Vulnerability Summary for the Week of January 6, 2014
Released
Jan 13, 2014
Document ID
SB14-013
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| conceptronic -- c54apm | The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks. | 2014-01-10 | 7.8 | CVE-2014-1408 |
| cru-inc -- ditto_forensic_fieldstation | CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the forensic imaging task. | 2014-01-07 | 10.0 | CVE-2013-6881 |
| cru-inc -- ditto_forensic_fieldstation | The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges. | 2014-01-07 | 10.0 | CVE-2013-6884 |
| cynthia_fridsma -- horizon_quick_content_management_system | SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter. | 2014-01-09 | 7.5 | CVE-2013-7139 |
| devscripts_devel_team -- devscripts | Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball. | 2014-01-07 | 7.5 | CVE-2013-6888 |
| google -- picasa | Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a crafted JPEG tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a large JPEG tag value and a small size. | 2014-01-08 | 7.5 | CVE-2013-5349 |
| google -- picasa | Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a long TIFF tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a long TIFF StripByteCounts tag. | 2014-01-08 | 7.5 | CVE-2013-5357 |
| google -- picasa | Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to trigger memory corruption via a crafted TIFF tag, as demonstrated using a KDC file with a DSLR-A100 model and certain sequences of tags. | 2014-01-08 | 7.5 | CVE-2013-5358 |
| google -- picasa | Stack-based buffer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 might allow remote attackers to execute arbitrary code via a crafted RAW file, as demonstrated using a KDC file with a certain size. | 2014-01-08 | 7.5 | CVE-2013-5359 |
| graphviz -- graphviz | Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file. | 2014-01-10 | 9.3 | CVE-2014-0978 |
| graphviz -- graphviz | Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list." | 2014-01-10 | 10.0 | CVE-2014-1236 |
| hp -- storage_data_protector | Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1866. | 2014-01-03 | 10.0 | CVE-2013-2344 |
| hp -- storage_data_protector | Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1869. | 2014-01-03 | 10.0 | CVE-2013-2345 |
| hp -- storage_data_protector | Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1870. | 2014-01-03 | 10.0 | CVE-2013-2346 |
| hp -- storage_data_protector | Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1885. | 2014-01-03 | 10.0 | CVE-2013-2347 |
| hp -- storage_data_protector | Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1892. | 2014-01-03 | 10.0 | CVE-2013-2348 |
| hp -- storage_data_protector | Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1896. | 2014-01-03 | 10.0 | CVE-2013-2349 |
| hp -- storage_data_protector | Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1897. | 2014-01-03 | 10.0 | CVE-2013-2350 |
| hp -- storage_data_protector | Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905. | 2014-01-03 | 10.0 | CVE-2013-6194 |
| hp -- storage_data_protector | Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-2008. | 2014-01-03 | 10.0 | CVE-2013-6195 |
| ibm -- atlas_ediscovery_process_management | SQL injection vulnerability in IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite (aka Atlas Policy Suite) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2014-01-10 | 7.5 | CVE-2013-6321 |
| libreswan -- libreswan | Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages in libreswan 3.6 has unspecified impact and attack vectors, involving the /var/tmp/libreswan-nss-pwd temporary file. | 2014-01-09 | 9.3 | CVE-2013-7283 |
| mini-stream -- castripper | Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long URL in the [playlist] section in a .pls file, a different vector than CVE-2009-1667. | 2014-01-03 | 7.5 | CVE-2009-5137 |
| naxtech -- cms_afroditi | SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to default.asp. | 2014-01-08 | 7.5 | CVE-2013-7278 |
| nisuta -- ns-wir150ne | The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WIR300N router with firmware 5.07.36_NIS01 allows remote attackers to bypass authentication via a "Cookie: :language=en" HTTP header. | 2014-01-10 | 10.0 | CVE-2013-7282 |
| qnap -- qts | Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS before 4.1.0 allows remote attackers to read arbitrary files via a full pathname in the f parameter. | 2014-01-09 | 7.8 | CVE-2013-7174 |
| real -- realplayer | Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877. | 2014-01-03 | 7.5 | CVE-2013-7260 |
| symantec -- endpoint_protection | The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authenticated users to gain privileges by leveraging access to a limited-admin account. | 2014-01-10 | 7.4 | CVE-2013-5009 |
| symantec -- endpoint_protection | Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 allows local users to gain privileges via a crafted program in the %SYSTEMDRIVE% directory. | 2014-01-10 | 7.2 | CVE-2013-5011 |
| synology -- diskstation_manager | webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header. | 2014-01-09 | 10.0 | CVE-2013-6955 |
| x -- libxfont | Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file. | 2014-01-09 | 9.3 | CVE-2013-6462 |
| xen -- xen | The get_free_port function in Xen allows local authenticated DomU users to cause a denial of service or possibly gain privileges via unspecified vectors involving a new event channel port. | 2014-01-07 | 7.7 | CVE-2011-1763 |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 7mediaws -- edutrac | Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the showmask parameter to installer/overview.php. | 2014-01-08 | 5.0 | CVE-2013-7097 |
| ad-minister_project -- ad-minister | Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the key parameter in a delete action to wp-admin/tools.php. | 2014-01-03 | 4.3 | CVE-2013-6993 |
| amberdms -- amberdms_billing_system | Amberdms Billing System (ABS) before 1.4.1 does not properly implement blacklisting after detection of invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. | 2014-01-10 | 6.4 | CVE-2010-5291 |
| anthony_mills -- s3_video | Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video plugin before 0.983 for WordPress allows remote attackers to inject arbitrary web script or HTML via the base parameter. | 2014-01-08 | 4.3 | CVE-2013-7279 |
| aphpkb -- aphpkb | Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to saa.php, (2) username parameter to login.php, or (3) keyword_list parameter to keysearch.php. | 2014-01-08 | 4.3 | CVE-2013-7277 |
| aphpkb -- aphpkb | Multiple cross-site scripting (XSS) vulnerabilities in register.php in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, (3) email, or (4) username parameter. | 2014-01-10 | 4.3 | CVE-2013-7289 |
| askapache -- firefox_adsense | Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Firefox Adsense plugin 3.0 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the aafireadcode parameter to wp-admin/options-general.php. | 2014-01-03 | 6.8 | CVE-2013-6992 |
| cisco -- secure_access_control_system | Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud89431. | 2014-01-10 | 4.3 | CVE-2013-6974 |
| cisco -- nx-os | The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote attackers to cause a denial of service (peer reset) via a crafted message, aka Bug ID CSCuj03174. | 2014-01-08 | 4.3 | CVE-2013-6982 |
| cisco -- context_directory_agent | The administrative interface in Cisco Context Directory Agent (CDA) does not properly enforce authorization requirements, which allows remote authenticated users to obtain administrative access by hijacking a session, aka Bug ID CSCuj45347. | 2014-01-08 | 4.9 | CVE-2014-0651 |
| cisco -- context_directory_agent | Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuj45358. | 2014-01-08 | 4.3 | CVE-2014-0652 |
| cisco -- adaptive_security_appliance | The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340. | 2014-01-08 | 4.3 | CVE-2014-0653 |
| cisco -- context_directory_agent | Cisco Context Directory Agent (CDA) allows remote attackers to modify the cache via a replay attack involving crafted RADIUS accounting messages, aka Bug ID CSCuj45383. | 2014-01-08 | 4.3 | CVE-2014-0654 |
| cisco -- adaptive_security_appliance | The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID CSCuj45332. | 2014-01-08 | 4.3 | CVE-2014-0655 |
| cisco -- context_directory_agent | Cisco Context Directory Agent (CDA) allows remote authenticated users to trigger the omission of certain user-interface data via crafted field values, aka Bug ID CSCuj45353. | 2014-01-08 | 4.0 | CVE-2014-0656 |
| cisco -- unified_communications_manager | The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540. | 2014-01-08 | 4.0 | CVE-2014-0657 |
| cisco -- unified_ip_phone_9951 | Cisco 9900 Unified IP phones allow remote attackers to cause a denial of service (unregistration) via a crafted SIP header, aka Bug ID CSCul24898. | 2014-01-10 | 5.4 | CVE-2014-0658 |
| cisco -- secure_access_control_system | Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum03625. | 2014-01-10 | 4.3 | CVE-2014-0663 |
| cisco -- unity_connection | The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service (CPU consumption) via unspecified IMAP commands, aka Bug ID CSCul49976. | 2014-01-10 | 6.8 | CVE-2014-0664 |
| codiad -- codiad | Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the Project Name field. | 2014-01-03 | 4.3 | CVE-2013-7257 |
| conceptronic -- c54apm | Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup. | 2014-01-10 | 5.8 | CVE-2014-1405 |
| conceptronic -- c54apm | CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action. | 2014-01-10 | 4.3 | CVE-2014-1406 |
| conceptronic -- c54apm | Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup. | 2014-01-10 | 4.3 | CVE-2014-1407 |
| cynthia_fridsma -- horizon_quick_content_management_system | Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter. | 2014-01-09 | 5.0 | CVE-2013-7138 |
| dotnetblogengine -- blogengine.net | BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file. | 2014-01-03 | 5.0 | CVE-2013-6953 |
| ecava -- integraxor | The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL. | 2014-01-09 | 5.0 | CVE-2014-0752 |
| foliovision -- foliopress_wysiwyg | Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-01-08 | 4.3 | CVE-2014-1232 |
| freerdp_project -- freerdp | Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet. | 2014-01-03 | 6.8 | CVE-2014-0791 |
| google -- chrome | Google Chrome before 21.0.1180.82 on iOS on iPad devices allows remote attackers to spoof the Omnibox URL via vectors involving SSL error messages, a related issue to CVE-2012-0674. | 2014-01-05 | 5.0 | CVE-2012-2898 |
| google -- chrome | Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors involving the document.write method. | 2014-01-05 | 4.3 | CVE-2012-2899 |
| hansotools -- hanso_playerools | Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier allows remote attackers to cause a denial of service (crash) via a long string in a .m3u file. | 2014-01-08 | 5.0 | CVE-2013-7280 |
| ibm -- atlas_ediscovery_process_management | IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite (aka Atlas Policy Suite) do not properly validate sessions, which allows remote attackers to bypass intended access restrictions, and visit PolicyAtlas/ResponseDraftServlet (aka the Compliance Questionnaire Save Draft servlet), via unspecified vectors. | 2014-01-10 | 6.4 | CVE-2013-6334 |
| libreswan -- libreswan | Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet. | 2014-01-07 | 5.0 | CVE-2013-4564 |
| linux -- linux_kernel | The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. | 2014-01-06 | 4.9 | CVE-2013-7263 |
| linux -- linux_kernel | The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. | 2014-01-06 | 4.9 | CVE-2013-7264 |
| linux -- linux_kernel | The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. | 2014-01-06 | 4.9 | CVE-2013-7265 |
| linux -- linux_kernel | The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. | 2014-01-06 | 4.9 | CVE-2013-7266 |
| linux -- linux_kernel | The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. | 2014-01-06 | 4.9 | CVE-2013-7267 |
| linux -- linux_kernel | The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. | 2014-01-06 | 4.9 | CVE-2013-7268 |
| linux -- linux_kernel | The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. | 2014-01-06 | 4.9 | CVE-2013-7269 |
| linux -- linux_kernel | The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. | 2014-01-06 | 4.9 | CVE-2013-7270 |
| linux -- linux_kernel | The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. | 2014-01-06 | 4.9 | CVE-2013-7271 |
| linux -- linux_kernel | The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. | 2014-01-08 | 4.9 | CVE-2013-7281 |
| mybb -- mybb | Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup. | 2014-01-08 | 4.3 | CVE-2013-7275 |
| mybb -- mybb | Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs. | 2014-01-10 | 4.3 | CVE-2013-7288 |
| open-xchange -- open-xchange_appsuite | Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing "crafted hyperlinks with script URL handlers." | 2014-01-08 | 4.3 | CVE-2013-6997 |
| openssl -- openssl | The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. | 2014-01-08 | 4.3 | CVE-2013-4353 |
| openstack -- havana | Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron. | 2014-01-07 | 5.0 | CVE-2013-6419 |
| opsview -- opsview | Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-01-03 | 4.3 | CVE-2013-7254 |
| opsview -- opsview | Open redirect vulnerability in Opsview before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2014-01-03 | 5.8 | CVE-2013-7255 |
| opsview -- opsview | Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2014-01-03 | 6.8 | CVE-2013-7256 |
| phusion -- passenger | Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem. | 2014-01-03 | 4.6 | CVE-2013-2119 |
| recommend_to_a_friend_project -- recommend_to_a_friend | Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the current_url parameter. | 2014-01-08 | 4.3 | CVE-2013-7276 |
| seagate -- blackarmor_nas_220 | Multiple cross-site scripting (XSS) vulnerabilities in Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname parameter to admin/access_control_user_edit.php or (2) workname parameter to admin/network_workgroup_domain.php. | 2014-01-09 | 4.3 | CVE-2013-6923 |
| sixapart -- movabletype | Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Movable Type 5.0x, 5.1x before 5.161, 5.2.x before 5.2.9, and 6.0.x before 6.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-01-10 | 4.3 | CVE-2014-0977 |
| symantec -- endpoint_protection | The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended policy restrictions and access files or directories via unspecified vectors. | 2014-01-10 | 4.6 | CVE-2013-5010 |
| technicolor -- tc7200 | Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route. | 2014-01-08 | 4.3 | CVE-2014-0620 |
| technicolor -- tc7200 | Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall. | 2014-01-08 | 6.8 | CVE-2014-0621 |
| umn -- mapserver | SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter. | 2014-01-05 | 6.8 | CVE-2013-7262 |
| wallpaperscript -- wallpaperscript | Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated users to inject arbitrary web script or HTML via the title field in a wallpaper file upload. | 2014-01-08 | 4.3 | CVE-2013-7274 |
| web2ldap -- web2ldap | Cross-site scripting (XSS) vulnerability in web2ldap 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "displaying group DN and entry data in group administration UI." | 2014-01-03 | 4.3 | CVE-2013-7258 |
| westerndeal -- advanced_dewplayer | Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter. | 2014-01-03 | 5.0 | CVE-2013-7240 |
| wokamoto -- wp-cron_dashboard | Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the procname parameter to wp-admin/tools.php. | 2014-01-03 | 4.3 | CVE-2013-6991 |
| xen -- xen | Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables. | 2014-01-07 | 5.5 | CVE-2011-1166 |
| xen -- xen | The instruction emulation in Xen 3.0.3 allows local SMP guest users to cause a denial of service (host crash) by replacing the instruction that causes the VM to exit in one thread with a different instruction in a different thread. | 2014-01-07 | 6.1 | CVE-2011-1780 |
| xen -- xen | Xen, when using x86 Intel processors and the VMX virtualization extension is enabled, does not properly handle cpuid instruction emulation when exiting the VM, which allows local guest users to cause a denial of service (guest crash) via unspecified vectors. | 2014-01-07 | 4.9 | CVE-2011-1936 |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| amberdms -- amberdms_billing_system | Amberdms Billing System (ABS) before 1.4.1, when a multi-instance installation is configured, might allow local users to obtain sensitive information by reading the cache in between runs of the include/cron/services_usage.php cron job. | 2014-01-10 | 1.9 | CVE-2010-5292 |
| apache -- libcloud | Libcloud 012.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM. | 2014-01-07 | 2.1 | CVE-2013-6480 |
| hp -- linux_imaging_and_printing_project | base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file. | 2014-01-05 | 2.1 | CVE-2013-6402 |
| mantisbt -- mantisbt | Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name. | 2014-01-10 | 3.5 | CVE-2013-4460 |
| paratrooper-newrelic_project -- paratrooper-newrelic | The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process. | 2014-01-10 | 2.1 | CVE-2014-1234 |
| puppetlabs -- puppet | Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files. | 2014-01-07 | 2.1 | CVE-2013-4969 |
| redhat -- libvirt | The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the "virsh memtune" command. | 2014-01-07 | 2.1 | CVE-2013-6436 |
| tobias_maier -- paratrooper-pingdom | The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process. | 2014-01-10 | 2.1 | CVE-2014-1233 |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.