Vulnerability Summary for the Week of December 16, 2013
Released
Dec 23, 2013
Document ID
SB13-357
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cooperindustries -- smp_16_gateway_(data_concentrator) | The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 gateways allows remote attackers to cause a denial of service (reboot or link outage) via a crafted DNP3 TCP packet. | 2013-12-17 | 7.1 | CVE-2013-2813 |
| cooperindustries -- dnp3_master_opc_server | Cooper Power Systems Cybectec DNP3 Master OPC Server allows remote attackers to cause a denial of service (unhandled exception and process crash) via unspecified vectors. | 2013-12-17 | 7.1 | CVE-2013-2814 |
| d-link -- dsr-1000 | The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section. | 2013-12-18 | 10.0 | CVE-2013-5946 |
| d-link -- dsr-1000 | D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username. | 2013-12-18 | 7.8 | CVE-2013-7004 |
| fujitsu -- interstage_application_server | Buffer overflow in the Interstage HTTP Server log functionality, as used in Fujitsu Interstage Application Server 9.0.0, 9.1.0, 9.2.0, 9.3.1, and 10.0.0; and Interstage Studio 9.0.0, 9.1.0, 9.2.0, and 10.0.0, has unspecified impact and attack vectors related to "ihsrlog/rotatelogs." | 2013-12-14 | 10.0 | CVE-2013-7105 |
| google -- android | Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWORD_QUALITY_UNSPECIFIED option. | 2013-12-14 | 8.8 | CVE-2013-6271 |
| ibm -- rational_clearcase | Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unspecified vectors. | 2013-12-18 | 7.2 | CVE-2013-5415 |
| ibm -- rational_clearcase | Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unknown vectors. | 2013-12-18 | 7.2 | CVE-2013-5416 |
| ibm -- content_manager_ondemand_for_multiplatforms | IBM Global Security Kit (aka GSKit), as used in Content Manager OnDemand 8.5 and 9.0 and other products, allows remote attackers to cause a denial of service via a crafted handshake during resumption of an SSLv2 session. | 2013-12-17 | 7.8 | CVE-2013-6329 |
| instantsoft -- instantcms | SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id]. | 2013-12-13 | 7.5 | CVE-2013-6839 |
| juniper -- netscreen-5200 | Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet. | 2013-12-13 | 7.1 | CVE-2013-6958 |
| linux -- linux_kernel | Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. | 2013-12-14 | 7.2 | CVE-2013-4587 |
| mcafee -- email_gateway | McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a (1) TestFile XML element or the (2) hostname. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands. | 2013-12-14 | 9.0 | CVE-2013-7103 |
| mcafee -- email_gateway | McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands by specifying them in the value attribute in a (1) Command or (2) Script XML element. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands. | 2013-12-14 | 9.0 | CVE-2013-7104 |
| microsoft -- internet_explorer | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted CMarkup object, aka "Internet Explorer Use After Free Vulnerability." | 2013-12-16 | 9.3 | CVE-2013-3140 |
| netgear -- prosafe_gs510tp | NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config. | 2013-12-18 | 7.8 | CVE-2013-4775 |
| netgear -- prosafe_gs510tp | NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/. | 2013-12-18 | 7.8 | CVE-2013-4776 |
| php -- php | The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. | 2013-12-16 | 7.5 | CVE-2013-6420 |
| realnetworks -- realplayer | Heap-based buffer overflow in RealNetworks RealPlayer 16.0.2.32 and 16.0.3.51 allows remote attackers to execute arbitrary code via a long string in the TRACKID element of an RMP file. | 2013-12-19 | 9.3 | CVE-2013-6877 |
| sap -- netweaver | SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2013-12-13 | 7.5 | CVE-2013-7094 |
| sap -- customer_relationship_management | The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue. | 2013-12-13 | 10.0 | CVE-2013-7095 |
| sap -- emr_unwired | Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2013-12-13 | 7.5 | CVE-2013-7096 |
| siemens -- ruggedcom_rugged_operating_system | The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value. | 2013-12-16 | 8.3 | CVE-2013-6925 |
| siemens -- ruggedcom_rugged_operating_system | The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or (2) operator account. | 2013-12-16 | 8.0 | CVE-2013-6926 |
| upc -- ireland_cisco_epc2425 | The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have a sufficiently large number of possible WPA-PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack. | 2013-12-19 | 9.3 | CVE-2013-7136 |
| webbynode -- webbynode | The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message. | 2013-12-18 | 7.5 | CVE-2013-7086 |
| zabbix -- zabbix | Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter. | 2013-12-18 | 7.5 | CVE-2013-6824 |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple -- safari | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | 2013-12-18 | 6.8 | CVE-2013-5195 |
| apple -- safari | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | 2013-12-18 | 6.8 | CVE-2013-5196 |
| apple -- safari | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | 2013-12-18 | 6.8 | CVE-2013-5197 |
| apple -- safari | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | 2013-12-18 | 6.8 | CVE-2013-5198 |
| apple -- safari | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | 2013-12-18 | 6.8 | CVE-2013-5199 |
| apple -- safari | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | 2013-12-18 | 6.8 | CVE-2013-5225 |
| apple -- safari | Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields. | 2013-12-18 | 6.4 | CVE-2013-5227 |
| apple -- safari | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | 2013-12-18 | 6.8 | CVE-2013-5228 |
| beyondgrep -- ack | ack 2.00 through 2.11_02 allows remote attackers to execute arbitrary code via a (1) --pager, (2) --regex, or (3) --output option in a .ackrc file in a directory to be searched. | 2013-12-14 | 6.8 | CVE-2013-7069 |
| cisco -- ons_15454 | The tNetTaskLimit process on the Transport Node Controller (TNC) on Cisco ONS 15454 devices with software 9.6 and earlier does not properly prioritize health pings, which allows remote attackers to cause a denial of service (watchdog timeout and TNC reset) via a flood of network traffic, aka Bug ID CSCud97155. | 2013-12-18 | 5.0 | CVE-2013-6701 |
| cisco -- webex_training_center | The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul57111. | 2013-12-14 | 5.0 | CVE-2013-6709 |
| cisco -- webex_training_center | Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567. | 2013-12-14 | 6.8 | CVE-2013-6710 |
| cisco -- webex_sales_center | Cross-site scripting (XSS) vulnerability in the product-creation administrative page in Cisco WebEx Sales Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul25540. | 2013-12-14 | 4.3 | CVE-2013-6711 |
| cisco -- webex_sales_center | Open redirect vulnerability in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul25557. | 2013-12-14 | 5.8 | CVE-2013-6959 |
| cisco -- webex_meeting_center | Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248. | 2013-12-14 | 4.3 | CVE-2013-6960 |
| cisco -- webex_meeting_center | Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36237. | 2013-12-14 | 4.3 | CVE-2013-6961 |
| cisco -- webex_meeting_center | Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36228. | 2013-12-14 | 4.3 | CVE-2013-6962 |
| cisco -- webex_training_center | Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36207. | 2013-12-14 | 4.3 | CVE-2013-6963 |
| cisco -- webex_training_center | The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183. | 2013-12-14 | 5.0 | CVE-2013-6965 |
| cisco -- webex_training_center | Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031. | 2013-12-16 | 5.8 | CVE-2013-6966 |
| cisco -- webex_sales_center | Open redirect vulnerability in the mobile-browser subsystem in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36020. | 2013-12-14 | 5.8 | CVE-2013-6967 |
| cisco -- webex_training_center | Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a series of requests, aka Bug ID CSCul36003. | 2013-12-14 | 5.0 | CVE-2013-6968 |
| cisco -- webex_training_center | The training-registration page in Cisco WebEx Training Center allows remote attackers to modify unspecified fields via unknown vectors, aka Bug ID CSCul35990. | 2013-12-14 | 4.3 | CVE-2013-6969 |
| cisco -- webex_meeting_center | Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information by reading verbose error messages within server responses, aka Bug ID CSCul35928. | 2013-12-14 | 5.0 | CVE-2013-6970 |
| cisco -- webex_training_center | Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140. | 2013-12-14 | 5.8 | CVE-2013-6971 |
| cisco -- webex_training_center | Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126. | 2013-12-14 | 5.0 | CVE-2013-6972 |
| cisco -- webex_training_center | Cisco WebEx Training Center allows remote attackers to discover registration IDs via a crafted URL, aka Bug ID CSCul57121. | 2013-12-14 | 4.3 | CVE-2013-6973 |
| cisco -- epc3925 | Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496. | 2013-12-19 | 6.8 | CVE-2013-6976 |
| cooperindustries -- smp_16_gateway_(data_concentrator) | The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 gateways allows physically proximate attackers to cause a denial of service (reboot or link outage) via crafted input over a serial line. | 2013-12-17 | 4.7 | CVE-2013-2816 |
| cru-inc -- ditto_forensic_fieldstation | Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto Forensic FieldStation with firmware 2013Oct15a and earlier allow (1) remote attackers to inject arbitrary web script or HTML via the username parameter in a login or (2) remote authenticated users to inject arbitrary web script or HTML via unspecified form fields. | 2013-12-17 | 4.3 | CVE-2013-6882 |
| cru-inc -- ditto_forensic_fieldstation | Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests that modify the disk erase technique settings via unspecified vectors. | 2013-12-17 | 6.8 | CVE-2013-6883 |
| cybozu -- dezie | Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Cancel button. | 2013-12-13 | 4.3 | CVE-2013-6005 |
| d-link -- dsr-1000 | D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#]["Password"] fields in /tmp/teamf1.cfg.ascii. | 2013-12-18 | 4.9 | CVE-2013-7005 |
| devscripts_devel_team -- devscripts | The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name. | 2013-12-13 | 6.8 | CVE-2013-7050 |
| devscripts_devel_team -- devscripts | Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename. | 2013-12-14 | 5.8 | CVE-2013-7085 |
| digium -- asterisk | Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message. | 2013-12-19 | 5.0 | CVE-2013-7100 |
| emc -- rsa_archer_egrc | Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-19 | 4.3 | CVE-2013-6178 |
| gnome -- gnumeric | Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value. | 2013-12-18 | 4.3 | CVE-2013-6836 |
| gnu -- libmicrohttpd | The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read. | 2013-12-13 | 6.4 | CVE-2013-7038 |
| gnu -- libmicrohttpd | Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header. | 2013-12-13 | 5.1 | CVE-2013-7039 |
| hp -- officejet_pro_8500 | Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka A909) All-in-One printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-14 | 4.3 | CVE-2013-4845 |
| hp -- operations_orchestration | Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-16 | 4.3 | CVE-2013-6191 |
| hp -- operations_orchestration | Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration before 9 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2013-12-16 | 6.8 | CVE-2013-6192 |
| hp -- color_laserjet_cm1312nfi_multifunction_printer | Unspecified vulnerability on HP LaserJet M1522n and M2727; LaserJet Pro 100, 300, 400, CM1415fnw, CP1*, M121*, M1536dnf, and P1*; Color LaserJet CM* and CP*; and TopShot LaserJet Pro M275 printers allows remote attackers to cause a denial of service via unknown vectors. | 2013-12-17 | 5.0 | CVE-2013-6193 |
| ibm -- cognos_command_center | Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) start or (2) stop services. | 2013-12-14 | 6.8 | CVE-2013-4000 |
| ibm -- cognos_command_center | Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie. | 2013-12-14 | 4.3 | CVE-2013-4001 |
| ibm -- rational_clearcase | The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database names via unspecified vectors. | 2013-12-19 | 4.3 | CVE-2013-5422 |
| ibm -- infosphere_master_data_management_collaboration_server | Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 IF5 and 11.0 before IF1 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 IF11 allows remote authenticated users to hijack web sessions via unspecified vectors. | 2013-12-19 | 4.9 | CVE-2013-5426 |
| ibm -- flex_system_manager | Cross-site scripting (XSS) vulnerability in the web server in IBM Flex System Manager (FSM) 1.1.0 through 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-14 | 4.3 | CVE-2013-5438 |
| ibm -- content_navigator | IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct clickjacking attacks via vectors involving FRAME elements. | 2013-12-19 | 4.3 | CVE-2013-5462 |
| ibm -- db2 | The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via unspecified vectors. | 2013-12-18 | 4.0 | CVE-2013-5466 |
| ibm -- sterling_connect_enterprise_http_option | Cross-site scripting (XSS) vulnerability in the HTTP Option in IBM Sterling Connect:Enterprise 1.3 before 1.3.0.2 iFix 1 and 1.4 before 1.4.0.0 iFix 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "cross-frame scripting" issue. | 2013-12-17 | 4.3 | CVE-2013-6327 |
| ibm -- db2 | The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service (database outage and deactivation) via unspecified vectors. | 2013-12-19 | 4.0 | CVE-2013-6717 |
| ibm -- sametime | Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-17 | 4.3 | CVE-2013-6733 |
| juniper -- idp250 | Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web server. | 2013-12-13 | 4.3 | CVE-2013-6957 |
| linux -- linux_kernel | The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. | 2013-12-14 | 5.7 | CVE-2013-6367 |
| linux -- linux_kernel | The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. | 2013-12-14 | 6.2 | CVE-2013-6368 |
| linux -- linux_kernel | The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. | 2013-12-14 | 5.2 | CVE-2013-6376 |
| mcafee -- email_gateway | Multiple SQL injection vulnerabilities in /admin/cgi-bin/rpc/doReport/18 in McAfee Email Gateway 7.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) events_col, (2) event_id, (3) reason, (4) events_order, (5) emailstatus_order, or (6) emailstatus_col JSON keys. | 2013-12-13 | 6.5 | CVE-2013-7092 |
| mediawiki -- mediawiki | Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading. | 2013-12-13 | 6.8 | CVE-2012-5394 |
| mediawiki -- mediawiki | Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \b (backspace) character in CSS. | 2013-12-13 | 4.3 | CVE-2013-4567 |
| mediawiki -- mediawiki | Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression" containing (1) full width characters or (2) IPA extensions, which are converted and rendered by Internet Explorer. | 2013-12-13 | 4.3 | CVE-2013-4568 |
| mediawiki -- mediawiki | The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote attackers to obtain sensitive information (revision-deleted IPs) via the Recent Changes page. | 2013-12-13 | 4.3 | CVE-2013-4569 |
| mike_stefanello -- og_features | The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictions via a request. | 2013-12-18 | 5.8 | CVE-2013-7067 |
| munin-monitoring -- munin | The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data. | 2013-12-13 | 5.0 | CVE-2013-6048 |
| munin-monitoring -- munin | Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name. | 2013-12-13 | 4.3 | CVE-2013-6359 |
| net-snmp -- net-snmp | Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout. | 2013-12-13 | 4.3 | CVE-2012-6151 |
| no-margin-for-errors -- prettyphoto | Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI. | 2013-12-18 | 4.3 | CVE-2013-6837 |
| openstack -- keystone | The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request. | 2013-12-14 | 5.8 | CVE-2013-6391 |
| openstack -- heat | The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method. | 2013-12-14 | 4.0 | CVE-2013-6426 |
| openstack -- heat | The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenant_id in the request path. | 2013-12-14 | 4.0 | CVE-2013-6428 |
| openttd -- openttd | The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD 0.3.6 through 1.3.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) by crashing an aircraft outside of the map. | 2013-12-14 | 5.0 | CVE-2013-6411 |
| philippe_jounin -- tftpd32 | Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remote File field. | 2013-12-13 | 5.0 | CVE-2013-6809 |
| quagga -- quagga | The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update. | 2013-12-14 | 4.3 | CVE-2013-6051 |
| rockmongo -- rockmongo | Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ROCK_LANG cookie, as demonstrated in a login.index action to index.php. | 2013-12-14 | 5.0 | CVE-2013-5107 |
| sap -- network_interface_router | SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors. | 2013-12-13 | 5.0 | CVE-2013-7093 |
| sonarsource -- jenkins_plugin | The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure. | 2013-12-13 | 4.0 | CVE-2013-5676 |
| themebeans -- blooog_theme | Cross-site scripting (XSS) vulnerability in ThemeBeans Blooog theme 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the jQuery parameter to assets/js/jplayer.swf. | 2013-12-17 | 4.3 | CVE-2013-7129 |
| trimble -- sketchup_viewer | Stack-based buffer overflow in Trimble SketchUp Viewer 13.0.4124 allows remote attackers to execute arbitrary code via a crafted .SKP file. | 2013-12-17 | 6.8 | CVE-2013-6038 |
| wireshark -- wireshark | The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | 2013-12-19 | 5.0 | CVE-2013-7112 |
| wireshark -- wireshark | epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2013-12-19 | 5.0 | CVE-2013-7113 |
| wireshark -- wireshark | Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet. | 2013-12-19 | 5.0 | CVE-2013-7114 |
| xen -- xen | Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors. | 2013-12-13 | 6.8 | CVE-2013-6400 |
| xmlsoft -- libxslt | xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825. | 2013-12-14 | 4.3 | CVE-2013-4520 |
| zabbix -- zabbix | The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter. | 2013-12-14 | 5.0 | CVE-2013-1364 |
| zimbra -- zimbra_collaboration_suite | Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. | 2013-12-13 | 5.0 | CVE-2013-7091 |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| acme -- thttpd | thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file. | 2013-12-13 | 2.1 | CVE-2013-0348 |
| apple -- safari | Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file. | 2013-12-17 | 2.1 | CVE-2013-7127 |
| cisco -- webex_meeting_center | Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197. | 2013-12-14 | 3.5 | CVE-2013-6964 |
| ibm -- rational_software_architect_design_manager | Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files. | 2013-12-14 | 2.1 | CVE-2013-3042 |
| ibm -- rational_software_architect_design_manager | Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files. | 2013-12-14 | 2.1 | CVE-2013-3043 |
| ibm -- rational_focal_point | Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.6 before devfix5, 6.6.0.1 before devfix2, and 6.6.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-5398. | 2013-12-18 | 3.3 | CVE-2013-5397 |
| ibm -- rational_focal_point | Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.6 before devfix5, 6.6.0.1 before devfix2, and 6.6.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-5397. | 2013-12-18 | 3.3 | CVE-2013-5398 |
| ibm -- change_and_configuration_management_database | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-18 | 3.5 | CVE-2013-5402 |
| ibm -- infosphere_information_server | IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows local users to obtain sensitive information in opportunistic circumstances by leveraging the presence of file content after a failed installation. | 2013-12-18 | 2.1 | CVE-2013-5440 |
| ibm -- filenet_business_process_framework | IBM FileNet Business Process Framework 4.1.0 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2013-12-19 | 3.5 | CVE-2013-5452 |
| ibm -- websphere_service_registry_and_repository | Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.x through 8.0.0.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving widgets. | 2013-12-17 | 3.5 | CVE-2013-6721 |
| juniper -- ive_os | Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-13 | 2.1 | CVE-2013-6956 |
| percona -- xtrabackup | Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks. | 2013-12-13 | 2.1 | CVE-2013-6394 |
| valvesoftware -- steamos | Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1 in Valve SteamOS Beta stores cleartext credentials in a .valve-bugreporter.cfg file upon a Remember Credentials action, which allows local users to obtain sensitive information by reading this file. | 2013-12-17 | 2.1 | CVE-2013-7128 |
Please share your thoughts
We recently updated our anonymous product survey; we welcome your feedback.