CVE Daily
← All years

Uncategorized 2013

Page 19/19.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2013-01-15
Medium

CVE-2013-0829

Google Chrome before 24.0.1312.52 does not properly maintain database metadata, which allows remote attackers to bypass intended file-access restrictions via unspecified vectors.

CVSS: 6.4CWE: CWE-264
Read more
Medium

CVE-2013-0828

The PDF functionality in Google Chrome before 24.0.1312.52 does not properly perform a cast of an unspecified variable during processing of the root of the structure tree, which allows remote attacke…

CVSS: 6.8CWE: CWE-399
Read more
Medium

CVE-2012-5156

Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF fields.

CVSS: 6.8CWE: CWE-399
Read more
Medium

CVE-2012-5155

Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for worker processes, which makes it easier for remote attackers to bypass intended access restrictions v…

CVSS: 5.0CWE: CWE-264
Read more
High

CVE-2012-5154

Integer overflow in Google Chrome before 24.0.1312.52 on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to allocation of shared me…

CVSS: 7.5CWE: CWE-189
Read more
Medium

CVE-2012-5151

Integer overflow in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code in a PDF document.

CVSS: 6.8CWE: CWE-189
Read more
High

CVE-2012-5150

Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving seek operations…

CVSS: 7.5CWE: CWE-399
Read more
High

CVE-2012-5149

Integer overflow in the audio IPC layer in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVSS: 7.5CWE: CWE-189
Read more
High

CVE-2012-5147

Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.

CVSS: 7.5CWE: CWE-399
Read more
Medium

CVE-2012-5146

Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL.

CVSS: 5.0CWE: CWE-264
Read more
2013-01-14
Critical

CVE-2012-3174

Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013…

CVSS: 10.0CWE: CWE-264
Read more
2013-01-13
Medium

CVE-2013-0155

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implement…

CVSS: 6.4CWE: CWE-264
Read more
Critical

CVE-2013-0770

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (me…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2013-0769

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x befo…

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2013-0751

Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly co…

CVSS: 5.8CWE: CWE-264
Read more
Critical

CVE-2013-0749

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2013-0746

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 d…

CVSS: 9.3CWE: N/A
Read more
2013-01-12
Low

CVE-2013-0154

The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash…

CVSS: 1.9CWE: N/A
Read more
Critical

CVE-2011-5254

Unspecified vulnerability in the Connections plugin before 0.7.1.6 for WordPress has unknown impact and attack vectors.

CVSS: 10.0CWE: N/A
Read more
2013-01-11
Medium

CVE-2012-2252

Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option.

CVSS: 4.4CWE: N/A
Read more
Critical

CVE-2012-4823

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2012-4822

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earli…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2012-4821

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earli…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2012-4820

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used…

CVSS: 9.3CWE: N/A
Read more
2013-01-10
Critical

CVE-2013-0422

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a…

CVSS: 9.8CWE: CWE-264
Read more
High

CVE-2013-0627

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows local users to gain privileges via unknown vectors.

CVSS: 7.2CWE: N/A
Read more
Critical

CVE-2013-0624

Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CV…

CVSS: 10.0CWE: CWE-264
Read more
Critical

CVE-2013-0623

Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vector…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2013-0622

Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CV…

CVSS: 10.0CWE: CWE-264
Read more
Critical

CVE-2013-0616

Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vector…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2013-0613

Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability…

CVSS: 10.0CWE: CWE-189
Read more
Critical

CVE-2013-0609

Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability…

CVSS: 10.0CWE: CWE-189
Read more
Critical

CVE-2013-0602

Use-after-free vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors.

CVSS: 10.0CWE: CWE-399
Read more
2013-01-09
Medium

CVE-2013-0013

The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle enc…

CVSS: 5.8CWE: CWE-264
Read more
High

CVE-2013-0008

win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly…

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2013-0006

Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Trunc…

CVSS: 8.8CWE: CWE-189
Read more
High

CVE-2013-0631

Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2013-0629

Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013.

CVSS: 7.5CWE: N/A
Read more
2013-01-08
Medium

CVE-2012-6498

Unrestricted file upload vulnerability in index.php in Atomymaxsite 2.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing…

CVSS: 6.8CWE: N/A
Read more
2013-01-05
Medium

CVE-2012-4550

JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization modul…

CVSS: 6.4CWE: CWE-264
Read more
Medium

CVE-2012-4549

The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, authorizes all requests when no r…

CVSS: 5.8CWE: CWE-264
Read more
Medium

CVE-2012-2378

Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allow…

CVSS: 4.3CWE: CWE-264
Read more
Critical

CVE-2011-3937

The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.…

CVSS: 10.0CWE: N/A
Read more
2013-01-04
Low

CVE-2012-5605

Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files.

CVSS: 2.1CWE: CWE-264
Read more
Medium

CVE-2012-5603

proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users'…

CVSS: 5.5CWE: CWE-264
Read more
Low

CVE-2012-4574

Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file.

CVSS: 2.1CWE: CWE-255
Read more
Medium

CVE-2012-4555

The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a den…

CVSS: 4.0CWE: N/A
Read more
Low

CVE-2012-3538

Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log.

CVSS: 3.3CWE: CWE-255
Read more
Low

CVE-2012-2696

The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP…

CVSS: 2.7CWE: CWE-264
Read more
Medium

CVE-2012-0861

The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents…

CVSS: 6.8CWE: CWE-310
Read more
Medium

CVE-2012-0860

Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deploy…

CVSS: 6.2CWE: N/A
Read more
Low

CVE-2011-4316

Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a vi…

CVSS: 3.7CWE: CWE-264
Read more
Medium

CVE-2012-6330

The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large i…

CVSS: 5.0CWE: CWE-189
Read more
2013-01-03
Medium

CVE-2012-5667

Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.

CVSS: 4.4CWE: CWE-189
Read more
Medium

CVE-2012-6081

Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated us…

CVSS: 6.0CWE: N/A
Read more
Medium

CVE-2012-5665

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by edi…

CVSS: 4.3CWE: CWE-264
Read more
Medium

CVE-2012-5655

The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2012-5651

Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results.

CVSS: 5.0CWE: CWE-264
Read more
Critical

CVE-2012-2379

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element…

CVSS: 10.0CWE: N/A
Read more
2013-01-02
Medium

CVE-2012-6472

Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users to obtain sensitive information by reading a (1) cache file, (2) password file, or (3) configurati…

CVSS: 4.6CWE: CWE-264
Read more
Medium

CVE-2012-6471

Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2012-6467

Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafte…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2012-6462

Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request.

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2012-6460

Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs, via a crafted web site.

CVSS: 5.0CWE: N/A
Read more
2013-01-01
High

CVE-2012-6426

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data.

CVSS: 7.5CWE: CWE-264
Read more
Medium

CVE-2012-6084

modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis before 3.4.2 does not properly support capability negotiation during server handshakes, which allows remote attackers to cause a de…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2012-5769

IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (C…

CVSS: 5.8CWE: N/A
Read more
Medium

CVE-2012-5573

The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial…

CVSS: 5.0CWE: CWE-399
Read more
>