Vulnerability Summary for the Week of April 29, 2013

Released
May 06, 2013
Document ID
SB13-126

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
emc -- networkerThe nsrpush process in the client in EMC NetWorker before 7.6.5.3 and 8.x before 8.0.1.4 sets weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.2013-05-037.2CVE-2013-0940
emc -- avamarEMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.2013-05-039.3CVE-2013-0945
freebsd -- freebsdThe nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the new NFS server in FreeBSD 8.0 through 9.1-RELEASE-p3 does not verify that a READDIR request is for a directory node, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by specifying a plain file instead of a directory.2013-05-027.5CVE-2013-3266
galil -- pocket_plcThe Galil RIO-47100 Pocket PLC allows remote attackers to cause a denial of service via a session that includes "repeated requests."2013-05-017.1CVE-2013-0699
hp -- storage_data_protectorUnspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows local users to gain privileges via unknown vectors.2013-04-267.2CVE-2012-5220
ibm -- spss_samplepowerMultiple buffer overflows in the Vsflex8l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allow remote attackers to execute arbitrary code via a long (1) ComboList or (2) ColComboList property value.2013-04-299.3CVE-2012-5945
ibm -- spss_samplepowerBuffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via a long TabCaption string.2013-04-299.3CVE-2012-5946
ibm -- spss_samplepowerBuffer overflow in the vsflex7l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via unspecified vectors.2013-04-299.3CVE-2012-5947
ibm -- spss_samplepowerUnspecified vulnerability in the olch2x32 ActiveX control in IBM SPSS SamplePower 3.0 before 3.0-IM-S3SAMPC-WIN32-FP001 allows remote attackers to execute arbitrary code via unknown vectors.2013-04-269.3CVE-2013-0593
linux -- linux_kernelThe veth (aka virtual Ethernet) driver in the Linux kernel before 2.6.34 does not properly manage skbs during congestion, which allows remote attackers to cause a denial of service (system crash) by leveraging lack of skb consumption in conjunction with a double-free error.2013-05-037.8CVE-2013-2017
matrikonopc -- matrikonopc_a&e_historianDirectory traversal vulnerability in the web interface in the Health Monitor service in MatrikonOPC A&E Historian 1.0.0.0 allows remote attackers to read and delete arbitrary files via a crafted URL.2013-05-019.4CVE-2013-0673
mcafee -- epolicy_orchestratorSQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel.2013-05-017.9CVE-2013-0140
microsoft -- internet_explorerUse-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1303 and CVE-2013-1304.2013-05-019.3CVE-2013-1338
novell -- iprintStack-based buffer overflow in Novell iPrint Client before 5.90 allows remote attackers to execute arbitrary code via unspecified vectors.2013-05-0210.0CVE-2013-1091
redhat -- enterprise_mrgThe ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.2013-04-297.2CVE-2013-3301
tinc-vpn -- tincStack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or possibly execute arbitrary code via a large TCP packet.2013-04-269.0CVE-2013-1428
vmware -- vcenter_server_applianceVMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface (VAMI) access.2013-05-019.0CVE-2013-3079
vmware -- vcenter_server_applianceVMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of service, by leveraging Virtual Appliance Management Interface (VAMI) web-interface access.2013-05-019.0CVE-2013-3080

Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- subversionThe mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.2013-05-024.0CVE-2013-1846
apache -- subversionThe mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.2013-05-025.0CVE-2013-1847
apache -- subversionThe mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.2013-05-024.3CVE-2013-1849
apache -- subversionThe mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.2013-05-025.0CVE-2013-1884
cisco -- prime_central_for_hosted_collaboration_solutionDirectory traversal vulnerability in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCud51034.2013-05-015.0CVE-2013-1156
cisco -- prime_central_for_hosted_collaboration_solutionCross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring (ITM) Java servlet container in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud51068.2013-05-014.3CVE-2013-1157
cisco -- prime_central_for_hosted_collaboration_solutionCross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring (ITM) help menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud54397.2013-05-014.3CVE-2013-1158
cisco -- prime_central_for_hosted_collaboration_solutionCross-site scripting (XSS) vulnerability in the Netcool Impact (NCI) web menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud56706.2013-05-014.3CVE-2013-1159
cisco -- prime_central_for_hosted_collaboration_solutionCross-site scripting (XSS) vulnerability in the OpenView web menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud56743.2013-05-014.3CVE-2013-1160
cisco -- application_networking_managerThe command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125.2013-04-296.8CVE-2013-1196
cisco -- unified_computing_system_softwareCross-site scripting (XSS) vulnerability in a Flash component in Cisco Unified Computing System (UCS) Central allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud15430.2013-04-294.3CVE-2013-1198
cisco -- ios_xrMemory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546.2013-04-294.0CVE-2013-1216
cisco -- intrusion_prevention_systemSensorApp in Cisco Intrusion Prevention System (IPS) allows local users to cause a denial of service (Regex hardware job failure and application hang) via a (1) initiate signature upgrade, (2) initiate global correlation, (3) show statistics anomaly-detection, or (4) clear database action, aka Bug ID CSCuc74630.2013-04-294.4CVE-2013-1219
cisco -- nexus_7000The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka Bug ID CSCug47098.2013-04-296.1CVE-2013-1226
cisco -- unified_communications_domain_managerCross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCug37902.2013-04-294.3CVE-2013-1227
cisco -- telepresence_management_suiteTMSSNMPService.exe in TelePresence Manager in Cisco TelePresence Management Suite (TMS) on 64-bit platforms allows remote attackers to cause a denial of service (process crash) via SNMP traps, aka Bug ID CSCue00028.2013-05-015.0CVE-2013-1229
cisco -- unified_communications_domain_managerCisco Unified Communications Domain Manager allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets, aka Bug ID CSCug47057.2013-05-015.0CVE-2013-1230
cisco -- webex_meetings_serverThe HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629.2013-05-035.0CVE-2013-1231
cisco -- ios_xrThe SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472.2013-05-034.0CVE-2013-1234
crunchify -- foursquare-checkinsCross-site request forgery (CSRF) vulnerability in the FourSquare Checkins plugin before 1.3 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.2013-04-266.8CVE-2013-2709
dentrix -- g5Henry Schein Dentrix G5 before 15.1.294 has a single internal-database password that is shared across different customers' installations, which allows remote attackers to obtain sensitive information about patients by leveraging knowledge of this password from another installation.2013-05-014.3CVE-2012-4952
djangoproject -- djangoThe administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.2013-05-024.0CVE-2013-0305
djangoproject -- djangoThe form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.2013-05-025.0CVE-2013-0306
gnu -- glibcInteger overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.2013-05-026.8CVE-2009-5029
gnu -- glibcThe svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.2013-05-025.0CVE-2011-4609
gnu -- glibcInteger overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.2013-05-026.8CVE-2012-0864
gnu -- glibcStack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.2013-04-295.0CVE-2013-1914
haxx -- curlThe tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.2013-04-295.0CVE-2013-1944
hp -- managed_printing_administrationCross-site scripting (XSS) vulnerability in HP Managed Printing Administration (MPA) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2013-04-274.3CVE-2012-5219
hp -- color_laserjet_3000Unspecified vulnerability on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors.2013-04-295.0CVE-2012-5221
hp -- service_manager_web_tierHP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to obtain sensitive information via unspecified vectors.2013-05-015.0CVE-2012-5222
hp -- service_manager_web_tierCross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2013-05-014.3CVE-2013-2321
ibm -- lotus_notesIBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka SPRs JMOY95BLM6 and JMOY95BN49.2013-05-015.8CVE-2013-0127
ibm -- lotus_notesCross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in an HTML e-mail message, aka SPRs JMOY95BLM6 and JMOY95BN49.2013-05-014.3CVE-2013-0538
ibm -- connectionsCross-site scripting (XSS) vulnerability in the Communities component in IBM Connections 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2013-04-264.3CVE-2013-0569
ibm -- tivoli_federated_identity_managerCross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.12, 6.2.1 before 6.2.1.5, and 6.2.2 before 6.2.2.4 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.12 and 6.2.1 before 6.2.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a SAML 2.0 response.2013-05-024.3CVE-2013-0582
joomla -- joomla!Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors.2013-05-034.0CVE-2013-3056
joomla -- joomla!Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors.2013-05-034.0CVE-2013-3057
joomla -- joomla!Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2013-05-034.3CVE-2013-3058
joomla -- joomla!Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2013-05-034.3CVE-2013-3059
joomla -- joomla!plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors.2013-05-035.5CVE-2013-3242
joomla -- joomla!Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2013-05-034.3CVE-2013-3267
linux -- linux_kernelThe do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device.2013-04-294.7CVE-2013-1928
linux -- linux_kernelThe scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application.2013-05-035.8CVE-2013-1979
linux -- linux_kernelRace condition in the smb_send_rqst function in fs/cifs/transport.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors involving a reconnection event.2013-04-294.4CVE-2013-3302
matrikonopc -- matrikonopc_security_gatewayThe configuration utility in MatrikonOPC Security Gateway 1.0 allows remote attackers to cause a denial of service (unhandled exception and application crash) via a TCP RST packet.2013-05-015.0CVE-2013-0666
mcafee -- epolicy_orchestratorDirectory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to upload arbitrary files via a crafted request over the Agent-Server communication channel, as demonstrated by writing to the Software/ directory.2013-05-014.3CVE-2013-0141
nextapp -- echoThe Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows remote attackers to read arbitrary files via a request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.2013-05-025.0CVE-2009-5135
redhat -- icedtea-webThe IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.2013-04-295.8CVE-2013-1926
redhat -- icedtea-webThe IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."2013-04-296.8CVE-2013-1927
redhat -- enterprise_mrgThe ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test.2013-04-294.7CVE-2013-2015
ruby-lang -- rubyThe safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.2013-05-024.3CVE-2012-4481
sap -- erp_cental_componentThe ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.2013-05-016.5CVE-2013-3061
sap -- production_planning_and_controlThe CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.2013-05-016.5CVE-2013-3062
sap -- basis_communication_servicesSAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors.2013-05-016.0CVE-2013-3063
strongswan -- strongswanstrongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature.2013-05-024.9CVE-2013-2944
vmware -- vcenter_server_applianceVMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password.2013-05-014.3CVE-2013-3107
yahoo -- yahoo!_browserThe Yahoo! Browser application before 1.4.3 for Android allows remote attackers to spoof the address bar via a crafted web site.2013-04-265.8CVE-2013-2307
zend -- zend_frameworkThe (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack.2013-05-026.4CVE-2012-5657

Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- subversionThe mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.2013-05-022.1CVE-2013-1845
emc -- avamarThe web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL.2013-05-033.5CVE-2013-0944
ibm -- lotus_sametimeCross-site scripting (XSS) vulnerability in the Sametime Links server in IBM Sametime 8.0.2 through 8.5.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2013-04-273.5CVE-2013-0533
ibm -- classic_meeting_serverMultiple cross-site scripting (XSS) vulnerabilities in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2013-05-023.5CVE-2013-0535
ibm -- lotus_sametimeThe client implementation in IBM Sametime 8.5.1 through 8.5.2.1, as used in Sametime Connect client, Sametime Advanced Connect client, Sametime Advanced Web client, and other products, allows remote authenticated users to send commands to individual chat users, or to all participants in a chat room, via a crafted Sametime Instant Message (IM).2013-04-273.5CVE-2013-0553
ibm -- application_support_facilityCross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote attackers to inject arbitrary web script or HTML via a crafted URL.2013-04-262.9CVE-2013-0571
ibm -- application_support_facilityCross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors.2013-04-262.3CVE-2013-0572
linux -- linux_kernelkernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process.2013-05-033.7CVE-2013-1959

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.