SB13-238: Vulnerability Summary for the Week of August 19, 2013

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Title: SB13-238: Vulnerability Summary for the Week of August 19, 2013

US Computer Emergency Readiness Team banner graphic

National Cyber Awareness System:

08/26/2013 06:58 AM EDT

Original release date: August 26, 2013

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities
Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
Back to top
alienvault -- open_source_security_information_management Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php. 2013-08-20 7.5 CVE-2013-5321
apache -- xml_security_for_c++ Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PrefixList attribute. 2013-08-20 7.5 CVE-2013-2156
apache -- xml_security_for_c++ Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions. NOTE: this is due to an incorrect fix for CVE-2013-2154. 2013-08-20 7.5 CVE-2013-2210
benjamin_arnaudetr -- ginkgocms SQL injection vulnerability in Ginkgo CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the rang parameter to index.php. 2013-08-20 7.5 CVE-2013-5318
cisco -- unified_communications_manager Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959. 2013-08-22 7.8 CVE-2013-3453
die-netzmacher -- browser SQL injection vulnerability in the Browser - TYPO3 without PHP (browser) extension before 4.5.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2013-08-16 7.5 CVE-2013-5306
google -- chrome Multiple unspecified vulnerabilities in Google Chrome before 29.0.1547.57 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2013-08-21 7.5 CVE-2013-2887
google -- chrome The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks via a crafted directory name. 2013-08-21 7.5 CVE-2013-2900
google -- chrome Multiple integer overflows in (1) libGLESv2/renderer/Renderer9.cpp and (2) libGLESv2/renderer/Renderer11.cpp in Almost Native Graphics Layer Engine (ANGLE), as used in Google Chrome before 29.0.1547.57, allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2013-08-21 7.5 CVE-2013-2901
google -- chrome Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call involving (1) an HTML document or (2) an xsl:processing-instruction element that is still in the process of loading. 2013-08-21 7.5 CVE-2013-2902
google -- chrome Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving moving a (1) AUDIO or (2) VIDEO element between documents. 2013-08-21 7.5 CVE-2013-2903
google -- chrome Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via an onload event that changes an IFRAME element so that its src attribute is no longer an XML document, leading to unintended garbage collection of this document. 2013-08-21 7.5 CVE-2013-2904
heiko_sudar -- slideshare SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2013-08-23 7.5 CVE-2013-5569
hp -- service_center Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31 and Service Center 6.2.8 allows remote attackers to obtain privileged access via unknown vectors. 2013-08-17 10.0 CVE-2013-4808
ibm -- global_console_manager_16_firmware ping.php in Global Console Manager 16 (GCM16) and Global Console Manager 32 (GCM32) before 1.20.0.22575 on the IBM Avocent 1754 KVM switch allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) count or (2) size parameter. 2013-08-21 8.5 CVE-2013-0526
jan_bednarik -- cooluri SQL injection vulnerability in the CoolURI extension before 1.0.30 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2013-08-20 7.5 CVE-2013-5322
janrain -- php-openid Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2013-08-21 7.5 CVE-2013-4701
joachim_ruhs -- locator Unspecified vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize." 2013-08-16 10.0 CVE-2013-5303
joachim_ruhs -- locator SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2013-08-16 7.5 CVE-2013-5304
kennziffer -- ke_search SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2013-08-16 7.5 CVE-2013-5302
kepware -- kepserverex_communications_platform The Kepware DNP Master Driver for the KEPServerEX Communications Platform before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line. 2013-08-22 7.8 CVE-2013-2789
mauro_lorenzutti -- wfqbe SQL injection vulnerability in the DB Integration (wfqbe) extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2013-08-16 7.5 CVE-2013-5310
openstack -- folsom XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name. 2013-08-20 7.5 CVE-2013-2161
puppetlabs -- puppet Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call. 2013-08-19 7.5 CVE-2013-3567
sixnet -- udr The universal protocol implementation in Sixnet UDR before 2.0 and RTU firmware before 4.8 allows remote attackers to execute arbitrary code; read, modify, or create files; or obtain file metadata via function opcodes. 2013-08-21 10.0 CVE-2013-2802
trustport -- webfilter Directory traversal vulnerability in help.php in Trustport Webfilter 5.5.0.2232 allows remote attackers to read arbitrary files via a .. (dot dot) in the hf parameter. 2013-08-16 7.8 CVE-2013-5301
vastal -- phpvid Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to execute arbitrary SQL commands via the "n" parameter to (1) browse_videos.php or (2) members.php. NOTE: the cat parameter is already covered by CVE-2008-4157. 2013-08-19 7.5 CVE-2013-5311

Medium Vulnerabilities
Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
Back to top
alcatel-lucent -- omnitouch_8400_instant_communications_suite Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message Delivery System (AMDS) before 6.7, Omnitouch 8460 Advanced Communication Server before 9.1, and OmniTouch 8400 Instant Communications Suite before 6.7.3 (1) allow remote attackers to inject arbitrary web script or HTML via a crafted URL that results in a reflected XSS or (2) allow user-assisted remote attackers to inject arbitrary web script or HTML via a user's personal bookmark entry that results in a stored XSS via unspecified vectors. 2013-08-19 4.3 CVE-2013-4653
apache -- cxf Apache CFX 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack." 2013-08-19 6.4 CVE-2012-5575
apache -- cloudstack Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance name, or (4) group to the Instance wizard; (5) unspecified "multi-edit fields;" and (6) unspecified "list view" edit fields related to global settings. 2013-08-19 4.3 CVE-2013-2136
apache -- xml_security_for_c++ The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures and spoof arbitrary content via crafted Reference elements in the Signature, aka "XML Signature Bypass issue." 2013-08-20 4.3 CVE-2013-2153
apache -- xml_security_for_c++ Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions, probably related to the DSIGReference::getURIBaseTXFM function. 2013-08-20 6.4 CVE-2013-2154
apache -- xml_security_for_c++ Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the (1) compareBase64StringToRaw, (2) DSIGAlgorithmHandlerDefault, or (3) DSIGAlgorithmHandlerDefault::verify functions. 2013-08-20 5.8 CVE-2013-2155
apache -- cxf Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors. 2013-08-19 5.0 CVE-2013-2160
apache -- xml_security_for_java jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature." 2013-08-20 4.3 CVE-2013-2172
atlassian -- jira Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa. 2013-08-20 4.3 CVE-2013-5319
axel_jung -- js_css_optimizer Cross-site scripting (XSS) vulnerability in the _javascript_ and CSS Optimizer extension before 1.1.14 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2013-08-23 4.3 CVE-2013-5570
bestpractical -- request_tracker Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors. 2013-08-23 6.0 CVE-2012-4733
bigtreecms -- bigtree_cms Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php. 2013-08-19 6.8 CVE-2013-4881
bigtreecms -- bigtree_cms Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user action. 2013-08-19 6.8 CVE-2013-5313
google -- chrome The SharedMemory::Create function in memory/shared_memory_posix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file. 2013-08-21 5.0 CVE-2013-2905
happyworm -- jplayer Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in the Flash SWF component in jPlayer before 2.2.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-1942 and CVE-2013-2023. 2013-08-17 4.3 CVE-2013-2022
haproxy -- haproxy HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable. 2013-08-19 5.0 CVE-2013-2175
henri_wahl -- nagstamon The automatic update request in Nagstamont before 0.9.10 uses a cleartext base64 format for transmission of a username and password, which allows remote attackers to obtain sensitive information by sniffing the network. 2013-08-16 5.0 CVE-2013-4114
ibm -- websphere_application_server Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2013-08-21 4.3 CVE-2013-2967
ibm -- infosphere_optim_performance_manager Directory traversal vulnerability in IBM Optim Performance Manager 4.1.1 and IBM InfoSphere Optim Performance Manager 5.x before 5.2 allows remote authenticated users to read arbitrary files via a crafted URL. 2013-08-22 4.0 CVE-2013-2979
ibm -- websphere_portal IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to access the user directory via a crafted request for a servlet, related to the serveServletsByClassnameEnabled setting. 2013-08-21 4.0 CVE-2013-3016
ibm -- websphere_application_server Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. 2013-08-21 6.8 CVE-2013-3029
joachim_ruhs -- locator Cross-site scripting (XSS) vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2013-08-16 4.3 CVE-2013-5305
juralsulek -- realurlmanagement Cross-site scripting (XSS) vulnerability in the RealURL Management (realurlmanagement) extension 0.3.4 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2013-08-16 4.3 CVE-2013-5308
kennziffer -- ke_search Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2013-08-16 4.3 CVE-2013-5307
mesa3d -- mesa The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796. 2013-08-19 6.8 CVE-2013-1872
monster_menu_module_project -- monster_menu The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors. 2013-08-21 6.0 CVE-2013-4230
openstack -- keystone OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password. 2013-08-20 4.3 CVE-2013-2157
openstack -- folsom OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected. 2013-08-20 4.0 CVE-2013-4155
osisoft -- pi_interface The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remote attackers to cause a denial of service (memory consumption or memory corruption, instance shutdown, and data-collection outage) via crafted C37.118 configuration packets. 2013-08-22 5.0 CVE-2013-2800
osisoft -- pi_interface The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remote attackers to cause a denial of service (instance shutdown and data-collection outage) via crafted C37.118 configuration packets that trigger an invalid read operation. 2013-08-22 5.0 CVE-2013-2801
ows -- scald Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) flash_uri, (2) flash_width, or (3) flash_height in the scald_flash_scald_prerender function in providers/scald_flash/scald_flash.module; or the (4) caption in the scald_image_scald_prerender function in providers/scald_image/scald_image.module. 2013-08-19 4.3 CVE-2013-4174
perlmonks -- module::signature The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/. 2013-08-19 4.4 CVE-2013-2145
php -- php The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a ' ' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. 2013-08-17 4.3 CVE-2013-4248
phpmyadmin -- phpmyadmin phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php. 2013-08-19 4.3 CVE-2013-5029
pip-installer -- pip pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory. 2013-08-17 6.9 CVE-2013-1888
puppetlabs -- puppet Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master. 2013-08-20 5.1 CVE-2013-4761
puppetlabs -- puppet_enterprise Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by obtaining an old session ID. 2013-08-20 5.8 CVE-2013-4762
puppetlabs -- puppet_enterprise Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter. 2013-08-20 5.8 CVE-2013-4955
puppetlabs -- puppet_enterprise Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation. 2013-08-20 6.9 CVE-2013-4958
puppetlabs -- puppet_enterprise Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as (1) host name, (2) MAC address, and (3) SSH keys via the web browser cache. 2013-08-20 4.9 CVE-2013-4959
puppetlabs -- puppet_enterprise Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information. 2013-08-20 5.0 CVE-2013-4961
puppetlabs -- puppet_enterprise The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors. 2013-08-20 4.3 CVE-2013-4962
puppetlabs -- puppet_enterprise Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. 2013-08-20 4.3 CVE-2013-4964
puppetlabs -- puppet_enterprise Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes. 2013-08-20 5.0 CVE-2013-4967
python -- python The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a ' ' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. 2013-08-17 6.8 CVE-2013-4238
redhat -- jboss_enterprise_application_platform Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client. 2013-08-16 6.4 CVE-2013-4213
ritecms -- ritecms Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit user action to cms/index.php. 2013-08-20 6.8 CVE-2013-5316
ruby-lang -- ruby The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a ' ' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. 2013-08-17 6.8 CVE-2013-4073
s9y -- serendipity Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter. 2013-08-19 4.3 CVE-2013-5314
simon_tatham -- putty Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication. 2013-08-19 6.8 CVE-2013-4206
simon_tatham -- putty Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum functionality, a different vulnerability than CVE-2013-4206. 2013-08-19 4.3 CVE-2013-4207
simon_tatham -- putty Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow. 2013-08-19 6.8 CVE-2013-4852
sourcetreesolutions -- mojoportal Cross-site scripting (XSS) vulnerability in Forums/EditPost.aspx in mojoPortal before 2.3.9.8 allows remote attackers to inject arbitrary web script or HTML via the txtSubject parameter. 2013-08-20 4.3 CVE-2013-5320
spice_project -- spice The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable assertion and server exit) by triggering a network error. 2013-08-20 5.0 CVE-2013-4130
stanislas_rolland -- static_info_tables Cross-site scripting (XSS) vulnerability in the Static Info Tables (static_info_tables) extension before 2.3.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2013-08-20 4.3 CVE-2013-5323
vastal -- phpvid Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to browse_videos.php or the (2) cat parameter to groups.php. 2013-08-19 4.3 CVE-2013-5312
yahoo -- yafuoku! The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2013-08-21 5.8 CVE-2013-4699
yahoo -- japan_shopping The Yahoo! Japan Shopping application 1.4 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2013-08-21 5.8 CVE-2013-4700

Low Vulnerabilities
Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
Back to top
advantech -- advantech_webaccess Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2013-08-22 3.5 CVE-2013-2299
canonical -- ubuntu_linux Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials. 2013-08-19 1.9 CVE-2013-2162
gnupg -- gnupg GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. 2013-08-19 2.1 CVE-2013-4242
ibm -- websphere_application_server Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0, when OAuth is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2013-08-21 3.5 CVE-2013-0597
ibm -- websphere_application_server The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors. 2013-08-21 1.9 CVE-2013-2976
ibm -- websphere_application_server Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.7 and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2013-08-21 3.5 CVE-2013-4004
ibm -- websphere_application_server Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified fields. 2013-08-21 3.5 CVE-2013-4005
ilia_alshanetsky -- fudforum Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information. 2013-08-16 2.6 CVE-2013-5309
imagemenu_project -- imagemenu Cross-site scripting (XSS) vulnerability in the Imagemenu module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer imagemenu" permission to inject arbitrary web script or HTML via an image file name. 2013-08-23 2.1 CVE-2012-6583
monster_menu_module_project -- monster_menu Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings. 2013-08-21 2.1 CVE-2013-4229
ows -- scald Cross-site scripting (XSS) vulnerability in the Resource Manager in the MEE submodule (mee.module) in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the atom title, a different vector than CVE-2013-4174. 2013-08-19 2.6 CVE-2013-5315
puppetlabs -- puppet Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions. 2013-08-20 2.1 CVE-2013-4956
redhat -- enterprise_virtualization VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields." 2013-08-19 2.7 CVE-2013-0167
redhat -- enterprise_virtualization VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response. NOTE: this issue is due to an incomplete fix for CVE-2013-0167. 2013-08-19 2.7 CVE-2013-4236
ritecms -- ritecms Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the mode parameter to cms/index.php. 2013-08-20 3.5 CVE-2013-5317
simon_tatham -- putty PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory. 2013-08-23 2.1 CVE-2011-4607
simon_tatham -- putty The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys. 2013-08-19 2.1 CVE-2013-4208
spambot_module_project -- spambot Cross-site scripting (XSS) vulnerability in the Spambot module 6.x-3.x before 6.x-3.2 and 7.x-1.x before 7.x-1.1 for Drupal allows certain remote attackers to inject arbitrary web script or HTML via a stopforumspam.com API response, which is logged by the watchdog. 2013-08-20 2.6 CVE-2012-6582

This product is provided subject to this Notification and this Privacy & Use policy.


This email was sent to linux-security@xxxxxxxxxxx using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (703) 235-5110 Powered by GovDelivery

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux