Vulnerability Summary for the Week of October 21, 2013
Released
Oct 28, 2013
Document ID
SB13-301
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| alphanetworks -- vdsl_asl-55052 | The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013. | 2013-10-19 | 10.0 | CVE-2013-6026 |
| apple -- apple_remote_desktop | Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username. | 2013-10-23 | 7.5 | CVE-2013-5135 |
| apple -- keynote | Apple Keynote before 6.0 does not properly handle the interaction between Keynote presentation mode and the Screen Lock implementation, which allows physically proximate attackers to obtain access by visiting an unattended workstation on which this mode was enabled during a sleep operation. | 2013-10-24 | 7.2 | CVE-2013-5148 |
| apple -- mac_os_x | The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by an IPSec connection. | 2013-10-23 | 7.1 | CVE-2013-5172 |
| cisco -- identity_services_engine_software | The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511. | 2013-10-24 | 9.0 | CVE-2013-5530 |
| cisco -- content_security_management_appliance | The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service (management GUI outage) via multiple TCP connections, aka Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635. | 2013-10-24 | 7.8 | CVE-2013-5537 |
| cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.2), 8.7 before 8.7(1.8), 9.0 before 9.0(3.6), and 9.1 before 9.1(2.8) allows remote attackers to cause a denial of service (firewall-session disruption or device reload) via crafted ICMP packets, aka Bug ID CSCui77398. | 2013-10-21 | 8.5 | CVE-2013-5542 |
| cisco -- ios_xr | Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCuh30380. | 2013-10-24 | 7.1 | CVE-2013-5549 |
| d-link -- dir-100 | Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi. | 2013-10-19 | 8.5 | CVE-2013-6027 |
| emc -- rsa_authentication_agent | EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet Information Services has a fail-open design, which allows remote attackers to bypass intended access restrictions via vectors that trigger an agent crash. | 2013-10-24 | 7.5 | CVE-2013-3280 |
| ibm -- websphere_datapower_xc10_appliance | IBM WebSphere DataPower XC10 appliances 2.5.0 do not require authentication for all administrative actions, which allows remote attackers to cause a denial of service via unspecified vectors. | 2013-10-22 | 7.1 | CVE-2013-5428 |
| ibm -- websphere_datapower_xc10_appliance | The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors. | 2013-10-22 | 10.0 | CVE-2013-5446 |
| landing_pages_project -- landing_pages_plugin | SQL injection vulnerability in the Landing Pages plugin 1.2.3, before 20131009, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the "post" parameter to index.php. | 2013-10-23 | 7.5 | CVE-2013-6243 |
| sybase -- adaptive_server_enterprise | Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) allows remote attackers to execute arbitrary code via unspecified vectors. | 2013-10-23 | 10.0 | CVE-2013-6245 |
| vbulletin -- vbulletin | The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013. | 2013-10-19 | 7.5 | CVE-2013-6129 |
| vmware -- esx | hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 allows remote attackers to cause a denial of service (hostd-vmdb service outage) by modifying management traffic. | 2013-10-21 | 7.1 | CVE-2013-5970 |
| watchguard -- fireware | Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie. | 2013-10-19 | 9.3 | CVE-2013-6021 |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- shindig | The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2013-10-23 | 5.0 | CVE-2013-4295 |
| apache -- sling | Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS." | 2013-10-23 | 5.8 | CVE-2013-4390 |
| apple -- safari | WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by leveraging LocalStorage/ files. | 2013-10-24 | 5.0 | CVE-2013-5130 |
| apple -- apple_remote_desktop | Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session. | 2013-10-23 | 4.3 | CVE-2013-5136 |
| apple -- os_x_server | The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback certificate. | 2013-10-24 | 6.8 | CVE-2013-5143 |
| apple -- mac_os_x | socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured. | 2013-10-23 | 6.4 | CVE-2013-5165 |
| apple -- mac_os_x | The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application. | 2013-10-23 | 4.9 | CVE-2013-5166 |
| apple -- mac_os_x | CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers. | 2013-10-23 | 5.0 | CVE-2013-5167 |
| apple -- mac_os_x | Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL. | 2013-10-23 | 6.8 | CVE-2013-5168 |
| apple -- mac_os_x | Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. | 2013-10-23 | 6.8 | CVE-2013-5170 |
| apple -- mac_os_x | Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation. | 2013-10-23 | 4.9 | CVE-2013-5174 |
| apple -- mac_os_x | The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file. | 2013-10-23 | 6.6 | CVE-2013-5175 |
| apple -- mac_os_x | The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error. | 2013-10-23 | 4.9 | CVE-2013-5176 |
| apple -- mac_os_x | The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure. | 2013-10-23 | 4.9 | CVE-2013-5177 |
| apple -- mac_os_x | LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence. | 2013-10-23 | 5.0 | CVE-2013-5178 |
| apple -- mac_os_x | App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments. | 2013-10-23 | 6.4 | CVE-2013-5179 |
| apple -- mac_os_x | The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of these values, related to a compiler-optimization issue. | 2013-10-23 | 4.3 | CVE-2013-5180 |
| apple -- mac_os_x | The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network. | 2013-10-23 | 4.3 | CVE-2013-5181 |
| apple -- mac_os_x | Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message. | 2013-10-23 | 5.0 | CVE-2013-5182 |
| apple -- mac_os_x | The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presence in an 802.11 network's coverage area. | 2013-10-23 | 5.7 | CVE-2013-5184 |
| apple -- mac_os_x | The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network. | 2013-10-23 | 4.3 | CVE-2013-5185 |
| apple -- mac_os_x | The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the hibernating state. | 2013-10-23 | 4.0 | CVE-2013-5188 |
| apple -- mac_os_x | Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended security configuration after the completion of an update. | 2013-10-23 | 5.8 | CVE-2013-5189 |
| apple -- mac_os_x | Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by interfering with the revocation-check procedure. | 2013-10-23 | 4.3 | CVE-2013-5190 |
| apple -- mac_os_x | The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number. | 2013-10-23 | 4.9 | CVE-2013-5192 |
| boltwire -- boltwire | Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) "p" or (2) content parameter to index.php. | 2013-10-23 | 4.3 | CVE-2013-2651 |
| cisco -- unified_computing_system | The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted command parameters within the command-line interface, aka Bug ID CSCtr43330. | 2013-10-19 | 6.8 | CVE-2012-4112 |
| cisco -- unified_computing_system | The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line interface, aka Bug ID CSCtr43374. | 2013-10-19 | 4.6 | CVE-2012-4113 |
| cisco -- unified_computing_system | The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72949. | 2013-10-19 | 5.8 | CVE-2012-4114 |
| cisco -- unified_computing_system | The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72964. | 2013-10-21 | 5.8 | CVE-2012-4115 |
| cisco -- unified_computing_system | The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete the authentication process for a server connection, by sniffing the network, aka Bug ID CSCtr72970. | 2013-10-19 | 4.3 | CVE-2012-4116 |
| cisco -- unified_computing_system | The fabric-interconnect component in Cisco Unified Computing System (UCS) does not properly verify X.509 certificates, which allows man-in-the-middle attackers to watch SSL KVM video-channel traffic or modify this traffic via a crafted certificate, aka Bug ID CSCtr73033. | 2013-10-19 | 5.8 | CVE-2012-4117 |
| cisco -- identity_services_engine_software | Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of requests within one session, aka Bug ID CSCue94287. | 2013-10-24 | 5.0 | CVE-2013-5521 |
| cisco -- catalyst_3750-x | Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286. | 2013-10-24 | 6.8 | CVE-2013-5522 |
| cisco -- identity_services_engine_software | Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405. | 2013-10-24 | 5.0 | CVE-2013-5531 |
| cisco -- unity_connection | Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948. | 2013-10-19 | 4.0 | CVE-2013-5534 |
| cisco -- secure_access_control_system | Cisco Secure Access Control System (ACS) does not properly implement an incoming-packet firewall rule, which allows remote attackers to cause a denial of service (process crash) via a flood of crafted packets, aka Bug ID CSCui51521. | 2013-10-24 | 5.0 | CVE-2013-5536 |
| cisco -- adaptive_security_appliance_software | The VPN authentication functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (device reload) by sending many username-from-cert IKE requests, aka Bug ID CSCua91108. | 2013-10-22 | 5.4 | CVE-2013-5544 |
| cisco -- unified_computing_system | The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via crafted command parameters that trigger hardware-component write operations, aka Bug ID CSCtq86549. | 2013-10-22 | 4.6 | CVE-2013-5550 |
| dell -- quest_one_password_manager | The Dell Quest One Password Manager, possibly 5.0, allows remote attackers to bypass CAPTCHA protections and obtain sensitive information (user's full name) by sending a login request with a valid domain and username but without the CaptchaType, UseCaptchaEveryTime, and CaptchaResponse parameters. | 2013-10-23 | 5.0 | CVE-2013-6246 |
| dhtmlx -- dhtmlxspreadsheet | Cross-site scripting (XSS) vulnerability in codebase/spreadsheet.php in the Spreadsheet (dhtmlxSpreadsheet) plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "page" parameter. | 2013-10-25 | 4.3 | CVE-2013-6281 |
| draytek -- vigor_2700_router | The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js. | 2013-10-22 | 6.8 | CVE-2013-5703 |
| ibm -- websphere_message_broker | The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities. | 2013-10-19 | 4.3 | CVE-2013-5372 |
| ibm -- lotus_domino | Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK5F. | 2013-10-22 | 4.3 | CVE-2013-5388 |
| ibm -- lotus_domino | Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK2X. | 2013-10-22 | 4.3 | CVE-2013-5389 |
| iodata -- hdl-a/e | I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessions, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | 2013-10-19 | 6.8 | CVE-2013-4712 |
| linksalpha -- social_sharing_toolkit_plugin | Cross-site scripting (XSS) vulnerability in Social Sharing Toolkit plugin before 2.1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-10-25 | 4.3 | CVE-2013-6280 |
| linux -- linux_kernel | Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device. | 2013-10-24 | 6.0 | CVE-2013-4299 |
| mozilla -- bugzilla | Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs via vectors involving a midair-collision token. | 2013-10-24 | 6.8 | CVE-2013-1733 |
| mozilla -- bugzilla | Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via an update action. | 2013-10-24 | 6.8 | CVE-2013-1734 |
| mozilla -- network_security_services | Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. | 2013-10-22 | 5.0 | CVE-2013-1739 |
| mozilla -- bugzilla | Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) sortkey parameter. | 2013-10-24 | 4.3 | CVE-2013-1742 |
| mozilla -- bugzilla | Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the (1) summary or (2) real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189. | 2013-10-24 | 4.3 | CVE-2013-1743 |
| nodejs -- nodejs | The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response. | 2013-10-21 | 5.0 | CVE-2013-4450 |
| quassel-irc -- quassel_irc | SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message. | 2013-10-23 | 6.8 | CVE-2013-4422 |
| sap -- erp_central_component | Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request. | 2013-10-23 | 6.0 | CVE-2013-3244 |
| sap -- netweaver | The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2013-10-23 | 5.0 | CVE-2013-6244 |
| sybase -- adaptive_server_enterprise | The XMLParse procedure in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 ESD 2 allows remote authenticated users to read arbitrary files via a SQL statement containing an XML document with an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2013-10-19 | 4.0 | CVE-2013-6025 |
| vmware -- vcenter_server | Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors. | 2013-10-21 | 6.8 | CVE-2013-5971 |
| watchguard -- watchguard_system_manager | Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in WatchGuard WSM and Fireware before 11.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 2013-10-19 | 4.3 | CVE-2013-5702 |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple -- iphone_os | Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference. | 2013-10-23 | 3.3 | CVE-2013-5144 |
| apple -- iphone_os | Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app. | 2013-10-23 | 2.1 | CVE-2013-5162 |
| apple -- iphone_os | Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane. | 2013-10-23 | 3.3 | CVE-2013-5164 |
| apple -- mac_os_x | CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen. | 2013-10-23 | 1.9 | CVE-2013-5169 |
| apple -- mac_os_x | CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration. | 2013-10-23 | 3.3 | CVE-2013-5171 |
| apple -- mac_os_x | The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers. | 2013-10-23 | 2.1 | CVE-2013-5173 |
| apple -- mac_os_x | Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network. | 2013-10-23 | 2.6 | CVE-2013-5183 |
| apple -- mac_os_x | Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. | 2013-10-23 | 2.1 | CVE-2013-5186 |
| apple -- mac_os_x | The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. | 2013-10-23 | 1.9 | CVE-2013-5187 |
| apple -- mac_os_x | The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions. | 2013-10-23 | 2.1 | CVE-2013-5191 |
| quagga -- quagga | Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA. | 2013-10-23 | 2.6 | CVE-2013-2236 |
| redhat -- jboss_operations_network | The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive information by reading the log files. | 2013-10-23 | 2.1 | CVE-2013-4293 |
| redhat -- jboss_operations_network | The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files. | 2013-10-23 | 3.2 | CVE-2013-4373 |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.