013
Released
Dec 16, 2013
Document ID
SB13-350
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- adobe_air | Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow remote attackers to execute arbitrary code via crafted .swf content that leverages an unspecified "type confusion," as exploited in the wild in December 2013. | 2013-12-11 | 9.3 | CVE-2013-5331 |
| adobe -- adobe_air | Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 2013-12-11 | 10.0 | CVE-2013-5332 |
| adobe -- shockwave_player | Adobe Shockwave Player before 12.0.7.148 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5334. | 2013-12-11 | 10.0 | CVE-2013-5333 |
| adobe -- shockwave_player | Adobe Shockwave Player before 12.0.7.148 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5333. | 2013-12-11 | 10.0 | CVE-2013-5334 |
| apache -- solr | The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407. | 2013-12-07 | 7.5 | CVE-2012-6612 |
| cisco -- scientific_atlanta__dpr/epr2320 | Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic. | 2013-12-10 | 8.3 | CVE-2013-7043 |
| emc -- connectrix_manager | The server in EMC Connectrix Manager Converged Network Edition (CMCNE) 11.2.1, 12.0.1, and 12.0.3 allows remote attackers to execute arbitrary code by using a servlet to upload an executable file. | 2013-12-12 | 10.0 | CVE-2013-6810 |
| enorth -- webpublisher_cms | SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth Webpublisher CMS, possibly 5.0 and earlier, allows remote attackers to execute arbitrary SQL commands via the thisday parameter. | 2013-12-09 | 7.5 | CVE-2013-6985 |
| ffmpeg -- ffmpeg | The decode_mb function in libavcodec/error_resilience.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to an uninitialized block index, which triggers an out-of-bound write. | 2013-12-09 | 7.5 | CVE-2011-3941 |
| ffmpeg -- ffmpeg | Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x before 0.7.8, and 0.8.x before 0.8.8 allows remote attackers to execute arbitrary code via unspecified vectors. | 2013-12-09 | 7.5 | CVE-2011-4351 |
| ffmpeg -- ffmpeg | Off-by-one error in the adpcm_decode_frame function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-bounds array access. | 2013-12-07 | 9.3 | CVE-2013-0844 |
| ffmpeg -- ffmpeg | libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write. | 2013-12-07 | 9.3 | CVE-2013-0845 |
| ffmpeg -- ffmpeg | Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access. | 2013-12-07 | 9.3 | CVE-2013-0846 |
| ffmpeg -- ffmpeg | The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via ID3v2 header data, which triggers an out-of-bounds array access. | 2013-12-07 | 9.3 | CVE-2013-0847 |
| ffmpeg -- ffmpeg | The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access. | 2013-12-07 | 9.3 | CVE-2013-0848 |
| ffmpeg -- ffmpeg | The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted (1) width or (2) height dimension that is not a multiple of sixteen in id RoQ video data. | 2013-12-07 | 9.3 | CVE-2013-0849 |
| ffmpeg -- ffmpeg | The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access. | 2013-12-07 | 9.3 | CVE-2013-0850 |
| ffmpeg -- ffmpeg | The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access. | 2013-12-07 | 9.3 | CVE-2013-0851 |
| ffmpeg -- ffmpeg | The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access. | 2013-12-07 | 9.3 | CVE-2013-0852 |
| ffmpeg -- ffmpeg | The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error. | 2013-12-07 | 9.3 | CVE-2013-0853 |
| ffmpeg -- ffmpeg | The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data. | 2013-12-07 | 9.3 | CVE-2013-0854 |
| ffmpeg -- ffmpeg | Integer overflow in the alac_decode_close function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a large number of samples per frame in Apple Lossless Audio Codec (ALAC) data, which triggers an out-of-bounds array access. | 2013-12-07 | 9.3 | CVE-2013-0855 |
| ffmpeg -- ffmpeg | The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_samples value. | 2013-12-07 | 9.3 | CVE-2013-0856 |
| ffmpeg -- ffmpeg | The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data. | 2013-12-07 | 9.3 | CVE-2013-0857 |
| ffmpeg -- ffmpeg | The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels. | 2013-12-07 | 9.3 | CVE-2013-0858 |
| ffmpeg -- ffmpeg | The add_doubles_metadata function in libavcodec/tiff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a negative or zero count value in a TIFF image, which triggers an out-of-bounds array access. | 2013-12-07 | 9.3 | CVE-2013-0859 |
| google -- chrome | Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 2013-12-06 | 7.5 | CVE-2013-6637 |
| google -- chrome | Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large typed array, related to the (1) Runtime_TypedArrayInitialize and (2) Runtime_TypedArrayInitializeFromArrayLike functions. | 2013-12-06 | 7.5 | CVE-2013-6638 |
| google -- chrome | The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index. | 2013-12-06 | 7.5 | CVE-2013-6639 |
| google -- chrome | The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index. | 2013-12-06 | 7.5 | CVE-2013-6640 |
| icofx -- icofx | Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information. | 2013-12-13 | 9.3 | CVE-2013-4988 |
| microsoft -- windows_server_2003 | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate addresses, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." | 2013-12-10 | 7.2 | CVE-2013-3899 |
| microsoft -- windows_7 | The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability." | 2013-12-10 | 7.6 | CVE-2013-3900 |
| microsoft -- windows_7 | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1 and Windows 7 SP1 on 64-bit platforms allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." | 2013-12-10 | 7.2 | CVE-2013-3902 |
| microsoft -- windows_7 | portcls.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Port-Class Driver Double Fetch Vulnerability." | 2013-12-10 | 7.2 | CVE-2013-3907 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-5048. | 2013-12-10 | 9.3 | CVE-2013-5047 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-5047. | 2013-12-10 | 9.3 | CVE-2013-5048 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | 2013-12-10 | 9.3 | CVE-2013-5049 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | 2013-12-10 | 9.3 | CVE-2013-5051 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | 2013-12-10 | 9.3 | CVE-2013-5052 |
| microsoft -- windows_script | Use-after-free vulnerability in the Scripting Runtime Object Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that is visited with Internet Explorer, aka "Use-After-Free Vulnerability in Microsoft Scripting Runtime Object Library." | 2013-12-10 | 9.3 | CVE-2013-5056 |
| mozilla -- firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2013-12-11 | 10.0 | CVE-2013-5609 |
| mozilla -- firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2013-12-11 | 10.0 | CVE-2013-5610 |
| mozilla -- firefox | Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function. | 2013-12-11 | 10.0 | CVE-2013-5613 |
| mozilla -- firefox | The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors. | 2013-12-11 | 10.0 | CVE-2013-5615 |
| mozilla -- firefox | Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners. | 2013-12-11 | 10.0 | CVE-2013-5616 |
| mozilla -- firefox | Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection. | 2013-12-11 | 10.0 | CVE-2013-5618 |
| mozilla -- firefox | The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. | 2013-12-11 | 9.3 | CVE-2013-6671 |
| netgear -- raidiator | Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow." | 2013-12-12 | 10.0 | CVE-2013-2751 |
| openjpeg -- openjpeg | Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors. | 2013-12-12 | 7.5 | CVE-2013-6045 |
| openjpeg -- openjpeg | Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045. | 2013-12-12 | 7.5 | CVE-2013-6054 |
| opensis -- opensis | Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter. | 2013-12-09 | 7.5 | CVE-2013-1349 |
| projectsprouts -- sprout | The unpack_zip function in archive_unpacker.rb in the sprout gem 0.7.246 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a (1) filename or (2) path. | 2013-12-12 | 7.5 | CVE-2013-6421 |
| redhat -- libvirt | virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments. | 2013-12-09 | 7.2 | CVE-2013-4400 |
| samba -- samba | Buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet. | 2013-12-10 | 8.3 | CVE-2013-4408 |
| sharetronix -- sharetronix | Multiple SQL injection vulnerabilities in Sharetronix 3.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) fb_user_id or (2) tw_user_id parameter to signup. | 2013-12-09 | 7.5 | CVE-2013-5354 |
| siemens -- sinamics_g110 | Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23. | 2013-12-06 | 10.0 | CVE-2013-6920 |
| supermicro -- intelligent_platform_management_firmware | Buffer overflow in logout.cgi in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allows remote authenticated users to execute arbitrary code via the SID parameter. | 2013-12-10 | 9.0 | CVE-2013-3622 |
| supermicro -- intelligent_platform_management_firmware | Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1) sess_sid or (2) ACT parameter. | 2013-12-10 | 10.0 | CVE-2013-3623 |
| wouter_verhelst -- nbd | nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file. | 2013-12-07 | 7.5 | CVE-2013-6410 |
| x2go -- x2go_server | The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server before 4.0.0.2 allows remote attackers to execute arbitrary code via unspecified vectors, relate to the path to libx2go-server-db-sqlite3-wrapper.pl. | 2013-12-09 | 7.5 | CVE-2013-4376 |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- roller | Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RSS and (2) Atom feed templates. | 2013-12-07 | 4.3 | CVE-2013-4171 |
| apache -- roller | Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection." | 2013-12-07 | 6.8 | CVE-2013-4212 |
| apache -- solr | Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries. | 2013-12-07 | 4.3 | CVE-2013-6397 |
| apache -- solr | The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2013-12-07 | 6.4 | CVE-2013-6407 |
| apache -- solr | The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407. | 2013-12-07 | 6.4 | CVE-2013-6408 |
| autotrace_project -- autotrace | Integer underflow in the input_bmp_reader function in input-bmp.c in AutoTrace 0.31.1 allows context-dependent attackers to have an unspecified impact via a small value in the biSize field in the header of a BMP file, which triggers a buffer overflow. | 2013-12-09 | 6.8 | CVE-2013-1953 |
| cisco -- scientific_atlanta_dpc/epc2100 | Cross-site scripting (XSS) vulnerability in the web-wizard setup page on Cisco Scientific Atlanta D20 and D30 cable modems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-10 | 4.3 | CVE-2012-3047 |
| cisco -- adaptive_security_appliance_software | Memory leak in the connection-manager implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to cause a denial of service (multi-protocol management outage) by making multiple management session requests, aka Bug ID CSCug33233. | 2013-12-07 | 4.3 | CVE-2013-6707 |
| cisco -- cloud_portal | Cisco Cloud Portal 9.4 allows remote attackers to read files of unspecified types via a direct request, aka Bug IDs CSCuj08426 and CSCui60889. | 2013-12-10 | 5.0 | CVE-2013-6708 |
| cisco -- unified_communications_manager | ** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue. | 2013-12-12 | 5.0 | CVE-2013-7030 |
| debian -- adequate | Debian adequate before 0.8.1, when run by root with the --user option, allows local users to hijack the tty and possibly gain privileges via the TIOCSTI ioctl. | 2013-12-07 | 6.2 | CVE-2013-6409 |
| dovecot -- dovecot | checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server. | 2013-12-09 | 5.8 | CVE-2013-6171 |
| drupal -- drupal | The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution via application-specific vectors. | 2013-12-07 | 5.1 | CVE-2013-6385 |
| drupal -- drupal | Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack. | 2013-12-07 | 6.8 | CVE-2013-6386 |
| drupal -- drupal | Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2013-12-07 | 5.8 | CVE-2013-6389 |
| emc -- rsa_netwitness_nextgen | EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent. | 2013-12-09 | 6.8 | CVE-2013-6180 |
| ffmpeg -- ffmpeg | Double free vulnerability in the vp3_update_thread_context function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data. | 2013-12-09 | 6.8 | CVE-2011-3934 |
| ffmpeg -- ffmpeg | The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to a crafted image size. | 2013-12-09 | 6.8 | CVE-2011-3935 |
| ffmpeg -- ffmpeg | The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data. | 2013-12-09 | 6.8 | CVE-2011-3944 |
| ffmpeg -- ffmpeg | The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop. | 2013-12-09 | 6.8 | CVE-2011-3946 |
| ffmpeg -- ffmpeg | The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data. | 2013-12-09 | 6.8 | CVE-2011-3949 |
| ffmpeg -- ffmpeg | The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via a crafted value in the reference pictures number. | 2013-12-09 | 6.8 | CVE-2011-3950 |
| ffmpeg -- ffmpeg | The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data. | 2013-12-09 | 6.8 | CVE-2013-7008 |
| ffmpeg -- ffmpeg | The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data. | 2013-12-09 | 6.8 | CVE-2013-7009 |
| ffmpeg -- ffmpeg | Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data. | 2013-12-09 | 6.8 | CVE-2013-7010 |
| ffmpeg -- ffmpeg | The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data. | 2013-12-09 | 6.8 | CVE-2013-7011 |
| ffmpeg -- ffmpeg | The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. | 2013-12-09 | 6.8 | CVE-2013-7012 |
| ffmpeg -- ffmpeg | The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data. | 2013-12-09 | 6.8 | CVE-2013-7013 |
| ffmpeg -- ffmpeg | Integer signedness error in the add_bytes_l2_c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted PNG data. | 2013-12-09 | 6.8 | CVE-2013-7014 |
| ffmpeg -- ffmpeg | The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash Screen Video data. | 2013-12-09 | 6.8 | CVE-2013-7015 |
| ffmpeg -- ffmpeg | The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. | 2013-12-09 | 6.8 | CVE-2013-7016 |
| ffmpeg -- ffmpeg | libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via crafted JPEG2000 data. | 2013-12-09 | 6.8 | CVE-2013-7017 |
| ffmpeg -- ffmpeg | libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. | 2013-12-09 | 6.8 | CVE-2013-7018 |
| ffmpeg -- ffmpeg | The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. | 2013-12-09 | 6.8 | CVE-2013-7019 |
| ffmpeg -- ffmpeg | The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data. | 2013-12-09 | 6.8 | CVE-2013-7020 |
| ffmpeg -- ffmpeg | The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure the availability of FIFO content, which allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact via crafted data. | 2013-12-09 | 6.8 | CVE-2013-7021 |
| ffmpeg -- ffmpeg | The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data. | 2013-12-09 | 6.8 | CVE-2013-7022 |
| ffmpeg -- ffmpeg | The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data. | 2013-12-09 | 6.8 | CVE-2013-7023 |
| ffmpeg -- ffmpeg | The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. | 2013-12-09 | 6.8 | CVE-2013-7024 |
| gimp -- gimp | Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump. | 2013-12-12 | 6.8 | CVE-2013-1913 |
| gimp -- gimp | Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries. | 2013-12-12 | 6.8 | CVE-2013-1978 |
| gnu -- glibc | Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914. | 2013-12-12 | 5.0 | CVE-2013-4458 |
| google -- chrome | The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code. | 2013-12-06 | 6.8 | CVE-2013-6634 |
| google -- chrome | Use-after-free vulnerability in the editing implementation in Blink, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that triggers removal of a node during processing of the DOM tree, related to CompositeEditCommand.cpp and ReplaceSelectionCommand.cpp. | 2013-12-06 | 6.8 | CVE-2013-6635 |
| google -- chrome | The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors involving the document.write method. | 2013-12-06 | 4.3 | CVE-2013-6636 |
| hp -- linux_imaging_and_printing_project | upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream. | 2013-12-09 | 6.8 | CVE-2013-6427 |
| ibm -- forms_viewer | Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via a crafted XFDL form. | 2013-12-10 | 6.8 | CVE-2013-5447 |
| ibm -- smartcloud_provisioning | IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a deployer.virtualsystems[#].delete command. | 2013-12-07 | 4.9 | CVE-2013-5455 |
| janrain -- ruby-openid | The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack. | 2013-12-12 | 4.3 | CVE-2013-1812 |
| linux -- linux_kernel | The fib6_add function in net/ipv6/ip6_fib.c in the Linux kernel before 3.11.5 does not properly implement error-code encoding, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for an IPv6 SIOCADDRT ioctl call. | 2013-12-09 | 4.7 | CVE-2013-6431 |
| linux -- linux_kernel | The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging unspecified privileges to execute a crafted application. | 2013-12-09 | 4.6 | CVE-2013-6432 |
| linux -- linux_kernel | Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted application that uses shmctl IPC_RMID operations in conjunction with other shm system calls. | 2013-12-09 | 4.7 | CVE-2013-7026 |
| linux -- linux_kernel | The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. | 2013-12-09 | 6.1 | CVE-2013-7027 |
| livezilla -- livezilla | Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to the admins visitor information panel, or (3) a text message in a chat session, which is saved in the archive section. | 2013-12-10 | 4.3 | CVE-2013-6224 |
| memcached -- memcached | Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet. | 2013-12-12 | 5.0 | CVE-2011-4971 |
| microsoft -- windows_server_2003 | Stack-based buffer overflow in the LRPC client in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges by operating an LRPC server that sends a crafted LPC port message, aka "LRPC Client Buffer Overrun Vulnerability." | 2013-12-10 | 6.9 | CVE-2013-3878 |
| microsoft -- windows_8 | Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to cause a denial of service (reboot) via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability." | 2013-12-10 | 4.7 | CVE-2013-3903 |
| microsoft -- asp.net_signalr | Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbitrary web script or HTML via crafted Forever Frame transport protocol data, aka "SignalR XSS Vulnerability." | 2013-12-10 | 4.3 | CVE-2013-5042 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability." | 2013-12-10 | 6.2 | CVE-2013-5045 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 7 through 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability." | 2013-12-10 | 6.2 | CVE-2013-5046 |
| microsoft -- office | Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in 2013, aka "Token Hijacking Vulnerability." | 2013-12-10 | 4.3 | CVE-2013-5054 |
| microsoft -- office | hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM component on a web site that is visited with Internet Explorer, as exploited in the wild in December 2013, aka "HXDS ASLR Vulnerability." | 2013-12-10 | 4.3 | CVE-2013-5057 |
| microsoft -- windows_7 | Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges via a crafted application, aka "Win32k Integer Overflow Vulnerability." | 2013-12-10 | 4.9 | CVE-2013-5058 |
| microsoft -- office_web_apps | Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerabilities." | 2013-12-10 | 6.8 | CVE-2013-5059 |
| microsoft -- exchange_server | Cross-site scripting (XSS) vulnerability in Outlook Web Access in Microsoft Exchange Server 2010 SP2 and SP3 and 2013 Cumulative Update 2 and 3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability." | 2013-12-10 | 4.3 | CVE-2013-5072 |
| microsoft -- windows_server_2008 | ** DISPUTED ** The IsHandleEntrySecure function in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 SP2 does not properly validate the tagPROCESSINFO pW32Job field, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted NtUserValidateHandleSecure call for an owned object. NOTE: the vendor reportedly disputes the significance of this report, stating that "it appears to be a local DOS ... we don't consider it a security vulnerability." | 2013-12-06 | 4.0 | CVE-2013-6999 |
| mod_nss_project -- mod_nss | mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions. | 2013-12-12 | 4.0 | CVE-2013-4566 |
| mozilla -- firefox | Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation. | 2013-12-11 | 5.8 | CVE-2013-5611 |
| mozilla -- firefox | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header. | 2013-12-11 | 4.3 | CVE-2013-5612 |
| mozilla -- firefox | Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site. | 2013-12-11 | 4.3 | CVE-2013-5614 |
| mozilla -- firefox | Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code. | 2013-12-11 | 6.8 | CVE-2013-5619 |
| mozilla -- firefox | Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations. | 2013-12-11 | 4.3 | CVE-2013-6672 |
| mozilla -- firefox | Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user. | 2013-12-11 | 5.8 | CVE-2013-6673 |
| nagiosql -- nagiosql | Multiple cross-site scripting (XSS) vulnerabilities in NagiosQL 3.2 SP2 allow remote attackers to inject arbitrary web script or HTML via the txtSearch parameter to (1) admin/hostdependencies.php, (2) admin/hosts.php, or other unspecified pages that allow search input, related to the search functionality in functions/content_class.php. | 2013-12-09 | 4.3 | CVE-2013-6039 |
| netgear -- raidiator | Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users. | 2013-12-12 | 6.8 | CVE-2013-2752 |
| novell -- suse_lifecycle_management_server | SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere. | 2013-12-10 | 4.3 | CVE-2013-3710 |
| novell -- suse_lifecycle_management_server | SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors. | 2013-12-10 | 4.6 | CVE-2013-7042 |
| nowsms -- now_sms_&_mms_gateway | The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway 2013.09.26 allows remote attackers to cause a denial of service via a malformed message to a MM4 connection. | 2013-12-07 | 4.3 | CVE-2013-7000 |
| nowsms -- now_sms_&_mms_gateway | The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway before 2013.11.15 allows remote attackers to cause a denial of service via a malformed MM1 message that is routed to a (1) MM4 or (2) MM7 connection. | 2013-12-07 | 4.3 | CVE-2013-7001 |
| openjpeg -- openjpeg | OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors. | 2013-12-12 | 5.0 | CVE-2013-1447 |
| openjpeg -- openjpeg | OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors. | 2013-12-12 | 5.0 | CVE-2013-6052 |
| quassel-irc -- quassel_irc | Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/. | 2013-12-09 | 4.0 | CVE-2013-6404 |
| ruby-i18n -- i18n | Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call. | 2013-12-06 | 4.3 | CVE-2013-4492 |
| rubyonrails -- ruby_on_rails | Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem. | 2013-12-06 | 4.3 | CVE-2013-4491 |
| rubyonrails -- ruby_on_rails | actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching. | 2013-12-06 | 5.0 | CVE-2013-6414 |
| rubyonrails -- ruby_on_rails | Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter. | 2013-12-06 | 4.3 | CVE-2013-6415 |
| rubyonrails -- ruby_on_rails | Cross-site scripting (XSS) vulnerability in the simple_format helper in actionpack/lib/action_view/helpers/text_helper.rb in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute. | 2013-12-06 | 4.3 | CVE-2013-6416 |
| rubyonrails -- ruby_on_rails | actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155. | 2013-12-06 | 6.4 | CVE-2013-6417 |
| sharetronix -- sharetronix | Multiple cross-site request forgery (CSRF) vulnerabilities in Sharetronix 3.1.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settings or (2) create new administrative users via unspecified vectors. | 2013-12-09 | 6.8 | CVE-2013-5355 |
| siemens -- comos | Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors. | 2013-12-10 | 6.9 | CVE-2013-6840 |
| steven_jones -- context | The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a block to which the user has access. | 2013-12-07 | 4.9 | CVE-2013-4445 |
| steven_jones -- context | The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the json_decode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors related to Ajax operations, possibly involving eval injection. | 2013-12-07 | 6.8 | CVE-2013-4446 |
| supmua -- sup | Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment. | 2013-12-07 | 6.8 | CVE-2013-4478 |
| supmua -- sup | lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment. | 2013-12-07 | 6.8 | CVE-2013-4479 |
| twibright -- links | Integer overflow in Links before 2.8 allows remote attackers to cause a denial of service (crash) via crafted HTML tables. | 2013-12-07 | 4.3 | CVE-2013-6050 |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- mod_dontdothat | The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request. | 2013-12-07 | 2.6 | CVE-2013-4505 |
| apache -- mod_dav_svn | The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /. | 2013-12-07 | 3.5 | CVE-2013-4558 |
| cmsmadesimple -- cms_made_simple | Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS Made Simple (CMSMS) 1.11.9 allows remote authenticated users with the "Modify Events" permission to inject arbitrary web script or HTML via the handler parameter. | 2013-12-09 | 2.1 | CVE-2013-3929 |
| dell -- sonicwall_analyzer | Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp. | 2013-12-09 | 3.5 | CVE-2013-7025 |
| ibm -- rational_quality_manager | Cross-site scripting (XSS) vulnerability in the search implementation in IBM Rational Quality Manager (RQM) 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational Team Concert, Rational Requirements Composer, and other products, allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IFRAME element. | 2013-12-10 | 3.5 | CVE-2013-5404 |
| islonline -- isl_desktop_plugin | The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 and earlier allows remote authenticated users to obtain sensitive information by pasting the clipboard contents that have been copied by another user in the session. | 2013-12-10 | 3.5 | CVE-2013-6237 |
| linux -- linux_kernel | The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. | 2013-12-09 | 3.3 | CVE-2013-2929 |
| linux -- linux_kernel | The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. | 2013-12-09 | 3.6 | CVE-2013-2930 |
| linux -- linux_kernel | The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restrictions via a crafted application. | 2013-12-09 | 3.6 | CVE-2013-4270 |
| oracle -- fusion_middleware | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Maintenance. NOTE: the original disclosure of this issue erroneously mapped it to CVE-2013-3624. | 2013-12-12 | 1.5 | CVE-2013-5763 |
| zippyyum -- subway_ordering_for_california | The ZippyYum Subway CA Kiosk app 3.4 for iOS uses cleartext storage in SQLite cache databases, which allows attackers to obtain sensitive information by reading data elements, as demonstrated by password elements. | 2013-12-12 | 2.1 | CVE-2013-6986 |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.