Original release date: February 20, 2013 | Last revised: -- Systems Affected Any system using Oracle Java including JDK and JRE 7 Update 13 and earlier JDK and JRE 6 Update 39 and earlier JDK and JRE 5.0 Update 39 and earlier SDK and JRE 1.4.2_41 and earlier Web browsers using the Java plug-in are at high risk. Overview Multiple vulnerabilities in Java could allow an attacker to execute arbitrary code on a vulnerable system. Description The Oracle Java SE Critical Patch Update Advisory Update for February 2013 addresses multiple vulnerabilities in the Java Runtime Environment (JRE). An additional five fixes that had been previously planned for delivery are in this update. This distribution therefore completes the content for all originally planned fixes to be included in the Java SE Critical Patch Update for February 2013.  Both Java applets delivered via web browsers and stand-alone Java applications are affected, however web browsers using the Java plug-in are at particularly high risk. The Java plug-in, the Java Deployment Toolkit plug-in, and Java Web Start can be used as attack vectors. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate website and upload a malicious Java applet (a "drive-by download" attack). Some vulnerabilities affect stand-alone Java applications, depending on how the Java application functions and how it processes untrusted data. Reports indicate that at least one of these vulnerabilities is being actively exploited. Impact By convincing a user to load a malicious Java applet or Java Network Launching Protocol (JNLP) file, an attacker could execute arbitrary code on a vulnerable system with the privileges of the Java plug-in process. Stand-alone java applications may also be affected. Solution Update Java The Oracle Java SE Critical Patch Update Advisory Update for February 2013 states that Java 7 Update 15 and Java 6 Update 41 address these vulnerabilities. Disable Java in web browsers These and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered. To defend against this and future Java vulnerabilities, consider disabling Java in web browsers until adequate updates have been installed. As with any software, unnecessary features should be disabled or removed as appropriate for your environment. Starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet. From Setting the Security Level of the Java Client: For installations where the highest level of security is required, it is possible to entirely prevent any Java apps (signed or unsigned) from running in a browser by de-selecting Enable Java content in the browser in the Java Control Panel under the Security tab. If you are unable to update to at least Java 7 Update 10, please see the solution section of Vulnerability Note VU#636312 for instructions on how to disable Java on a per-browser basis. Restrict access to Java applets Network administrators unable to disable Java in web browsers may be able to help mitigate these and other Java vulnerabilities by restricting access to Java applets using a web proxy. Most web proxies have features that can be used to block or whitelist requests for .jar and .class files based on network location. Filtering requests that contain a Java User-Agent header may also be effective. For environments where Java is required on the local intranet, the proxy can be configured to allow access to Java applets hosted locally, but block access to Java applets on the internet. References Oracle Java SE Critical Patch Update Advisory Update - February 2013 Setting the Security Level of the Java Client The Security Manager How to disable the Java web plug-in in Safari How to turn off Java applets NoScript Securing Your Web Browser Vulnerability Note VU#636312 Revision History February 20, 2013: Initial release This product is provided subject to this Notification and this Privacy & Use policy.

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For updated or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- flash_player Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. 2013-02-08 9.3 CVE-2013-0633 adobe -- flash_player Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013. 2013-02-08 9.3 CVE-2013-0634 adobe -- shockwave_player Adobe Shockwave Player before 12.0.0.112 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. 2013-02-13 10.0 CVE-2013-0635 adobe -- shockwave_player Stack-based buffer overflow in Adobe Shockwave Player before 12.0.0.112 allows attackers to execute arbitrary code via unspecified vectors. 2013-02-13 10.0 CVE-2013-0636 adobe -- adobe_air Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-0647. 2013-02-12 10.0 CVE-2013-0638 adobe -- adobe_air Integer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors. 2013-02-12 10.0 CVE-2013-0639 adobe -- acrobat Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.5.3, 10.x through 10.1.5, and 11.x through 11.0.1 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013, a different vulnerability than CVE-2013-0641. 2013-02-13 9.3 CVE-2013-0640 adobe -- acrobat Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.5.3, 10.x through 10.1.5, and 11.x through 11.0.1 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013, a different vulnerability than CVE-2013-0640. 2013-02-13 9.3 CVE-2013-0641 adobe -- adobe_air Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. 2013-02-12 10.0 CVE-2013-0642 adobe -- adobe_air Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0649 and CVE-2013-1374. 2013-02-12 10.0 CVE-2013-0644 adobe -- adobe_air Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. 2013-02-12 10.0 CVE-2013-0645 adobe -- adobe_air Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-0638. 2013-02-12 10.0 CVE-2013-0647 adobe -- adobe_air Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0644 and CVE-2013-1374. 2013-02-12 10.0 CVE-2013-0649 adobe -- adobe_air Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. 2013-02-12 10.0 CVE-2013-1365 adobe -- adobe_air Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. 2013-02-12 10.0 CVE-2013-1366 adobe -- adobe_air Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. 2013-02-12 10.0 CVE-2013-1367 adobe -- adobe_air Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. 2013-02-12 10.0 CVE-2013-1368 adobe -- adobe_air Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. 2013-02-12 10.0 CVE-2013-1369 adobe -- adobe_air Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1372, and CVE-2013-1373. 2013-02-12 10.0 CVE-2013-1370 adobe -- adobe_air Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, and CVE-2013-1373. 2013-02-12 10.0 CVE-2013-1372 adobe -- adobe_air Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, and CVE-2013-1372. 2013-02-12 10.0 CVE-2013-1373 adobe -- adobe_air Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0644 and CVE-2013-0649. 2013-02-12 10.0 CVE-2013-1374 cisco -- ata_187_analog_telephone_adaptor The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and 9.2.3.1 before ES build 4 does not properly implement access control, which allows remote attackers to execute operating-system commands via vectors involving a session on TCP port 7870, aka Bug ID CSCtz67038. 2013-02-13 9.0 CVE-2013-1111 cubecart -- cubecart The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object. 2013-02-08 7.5 CVE-2013-1465 hp -- nonstop_server_software Multiple unspecified vulnerabilities on HP NonStop Servers H06.x and J06.x allow remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via an OSS Remote Operation over an Expand connection. 2013-02-13 9.0 CVE-2012-3280 labelgate -- mora_downloader Untrusted search path vulnerability in mora Downloader before 1.0.0.1 allows remote attackers to trigger the launch of a .exe file via unspecified vectors. 2013-02-13 7.5 CVE-2012-5188 microsoft -- internet_explorer Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SetCapture Use After Free Vulnerability." 2013-02-13 9.3 CVE-2013-0018 microsoft -- internet_explorer Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerability." 2013-02-13 9.3 CVE-2013-0019 microsoft -- internet_explorer Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkup Use After Free Vulnerability." 2013-02-13 9.3 CVE-2013-0020 microsoft -- internet_explorer Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer vtable Use After Free Vulnerability." 2013-02-13 9.3 CVE-2013-0021 microsoft -- internet_explorer Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability." 2013-02-13 9.3 CVE-2013-0022 microsoft -- internet_explorer Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CDispNode Use After Free Vulnerability." 2013-02-13 9.3 CVE-2013-0023 microsoft -- internet_explorer Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability." 2013-02-13 9.3 CVE-2013-0024 microsoft -- internet_explorer Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SLayoutRun Use After Free Vulnerability." 2013-02-13 9.3 CVE-2013-0025 microsoft -- internet_explorer Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer InsertElement Use After Free Vulnerability." 2013-02-13 9.3 CVE-2013-0026 microsoft -- internet_explorer Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CPasteCommand Use After Free Vulnerability." 2013-02-13 9.3 CVE-2013-0027 microsoft -- internet_explorer Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CObjectElement Use After Free Vulnerability." 2013-02-13 9.3 CVE-2013-0028 microsoft -- internet_explorer Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CHTML Use After Free Vulnerability." 2013-02-13 9.3 CVE-2013-0029 microsoft -- internet_explorer The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability." 2013-02-13 9.3 CVE-2013-0030 microsoft -- .net_framework The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability." 2013-02-13 10.0 CVE-2013-0073 microsoft -- windows_7 The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability." 2013-02-13 7.1 CVE-2013-0075 microsoft -- windows_7 The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability." 2013-02-13 7.2 CVE-2013-0076 microsoft -- windows_server_2003 Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability." 2013-02-13 9.3 CVE-2013-0077 microsoft -- windows_7 Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279. 2013-02-13 7.2 CVE-2013-1278 microsoft -- windows_7 Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278. 2013-02-13 7.2 CVE-2013-1279 microsoft -- windows_7 The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability." 2013-02-13 7.2 CVE-2013-1280 microsoft -- windows_server_2008 The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability." 2013-02-13 7.1 CVE-2013-1281 microsoft -- windows_xp Object Linking and Embedding (OLE) Automation in Microsoft Windows XP SP3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted RTF document, aka "OLE Automation Remote Code Execution Vulnerability." 2013-02-13 9.3 CVE-2013-1313 moxa -- edr_g903_firmware Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere. 2013-02-15 7.6 CVE-2012-4694 mozilla -- network_security_services The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. 2013-02-08 7.1 CVE-2013-1620 qemu -- qemu Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. 2013-02-12 9.3 CVE-2012-6075 redhat -- libvirt Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue. 2013-02-08 9.3 CVE-2013-0170 rubygems -- json_gem The JSON gem 1.7.x before 1.7.7, 1.6.x before 1.6.8, and 1.5.x before 1.5.5 allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability." 2013-02-12 7.5 CVE-2013-0269 rubyonrails -- ruby_on_rails Active Record in Ruby on Rails 3.x before 3.1.0 and 2.3.x before 2.3.17 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML. 2013-02-12 10.0 CVE-2013-0277 schneider-electic -- accutech_manager Heap-based buffer overflow in RFManagerService.exe in Schneider Electric Accutech Manager 2.00.1 and earlier allows remote attackers to execute arbitrary code via a crafted HTTP request. 2013-02-15 10.0 CVE-2013-0658 sonicwall -- aventail_sra_ex_virtual_appliance SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. 2013-02-12 7.5 CVE-2011-5262 tridium -- niagra_ax_framework Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature. 2013-02-15 9.3 CVE-2012-4701 vmware -- vcenter_server VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. 2013-02-15 10.0 CVE-2013-1405 vmware -- fusion The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors. 2013-02-11 7.2 CVE-2013-1406 wellintech -- kingview Buffer overflow in kingMess.exe 65.20.2003.10300 in WellinTech KingView 6.52, kingMess.exe 65.20.2003.10400 in KingView 6.53, and kingMess.exe 65.50.2011.18049 in KingView 6.55 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted packet. 2013-02-15 10.0 CVE-2012-4711 Medium Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- adobe_air Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to obtain sensitive information via unspecified vectors. 2013-02-12 5.0 CVE-2013-0637 appthemes -- classipress Multiple cross-site scripting (XSS) vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) twitter_id parameter related to the Twitter widget and (2) facebook_id parameter related to the Facebook widget. 2013-02-12 4.3 CVE-2011-5257 axis -- m1054_network_camera Cross-site scripting (XSS) vulnerability in serverreport.cgi in Axis M10 Series Network Cameras M1054 firmware 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the pageTitle parameter to admin/showReport.shtml. 2013-02-12 4.3 CVE-2011-5261 big -- imgboard Cross-site scripting (XSS) vulnerability in imgboard.com imgboard before 1.22R6.1 u and 20xx before 2010u allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2013-02-15 4.3 CVE-2013-0703 bouncycastle -- legion-of-the-bouncy-castle-c#-crytography-api The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. 2013-02-08 4.0 CVE-2013-1624 cisco -- ios The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port (1) 80 or (2) 443, aka Bug ID CSCuc53853. 2013-02-13 5.4 CVE-2013-1100 cisco -- unity_express_software Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527. 2013-02-13 4.3 CVE-2013-1114 cisco -- nexus_7000 Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration is used, allows remote attackers to cause a denial of service (M1-Series module reload) via crafted packets, aka Bug ID CSCud15673. 2013-02-13 5.0 CVE-2013-1122 cisco -- unified_meetingplace Multiple cross-site scripting (XSS) vulnerabilities in the server in Cisco Unified MeetingPlace 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuc65411 and CSCue18706. 2013-02-15 4.3 CVE-2013-1123 cisco -- unified_meetingplace Multiple cross-site request forgery (CSRF) vulnerabilities in the server in Cisco Unified MeetingPlace before 7.1(2.2000) allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuc64903. NOTE: some of these details are obtained from third party information. 2013-02-15 4.3 CVE-2013-1128 cisco -- small_business_wireless_access_ppoints Cisco Small Business Wireless Access Points WAP200, WAP2000, WAP200E, and WET200 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SSID that is not properly handled during a site survey, aka Bug IDs CSCua86182, CSCua91196, CSCud36155, and CSCua86190. 2013-02-13 6.4 CVE-2013-1131 cybozu -- garoon SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL commands by leveraging a logging privilege. 2013-02-14 6.0 CVE-2013-0701 cybozu -- garoon Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 3.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2013-02-14 4.3 CVE-2013-0702 digitiliti -- digilibe DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to configuration/general_configuration.html. 2013-02-14 5.0 CVE-2013-1402 featurific_for_wordpress_project -- featurific-for-wordpress Cross-site scripting (XSS) vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter. NOTE: this has been disputed by a third party. 2013-02-12 4.3 CVE-2011-5265 gnu -- glibc Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. 2013-02-08 5.0 CVE-2013-0242 gnu -- gnutls The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. 2013-02-08 4.0 CVE-2013-1619 gree -- gree Directory traversal vulnerability in the GREE application before 1.3.3 for Android allows remote attackers to obtain sensitive information via a crafted URL, which is not properly handled during interaction with other applications. 2013-02-15 4.3 CVE-2013-0704 ircd-hybrid -- ircd-hybrid The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid before 8.0.6 does not properly validate masks, which allows remote attackers to cause a denial of service (crash) via a mask that causes a negative number to be parsed. 2013-02-12 5.0 CVE-2013-0238 joomla -- joomla! Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to obtain sensitive information via unspecified vectors related to a "Method of encoding search terms." 2013-02-12 5.0 CVE-2013-1453 joomla -- joomla! Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors." 2013-02-12 5.0 CVE-2013-1454 joomla -- joomla! Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable." 2013-02-12 5.0 CVE-2013-1455 linux -- linux_kernel The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service (guest crash) by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption. 2013-02-12 4.9 CVE-2013-0190 linux -- linux_kernel The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information. 2013-02-12 4.9 CVE-2013-0231 lsi -- 3ware_disk_manager Directory traversal vulnerability in LSI 3ware Disk Manager (3DM) before 2 allows remote attackers to read arbitrary files via unspecified vectors. 2013-02-15 5.0 CVE-2013-0705 marcel_brinkkemper -- lazyest-backup Cross-site scripting (XSS) vulnerability in lazyest-backup.php in the Lazyest Backup plugin before 0.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xml_or_all parameter. 2013-02-12 4.3 CVE-2011-5264 microsoft -- internet_explorer Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability." 2013-02-13 4.3 CVE-2013-0015 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1248 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1249 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1250 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1251 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1252 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1253 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1254 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1255 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1256 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1257 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1258 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1259 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1260 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1261 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1262 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1263 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1264 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1265 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1266 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1267 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1268 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1269 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1270 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1271 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1272 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1273 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1274 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1275 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1276 microsoft -- windows_7 Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. 2013-02-13 4.9 CVE-2013-1277 moxa -- edr-g903 Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors. 2013-02-15 5.0 CVE-2012-4712 openssl -- openssl crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data. 2013-02-08 5.0 CVE-2012-2686 openssl -- openssl OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. 2013-02-08 5.0 CVE-2013-0166 openstack -- essex The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter. 2013-02-13 6.5 CVE-2013-0208 opera -- opera_browser The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. 2013-02-08 4.0 CVE-2013-1618 orangehrm -- orangehrm Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.6.11.2 allow remote attackers to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.php; or the (3) PATH_INFO to lib/controllers/centralcontroller.php. 2013-02-12 4.3 CVE-2011-5258 orangehrm -- orangehrm SQL injection vulnerability in lib/controllers/CentralController.php in OrangeHRM before 2.6.11.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. 2013-02-12 6.8 CVE-2011-5259 polarssl -- polarssl Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169. 2013-02-08 4.3 CVE-2013-1621 postgresql -- postgresql PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read. 2013-02-12 6.8 CVE-2013-0255 rack_project -- rack rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals." 2013-02-08 4.3 CVE-2013-0262 rack_project -- rack Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving am HMAC comparison function that does not run in constant time. 2013-02-08 5.1 CVE-2013-0263 rubyonrails -- ruby_on_rails ActiveRecord in Ruby on Rails 3.2.x before 3.2.12, 3.1.x before 3.1.11, and 2.3.x before 2.3.17 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request. 2013-02-12 4.3 CVE-2013-0276 sap -- netweaver Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. 2013-02-12 4.3 CVE-2011-5260 sap -- netweaver Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter. 2013-02-12 4.3 CVE-2011-5263 squid-cache -- squid cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison. 2013-02-08 5.0 CVE-2013-0189 xen -- xen Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service (host memory consumption) by performing nested virtualization in a way that triggers errors that are not properly handled. 2013-02-12 4.7 CVE-2013-0152 xen -- xen The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests. 2013-02-14 4.7 CVE-2013-0153 yassl -- cyassl The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. 2013-02-08 4.3 CVE-2013-1623 zend -- zend_framework Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack. 2013-02-13 6.4 CVE-2012-3363 zend -- zend_framework (1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363. 2013-02-13 6.4 CVE-2012-6531 zend -- zend_framework (1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. 2013-02-13 5.0 CVE-2012-6532 Low Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info bitbucket -- xnbd The redirect_stderr function in xnbd_common.c in xnbd-server and xndb-wrapper in xNBD 0.1.0 allow local users to overwrite arbitrary files via a symlink attack on /tmp/xnbd.log. 2013-02-12 2.1 CVE-2013-0265 canonical -- ubuntu_linux The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information. 2013-02-12 2.1 CVE-2013-0241 google -- android_sdk_tools android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users to overwrite arbitrary files via a symlink attack on /tmp/adb.log. 2013-02-14 2.1 CVE-2012-5564 limesurvey -- limesurvey Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters. 2013-02-12 2.6 CVE-2011-5256 openssl -- openssl The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. 2013-02-08 2.6 CVE-2013-0169 xen -- xen Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an interrupt. 2013-02-14 2.1 CVE-2012-5634 This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: February 12, 2013 | Last revised: -- Systems Affected Microsoft Windows Microsoft Internet Explorer Microsoft Office Microsoft Server Software Microsoft .NET Framework Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities. Description The Microsoft Security Bulletin Summary for February 2013 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities. Impact A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. Solution Apply Updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for February 2013, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates. References Microsoft Security Bulletin Summary for February 2013 Microsoft Windows Server Update Services Microsoft Update Microsoft Update Overview Turn Automatic Updating On or Off Revision History February 12, 2013: Initial release This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: February 12, 2013 | Last revised: -- Systems Affected Adobe Flash Player 11.5.502.149 and earlier versions for Windows and Macintosh Adobe Flash Player 11.2.202.262 and earlier versions for Linux Adobe Flash Player 11.1.115.37 and earlier versions for Android 4.x Adobe Flash Player 11.1.111.32 and earlier versions for Android 3.x and 2.x Adobe AIR 3.5.0.1060 and earlier versions Adobe AIR 3.5.0.1060 SDK and earlier versions Adobe Shockwave Player 11.6.8.638 and earlier versions for Windows and Macintosh Overview Select Adobe software products contain multiple vulnerabilities. Adobe has released updates to address these vulnerabilities. Description Adobe Security Bulletin APSB13-05 and APSB13-06 describe multiple vulnerabilities in Adobe software. Adobe has released updates to address the vulnerabilities. Impact A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. Solution Apply Updates Adobe has provided updates for these vulnerabilities in Adobe Security Bulletin APSB13-05 and APSB13-06. References APSB13-05: Security updates available for Adobe Flash Player APSB13-06: Security updates available for Adobe Shockwave Player Revision History February 12, 2013: Initial release This product is provided subject to this Notification and this Privacy & Use policy.

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For updated or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info 5500-ei_switch_28-port -- 3cr17161-91 Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community. 2013-02-01 8.5 CVE-2012-3268 adobe -- flash_player Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. 2013-02-08 9.3 CVE-2013-0633 adobe -- flash_player Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013. 2013-02-08 9.3 CVE-2013-0634 ecava -- integraxor Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document. 2013-02-08 9.3 CVE-2012-4700 emc -- rsa_archer_egrc The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. 2013-02-06 7.5 CVE-2012-2292 google -- android The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device. 2013-02-05 7.1 CVE-2011-1350 hp -- xp_p9000_command_view_advanced_edition Unspecified vulnerability in Device Manager in HP XP P9000 Command View Advanced Edition before 7.4.0-00 allows remote attackers to cause a denial of service via unknown vectors. 2013-02-06 7.8 CVE-2012-3281 hp -- lefthand_p4000_virtual_san_appliance Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1468. 2013-02-06 10.0 CVE-2012-3282 hp -- lefthand_p4000_virtual_san_appliance Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1511. 2013-02-06 10.0 CVE-2012-3283 hp -- lefthand_p4000_virtual_san_appliance Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1512. 2013-02-06 10.0 CVE-2012-3284 hp -- lefthand_p4000_virtual_san_appliance Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1513. 2013-02-06 10.0 CVE-2012-3285 opera -- opera_browser Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events. 2013-02-08 9.3 CVE-2013-1637 opera -- opera_browser Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document. 2013-02-08 9.3 CVE-2013-1638 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. 2013-02-01 10.0 CVE-2012-1541 oracle -- javafx Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. 2013-02-01 7.6 CVE-2012-1543 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. 2013-02-01 10.0 CVE-2012-3213 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. 2013-02-01 10.0 CVE-2012-3342 oracle -- javafx Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. 2013-02-01 10.0 CVE-2012-4301 oracle -- javafx Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. 2013-02-01 9.3 CVE-2012-4305 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. 2013-02-01 7.5 CVE-2013-0351 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. 2013-02-01 7.6 CVE-2013-0419 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. 2013-02-01 7.6 CVE-2013-0423 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. 2013-02-01 10.0 CVE-2013-0425 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. 2013-02-01 10.0 CVE-2013-0426 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. 2013-02-01 10.0 CVE-2013-0428 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. 2013-02-01 7.6 CVE-2013-0429 oracle -- javafx Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. 2013-02-01 10.0 CVE-2013-0436 oracle -- javafx Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. 2013-02-01 10.0 CVE-2013-0437 oracle -- javafx Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. 2013-02-01 10.0 CVE-2013-0439 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. 2013-02-01 10.0 CVE-2013-0441 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. 2013-02-01 10.0 CVE-2013-0442 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. 2013-02-01 7.6 CVE-2013-0444 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. 2013-02-01 10.0 CVE-2013-0445 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. 2013-02-01 10.0 CVE-2013-0446 oracle -- javafx Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. 2013-02-01 10.0 CVE-2013-0447 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. 2013-02-01 10.0 CVE-2013-0450 oracle -- javafx Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. 2013-02-01 10.0 CVE-2013-1472 oracle -- javafx Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. 2013-02-01 9.3 CVE-2013-1474 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. 2013-02-01 10.0 CVE-2013-1475 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. 2013-02-01 10.0 CVE-2013-1476 oracle -- javafx Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. 2013-02-01 10.0 CVE-2013-1477 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. 2013-02-01 10.0 CVE-2013-1478 oracle -- javafx Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. 2013-02-01 10.0 CVE-2013-1479 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. 2013-02-01 10.0 CVE-2013-1480 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. 2013-02-01 10.0 CVE-2013-1481 oracle -- javafx Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. 2013-02-01 10.0 CVE-2013-1482 oracle -- javafx Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. 2013-02-01 10.0 CVE-2013-1483 Medium Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info cisco -- webex_social The search function in Cisco Webex Social (formerly Cisco Quad) allows remote authenticated users to read files via unspecified parameters, aka Bug ID CSCud40235. 2013-02-06 4.0 CVE-2013-1107 cisco -- unity_express_software Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910. 2013-02-06 6.8 CVE-2013-1120 doryphores -- audio_player Cross-site scripting (XSS) vulnerability in ssets/player.swf in the Audio Player plugin before 2.0.4.6 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the playerID parameter. 2013-02-07 4.3 CVE-2013-1464 emc -- rsa_archer_egrc Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2013-02-06 4.3 CVE-2012-1064 emc -- rsa_archer_egrc Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary code, via a relative path. 2013-02-06 6.5 CVE-2012-2293 emc -- rsa_archer_egrc EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page. 2013-02-06 6.8 CVE-2012-2294 fleugel -- myu-s Cross-site scripting (XSS) vulnerability in FLUGELz netmania myu-s and PHP WeblogSystem allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2013-02-06 4.3 CVE-2012-5186 fortinet -- fortimail Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via (1) the Add field for the Black List under Antispam Management User Preferences or (2) the User name field for the Personal Black/White List in the AntiSpam section. 2013-02-04 4.3 CVE-2013-1471 google -- android The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device. 2013-02-05 6.9 CVE-2011-1352 hp -- network_node_manager_i Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2013-02-06 4.3 CVE-2012-3279 ibm -- sterling_connect The Session Manager in IBM Sterling Connect:Direct through 4.1.0.3 on UNIX allows remote attackers to cause a denial of service (daemon crash and disk consumption) via crafted data. 2013-02-02 5.0 CVE-2012-6352 libssh -- libssh The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet. 2013-02-05 4.3 CVE-2013-0176 opera -- opera_browser Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request. 2013-02-08 6.8 CVE-2013-1639 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX. 2013-02-01 5.0 CVE-2013-0409 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect integrity via vectors related to RMI. 2013-02-01 5.0 CVE-2013-0424 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Libraries. 2013-02-01 5.0 CVE-2013-0427 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process of the client. 2013-02-01 6.9 CVE-2013-0430 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality and integrity via vectors related to AWT. 2013-02-01 6.4 CVE-2013-0432 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Networking. 2013-02-01 5.0 CVE-2013-0433 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP. 2013-02-01 5.0 CVE-2013-0434 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via vectors related to JAX-WS. 2013-02-01 5.0 CVE-2013-0435 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. 2013-02-01 4.3 CVE-2013-0438 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect availability via vectors related to JSSE. 2013-02-01 5.0 CVE-2013-0440 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. 2013-02-01 4.0 CVE-2013-0443 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect integrity via unknown vectors related to Libraries. 2013-02-01 5.0 CVE-2013-0448 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. 2013-02-01 5.0 CVE-2013-0449 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment. 2013-02-01 5.0 CVE-2013-1473 redhat -- jboss_enterprise_application_platform Cross-site scripting (XSS) vulnerability in the JMX console in JBoss Enterprise Application Platform (EAP) 5.2.0, Web Platform (EWP) 5.2.0, and BRMS Platform before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2013-02-05 4.3 CVE-2011-4575 redhat -- jboss_enterprise_application_platform The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) 5.2.0, Web Platform (EWP) 5.2.0, and BRMS Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer. 2013-02-05 6.8 CVE-2012-0874 redhat -- jboss_enterprise_application_platform The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) 5.2.0, Web Platform (EWP) 5.2.0, and BRMS Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's password to be used. 2013-02-05 4.0 CVE-2012-3369 redhat -- jboss_enterprise_application_platform The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) 5.2.0, Web Platform (EWP) 5.2.0, and BRMS Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users. 2013-02-05 5.8 CVE-2012-3370 redhat -- jboss_enterprise_application_platform The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) 5.2.0, Web Platform (EWP) 5.2.0, and BRMS Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and perform arbitrary JMX operations via unspecified vectors. 2013-02-05 4.9 CVE-2012-5478 samba -- samba The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element. 2013-02-02 5.1 CVE-2013-0213 samba -- samba Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions. 2013-02-02 5.1 CVE-2013-0214 tobias_bathge -- wp-table_reloaded Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard.swf in the WP-Table Reloaded module before 1.9.4 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the id parameter. 2013-02-07 4.3 CVE-2013-1463 weathernews -- weathernews_touch The Weathernews Touch application 2.3.2 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files. 2013-02-06 4.3 CVE-2012-5187 wireshark -- wireshark The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-02-02 4.3 CVE-2013-1572 wireshark -- wireshark The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a large number of padding bits, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-02-02 4.3 CVE-2013-1573 wireshark -- wireshark The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a counter variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-02-02 4.3 CVE-2013-1574 wireshark -- wireshark The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain alarm length, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-02-02 4.3 CVE-2013-1575 wireshark -- wireshark The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly process crypto-suite parameters, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-02-02 4.3 CVE-2013-1576 wireshark -- wireshark The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-02-02 4.3 CVE-2013-1577 wireshark -- wireshark The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle apparent Ethernet address values at the beginning of MPLS data, which allows remote attackers to cause a denial of service (loop) via a malformed packet. 2013-02-02 4.3 CVE-2013-1578 wireshark -- wireshark The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a position variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-02-02 4.3 CVE-2013-1580 wireshark -- wireshark The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, which allows remote attackers to cause a denial of service (loop) via a malformed packet. 2013-02-02 4.3 CVE-2013-1581 wireshark -- wireshark The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly manage an offset variable, which allows remote attackers to cause a denial of service (infinite loop or application crash) via a malformed packet. 2013-02-02 4.3 CVE-2013-1582 Low Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info digia -- qt The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. 2013-02-06 3.6 CVE-2013-0254 redhat -- jboss_enterprise_application_platform The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file. 2013-02-05 2.1 CVE-2012-0034 redhat -- jboss_enterprise_application_platform The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file. 2013-02-05 2.1 CVE-2013-0218 wireshark -- wireshark The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in the RTPS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly implement certain nested loops for processing bitmap data, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-02-02 2.9 CVE-2013-1579 wireshark -- wireshark The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-02-02 2.9 CVE-2013-1583 wireshark -- wireshark The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-02-02 2.9 CVE-2013-1584 wireshark -- wireshark epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-02-02 2.9 CVE-2013-1585 wireshark -- wireshark The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly determine the length of a reassembled packet for the DTLS dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-02-02 2.9 CVE-2013-1586 wireshark -- wireshark The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c in the ROHC dissector in Wireshark 1.8.x before 1.8.5 does not properly handle unknown profiles, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-02-02 2.9 CVE-2013-1587 wireshark -- wireshark Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-02-02 2.9 CVE-2013-1588 wireshark -- wireshark Double free vulnerability in epan/proto.c in the dissection engine in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-02-02 2.9 CVE-2013-1589 wireshark -- wireshark Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-02-02 2.9 CVE-2013-1590 This product is provided subject to this Notification and this Privacy & Use policy.

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For updated or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info 5500-ei_switch_28-port -- 3cr17161-91 Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community. 2013-02-01 8.5 CVE-2012-3268 coolpdf -- coolpdf Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute arbitrary code via a PDF document with a crafted stream. 2013-01-26 9.3 CVE-2012-4914 cstech -- webconductor SQL injection vulnerability in default.php in Cornerstone Technologies webConductor allows remote attackers to execute arbitrary SQL commands via the id parameter. 2013-01-31 7.5 CVE-2010-5287 emc -- alphastor Buffer overflow in Drive Control Program (DCP) in EMC AlphaStor 4.0 before build 814 allows remote attackers to execute arbitrary code via vectors involving a new device name. 2013-01-31 7.6 CVE-2013-0930 foxitsoftware -- foxit_advanced_pdf_editor Stack-based buffer overflow in Foxit Advanced PDF Editor 3 before 3.04 might allow remote attackers to execute arbitrary code via a crafted document containing instructions that reconstruct a certain security cookie. 2013-01-26 7.6 CVE-2013-0107 ge -- intelligent_platforms_proficy_hmi/scada_cimplicity CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet. 2013-01-27 9.3 CVE-2013-0654 hp -- diagnostics_server Stack-based buffer overflow in magentservice.exe in HP Diagnostics Server 8.x through 8.07 and 9.x through 9.21 allows remote attackers to execute arbitrary code via a malformed message packet. 2013-01-25 10.0 CVE-2012-3278 ibm -- infosphere_import_export_manager Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. 2013-01-31 9.3 CVE-2012-0204 ibm -- infosphere_information_server InfoSphere Import Export Manager in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 does not validate unspecified input data, which allows remote authenticated users to execute arbitrary commands via unknown vectors. 2013-01-31 7.1 CVE-2012-0705 ibm -- websphere_application_server Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors. 2013-01-27 10.0 CVE-2013-0462 isc -- bind ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record. 2013-01-25 7.1 CVE-2012-5689 marinet -- marinet_cms Multiple SQL injection vulnerabilities in Marinet CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) galleryphoto.php or (2) gallery.php; or the roomid parameter to (3) room.php or (4) room2.php. 2013-01-31 7.5 CVE-2012-6529 miniupnp_project -- miniupnpd The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read. 2013-01-31 7.8 CVE-2013-0229 miniupnp_project -- miniupnpd Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method. 2013-01-31 10.0 CVE-2013-0230 miniupnp_project -- miniupnpd The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and service crash) via a SOAPAction header that lacks a # (pound sign) character, a different vulnerability than CVE-2013-0230. 2013-01-31 7.8 CVE-2013-1461 miniupnp_project -- miniupnpd Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (incorrect memory copy) via a SOAPAction header that lacks a " (double quote) character, a different vulnerability than CVE-2013-0230. 2013-01-31 7.8 CVE-2013-1462 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. 2013-01-31 9.3 CVE-2013-0431 oracle -- jdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability. 2013-01-31 10.0 CVE-2013-1489 oracle -- jdk Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE 1.7.0_11-b21) allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors, aka "Issue 51," a different vulnerability than CVE-2013-0431. NOTE: as of 20130130, this vulnerability does not contain any independently-verifiable details, and there is no vendor acknowledgement. A CVE identifier is being assigned because this vulnerability has received significant public attention, and the original researcher has an established history of releasing vulnerability reports that have been fixed by vendors. NOTE: this issue also exists in SE 6, but it cannot be exploited without a separate vulnerability. 2013-01-31 9.3 CVE-2013-1490 palemoon -- pale_moon Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4, has unspecified impact and attack vectors. 2013-01-31 10.0 CVE-2013-1591 phpbridges_dev_team -- phpbridges SQL injection vulnerability in members.php in PHPBridges allows remote attackers to execute arbitrary SQL commands via the id parameter. 2013-01-31 7.5 CVE-2012-6525 portable_sdk_for_upnp_project -- portable_sdk_for_upnp Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction. 2013-01-31 10.0 CVE-2012-5958 portable_sdk_for_upnp_project -- portable_sdk_for_upnp Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that contains a :: (colon colon) in a UDP packet. 2013-01-31 10.0 CVE-2012-5959 portable_sdk_for_upnp_project -- portable_sdk_for_upnp Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka upnp:rootdevice) field in a UDP packet. 2013-01-31 10.0 CVE-2012-5960 portable_sdk_for_upnp_project -- portable_sdk_for_upnp Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka device) field in a UDP packet. 2013-01-31 10.0 CVE-2012-5961 portable_sdk_for_upnp_project -- portable_sdk_for_upnp Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn) field in a UDP packet. 2013-01-31 10.0 CVE-2012-5962 portable_sdk_for_upnp_project -- portable_sdk_for_upnp Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that lacks a :: (colon colon) in a UDP packet. 2013-01-31 10.0 CVE-2012-5963 portable_sdk_for_upnp_project -- portable_sdk_for_upnp Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long ServiceType (aka urn service) field in a UDP packet. 2013-01-31 10.0 CVE-2012-5964 portable_sdk_for_upnp_project -- portable_sdk_for_upnp Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn device) field in a UDP packet. 2013-01-31 10.0 CVE-2012-5965 powie -- pgb SQL injection vulnerability in kommentar.php in pGB 2.12 allows remote attackers to execute arbitrary SQL commands via the id parameter. 2013-01-31 7.5 CVE-2012-6524 redhat -- freeipa The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate. 2013-01-27 7.9 CVE-2012-5484 rubyonrails -- ruby_on_rails lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156. 2013-01-30 7.5 CVE-2013-0333 sysax -- multi_server Stack-based buffer overflow in Sysax Multi Server before 5.52, when HTTP is enabled, allows remote authenticated users with the create folder permission to execute arbitrary code via a crafted request. 2013-01-31 7.1 CVE-2012-6530 vastal -- freelance_zone SQL injection vulnerability in show_code.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the code_id parameter. 2013-01-31 7.5 CVE-2012-6526 Medium Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info apple -- iphone_os WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. 2013-01-29 6.8 CVE-2013-0948 apple -- iphone_os WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. 2013-01-29 6.8 CVE-2013-0949 apple -- iphone_os WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. 2013-01-29 6.8 CVE-2013-0950 apple -- iphone_os WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. 2013-01-29 6.8 CVE-2013-0951 apple -- iphone_os WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. 2013-01-29 6.8 CVE-2013-0952 apple -- iphone_os WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. 2013-01-29 6.8 CVE-2013-0953 apple -- iphone_os WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. 2013-01-29 6.8 CVE-2013-0954 apple -- iphone_os WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. 2013-01-29 6.8 CVE-2013-0955 apple -- iphone_os WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. 2013-01-29 6.8 CVE-2013-0956 apple -- iphone_os WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. 2013-01-29 6.8 CVE-2013-0958 apple -- iphone_os WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. 2013-01-29 6.8 CVE-2013-0959 apple -- iphone_os WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. 2013-01-29 6.8 CVE-2013-0968 apple -- iphone_os StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript code via a web site with a Smart App Banner. 2013-01-29 5.1 CVE-2013-0974 atutor -- atutor Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) themes/default/tile_search/index.tmpl.php, (2) login.php, (3) search.php, (4) password_reminder.php, (5) login.php/jscripts/infusion, (6) login.php/mods/_standard/flowplayer, (7) browse.php/jscripts/infusion/framework/fss, (8) registration.php/themes/default/ie_styles.css, (9) about.php, or (10) themes/default/social/basic_profile.tmpl.php. 2013-01-31 4.3 CVE-2012-6528 beijerelectronics -- beijer_adp Buffer overflow in Beijer ADP 6.5.0-180_R1967 and 6.5.1-186_R2942, and H-Designer 6.5.0 B180_R1967, allows local users to gain privileges by inserting a long string into a DLL file. 2013-01-28 6.9 CVE-2012-4696 cisco -- nac_appliance Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109. 2013-01-31 4.3 CVE-2012-6029 cisco -- carrier_routing_system Cisco Carrier Routing System (CRS) allows remote attackers to cause a denial of service (packet loss) via short malformed packets that trigger inefficient processing, aka Bug ID CSCud79136. 2013-01-31 5.0 CVE-2013-1112 cisco -- unified_communications_domain_manager Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via a crafted parameter value, aka Bug ID CSCue21042. 2013-01-31 4.3 CVE-2013-1113 dell -- openmanage_server_administrator Multiple cross-site scripting (XSS) vulnerabilities in Dell OpenManage Server Administrator 6.5.0.1, 7.0.0.1, and 7.1.0.1 allow remote attackers to inject arbitrary web script or HTML via the topic parameter to html/index_main.htm in (1) help/sm/en/Output/wwhelp/wwhimpl/js/, (2) help/sm/es/Output/wwhelp/wwhimpl/js/, (3) help/sm/ja/Output/wwhelp/wwhimpl/js/, (4) help/sm/de/Output/wwhelp/wwhimpl/js/, (5) help/sm/fr/Output/wwhelp/wwhimpl/js/, (6) help/sm/zh/Output/wwhelp/wwhimpl/js/, (7) help/hip/en/msgguide/wwhelp/wwhimpl/js/, or (8) help/hip/en/msgguide/wwhelp/wwhimpl/common/. 2013-01-25 4.3 CVE-2012-6272 ge -- intelligent_platforms_proficy_real-time_information_portal The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request. 2013-01-27 5.0 CVE-2013-0651 ge -- intelligent_platforms_proficy_real-time_information_portal GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI call. 2013-01-27 5.0 CVE-2013-0652 ge -- intelligent_platforms_proficy_hmi/scada_cimplicity Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet. 2013-01-27 4.3 CVE-2013-0653 ibm -- infosphere_information_server Cross-site scripting (XSS) vulnerability in InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2013-01-31 4.3 CVE-2012-0203 ibm -- infosphere_information_server InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (workbench outage) via unspecified vectors. 2013-01-31 6.5 CVE-2012-0205 ibm -- infosphere_datastage The client applications in the DataStage Administrator client in InfoSphere DataStage in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 rely on client-side access control, which allows remote authenticated users to gain privileges via unspecified vectors. 2013-01-31 6.5 CVE-2012-0701 ibm -- infosphere_information_server Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain privileges via unspecified vectors. 2013-01-31 4.0 CVE-2012-0702 ibm -- infosphere_information_server Open redirect vulnerability in Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2013-01-31 5.8 CVE-2012-0703 ibm -- infosphere_business_glossary Cross-site scripting (XSS) vulnerability in InfoSphere Business Glossary 8.1.1 and 8.1.2, InfoSphere DataStage Operation Console, InfoSphere Administration, and Reporting and Repository Management Web Console in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2013-01-31 4.3 CVE-2012-4819 ibm -- cognos_tm1 Cross-site scripting (XSS) vulnerability in the Web component in IBM Cognos TM1 before 9.5.2 FP3 and 10.1 before 10.1 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2013-01-31 4.3 CVE-2012-6350 ibm -- websphere_application_server Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2, when login security is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2013-01-27 4.3 CVE-2013-0458 ibm -- websphere_application_server Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2013-01-27 4.3 CVE-2013-0459 ibm -- websphere_application_server Cross-site request forgery (CSRF) vulnerability in the portlet subsystem in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 and 7.0 before 7.0.0.27 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. 2013-01-27 6.8 CVE-2013-0460 ibm -- websphere_application_server Cross-site scripting (XSS) vulnerability in the virtual member manager (VMM) administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2013-01-27 4.3 CVE-2013-0461 microsoft -- internet_explorer Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document that triggers many HTTPS requests and then triggers an HTTP request to that host, as demonstrated by reading a Cookie header, aka MSRC 12096gd. 2013-01-29 4.0 CVE-2013-1450 microsoft -- internet_explorer Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450. 2013-01-29 4.0 CVE-2013-1451 moodle -- moodle grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature. 2013-01-27 4.0 CVE-2012-6098 moodle -- moodle The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature. 2013-01-27 4.0 CVE-2012-6099 moodle -- moodle report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report. 2013-01-27 4.0 CVE-2012-6100 moodle -- moodle Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfilesedit.php, (2) comment/comment_post.php, (3) course/switchrole.php, (4) mod/wiki/filesedit.php, (5) tag/coursetags_add.php, or (6) user/files.php. 2013-01-27 5.8 CVE-2012-6101 moodle -- moodle lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI. 2013-01-27 6.4 CVE-2012-6102 moodle -- moodle Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages. 2013-01-27 6.8 CVE-2012-6103 moodle -- moodle blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed. 2013-01-27 5.0 CVE-2012-6104 moodle -- moodle blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote attackers to obtain sensitive information by reading this feed. 2013-01-27 5.0 CVE-2012-6105 moodle -- moodle calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object. 2013-01-27 5.5 CVE-2012-6106 moodle -- moodle classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string. 2013-01-27 5.0 CVE-2012-6112 suse -- webyast SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984. 2013-01-26 5.8 CVE-2012-0435 tp-link -- tl-wr841n Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter. 2013-01-26 4.3 CVE-2012-6276 tripadvisor -- tripadvisor The TripAdvisor app 6.6 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. 2013-01-26 5.0 CVE-2012-4917 w-cms -- w-cms Directory traversal vulnerability in the getContent function in codes/wcms.php in w-CMS 2.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: some of these details are obtained from third party information. 2013-01-31 5.0 CVE-2012-6522 w-cms -- w-cms Multiple cross-site scripting (XSS) vulnerabilities in w-CMS 2.01 allow remote attackers to inject arbitrary web script or HTML via (1) the p parameter in the getMenus function in codes/wcms.php; or the COMMENT parameter in (2) blog.php, (3) guestbook.php, or (4) forum.php in codes/. NOTE: some of these details are obtained from third party information. 2013-01-31 4.3 CVE-2012-6523 x3cms -- x3_cms Multiple cross-site scripting (XSS) vulnerabilities in admin/login in X3 CMS 0.4.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) username, or (3) password parameter. 2013-01-31 4.3 CVE-2011-5255 Low Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info apple -- iphone_os Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation. 2013-01-29 2.6 CVE-2013-0962 apple -- iphone_os Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID. 2013-01-29 2.1 CVE-2013-0963 apple -- apple_tv The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page by specifying a length of less than one page. 2013-01-29 3.6 CVE-2013-0964 ibm -- infosphere_fasttrack The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended access restrictions via unspecified vectors. 2013-01-31 1.9 CVE-2012-0700 ibm -- infosphere_business_glossary Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for the password field on the login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. 2013-01-31 1.9 CVE-2012-4832 joedolson -- my-calendar Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. 2013-01-31 2.6 CVE-2012-6527 This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: February 01, 2013 | Last revised: -- Systems Affected Any system using Oracle Java 7 (1.7, 1.7.0) including Java Platform Standard Edition 7 (Java SE 7) Java SE Development Kit (JDK 7) Java SE Runtime Environment (JRE 7) All versions of Java 7 before Update 13 are affected. Web browsers using the Java 7 plug-in are at high risk. Overview Multiple vulnerabilities in Java 7 could allow an attacker to execute arbitrary code on a vulnerable system. Description The Oracle Java SE Critical Patch Update Advisory for February 2013 addresses multiple vulnerabilities in the Java Runtime Environment (JRE). Both Java applets delivered via web browsers and stand-alone Java applications are affected, however web browsers using the Java 7 plug-in are at particularly high risk. Java 7 versions below Update 13 are affected. The Java 7 plug-in, the Java Deployment Toolkit plug-in, and Java Web Start can be used as attack vectors. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate web site and upload a malicious Java applet (a "drive-by download" attack). Some vulnerabilities affect stand-alone Java applications, depending on how the Java application functions and how it processes untrusted data. Reports indicate that at least one of these vulnerabilities is being actively exploited. Further technical details are available in Vulnerability Note VU#858729. Impact By convincing a user to load a malicious Java applet or Java Network Launching Protocol (JNLP) file, an attacker could execute arbitrary code on a vulnerable system with the privileges of the Java plug-in process. Stand-alone java applications may also be affected. Solution Update Java The Oracle Java SE Critical Patch Update Advisory for February 2013 states that Java 7 Update 13 addresses these vulnerabilities. Disable Java in web browsers These and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered. To defend against this and future Java vulnerabilities, consider disabling Java in web browsers until adequate updates have been installed. As with any software, unnecessary features should be disabled or removed as appropriate for your environment. Starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet. From Setting the Security Level of the Java Client: For installations where the highest level of security is required, it is possible to entirely prevent any Java apps (signed or unsigned) from running in a browser by de-selecting Enable Java content in the browser in the Java Control Panel under the Security tab. If you are unable to update to at least Java 7 Update 10 please see the solution section of Vulnerability Note VU#636312 for instructions on how to disable Java on a per-browser basis. Restrict access to Java applets Network administrators unable to disable Java in web browsers may be able to help mitigate these and other Java vulnerabilities by restricting access to Java applets using a web proxy. Most web proxies have features that can be used to block or whitelist requests for .jar and .class files based on network location. Filtering requests that contain a Java User-Agent header may also be effective. For environments where Java is required on the local intranet, the proxy can be configured to allow access to Java applets hosted locally, but block access to Java applets on the internet. References Vulnerability Note VU#858729 Oracle Java SE Critical Patch Update Advisory - February 2013 Setting the Security Level of the Java Client The Security Manager How to disable the Java web plug-in in Safari How to turn off Java applets NoScript Securing Your Web Browser Vulnerability Note VU#636312 Java SE Development Kit 7, Update 13 (JDK 7u13) Do Devs Care About Java (In)Security? (Comment about proxy filtering) Revision History February 01, 2013: Initial release This product is provided subject to this Notification and this Privacy & Use policy.

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For updated or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info 3s-software -- codesys_runtime_system The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to (1) execute commands via the command-line interface in the TCP listener service or (2) transfer files via requests to the TCP listener service. 2013-01-21 10.0 CVE-2012-6068 3s-software -- codesys_runtime_system Directory traversal vulnerability in the Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x allows remote attackers to read, overwrite, or create arbitrary files via a .. (dot dot) in a request to the TCP listener service. 2013-01-21 10.0 CVE-2012-6069 cisco -- 2000_wireless_lan_controller The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service (device reload) via crafted IP packets, aka Bug ID CSCtx80743. 2013-01-24 7.8 CVE-2013-1102 cisco -- 2000_wireless_lan_controller Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659. 2013-01-24 7.8 CVE-2013-1103 cisco -- 2000_wireless_lan_controller The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636. 2013-01-24 9.0 CVE-2013-1104 cisco -- 2000_wireless_lan_controller Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device configuration via an SNMP request, aka Bug ID CSCua60653. 2013-01-24 9.0 CVE-2013-1105 diy-cms -- diy-cms SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter to mod.php. 2013-01-23 7.5 CVE-2012-6519 emc -- avamar EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack. 2013-01-21 7.2 CVE-2012-2291 emc -- alphastor The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation. 2013-01-21 9.3 CVE-2013-0928 emc -- alphastor Format string vulnerability in the _vsnsprintf function in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary code via format string specifiers in a command. 2013-01-21 7.6 CVE-2013-0929 google -- chrome Use-after-free vulnerability in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of fonts in CANVAS elements. 2013-01-24 7.5 CVE-2013-0839 google -- chrome Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors. 2013-01-24 10.0 CVE-2013-0840 google -- chrome Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2013-01-24 7.5 CVE-2013-0841 google -- chrome Google Chrome before 24.0.1312.56 does not properly handle %00 characters in pathnames, which has unspecified impact and attack vectors. 2013-01-24 10.0 CVE-2013-0842 google -- chrome content/renderer/media/webrtc_audio_renderer.cc in Google Chrome before 24.0.1312.56 on Mac OS X does not use an appropriate buffer size for the 96 kHz sampling rate, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a web site that provides WebRTC audio. 2013-01-24 7.5 CVE-2013-0843 icinga -- icinga Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable. 2013-01-22 7.5 CVE-2012-6096 isc -- bind ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record. 2013-01-25 7.1 CVE-2012-5689 jason_sexauer -- churchcms Multiple SQL injection vulnerabilities in admin.php in ChurchCMS 0.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameters in a login action. 2013-01-23 7.5 CVE-2012-6507 justsystems -- atok Unspecified vulnerability in JustSystems Corporation ATOK 2006 through 2009 and ATOK flat-rate service, and Just Smile 4 with the ATOK Smile module, allows physically proximate users to bypass the screen lock and execute commands with system privileges via unknown vectors related to "launching external applications." 2013-01-18 7.2 CVE-2009-4738 netartmedia -- car_portal Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 allows remote attackers to execute arbitrary PHP code by uploading a file a double extension, as demonstrated by .php%00.jpg. 2013-01-23 7.5 CVE-2012-6509 ninjaforge -- com_ninjaxplorer Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla! has unknown impact and attack vectors. 2013-01-23 10.0 CVE-2012-6503 olivetoast -- documents_pro_file_viewer Directory traversal vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) app before 1.11.1 for iOS allows remote attackers to read or delete files by leveraging guest access. 2013-01-19 7.5 CVE-2012-5185 rockwellautomation -- controllogix_controllers Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that specifies a logic-execution stop and fault. 2013-01-24 7.8 CVE-2012-6435 rockwellautomation -- controllogix_controllers Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows remote attackers to cause a denial of service (CPU crash and communication outage) via a malformed CIP packet. 2013-01-24 7.8 CVE-2012-6436 rockwellautomation -- controllogix_controllers Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 do not properly perform authentication for Ethernet firmware updates, which allows remote attackers to execute arbitrary code via a Trojan horse update image. 2013-01-24 10.0 CVE-2012-6437 rockwellautomation -- controllogix_controllers Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows remote attackers to cause a denial of service (NIC crash and communication outage) via a malformed CIP packet. 2013-01-24 7.8 CVE-2012-6438 rockwellautomation -- controllogix_controllers Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that modifies the (1) configuration or (2) network parameters. 2013-01-24 8.5 CVE-2012-6439 rockwellautomation -- controllogix_controllers The web-server password-authentication functionality in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows man-in-the-middle attackers to conduct replay attacks via HTTP traffic. 2013-01-24 9.3 CVE-2012-6440 rockwellautomation -- controllogix_controllers Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that specifies a reset. 2013-01-24 7.8 CVE-2012-6442 schneider-electric -- software_update_utility The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and consequently execute arbitrary code, by modifying the data stream on TCP port 80. 2013-01-21 9.3 CVE-2013-0655 schneider-electric -- interactive_graphical_scada_system Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol. 2013-01-21 10.0 CVE-2013-0657 shawn_bradley -- php_volunteer_management SQL injection vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. 2013-01-23 7.5 CVE-2012-6504 shawn_bradley -- php_ticket_system SQL injection vulnerability in PHP Ticket System Beta 1 allows remote attackers to execute arbitrary SQL commands via the q parameter to index.php. 2013-01-23 7.5 CVE-2012-6516 sixapart -- movable_type lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code. 2013-01-22 7.5 CVE-2013-0209 wikidforum -- wikidforum Multiple SQL injection vulnerabilities in the advanced search in Wikidforum 2.10 allow remote attackers to execute arbitrary SQL commands via the (1) select_sort or (2) opt_search_select parameters. NOTE: this issue could not be reproduced by third parties. 2013-01-23 7.5 CVE-2012-6520 Medium Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info activision -- call_of_duty_elite Call of Duty Elite for iOS 2.0.1 does not properly validate the server SSL certificate, which allows remote attackers to obtain sensitive information via a Man-in-the-Middle (MITM) attack. 2013-01-22 4.3 CVE-2012-4918 cisco -- adaptive_security_appliance_software Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID CSCtc59462. 2013-01-18 6.3 CVE-2012-5717 cisco -- adaptive_security_appliance_software Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors, aka Bug ID CSCuc65775. 2013-01-18 6.3 CVE-2012-6395 cisco -- nexus_7000 Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces that do not exist on the new card, aka Bug ID CSCud44300. 2013-01-19 4.9 CVE-2012-6396 cisco -- webex_training_center Cisco WebEx Training Center allows remote authenticated users to remove hands-on lab-session reservations via a crafted URL, aka Bug ID CSCzu81064. 2013-01-21 4.0 CVE-2013-1108 cisco -- webex_training_center Cisco WebEx Training Center allow remote authenticated users to bypass intended privilege restrictions and (1) enable or (2) disable training-center recordings via a crafted URL, aka Bug ID CSCzu81065. 2013-01-21 4.0 CVE-2013-1110 dell -- openmanage_server_administrator Multiple cross-site scripting (XSS) vulnerabilities in Dell OpenManage Server Administrator 6.5.0.1, 7.0.0.1, and 7.1.0.1 allow remote attackers to inject arbitrary web script or HTML via the topic parameter to html/index_main.htm in (1) help/sm/en/Output/wwhelp/wwhimpl/js/, (2) help/sm/es/Output/wwhelp/wwhimpl/js/, (3) help/sm/ja/Output/wwhelp/wwhimpl/js/, (4) help/sm/de/Output/wwhelp/wwhimpl/js/, (5) help/sm/fr/Output/wwhelp/wwhimpl/js/, (6) help/sm/zh/Output/wwhelp/wwhimpl/js/, (7) help/hip/en/msgguide/wwhelp/wwhimpl/js/, or (8) help/hip/en/msgguide/wwhelp/wwhimpl/common/. 2013-01-25 4.3 CVE-2012-6272 diy-cms -- diy-cms Multiple cross-site scripting (XSS) vulnerabilities in DiY-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) question parameter to in /modules/poll/add.php or (2) question or (3) answer parameter to modules/poll/edit.php. 2013-01-23 4.3 CVE-2012-6517 diy-cms -- diy-cms Cross-site request forgery (CSRF) vulnerability in mod.php in DiY-CMS 1.0 allows remote attackers to hijack the authentication of administrators for requests that create a poll via an add action to the poll module. 2013-01-23 6.8 CVE-2012-6518 efrontlearning -- efront eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in the lesson_info module to index.php, which reveals the installation path in an error message. 2013-01-23 5.0 CVE-2012-6515 elefantcms -- elefantcms Cross-site scripting (XSS) vulnerability in apps/admin/handlers/versions.php in Elefant CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter to admin/versions. 2013-01-23 4.3 CVE-2012-6521 freetype -- freetype FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation error" in the bdf_free_font function. 2013-01-24 4.3 CVE-2012-5668 freetype -- freetype The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read. 2013-01-24 4.3 CVE-2012-5669 freetype -- freetype The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value. 2013-01-24 4.3 CVE-2012-5670 gnupg -- gnupg The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet. 2013-01-23 5.8 CVE-2012-6085 gpeasy -- gpeasy_cms Cross-site scripting (XSS) vulnerability in index.php/Admin_Preferences in gpEasy CMS 2.3.3 allows remote attackers to inject arbitrary web script or HTML via the jsoncallback parameter. 2013-01-23 4.3 CVE-2012-6513 ibm -- tivoli_federated_identity_manager IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 do not check whether an OpenID attribute is signed in the (1) SREG (aka simple registration extension) and (2) AX (aka attribute exchange extension) cases, which allows man-in-the-middle attackers to spoof OpenID provider data by inserting unsigned attributes. 2013-01-18 4.3 CVE-2012-6359 ibm -- intelligent_operations_center Cross-site scripting (XSS) vulnerability in IBM Intelligent Operations Center 1.5.0 allows remote attackers to inject arbitrary web script or HTML via event data fields. 2013-01-18 4.3 CVE-2012-6360 jeff_sterup -- plugin-organizer Multiple cross-site scripting (XSS) vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) delete_id parameter or (2) extension parameter in an "Update Setting" action to wp-admin/admin.php. 2013-01-23 4.3 CVE-2012-6511 jeff_sterup -- plugin-organizer The Organizer plugin 1.2.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors to (1) plugin_hook.php, (2) page/index.php, (3) page/dir.php (4) page/options.php, (5) page/resize.php, (6) page/upload.php, (7) page/users.php, or (8) page/view.php. 2013-01-23 5.0 CVE-2012-6512 linux -- linux_kernel Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length. 2013-01-22 5.2 CVE-2012-2119 linux -- linux_kernel Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function. 2013-01-22 6.9 CVE-2012-2137 linux -- linux_kernel The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping. 2013-01-22 4.4 CVE-2012-2372 linux -- linux_kernel Multiple stack-based buffer overflows in the Near Field Communication Controller Interface (NCI) in the Linux kernel before 3.4.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via incoming frames with crafted length fields. 2013-01-22 5.0 CVE-2012-3364 mariadb -- mariadb Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete. 2013-01-22 6.5 CVE-2012-4414 microsoft -- internet_explorer Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\127.0.0.1\C$\ sequence. 2013-01-22 5.0 CVE-2012-6502 netartmedia -- car_portal Multiple cross-site request forgery (CSRF) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change arbitrary user passwords via a nouveau action in the security module to cars/ADMIN/index.php; (2) create a user or (3) create a sub user via a sub_accounts action in the home module to USERS/index.php; or (4) change profile information via an edit action in the profile module to USERS/index.php. 2013-01-23 6.8 CVE-2012-6508 netartmedia -- car_portal Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PWRS or (2) Description field when posting a new vehicle; (3) news title when creating news; (4) Name when creating a sub user; (5) group name when creating a group; or (6) dealer name, (7) first name, or (8) last name when changing a profile. 2013-01-23 4.3 CVE-2012-6510 netshinesoftware -- com_netinvoice Cross-site scripting (XSS) vulnerability in the nBill (com_netinvoice) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php. 2013-01-23 4.3 CVE-2012-6514 olivetoast -- documents_pro_file_viewer Cross-site scripting (XSS) vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) app before 1.11.1 for iOS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2013-01-19 4.3 CVE-2012-5184 php -- php The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data. 2013-01-19 5.0 CVE-2012-6113 rockwellautomation -- controllogix_controllers Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to obtain sensitive information via a crafted CIP packet. 2013-01-24 5.0 CVE-2012-6441 rpm -- rpm The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package. 2013-01-18 4.3 CVE-2012-6088 shawn_bradley -- php_volunteer_management Cross-site scripting (XSS) vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter. 2013-01-23 4.3 CVE-2012-6505 siemens -- simatic_rf-manager Buffer overflow in a third-party ActiveX component in Siemens SIMATIC RF-MANAGER 2008, and RF-MANAGER Basic 3.0 and earlier, allows remote attackers to execute arbitrary code via a crafted web site. 2013-01-21 6.8 CVE-2013-0656 simplerealtytheme -- advanced_text_widget_plugin Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. 2013-01-23 4.3 CVE-2011-4618 sitecom -- wlm-2501 Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators for requests that modify settings for (1) Mac Filtering via admin/formFilter, (2) IP/Port Filtering via formFilter, (3) Port Forwarding via formPortFw, (4) Wireless Access Control via admin/formWlAc, (5) Wi-Fi Protected Setup via formWsc, (6) URL Blocking Filter via formURL, (7) Domain Blocking Filter via formDOMAINBLK, and (8) IP Address ACL Filter via admin/formACL in goform/, different vectors than CVE-2012-1921. 2013-01-23 6.8 CVE-2012-1922 utorrent -- utorrent Buffer overflow in the "create torrent dialog" functionality in uTorrent 1.8.3 build 15772, and possibly other versions before 1.8.3 (Build 16010), allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a text file containing a large string. NOTE: some of these details are obtained from third party information. 2013-01-18 6.8 CVE-2009-5134 wikidforum -- wikidforum Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort parameters in an advanced search. 2013-01-23 4.3 CVE-2012-2099 zingiri -- zingiri_web_shop Multiple cross-site scripting (XSS) vulnerabilities in he Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php. 2013-01-23 4.3 CVE-2012-6506 Low Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info apache -- cloudstack Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API. 2013-01-22 1.5 CVE-2012-5616 linux -- linux_kernel The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SREGS ioctl to set the X86_CR4_OSXSAVE bit in the guest cr4 register, then calling the KVM_RUN ioctl. 2013-01-22 1.9 CVE-2012-4461 proftpd -- proftpd ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands. 2013-01-24 1.2 CVE-2012-6095 This product is provided subject to this Notification and this Privacy & Use policy.

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For updated or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- adobe_air Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and Mac OS X, before 10.3.183.50 and 11.x before 11.2.202.261 on Linux, before 11.1.111.31 on Android 2.x and 3.x, and before 11.1.115.36 on Android 4.x; Adobe AIR before 3.5.0.1060; and Adobe AIR SDK before 3.5.0.1060 allows attackers to execute arbitrary code via unspecified vectors. 2013-01-11 10.0 CVE-2013-0630 adobe -- coldfusion Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013. 2013-01-16 10.0 CVE-2013-0632 cisco -- adaptive_security_appliance_software Cisco Adaptive Security Appliance (ASA) software 8.7.1 and 8.7.1.1 for the Cisco ASA 1000V Cloud Firewall allows remote attackers to cause a denial of service (device reload) via a malformed H.225 H.323 IPv4 packet, aka Bug IDs CSCuc42812 and CSCuc88741. 2013-01-17 7.8 CVE-2012-5419 cisco -- prime_lan_management_solution Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779. 2013-01-17 10.0 CVE-2012-6392 connections_project -- connections Unspecified vulnerability in the Connections plugin before 0.7.1.6 for WordPress has unknown impact and attack vectors. 2013-01-11 10.0 CVE-2011-5254 elite-board -- elite_bulletin_board Multiple SQL injection vulnerabilities in the (1) update_whosonline_reg and (2) update_whosonline_guest functions in Elite Bulletin Board before 2.1.22 allow remote attackers to execute arbitrary SQL commands via the PATH_INFO to (a) checkuser.php, (b) groups.php, (c) index.php, (d) login.php, (e) quicklogin.php, (f) register.php, (g) Search.php, (h) viewboard.php, or (i) viewtopic.php. 2013-01-11 7.5 CVE-2012-5874 emc -- networker Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before 7.6.5, and 8.x before 8.0.0.6, allows remote attackers to execute arbitrary code via crafted SunRPC data. 2013-01-17 9.3 CVE-2012-4607 google -- chrome Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG layout. 2013-01-15 7.5 CVE-2012-5145 google -- chrome Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling. 2013-01-15 7.5 CVE-2012-5147 google -- chrome The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names, which has unspecified impact and attack vectors. 2013-01-15 7.5 CVE-2012-5148 google -- chrome Integer overflow in the audio IPC layer in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2013-01-15 7.5 CVE-2012-5149 google -- chrome Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving seek operations on video data. 2013-01-15 7.5 CVE-2012-5150 google -- chrome Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to stack memory. 2013-01-15 7.5 CVE-2012-5153 google -- chrome Integer overflow in Google Chrome before 24.0.1312.52 on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to allocation of shared memory. 2013-01-15 7.5 CVE-2012-5154 google -- chrome The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors. 2013-01-15 7.5 CVE-2013-0830 google -- chrome Directory traversal vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to have an unspecified impact by leveraging access to an extension process. 2013-01-15 7.5 CVE-2013-0831 google -- chrome Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing. 2013-01-15 7.5 CVE-2013-0832 google -- chrome Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs. 2013-01-15 7.5 CVE-2013-0837 google -- chrome Google Chrome before 24.0.1312.52 on Linux uses weak permissions for shared memory segments, which has unspecified impact and attack vectors. 2013-01-15 7.5 CVE-2013-0838 mozilla -- firefox Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an HTML document with a table containing many columns and column groups. 2013-01-13 9.3 CVE-2013-0744 mozilla -- firefox The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a crafted HTML document referencing JavaScript objects. 2013-01-13 9.3 CVE-2013-0745 mozilla -- firefox Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the jsval data type for their return values, which allows remote attackers to execute arbitrary code or cause a denial of service (compartment mismatch and application crash) via crafted JavaScript code that is not properly handled during garbage collection. 2013-01-13 9.3 CVE-2013-0746 mozilla -- firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2013-01-13 10.0 CVE-2013-0749 mozilla -- firefox Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted string concatenation, leading to improper memory allocation and a heap-based buffer overflow. 2013-01-13 10.0 CVE-2013-0750 mozilla -- firefox Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with multiple bindings that have SVG content. 2013-01-13 9.3 CVE-2013-0752 mozilla -- firefox Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content. 2013-01-13 9.3 CVE-2013-0753 mozilla -- firefox Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors involving the triggering of garbage collection after memory allocation for listener objects. 2013-01-13 10.0 CVE-2013-0754 mozilla -- firefox Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors related to the domDoc pointer. 2013-01-13 10.0 CVE-2013-0755 mozilla -- firefox Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing JavaScript Proxy objects that are not properly handled during garbage collection. 2013-01-13 9.3 CVE-2013-0756 mozilla -- firefox The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document. 2013-01-13 9.3 CVE-2013-0757 mozilla -- firefox Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements. 2013-01-13 10.0 CVE-2013-0758 mozilla -- firefox Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document. 2013-01-13 9.3 CVE-2013-0760 mozilla -- firefox Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. 2013-01-13 10.0 CVE-2013-0761 mozilla -- firefox Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. 2013-01-13 10.0 CVE-2013-0762 mozilla -- firefox Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to Mesa drivers and a resized WebGL canvas. 2013-01-13 10.0 CVE-2013-0763 mozilla -- firefox The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary code via crafted data, as demonstrated by e-mail message data. 2013-01-13 9.3 CVE-2013-0764 mozilla -- firefox Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. 2013-01-13 10.0 CVE-2013-0766 mozilla -- firefox The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. 2013-01-13 10.0 CVE-2013-0767 mozilla -- firefox Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via an HTML document that specifies invalid width and height values. 2013-01-13 10.0 CVE-2013-0768 mozilla -- firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2013-01-13 10.0 CVE-2013-0769 mozilla -- firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2013-01-13 10.0 CVE-2013-0770 mozilla -- firefox Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document. 2013-01-13 9.3 CVE-2013-0771 oracle -- jdk Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422. This identifier is for a different vulnerability whose details are not public as of 20130114. 2013-01-14 10.0 CVE-2012-3174 oracle -- database_server Unspecified vulnerability in the Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users with Create Table privileges to affect confidentiality, integrity, and availability via unknown vectors. 2013-01-16 9.0 CVE-2012-3220 oracle -- enterprise_manager_grid_control Unspecified vulnerability in the APM - Application Performance Management component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Business Transaction Management. 2013-01-16 7.5 CVE-2013-0359 oracle -- database_lite Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0366. 2013-01-16 10.0 CVE-2013-0361 oracle -- database_mobile/lite_server Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2013-0363 and CVE-2013-0364. 2013-01-16 7.8 CVE-2013-0362 oracle -- database_mobile/lite_server Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2013-0362 and CVE-2013-0364. 2013-01-16 7.8 CVE-2013-0363 oracle -- database_lite Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2013-0362 and CVE-2013-0363. 2013-01-16 7.8 CVE-2013-0364 oracle -- database_mobile/lite_server Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0361. 2013-01-16 10.0 CVE-2013-0366 rubyonrails -- ruby_on_rails Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694. 2013-01-13 10.0 CVE-2013-0155 rubyonrails -- rails active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion. 2013-01-13 10.0 CVE-2013-0156 Medium Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info age_verification_project -- age_verification Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter. 2013-01-11 5.8 CVE-2012-6499 cisco -- vpn_client The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669. 2013-01-17 4.6 CVE-2012-5429 cisco -- telepresence_video_communication_servers_software Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, aka Bug ID CSCub67989. 2013-01-17 5.0 CVE-2012-5444 cisco -- quad Cross-site scripting (XSS) vulnerability in Cisco WebEx Social (formerly Cisco Quad) allows remote attackers to inject arbitrary web script or HTML via a crafted RSS service link, aka Bug ID CSCub61977. 2013-01-17 4.3 CVE-2012-6397 cisco -- webex_training_center Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center testing library in Cisco WebEx Training Center allows remote attackers to hijack the authentication of arbitrary users for requests that delete tests, aka Bug ID CSCzu81067. 2013-01-17 6.8 CVE-2013-1109 ettercap_project -- ettercap Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a Trojan horse hosts list containing a long line. 2013-01-11 4.4 CVE-2013-0722 fireflymediaserver -- firefly_media_server Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service (NULL pointer dereference) via a (1) crafted Connection HTTP header; a return carriage control character in the (2) Accept Language header, (3) User-agent header, (4) Host header, or (5) protocol version; or a (6) crafted HTTP protocol version. 2013-01-18 5.0 CVE-2012-5875 ge -- intelligent_platforms_proficy_hmi/scada_cimplicity Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request. 2013-01-17 4.3 CVE-2012-4689 google -- chrome Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL. 2013-01-15 5.0 CVE-2012-5146 google -- chrome Integer overflow in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code in a PDF document. 2013-01-15 6.8 CVE-2012-5151 google -- chrome Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving seek operations on video data. 2013-01-15 5.0 CVE-2012-5152 google -- chrome Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for worker processes, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors. 2013-01-15 5.0 CVE-2012-5155 google -- chrome Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF fields. 2013-01-15 6.8 CVE-2012-5156 google -- chrome Google Chrome before 24.0.1312.52 does not properly handle image data in PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document. 2013-01-15 4.3 CVE-2012-5157 google -- chrome The PDF functionality in Google Chrome before 24.0.1312.52 does not properly perform a cast of an unspecified variable during processing of the root of the structure tree, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. 2013-01-15 6.8 CVE-2013-0828 google -- chrome Google Chrome before 24.0.1312.52 does not properly maintain database metadata, which allows remote attackers to bypass intended file-access restrictions via unspecified vectors. 2013-01-15 6.4 CVE-2013-0829 google -- chrome Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to printing. 2013-01-15 5.0 CVE-2013-0833 google -- chrome Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving glyphs. 2013-01-15 5.0 CVE-2013-0834 google -- chrome Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (application crash) via unknown vectors. 2013-01-15 5.0 CVE-2013-0835 google -- chrome Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, does not properly implement garbage collection, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code. 2013-01-15 6.8 CVE-2013-0836 hp -- pki_activex_control The KillProcess method in the HP PKI ActiveX control (HPPKI.ocx) before 1.2.0.1 allows remote attackers to cause a denial of service (kill process) via the partial or full name of a process. 2013-01-11 4.3 CVE-2012-6501 mozilla -- firefox The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event. 2013-01-13 6.8 CVE-2013-0747 mozilla -- firefox The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR protection mechanism by calling the toString function of an XBL object. 2013-01-13 5.0 CVE-2013-0748 mozilla -- firefox Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document. 2013-01-13 5.8 CVE-2013-0751 mozilla -- firefox Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in the userinfo field of a URL, in conjunction with a 204 (aka No Content) HTTP status code. 2013-01-13 5.0 CVE-2013-0759 mysql -- mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. 2013-01-16 4.0 CVE-2012-0572 mysql -- mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors. 2013-01-16 4.0 CVE-2012-0574 mysql -- mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. 2013-01-16 4.0 CVE-2012-0578 mysql -- mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors. 2013-01-16 5.0 CVE-2012-1702 mysql -- mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. 2013-01-16 4.0 CVE-2012-1705 mysql -- mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension. 2013-01-16 6.8 CVE-2012-5060 mysql -- mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition. 2013-01-16 4.0 CVE-2013-0367 mysql -- mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. 2013-01-16 4.0 CVE-2013-0368 mysql -- mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM. 2013-01-16 4.0 CVE-2013-0371 mysql -- mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication. 2013-01-16 5.5 CVE-2013-0375 mysql -- mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking. 2013-01-16 4.3 CVE-2013-0383 mysql -- mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema. 2013-01-16 6.8 CVE-2013-0384 mysql -- mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication. 2013-01-16 6.6 CVE-2013-0385 mysql -- mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure. 2013-01-16 6.8 CVE-2013-0386 mysql -- mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. 2013-01-16 6.8 CVE-2013-0389 oracle -- fusion_middleware Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via unknown vectors. 2013-01-16 4.3 CVE-2012-1677 oracle -- siebel_crm Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel Apps - Multi-channel Technologies. 2013-01-16 4.0 CVE-2012-1680 oracle -- siebel_crm Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel UI Framework. 2013-01-16 4.0 CVE-2012-1700 oracle -- siebel_crm Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Highly Interactive Web UI. 2013-01-16 5.0 CVE-2012-1701 oracle -- peoplesoft_products Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 allows remote attackers to affect integrity via vectors related to PeopleBooks - PSOL. 2013-01-16 4.3 CVE-2012-1755 oracle -- siebel_crm Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Siebel Core - Server Infrastructure. 2013-01-16 4.0 CVE-2012-3168 oracle -- siebel_crm Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Siebel Core - Server Infrastructure, a different vulnerability than CVE-2012-3170. 2013-01-16 5.0 CVE-2012-3169 oracle -- siebel_crm Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Siebel Core - Server Infrastructure, a different vulnerability than CVE-2012-3169. 2013-01-16 5.0 CVE-2012-3170 oracle -- siebel_crm Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Siebel Apps - Multi-channel Technologies. 2013-01-16 4.0 CVE-2012-3172 oracle -- e-business_suite Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity, related to UWQ Server Issues. 2013-01-16 6.4 CVE-2012-3190 oracle -- e-business_suite Unspecified vulnerability in the Human Resources component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Security Groups. 2013-01-16 5.5 CVE-2012-3218 oracle -- enterprise_manager_database_control Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Storage Management. 2013-01-16 4.3 CVE-2012-3219 oracle -- peoplesoft_products Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity via unknown vectors related to Portal, a different vulnerability than CVE-2013-0392. 2013-01-16 4.3 CVE-2012-5059 oracle -- enterprise_manager_database_control Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect integrity via unknown vectors related to User Interface Framework. 2013-01-16 4.3 CVE-2012-5062 oracle -- fusion_middleware Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.3.0, 11.1.1.5.0, and 11.1.2.0.0 allows remote attackers to affect integrity, related to OAM Webgate. 2013-01-16 4.3 CVE-2012-5097 oracle -- enterprise_manager_database_control Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Content Management. 2013-01-16 4.3 CVE-2013-0352 oracle -- enterprise_manager_database_control Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 allows remote attackers to affect integrity via unknown vectors related to Enterprise Configuration Management. 2013-01-16 4.3 CVE-2013-0353 oracle -- enterprise_manager_database_control Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5, and EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3, allows remote attackers to affect integrity via unknown vectors related to Policy Framework. 2013-01-16 4.3 CVE-2013-0354 oracle -- enterprise_manager_database_control Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1, and EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3, allows remote attackers to affect integrity via unknown vectors related to Distributed/Cross DB Features. 2013-01-16 4.3 CVE-2013-0355 oracle -- peoplesoft_products Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity, related to PIA Core Technology. 2013-01-16 4.3 CVE-2013-0356 oracle -- peoplesoft_products Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity, related to PIA Core Technology. 2013-01-16 4.3 CVE-2013-0357 oracle -- enterprise_manager_database_control Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Resource Manager. 2013-01-16 4.3 CVE-2013-0358 oracle -- enterprise_manager_grid_control Unspecified vulnerability in the Application Performance Management (APM) component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Business Transaction Management, a different vulnerability than CVE-2013-0396. 2013-01-16 5.0 CVE-2013-0360 oracle -- siebel_crm Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. 2013-01-16 4.0 CVE-2013-0365 oracle -- peoplesoft_products Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Query. 2013-01-16 5.5 CVE-2013-0369 oracle -- enterprise_manager_database_control Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 11.1.0.1 and 12.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Distributed/Cross DB Features. 2013-01-16 4.3 CVE-2013-0372 oracle -- enterprise_manager_database_control Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1, and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Distributed/Cross DB Features. 2013-01-16 4.3 CVE-2013-0373 oracle -- enterprise_manager_database_control Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1, and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Database Cloning. 2013-01-16 4.3 CVE-2013-0374 oracle -- e-business_suite Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Diagnostics. 2013-01-16 4.3 CVE-2013-0376 oracle -- e-business_suite Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Client System Analyzer. 2013-01-16 4.3 CVE-2013-0377 oracle -- siebel_crm Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Siebel Calendar, a different vulnerability than CVE-2013-0379. 2013-01-16 4.3 CVE-2013-0378 oracle -- siebel_crm Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Siebel Calendar, a different vulnerability than CVE-2013-0378. 2013-01-16 4.3 CVE-2013-0379 oracle -- e-business_suite Unspecified vulnerability in the Oracle Payroll component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to View Payslip. 2013-01-16 4.3 CVE-2013-0380 oracle -- e-business_suite Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Application Framework. 2013-01-16 6.4 CVE-2013-0381 oracle -- e-business_suite Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Campaign Management. 2013-01-16 6.4 CVE-2013-0382 oracle -- peoplesoft_products Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to PeopleCode. 2013-01-16 4.3 CVE-2013-0387 oracle -- peoplesoft_products Unspecified vulnerability in the PeopleSoft HRMS component in Oracle PeopleSoft Products 9.1 allows remote attackers to affect integrity via unknown vectors related to Mobile Company Directory. 2013-01-16 4.3 CVE-2013-0388 oracle -- peoplesoft_products Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Security. 2013-01-16 5.5 CVE-2013-0391 oracle -- peoplesoft_products Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity via unknown vectors related to Portal, a different vulnerability than CVE-2012-5059. 2013-01-16 4.3 CVE-2013-0392 oracle -- fusion_middleware Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0418. 2013-01-16 6.8 CVE-2013-0393 oracle -- peoplesoft_products Unspecified vulnerability in the PeopleSoft HRMS component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote attackers to affect confidentiality via unknown vectors related to Candidate Gateway. 2013-01-16 5.0 CVE-2013-0394 oracle -- peoplesoft_products Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect integrity via unknown vectors related to Security. 2013-01-16 4.0 CVE-2013-0395 oracle -- enterprise_manager_grid_control Unspecified vulnerability in the Application Performance Management (APM) component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Business Transaction Management, a different vulnerability than CVE-2013-0360. 2013-01-16 5.0 CVE-2013-0396 oracle -- e-business_suite Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Diagnostics. 2013-01-16 6.4 CVE-2013-0397 oracle -- sun_products_suite Unspecified vulnerability in the Sun Storage Common Array Manager (CAM) component in Oracle Sun Products Suite 6.9.0 allows remote attackers to affect confidentiality, related to Fault Management System (FMS). 2013-01-16 5.0 CVE-2013-0417 oracle -- fusion_middleware Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. 2013-01-16 6.8 CVE-2013-0418 orchardproject -- orchard Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter. 2013-01-11 5.8 CVE-2011-5252 pragyan_cms_project -- pragyan_cms Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php. 2013-01-11 5.0 CVE-2012-6500 redhat -- jboss_enterprise_portal_platform Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2013-01-18 4.3 CVE-2012-5531 rpm -- rpm The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package. 2013-01-18 4.3 CVE-2012-6088 specview -- specview Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI. 2013-01-17 5.0 CVE-2012-5972 squirrelmail -- squirrelmail functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813. 2013-01-18 5.0 CVE-2012-2124 sun -- sunos Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Umount. 2013-01-16 6.6 CVE-2013-0399 sun -- sunos Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Filesystem/cachefs. 2013-01-16 6.6 CVE-2013-0400 sun -- sunos Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework. 2013-01-16 4.6 CVE-2013-0407 sun -- sunos Unspecified vulnerability Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package. 2013-01-16 6.0 CVE-2013-0415 thegr -- dl Dl Download Ticket Service 0.3 through 0.9 allows remote attackers to login as an arbitrary user by supplying an authorization header. 2013-01-11 4.3 CVE-2011-5253 Low Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info ibm -- tivoli_federated_identity_manager IBM Tivoli Federated Identity Manager (TFIM) before 6.1.1.14, 6.2.0 before 6.2.0.12, and 6.2.1 before 6.2.1.4 allows context-dependent attackers to discover (1) a cleartext LDAP Bind Password, (2) keystore passwords, (3) a cleartext Basic Authentication password from a client, or (4) a cleartext user password by leveraging a logging configuration with a log trace setting of all. 2013-01-17 3.5 CVE-2012-3310 inkscape -- inkscape The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack. 2013-01-18 2.1 CVE-2012-5656 mysql -- mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors. 2013-01-16 3.5 CVE-2012-5096 oracle -- jd_edwards_products Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98, 9.1, and 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC. 2013-01-16 3.5 CVE-2012-1678 oracle -- peoplesoft_products Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect integrity, related to Rich Text Editor (RTE). 2013-01-16 3.5 CVE-2012-3192 oracle -- supply_chain_products_suite Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. 2013-01-16 2.1 CVE-2013-0370 oracle -- e-business_suite Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Bookmarkable Pages. 2013-01-16 2.1 CVE-2013-0390 oracle -- virtualization Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. 2013-01-16 2.4 CVE-2013-0420 samba -- samba Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute. 2013-01-17 3.5 CVE-2013-0172 sun -- sunos Unspecified vulnerability Oracle Sun Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Install/smpatch. 2013-01-16 3.3 CVE-2012-0569 sun -- sunos Unspecified vulnerability in the kernel in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors. 2013-01-16 2.1 CVE-2012-3178 sun -- sunos Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via unknown vectors related to Utility/ksh93. 2013-01-16 3.3 CVE-2013-0414 xen -- xen The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash) via unspecified vectors related to a hypercall. 2013-01-11 1.9 CVE-2013-0154 This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: January 15, 2013 | Last revised: -- Systems Affected Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Overview Microsoft has released Security Bulletin MS13-008 to address the CButton use-after-free vulnerability (CVE-2012-4792). Description Microsoft Internet Explorer versions 6, 7, and 8 are susceptible to a use-after-free vulnerability. This vulnerability is being actively exploited in the wild. Microsoft has released Security Bulletin MS13-008 to address this vulnerability. Additional information is available in Vulnerability Note VU#154201. Impact A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. Solution US-CERT recommends that Internet Explorer users run Windows Update as soon as possible to apply the MS13-008 update. References Revision History January 15, 2013: Initial release This product is provided subject to this Notification and this Privacy & Use policy.

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For updated or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- acrobat Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-0601, CVE-2013-0605, CVE-2013-0616, CVE-2013-0619, CVE-2013-0620, and CVE-2013-0623. 2013-01-10 10.0 CVE-2012-1530 adobe -- acrobat Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0605, CVE-2013-0616, CVE-2013-0619, CVE-2013-0620, and CVE-2013-0623. 2013-01-10 10.0 CVE-2013-0601 adobe -- acrobat Use-after-free vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors. 2013-01-10 10.0 CVE-2013-0602 adobe -- acrobat Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0604. 2013-01-10 10.0 CVE-2013-0603 adobe -- acrobat Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0603. 2013-01-10 10.0 CVE-2013-0604 adobe -- acrobat Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0616, CVE-2013-0619, CVE-2013-0620, and CVE-2013-0623. 2013-01-10 10.0 CVE-2013-0605 adobe -- acrobat Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0612, CVE-2013-0615, CVE-2013-0617, and CVE-2013-0621. 2013-01-10 10.0 CVE-2013-0606 adobe -- acrobat Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0608, CVE-2013-0611, CVE-2013-0614, and CVE-2013-0618. 2013-01-10 10.0 CVE-2013-0607 adobe -- acrobat Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0611, CVE-2013-0614, and CVE-2013-0618. 2013-01-10 10.0 CVE-2013-0608 adobe -- acrobat Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0613. 2013-01-10 10.0 CVE-2013-0609 adobe -- acrobat Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0626. 2013-01-10 10.0 CVE-2013-0610 adobe -- acrobat Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013-0614, and CVE-2013-0618. 2013-01-10 10.0 CVE-2013-0611 adobe -- acrobat Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0615, CVE-2013-0617, and CVE-2013-0621. 2013-01-10 10.0 CVE-2013-0612 adobe -- acrobat Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0609. 2013-01-10 10.0 CVE-2013-0613 adobe -- acrobat Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013-0611, and CVE-2013-0618. 2013-01-10 10.0 CVE-2013-0614 adobe -- acrobat Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0617, and CVE-2013-0621. 2013-01-10 10.0 CVE-2013-0615 adobe -- acrobat Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0605, CVE-2013-0619, CVE-2013-0620, and CVE-2013-0623. 2013-01-10 10.0 CVE-2013-0616 adobe -- acrobat Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0615, and CVE-2013-0621. 2013-01-10 10.0 CVE-2013-0617 adobe -- acrobat Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013-0611, and CVE-2013-0614. 2013-01-10 10.0 CVE-2013-0618 adobe -- acrobat Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0605, CVE-2013-0616, CVE-2013-0620, and CVE-2013-0623. 2013-01-10 10.0 CVE-2013-0619 adobe -- acrobat Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0605, CVE-2013-0616, CVE-2013-0619, and CVE-2013-0623. 2013-01-10 10.0 CVE-2013-0620 adobe -- acrobat Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0615, and CVE-2013-0617. 2013-01-10 10.0 CVE-2013-0621 adobe -- acrobat Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-0624. 2013-01-10 10.0 CVE-2013-0622 adobe -- acrobat Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0605, CVE-2013-0616, CVE-2013-0619, and CVE-2013-0620. 2013-01-10 10.0 CVE-2013-0623 adobe -- acrobat Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-0622. 2013-01-10 10.0 CVE-2013-0624 adobe -- acrobat Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0610. 2013-01-10 10.0 CVE-2013-0626 adobe -- acrobat Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows local users to gain privileges via unknown vectors. 2013-01-10 7.2 CVE-2013-0627 ffmpeg -- ffmpeg The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to "width/height changing with frame threads." 2013-01-04 10.0 CVE-2011-3937 ibm -- java Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to "insecure use of the java.lang.reflect.Method invoke() method." 2013-01-10 9.3 CVE-2012-4820 ibm -- java Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via "insecure use" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods. 2013-01-10 9.3 CVE-2012-4821 ibm -- java Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via vectors related to "insecure use [of] multiple methods in the java.lang.class class." 2013-01-10 9.3 CVE-2012-4822 ibm -- java Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers to execute arbitrary code via vectors related to "insecure use of the java.lang.ClassLoder defineClass() method." 2013-01-10 9.3 CVE-2012-4823 microsoft -- .net_framework The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability." 2013-01-09 7.1 CVE-2013-0001 microsoft -- .net_framework Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability." 2013-01-09 9.3 CVE-2013-0002 microsoft -- .net_framework Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability." 2013-01-09 9.3 CVE-2013-0003 microsoft -- .net_framework Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability." 2013-01-09 9.3 CVE-2013-0004 microsoft -- .net_framework The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability." 2013-01-09 7.8 CVE-2013-0005 microsoft -- expression_web Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability." 2013-01-09 9.3 CVE-2013-0006 microsoft -- expression_web Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability." 2013-01-09 9.3 CVE-2013-0007 microsoft -- windows_7 The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability." 2013-01-09 10.0 CVE-2013-0011 oracle -- jdk The MBeanInstantiator in Oracle Java Runtime Environment (JRE) 1.7 in Java 7 Update 10 and earlier allows remote attackers to execute arbitrary code via vectors related to unspecified classes that allow access to the class loader, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681. 2013-01-10 10.0 CVE-2013-0422 perl -- perl The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6. 2013-01-04 7.5 CVE-2012-6329 Medium Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- coldfusion Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013. 2013-01-08 6.8 CVE-2013-0625 adobe -- coldfusion Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013. 2013-01-08 4.3 CVE-2013-0629 adobe -- coldfusion Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013. 2013-01-08 5.0 CVE-2013-0631 apache -- cxf Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies. 2013-01-04 5.0 CVE-2012-2378 digium -- asterisk Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol. 2013-01-04 5.0 CVE-2012-5976 foswiki -- foswiki The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro. 2013-01-04 5.0 CVE-2012-6330 libtiff -- libtiff Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image. 2013-01-04 6.8 CVE-2012-5581 maxtom -- atomymaxsite Unrestricted file upload vulnerability in index.php in Atomymaxsite 2.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file, as exploited in the wild in October 2012. 2013-01-08 6.8 CVE-2012-6498 microsoft -- windows_7 win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability." 2013-01-09 6.9 CVE-2013-0008 microsoft -- system_center_operations_manager Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010. 2013-01-09 4.3 CVE-2013-0009 microsoft -- system_center_operations_manager Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009. 2013-01-09 4.3 CVE-2013-0010 microsoft -- windows_7 The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability." 2013-01-09 5.8 CVE-2013-0013 pizzashack -- rssh rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option. 2013-01-10 4.4 CVE-2012-2251 pizzashack -- rssh Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option. 2013-01-10 4.4 CVE-2012-2252 redhat -- enterprise_virtualization_manager Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/. 2013-01-04 6.2 CVE-2012-0860 redhat -- enterprise_virtualization_manager The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack. 2013-01-04 6.8 CVE-2012-0861 redhat -- certificate_system Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) pageStart or (2) pageSize to the displayCRL script, or (3) nonce variable to the profileProcess script. 2013-01-04 4.3 CVE-2012-4543 redhat -- jboss_enterprise_application_platform The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, authorizes all requests when no roles are allowed for an Enterprise Java Beans (EJB) method invocation, which allows attackers to bypass intended access restrictions for EJB methods. 2013-01-04 5.8 CVE-2012-4549 redhat -- jboss_enterprise_application_platform JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization modules, which prevents JACC permissions from being applied and allows remote attackers to obtain access to the EJB. 2013-01-04 6.4 CVE-2012-4550 redhat -- certificate_system The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors. 2013-01-04 4.0 CVE-2012-4555 redhat -- certificate_system The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query. 2013-01-04 4.0 CVE-2012-4556 redhat -- cloudforms proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system. 2013-01-04 5.5 CVE-2012-5603 Low Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info centrify -- centrify_deployment_manager Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file. 2013-01-04 3.3 CVE-2012-6348 redhat -- enterprise_virtualization_manager Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecified vectors. 2013-01-04 3.7 CVE-2011-4316 redhat -- enterprise_virtualization_manager The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request. 2013-01-04 2.7 CVE-2012-2696 redhat -- cloudforms Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log. 2013-01-04 3.3 CVE-2012-3538 redhat -- cloudforms Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file. 2013-01-04 2.1 CVE-2012-4574 redhat -- enterprise_virtualization_manager Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors. 2013-01-04 2.1 CVE-2012-5516 redhat -- cloudforms Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files. 2013-01-04 2.1 CVE-2012-5605 This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: January 10, 2013 | Last revised: -- Systems Affected Any system using Oracle Java 7 (1.7, 1.7.0) including Java Platform Standard Edition 7 (Java SE 7) Java SE Development Kit (JDK 7) Java SE Runtime Environment (JRE 7) All versions of Java 7 through update 10 are affected.  Web browsers using the Java 7 plug-in are at high risk. Overview A vulnerability in the way Java 7 restricts the permissions of Java applets could allow an attacker to execute arbitrary commands on a vulnerable system. Description A vulnerability in the Java Security Manager allows a Java applet to grant itself permission to execute arbitrary code. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate web site and upload a malicious Java applet (a "drive-by download" attack). Any web browser using the Java 7 plug-in is affected. The Java Deployment Toolkit plug-in and Java Web Start can also be used as attack vectors. Reports indicate this vulnerability is being actively exploited, and exploit code is publicly available. Further technical details are available in Vulnerability Note VU#625617. Impact By convincing a user to load a malicious Java applet or Java Network Launching Protocol (JNLP) file, an attacker could execute arbitrary code on a vulnerable system with the privileges of the Java plug-in process. Solution Disable Java in web browsers This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered. To defend against this and future Java vulnerabilities, disable Java in web browsers. Starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet. From Setting the Security Level of the Java Client: For installations where the highest level of security is required, it is possible to entirely prevent any Java apps (signed or unsigned) from running in a browser by de-selecting Enable Java content in the browser in the Java Control Panel under the Security tab. If you are unable to update to Java 7 Update 10 please see the solution section of Vulnerability Note VU#636312 for instructions on how to disable Java on a per browser basis. References Vulnerability Note VU#625617 Setting the Security Level of the Java Client The Security Manager How to disable the Java web plug-in in Safari How to turn off Java applets NoScript Securing Your Web Browser Vulnerability Note VU#636312 Revision History January 10, 2013: Initial release This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: January 08, 2013 | Last revised: -- Systems Affected Microsoft Windows Microsoft Office Microsoft Server Software Microsoft .NET Framework Microsoft Developer Tools Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities. Description The Microsoft Security Bulletin Summary for January 2013 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities. Impact A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. Solution Apply Updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for January 2013, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates. References Microsoft Security Bulletin Summary for January 2013 Microsoft Windows Server Update Services Microsoft Update Microsoft Update Overview Turn Automatic Updating On or Off Revision History January 08, 2013: Initial release This product is provided subject to this Notification and this Privacy & Use policy.

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For updated or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info apache -- cxf Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors. 2013-01-02 10.0 CVE-2012-2379 fail2ban -- fail2ban server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecified symbols in this content. 2012-12-31 7.5 CVE-2012-5642 i-gen -- oplynx The Central application in i-GEN opLYNX before 2.01.9 allows remote attackers to bypass authentication via vectors involving the disabling of browser JavaScript support. 2012-12-31 7.5 CVE-2012-4688 lemonldap-ng -- lemonldap:: LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data. 2013-01-01 7.5 CVE-2012-6426 microsoft -- internet_explorer Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012. 2012-12-30 9.3 CVE-2012-4792 opera -- opera_browser Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed SVG image. 2013-01-02 9.3 CVE-2012-6465 opera -- opera_browser Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long HTTP response. 2013-01-02 9.3 CVE-2012-6468 opera -- opera_browser Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image. 2013-01-02 9.3 CVE-2012-6470 rubyonrails -- ruby_on_rails SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls. 2013-01-03 7.5 CVE-2012-6496 swi-prolog -- swi-prolog Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename. 2013-01-04 7.5 CVE-2012-6089 swi-prolog -- swi-prolog Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename. 2013-01-04 7.5 CVE-2012-6090 Medium Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info cerberusftp -- ftp_server Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program. 2012-12-31 4.3 CVE-2012-6339 connman -- connman ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, which might allow remote attackers to obtain sensitive information via Bluetooth packets. 2013-01-01 5.0 CVE-2012-6459 digium -- asterisk Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol. 2013-01-04 5.0 CVE-2012-5976 digium -- asterisk Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache. 2013-01-04 4.3 CVE-2012-5977 drupal -- drupal Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results. 2013-01-02 5.0 CVE-2012-5651 drupal -- drupal Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result. 2013-01-02 5.0 CVE-2012-5652 drupal -- drupal The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name. 2013-01-02 6.0 CVE-2012-5653 e107 -- e107 Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action. 2013-01-03 6.8 CVE-2012-6433 e107 -- e107 Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3) download_author_email, (4) download_author_website, (5) download_image, (6) download_thumb, (7) download_visible, or (8) download_class parameter. 2013-01-03 6.8 CVE-2012-6434 elinks -- elinks The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials. 2013-01-02 5.1 CVE-2012-4545 gnu -- grep Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow. 2013-01-03 4.4 CVE-2012-5667 ibm -- spss_modeler IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference. 2013-01-01 5.8 CVE-2012-5769 ircd-ratbox -- ircd-ratbox modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis before 3.4.2 does not properly support capability negotiation during server handshakes, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request. 2013-01-01 5.0 CVE-2012-6084 mediawiki -- rssreader Cross-site scripting (XSS) vulnerability in the RSS Reader extension before 0.2.6 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a crafted feed. 2012-12-31 4.3 CVE-2012-6453 moinmo -- moinmoin Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name. 2013-01-02 6.4 CVE-2012-6080 moinmo -- moinmoin Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012. 2013-01-02 6.0 CVE-2012-6081 moinmo -- moinmoin Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link. 2013-01-02 4.3 CVE-2012-6082 moinmo -- moinmoin Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code. 2013-01-02 6.0 CVE-2012-6495 nodewords_project -- nodewords The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sensitive information by reading the (1) description, (2) dc.description or (3) og:description meta tags. 2013-01-02 4.3 CVE-2012-5654 opera -- opera_browser Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs, via a crafted web site. 2013-01-02 5.0 CVE-2012-6460 opera -- opera_browser The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigger a false indication of successful revocation-status checking by causing a failure of a single checking service. 2013-01-02 5.0 CVE-2012-6461 opera -- opera_browser Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request. 2013-01-02 5.0 CVE-2012-6462 opera -- opera_browser Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs. 2013-01-02 4.3 CVE-2012-6463 opera -- opera_browser Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript code that overrides methods of unspecified native objects in documents that have different origins. 2013-01-02 4.3 CVE-2012-6464 opera -- opera_browser Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas. 2013-01-02 5.0 CVE-2012-6466 opera -- opera_browser Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site, as exploited in the wild in November 2012. 2013-01-02 4.3 CVE-2012-6467 opera -- opera_browser Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page. 2013-01-02 5.0 CVE-2012-6469 opera -- opera_browser Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests. 2013-01-02 5.0 CVE-2012-6471 opera -- opera_browser Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users to obtain sensitive information by reading a (1) cache file, (2) password file, or (3) configuration file, or (4) possibly gain privileges by modifying or overwriting a configuration file. 2013-01-02 4.6 CVE-2012-6472 owncloud -- owncloud ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file. 2013-01-02 4.3 CVE-2012-5665 owncloud -- owncloud Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php. 2013-01-02 4.3 CVE-2012-5666 polycom -- hdx_system_software Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2013-01-01 4.3 CVE-2012-4970 rubyonrails -- ruby_on_rails The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product. 2013-01-03 5.0 CVE-2012-6497 steven_jones -- context The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information via a crafted request. 2013-01-02 5.0 CVE-2012-5655 torproject -- tor The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial of service (memory consumption or excessive cell reception rate) or bypass intended flow-control restrictions via a RELAY_COMMAND_SENDME command. 2013-01-01 5.0 CVE-2012-5573 vbulletin -- vbulletin Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action. 2012-12-31 5.8 CVE-2011-5251 wp_php_widget_project -- wp_php_widget wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. 2013-01-02 5.0 CVE-2013-0721 Low Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info avg -- avg_antivirus The Anti-theft service in AVG AntiVirus for Android allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer." 2012-12-31 3.3 CVE-2012-6335 belkin -- n900_wireless_router The WPA2 implementation on the Belkin N900 F9K1104v1 router establishes a WPS PIN based on 6 digits of the LAN/WLAN MAC address, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading broadcast packets, a different vulnerability than CVE-2012-4366. 2012-12-31 3.3 CVE-2012-6371 lookout -- lookout The Missing Device feature in Lookout allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer." 2012-12-31 3.3 CVE-2012-6336 samsung -- samsungdive The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer." 2012-12-31 2.9 CVE-2012-6334 samsung -- samsungdive The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data. 2012-12-31 3.3 CVE-2012-6337 This product is provided subject to this Notification and this Privacy & Use policy.

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For updated or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- shockwave_player Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of a Shockwave Player 10.4.0.025 compatibility feature via a crafted HTML document that references Shockwave content with a certain compatibility parameter, related to a "downgrading" attack. 2012-12-20 9.3 CVE-2012-6270 ca -- identityminder Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to execute arbitrary commands or modify data via unknown vectors. 2012-12-26 10.0 CVE-2012-6298 ca -- identityminder Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to bypass intended access restrictions via unknown vectors. 2012-12-26 10.0 CVE-2012-6299 carlosgavazzi -- eos-box_photovoltaic_monitoring_system Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a similar issue to CVE-2012-5861. 2012-12-23 7.5 CVE-2012-6427 carlosgavazzi -- eos-box_photovoltaic_monitoring_system Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by reading a password in a PHP script, a similar issue to CVE-2012-5862. 2012-12-23 10.0 CVE-2012-6428 citrix -- xenapp The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors. 2012-12-26 9.3 CVE-2012-5161 foscam -- h.264_hi3510/11/12_ip_camera The web interface on (1) Foscam and (2) Wansview IP cameras allows remote attackers to bypass authentication, and perform administrative functions or read the admin password, via a direct request to an unspecified URL. 2012-12-21 10.0 CVE-2012-3002 ibm -- rational_automation_framework IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots in HTTP sessions on port 8080. 2012-12-26 7.5 CVE-2012-4816 ibm -- tivoli_storage_manager_for_space_management Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows local users to read or modify file system objects via unknown vectors. 2012-12-21 7.2 CVE-2012-4859 ibm -- tivoli_netview Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local users to gain privileges by leveraging access to the normal Unix System Services (USS) security level. 2012-12-26 7.2 CVE-2012-5951 mysql -- mysql Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE. 2012-12-21 7.5 CVE-2012-0882 netiq -- edirectory Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors. 2012-12-25 10.0 CVE-2012-0432 netiq -- privileged_user_manager Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request. 2012-12-24 10.0 CVE-2012-5932 novell -- iprint Unspecified vulnerability in Novell iPrint Client before 5.82 allows remote attackers to execute arbitrary code via an op-client-interface-version action. 2012-12-24 10.0 CVE-2012-0411 oracle -- glassfish_web_space_server10.0 Directory traversal vulnerability in the Liferay component in Oracle Sun GlassFish Web Space Server before 10.0 Update 7 Patch 2 has unknown impact and attack vectors. 2012-12-21 10.0 CVE-2012-1712 oracle -- hyperion_financial_management Unspecified vulnerability in a TList 6 ActiveX control in Oracle Hyperion Financial Management 11.1.1.4 and 11.1.2.1.104 allows remote attackers to execute arbitrary code via unknown vectors. 2012-12-21 10.0 CVE-2012-1714 rubyonrails -- ruby_on_rails SQL injection vulnerability in the Authlogic gem for Ruby on Rails allows remote attackers to execute arbitrary SQL commands via a crafted parameter in conjunction with a secret_token value, related to certain behavior of find_by_id and other find_by_ methods. 2012-12-26 7.5 CVE-2012-5664 scripthead -- webmail_plus SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2012-12-26 7.5 CVE-2012-5590 symantec -- endpoint_protection The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors. 2012-12-18 7.2 CVE-2012-4348 Medium Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info catalin_florian_radut -- zeropoint Cross-site scripting (XSS) vulnerability in the Zero Point module 6.x-1.x before 6.x-1.18 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the path aliases. 2012-12-26 4.3 CVE-2012-5591 citrix -- xendesktop Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device. 2012-12-26 5.0 CVE-2012-6314 concrete5 -- concrete5 Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2012-12-21 4.3 CVE-2012-5181 emc -- data_protection_advisor Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors. 2012-12-26 5.0 CVE-2012-4616 epiqo -- email Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link. 2012-12-26 4.3 CVE-2012-5587 fetchmail -- fetchmail Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read. 2012-12-21 5.8 CVE-2012-3482 ibm -- rational_policy_tester IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate. 2012-12-28 5.8 CVE-2012-0738 ibm -- rational_policy_tester IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate. 2012-12-28 5.8 CVE-2012-0741 ibm -- tivoli_storage_manager_for_space_management Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows remote attackers to read or modify HSM-managed file system objects via unknown vectors. 2012-12-21 6.4 CVE-2012-5954 linux -- linux_kernel The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality. 2012-12-21 4.9 CVE-2012-0957 linux -- linux_kernel The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. 2012-12-21 5.0 CVE-2012-4444 linux -- linux_kernel The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats. 2012-12-21 4.7 CVE-2012-4565 linux -- linux_kernel The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator. 2012-12-21 4.0 CVE-2012-5517 linux -- linux_kernel The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669. 2012-12-27 4.9 CVE-2012-5532 m2osw -- tableofcontents The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissions, which allows remote attackers to read a node's headers by accessing a table of contents block. 2012-12-26 4.3 CVE-2012-5584 naver -- loctouch The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted application. 2012-12-26 4.3 CVE-2012-5182 netiq -- edirectory Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2012-12-25 4.3 CVE-2012-0428 netiq -- edirectory dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request. 2012-12-25 4.0 CVE-2012-0429 netiq -- edirectory Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors. 2012-12-25 6.4 CVE-2012-0430 netiq -- privileged_user_manager The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request. 2012-12-24 6.4 CVE-2012-5930 netiq -- privileged_user_manager Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname. 2012-12-24 5.5 CVE-2012-5931 openstack -- folsom OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV). 2012-12-26 4.3 CVE-2012-5625 opera -- opera_mini The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. 2012-12-26 4.3 CVE-2012-5180 oracle -- essbase_server Buffer overflow in the DataDirect ODBC driver, as used in Oracle Hyperion Interactive Reporting 11.1.2.1 and 11.1.2.2, Essbase Server 11.1.2.1 and 11.1.2.2, Production Reporting Server 11.1.2.1 and 11.1.2.2, and Integration Services Server 11.1.2.1 and 11.1.2.2 has unknown impact and attack vectors. 2012-12-21 6.8 CVE-2012-3133 perl -- perl The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference. 2012-12-21 4.3 CVE-2011-2728 ps_project_management_team -- unity-firefox-extension content/unity-api.js in the unity-firefox-extension extension 2.4.1 for Firefox exposes the toDataURL function in an API call, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted webpage. 2012-12-26 4.3 CVE-2012-0958 sebastian_heinlein -- aptdaemon Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when importing PPA GPG keys from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack. 2012-12-26 4.3 CVE-2012-0962 sensiolabs -- symfony Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string. 2012-12-27 6.4 CVE-2012-6431 sensiolabs -- symfony Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /_internal substring. 2012-12-27 6.8 CVE-2012-6432 siemens -- ros Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations. 2012-12-23 4.3 CVE-2012-4698 vmware -- vcenter_server_appliance Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vectors. 2012-12-21 4.0 CVE-2012-6324 vmware -- vcenter_server_appliance VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors. 2012-12-21 4.0 CVE-2012-6325 xmlsoft -- libxml2 libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data. 2012-12-21 5.0 CVE-2012-0841 Low Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info N/A -- N/A Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter. 2012-12-28 3.5 CVE-2012-3871 boatmob -- boat_browser The Boat Browser application before 4.2 and Boat Browser Mini application before 3.9 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. 2012-12-26 1.2 CVE-2012-5179 d-link -- dcs-932l_camera The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value. 2012-12-24 3.3 CVE-2012-4046 debian -- apt Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file. 2012-12-26 2.1 CVE-2012-0961 epiqo -- email The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the stored address via unspecified vectors. 2012-12-26 2.6 CVE-2012-5588 gnome -- gnome_display_manager vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs. 2012-12-21 1.9 CVE-2010-2387 linux -- linux_kernel The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message. 2012-12-27 3.6 CVE-2012-2669 linux -- linux_kernel Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized. 2012-12-21 1.9 CVE-2012-4508 marc_ingram -- services The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource." 2012-12-26 2.1 CVE-2012-5586 mixpanel_project -- mixpanel Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via the Maxpanel token. 2012-12-26 2.1 CVE-2012-5585 naver -- loctouch The Loctouch application 3.4.6 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files. 2012-12-26 2.6 CVE-2012-5183 netgenius -- multilink The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link. 2012-12-26 3.5 CVE-2012-5589 openstack -- keystone tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file. 2012-12-26 2.1 CVE-2012-5483 wordpress -- wordpress WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack. 2012-12-27 2.6 CVE-2012-5868 x -- x.org_x11 The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and crash) or obtain potentially sensitive information from memory via a SetEventMask request that triggers an invalid pointer dereference. 2012-12-21 3.6 CVE-2012-1699 This product is provided subject to this Notification and this Privacy & Use policy.

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For updated or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- shockwave_player Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of a Shockwave Player 10.4.0.025 compatibility feature via a crafted HTML document that references Shockwave content with a certain compatibility parameter, related to a "downgrading" attack. 2012-12-20 9.3 CVE-2012-6270 ca -- identityminder Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to execute arbitrary commands or modify data via unknown vectors. 2012-12-26 10.0 CVE-2012-6298 ca -- identityminder Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to bypass intended access restrictions via unknown vectors. 2012-12-26 10.0 CVE-2012-6299 carlosgavazzi -- eos-box_photovoltaic_monitoring_system Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a similar issue to CVE-2012-5861. 2012-12-23 7.5 CVE-2012-6427 carlosgavazzi -- eos-box_photovoltaic_monitoring_system Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by reading a password in a PHP script, a similar issue to CVE-2012-5862. 2012-12-23 10.0 CVE-2012-6428 citrix -- xenapp The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors. 2012-12-26 9.3 CVE-2012-5161 foscam -- h.264_hi3510/11/12_ip_camera The web interface on (1) Foscam and (2) Wansview IP cameras allows remote attackers to bypass authentication, and perform administrative functions or read the admin password, via a direct request to an unspecified URL. 2012-12-21 10.0 CVE-2012-3002 ibm -- rational_automation_framework IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots in HTTP sessions on port 8080. 2012-12-26 7.5 CVE-2012-4816 ibm -- tivoli_storage_manager_for_space_management Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows local users to read or modify file system objects via unknown vectors. 2012-12-21 7.2 CVE-2012-4859 ibm -- tivoli_netview Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local users to gain privileges by leveraging access to the normal Unix System Services (USS) security level. 2012-12-26 7.2 CVE-2012-5951 mysql -- mysql Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE. 2012-12-21 7.5 CVE-2012-0882 netiq -- edirectory Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors. 2012-12-25 10.0 CVE-2012-0432 netiq -- privileged_user_manager Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request. 2012-12-24 10.0 CVE-2012-5932 novell -- iprint Unspecified vulnerability in Novell iPrint Client before 5.82 allows remote attackers to execute arbitrary code via an op-client-interface-version action. 2012-12-24 10.0 CVE-2012-0411 oracle -- glassfish_web_space_server10.0 Directory traversal vulnerability in the Liferay component in Oracle Sun GlassFish Web Space Server before 10.0 Update 7 Patch 2 has unknown impact and attack vectors. 2012-12-21 10.0 CVE-2012-1712 oracle -- hyperion_financial_management Unspecified vulnerability in a TList 6 ActiveX control in Oracle Hyperion Financial Management 11.1.1.4 and 11.1.2.1.104 allows remote attackers to execute arbitrary code via unknown vectors. 2012-12-21 10.0 CVE-2012-1714 rubyonrails -- ruby_on_rails SQL injection vulnerability in the Authlogic gem for Ruby on Rails allows remote attackers to execute arbitrary SQL commands via a crafted parameter in conjunction with a secret_token value, related to certain behavior of find_by_id and other find_by_ methods. 2012-12-26 7.5 CVE-2012-5664 scripthead -- webmail_plus SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2012-12-26 7.5 CVE-2012-5590 symantec -- endpoint_protection The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors. 2012-12-18 7.2 CVE-2012-4348 Medium Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info catalin_florian_radut -- zeropoint Cross-site scripting (XSS) vulnerability in the Zero Point module 6.x-1.x before 6.x-1.18 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the path aliases. 2012-12-26 4.3 CVE-2012-5591 citrix -- xendesktop Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device. 2012-12-26 5.0 CVE-2012-6314 concrete5 -- concrete5 Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2012-12-21 4.3 CVE-2012-5181 emc -- data_protection_advisor Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors. 2012-12-26 5.0 CVE-2012-4616 epiqo -- email Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link. 2012-12-26 4.3 CVE-2012-5587 fetchmail -- fetchmail Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read. 2012-12-21 5.8 CVE-2012-3482 ibm -- rational_policy_tester IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate. 2012-12-28 5.8 CVE-2012-0738 ibm -- rational_policy_tester IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate. 2012-12-28 5.8 CVE-2012-0741 ibm -- tivoli_storage_manager_for_space_management Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows remote attackers to read or modify HSM-managed file system objects via unknown vectors. 2012-12-21 6.4 CVE-2012-5954 linux -- linux_kernel The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality. 2012-12-21 4.9 CVE-2012-0957 linux -- linux_kernel The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. 2012-12-21 5.0 CVE-2012-4444 linux -- linux_kernel The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats. 2012-12-21 4.7 CVE-2012-4565 linux -- linux_kernel The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator. 2012-12-21 4.0 CVE-2012-5517 linux -- linux_kernel The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669. 2012-12-27 4.9 CVE-2012-5532 m2osw -- tableofcontents The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissions, which allows remote attackers to read a node's headers by accessing a table of contents block. 2012-12-26 4.3 CVE-2012-5584 naver -- loctouch The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted application. 2012-12-26 4.3 CVE-2012-5182 netiq -- edirectory Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2012-12-25 4.3 CVE-2012-0428 netiq -- edirectory dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request. 2012-12-25 4.0 CVE-2012-0429 netiq -- edirectory Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors. 2012-12-25 6.4 CVE-2012-0430 netiq -- privileged_user_manager The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request. 2012-12-24 6.4 CVE-2012-5930 netiq -- privileged_user_manager Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname. 2012-12-24 5.5 CVE-2012-5931 openstack -- folsom OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV). 2012-12-26 4.3 CVE-2012-5625 opera -- opera_mini The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. 2012-12-26 4.3 CVE-2012-5180 oracle -- essbase_server Buffer overflow in the DataDirect ODBC driver, as used in Oracle Hyperion Interactive Reporting 11.1.2.1 and 11.1.2.2, Essbase Server 11.1.2.1 and 11.1.2.2, Production Reporting Server 11.1.2.1 and 11.1.2.2, and Integration Services Server 11.1.2.1 and 11.1.2.2 has unknown impact and attack vectors. 2012-12-21 6.8 CVE-2012-3133 perl -- perl The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference. 2012-12-21 4.3 CVE-2011-2728 ps_project_management_team -- unity-firefox-extension content/unity-api.js in the unity-firefox-extension extension 2.4.1 for Firefox exposes the toDataURL function in an API call, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted webpage. 2012-12-26 4.3 CVE-2012-0958 sebastian_heinlein -- aptdaemon Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when importing PPA GPG keys from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack. 2012-12-26 4.3 CVE-2012-0962 sensiolabs -- symfony Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string. 2012-12-27 6.4 CVE-2012-6431 sensiolabs -- symfony Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /_internal substring. 2012-12-27 6.8 CVE-2012-6432 siemens -- ros Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations. 2012-12-23 4.3 CVE-2012-4698 vmware -- vcenter_server_appliance Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vectors. 2012-12-21 4.0 CVE-2012-6324 vmware -- vcenter_server_appliance VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors. 2012-12-21 4.0 CVE-2012-6325 xmlsoft -- libxml2 libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data. 2012-12-21 5.0 CVE-2012-0841 Low Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info N/A -- N/A Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter. 2012-12-28 3.5 CVE-2012-3871 boatmob -- boat_browser The Boat Browser application before 4.2 and Boat Browser Mini application before 3.9 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. 2012-12-26 1.2 CVE-2012-5179 d-link -- dcs-932l_camera The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value. 2012-12-24 3.3 CVE-2012-4046 debian -- apt Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file. 2012-12-26 2.1 CVE-2012-0961 epiqo -- email The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the stored address via unspecified vectors. 2012-12-26 2.6 CVE-2012-5588 gnome -- gnome_display_manager vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs. 2012-12-21 1.9 CVE-2010-2387 linux -- linux_kernel The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message. 2012-12-27 3.6 CVE-2012-2669 linux -- linux_kernel Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized. 2012-12-21 1.9 CVE-2012-4508 marc_ingram -- services The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource." 2012-12-26 2.1 CVE-2012-5586 mixpanel_project -- mixpanel Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via the Maxpanel token. 2012-12-26 2.1 CVE-2012-5585 naver -- loctouch The Loctouch application 3.4.6 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files. 2012-12-26 2.6 CVE-2012-5183 netgenius -- multilink The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link. 2012-12-26 3.5 CVE-2012-5589 openstack -- keystone tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file. 2012-12-26 2.1 CVE-2012-5483 wordpress -- wordpress WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack. 2012-12-27 2.6 CVE-2012-5868 x -- x.org_x11 The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and crash) or obtain potentially sensitive information from memory via a SetEventMask request that triggers an invalid pointer dereference. 2012-12-21 3.6 CVE-2012-1699 This product is provided subject to this Notification and this Privacy & Use policy.

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For updated or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- adobe_air Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors. 2012-12-12 10.0 CVE-2012-5676 adobe -- adobe_air Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors. 2012-12-12 10.0 CVE-2012-5677 adobe -- adobe_air Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. 2012-12-12 10.0 CVE-2012-5678 adobe -- camera_raw Buffer underflow in Adobe Photoshop Camera Raw before 7.3 allows attackers to execute arbitrary code via unspecified vectors. 2012-12-13 7.5 CVE-2012-5679 adobe -- camera_raw Buffer overflow in Adobe Photoshop Camera Raw before 7.3 allows attackers to execute arbitrary code via unspecified vectors. 2012-12-13 7.2 CVE-2012-5680 axway -- securetransport Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a ..%5C (encoded dot dot backslash) in a URI. 2012-12-13 8.5 CVE-2012-4991 ca -- xcom_data_transport CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote attackers to execute arbitrary commands via a crafted request. 2012-12-10 10.0 CVE-2012-5973 google -- chrome Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to visibility events. 2012-12-12 10.0 CVE-2012-5139 google -- chrome Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the URL loader. 2012-12-12 10.0 CVE-2012-5140 google -- chrome Google Chrome before 23.0.1271.97 does not properly restrict instantiation of the Chromoting client plug-in, which has unspecified impact and attack vectors. 2012-12-12 10.0 CVE-2012-5141 google -- chrome Google Chrome before 23.0.1271.97 does not properly handle history navigation, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. 2012-12-12 10.0 CVE-2012-5142 google -- chrome Integer overflow in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PPAPI image buffers. 2012-12-12 10.0 CVE-2012-5143 google -- chrome Google Chrome before 23.0.1271.97 does not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via unknown vectors. 2012-12-12 10.0 CVE-2012-5144 ibm -- informix_dynamic_server Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement. 2012-12-08 9.0 CVE-2012-4857 layton_technology -- helpbox Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) reqclass parameter to editrequestenduser.asp; the (2) sys_request_id parameter to editrequestuser.asp; the (3) sys_request_id parameter to enduseractions.asp; the (4) sys_request_id or (5) confirm parameter to enduserreopenrequeststatus.asp; the (6) searchsql, (7) back, or (8) status parameter to enduserrequests.asp; the (9) sys_userpwd parameter to validateenduserlogin.asp; the (10) sys_userpwd parameter to validateuserlogin.asp; the (11) sql parameter to editenduseruser.asp; the (12) sql parameter to manageenduserrequestclasses.asp; the (13) sql parameter to resetpwdenduser.asp; the (14) sql parameter to disableloginenduser.asp; the (15) sql parameter to deleteenduseruser.asp; the (16) sql parameter to manageendusers.asp; or the (17) site parameter to statsrequestagereport.asp. 2012-12-12 9.4 CVE-2012-4971 microsoft -- directx Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability." 2012-12-11 9.3 CVE-2012-1537 microsoft -- office_compatibility_pack Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "Word RTF 'listoverridecount' Remote Code Execution Vulnerability." 2012-12-11 9.3 CVE-2012-2539 microsoft -- windows_rt The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability." 2012-12-11 9.3 CVE-2012-2556 microsoft -- windows_7 Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability." 2012-12-11 10.0 CVE-2012-4774 microsoft -- internet_explorer Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "CMarkup Use After Free Vulnerability." 2012-12-11 10.0 CVE-2012-4782 microsoft -- windows_7 The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability." 2012-12-11 10.0 CVE-2012-4786 microsoft -- internet_explorer Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free Vulnerability." 2012-12-11 10.0 CVE-2012-4787 postoaktraffic -- awam_bluetooth_reader Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value. 2012-12-08 7.6 CVE-2012-4687 rockwellautomation -- ab_micrologix_controller Rockwell Automation Allen-Bradley MicroLogix controller 1100, 1200, 1400, and 1500; SLC 500 controller platform; and PLC-5 controller platform, when Static status is not enabled, allow remote attackers to cause a denial of service via messages that trigger modification of status bits. 2012-12-08 7.1 CVE-2012-4690 symantec -- network_access_control Unspecified vulnerability in Symantec Network Access Control allows local users to gain privileges or cause a denial of service via unknown vectors. 2012-12-11 7.2 CVE-2012-4349 Medium Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- coldfusion Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors. 2012-12-12 4.4 CVE-2012-5675 d-link -- dsl-2730u The restricted telnet shell on the D-Link DSL2730U router allows remote authenticated users to bypass intended command restrictions via shell metacharacters that follow a whitelisted command. 2012-12-13 4.0 CVE-2012-5966 google -- android The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element. 2012-12-10 5.0 CVE-2012-6301 hp -- openvms HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows remote attackers to cause a denial of service via unspecified vectors. 2012-12-13 5.0 CVE-2012-3277 ibm -- tivoli_monitoring Cross-site scripting (XSS) vulnerability in the embedded HTTP server in the Service Console in IBM Tivoli Monitoring 6.2.2 before 6.2.2-TIV-ITM-FP0009 and 6.3.2 before 6.2.3-TIV-ITM-FP0001 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. 2012-12-08 4.3 CVE-2012-3297 layton_technology -- helpbox Multiple cross-site scripting (XSS) vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sys_solution_id, (2) sys_requesttype_id, (3) sys_problem_desc, (4) sys_solution_desc, (5) sys_problemsummary, (6) usr_Action_testing, (7) usr_Escalation, or (8) usr_Additional_Resources parameter to writesolutionuser.asp or the (9) sys_solution_id parameter to deletesolution.asp. 2012-12-12 4.3 CVE-2012-4972 layton_technology -- helpbox Layton Helpbox 4.4.0 allows remote authenticated users to change the login context and gain privileges via a updated (1) loggedinenduser, (2) loggedinendusername, (3) loggedinuserusergroup, (4) loggedinuser, or (5) loggedinusername cookie. 2012-12-12 6.5 CVE-2012-4974 layton_technology -- helpbox editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticated users to change arbitrary support-ticket data via a updated sys_request_id parameter. 2012-12-12 4.0 CVE-2012-4975 layton_technology -- helpbox selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an error page. 2012-12-12 5.0 CVE-2012-4976 layton_technology -- helpbox Layton Helpbox 4.4.0 allows remote attackers to discover cleartext credentials for the login page by sniffing the network. 2012-12-12 5.0 CVE-2012-4977 manageengine -- assetexplorer Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/Computer_Information/output element. 2012-12-11 4.3 CVE-2012-5956 microsoft -- windows_server_2008 The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerability." 2012-12-11 6.8 CVE-2012-2549 simple_gmail_login -- 1.1.2 simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace. 2012-12-11 5.0 CVE-2012-6313 video-lead-form -- uk-cookie Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php. 2012-12-11 4.3 CVE-2012-6312 xen -- xen Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock. 2012-12-13 4.4 CVE-2011-3131 xen -- xen Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors. 2012-12-13 4.7 CVE-2012-5510 xen -- xen Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image. 2012-12-13 4.7 CVE-2012-5511 xen -- xen The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range. 2012-12-13 6.9 CVE-2012-5513 xen -- xen The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to cause a denial of service (hang) via unspecified vectors. 2012-12-13 4.7 CVE-2012-5514 xen -- xen The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value. 2012-12-13 4.7 CVE-2012-5515 xen -- xen The get_page_from_gfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service (crash) via a crafted GFN that triggers a buffer over-read. 2012-12-13 4.7 CVE-2012-5525 xen -- xen Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input. 2012-12-13 4.7 CVE-2012-6333 Low Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info citrix -- xenserver Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors. 2012-12-13 3.0 CVE-2012-5512 hp -- openvms HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows local users to cause a denial of service via unspecified vectors. 2012-12-13 0.0 CVE-2012-3276 ibm -- flex_system IBM Flex System Chassis Management Module (CMM) and Integrated Management Module 2 (IMM2) allow local users to obtain sensitive information about (1) local accounts, (2) SSH private keys, (3) SSL/TLS private keys, (4) SNMPv3 communities, and (5) LDAP credentials by leveraging unspecified side effects of service or maintenance activity. 2012-12-08 1.9 CVE-2012-4838 microsoft -- internet_explorer Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "InjectHTMLStream Use After Free Vulnerability." 2012-12-11 0.0 CVE-2012-4781 microsoft -- exchange_server Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability." 2012-12-11 3.5 CVE-2012-4791 This product is provided subject to this Notification and this Privacy & Use policy.