[CDC : The Step in the vulnerability Management Life Cycle]
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Vulnerability Summary for the Week of December 17, 2012
High Vulnerabilities Primary
Vendor -- ProductDescription Published CVSS Score Source & Patch Info Back to top adobe -- shockwave_player Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of a Shockwave Player 10.4.0.025 compatibility feature via a crafted HTML document that references Shockwave content with a certain compatibility parameter, related to a "downgrading" attack. 2012-12-20 9.3 CVE-2012-6270 ca -- identityminder Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to execute arbitrary commands or modify data via unknown vectors. 2012-12-26 10.0 CVE-2012-6298 ca -- identityminder Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to bypass intended access restrictions via unknown vectors. 2012-12-26 10.0 CVE-2012-6299 carlosgavazzi -- eos-box_photovoltaic_monitoring_system Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a similar issue to CVE-2012-5861. 2012-12-23 7.5 CVE-2012-6427 carlosgavazzi -- eos-box_photovoltaic_monitoring_system Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by reading a password in a PHP script, a similar issue to CVE-2012-5862. 2012-12-23 10.0 CVE-2012-6428 citrix -- xenapp The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors. 2012-12-26 9.3 CVE-2012-5161 foscam -- h.264_hi3510/11/12_ip_camera The web interface on (1) Foscam and (2) Wansview IP cameras allows remote attackers to bypass authentication, and perform administrative functions or read the admin password, via a direct request to an unspecified URL. 2012-12-21 10.0 CVE-2012-3002 ibm -- rational_automation_framework IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots in HTTP sessions on port 8080. 2012-12-26 7.5 CVE-2012-4816 ibm -- tivoli_storage_manager_for_space_management Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows local users to read or modify file system objects via unknown vectors. 2012-12-21 7.2 CVE-2012-4859 ibm -- tivoli_netview Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local users to gain privileges by leveraging access to the normal Unix System Services (USS) security level. 2012-12-26 7.2 CVE-2012-5951 mysql -- mysql Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE. 2012-12-21 7.5 CVE-2012-0882 netiq -- edirectory Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors. 2012-12-25 10.0 CVE-2012-0432 netiq -- privileged_user_manager Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request. 2012-12-24 10.0 CVE-2012-5932 novell -- iprint Unspecified vulnerability in Novell iPrint Client before 5.82 allows remote attackers to execute arbitrary code via an op-client-interface-version action. 2012-12-24 10.0 CVE-2012-0411 oracle -- glassfish_web_space_server10.0 Directory traversal vulnerability in the Liferay component in Oracle Sun GlassFish Web Space Server before 10.0 Update 7 Patch 2 has unknown impact and attack vectors. 2012-12-21 10.0 CVE-2012-1712 oracle -- hyperion_financial_management Unspecified vulnerability in a TList 6 ActiveX control in Oracle Hyperion Financial Management 11.1.1.4 and 11.1.2.1.104 allows remote attackers to execute arbitrary code via unknown vectors. 2012-12-21 10.0 CVE-2012-1714 rubyonrails -- ruby_on_rails SQL injection vulnerability in the Authlogic gem for Ruby on Rails allows remote attackers to execute arbitrary SQL commands via a crafted parameter in conjunction with a secret_token value, related to certain behavior of find_by_id and other find_by_ methods. 2012-12-26 7.5 CVE-2012-5664 scripthead -- webmail_plus SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2012-12-26 7.5 CVE-2012-5590 symantec -- endpoint_protection The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors. 2012-12-18 7.2 CVE-2012-4348 Medium Vulnerabilities Primary
Vendor -- ProductDescription Published CVSS Score Source & Patch Info Back to top catalin_florian_radut -- zeropoint Cross-site scripting (XSS) vulnerability in the Zero Point module 6.x-1.x before 6.x-1.18 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the path aliases. 2012-12-26 4.3 CVE-2012-5591 citrix -- xendesktop Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device. 2012-12-26 5.0 CVE-2012-6314 concrete5 -- concrete5 Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2012-12-21 4.3 CVE-2012-5181 emc -- data_protection_advisor Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors. 2012-12-26 5.0 CVE-2012-4616 epiqo -- email Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link. 2012-12-26 4.3 CVE-2012-5587 fetchmail -- fetchmail Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read. 2012-12-21 5.8 CVE-2012-3482 ibm -- rational_policy_tester IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate. 2012-12-28 5.8 CVE-2012-0738 ibm -- rational_policy_tester IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate. 2012-12-28 5.8 CVE-2012-0741 ibm -- tivoli_storage_manager_for_space_management Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows remote attackers to read or modify HSM-managed file system objects via unknown vectors. 2012-12-21 6.4 CVE-2012-5954 linux -- linux_kernel The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality. 2012-12-21 4.9 CVE-2012-0957 linux -- linux_kernel The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. 2012-12-21 5.0 CVE-2012-4444 linux -- linux_kernel The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats. 2012-12-21 4.7 CVE-2012-4565 linux -- linux_kernel The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator. 2012-12-21 4.0 CVE-2012-5517 linux -- linux_kernel The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669. 2012-12-27 4.9 CVE-2012-5532 m2osw -- tableofcontents The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissions, which allows remote attackers to read a node's headers by accessing a table of contents block. 2012-12-26 4.3 CVE-2012-5584 naver -- loctouch The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted application. 2012-12-26 4.3 CVE-2012-5182 netiq -- edirectory Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2012-12-25 4.3 CVE-2012-0428 netiq -- edirectory dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request. 2012-12-25 4.0 CVE-2012-0429 netiq -- edirectory Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors. 2012-12-25 6.4 CVE-2012-0430 netiq -- privileged_user_manager The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request. 2012-12-24 6.4 CVE-2012-5930 netiq -- privileged_user_manager Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname. 2012-12-24 5.5 CVE-2012-5931 openstack -- folsom OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV). 2012-12-26 4.3 CVE-2012-5625 opera -- opera_mini The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. 2012-12-26 4.3 CVE-2012-5180 oracle -- essbase_server Buffer overflow in the DataDirect ODBC driver, as used in Oracle Hyperion Interactive Reporting 11.1.2.1 and 11.1.2.2, Essbase Server 11.1.2.1 and 11.1.2.2, Production Reporting Server 11.1.2.1 and 11.1.2.2, and Integration Services Server 11.1.2.1 and 11.1.2.2 has unknown impact and attack vectors. 2012-12-21 6.8 CVE-2012-3133 perl -- perl The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference. 2012-12-21 4.3 CVE-2011-2728 ps_project_management_team -- unity-firefox-extension content/unity-api.js in the unity-firefox-extension extension 2.4.1 for Firefox exposes the toDataURL function in an API call, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted webpage. 2012-12-26 4.3 CVE-2012-0958 sebastian_heinlein -- aptdaemon Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when importing PPA GPG keys from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack. 2012-12-26 4.3 CVE-2012-0962 sensiolabs -- symfony Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string. 2012-12-27 6.4 CVE-2012-6431 sensiolabs -- symfony Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /_internal substring. 2012-12-27 6.8 CVE-2012-6432 siemens -- ros Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations. 2012-12-23 4.3 CVE-2012-4698 vmware -- vcenter_server_appliance Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vectors. 2012-12-21 4.0 CVE-2012-6324 vmware -- vcenter_server_appliance VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors. 2012-12-21 4.0 CVE-2012-6325 xmlsoft -- libxml2 libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data. 2012-12-21 5.0 CVE-2012-0841 Low Vulnerabilities Primary
Vendor -- ProductDescription Published CVSS Score Source & Patch Info Back to top N/A -- N/A Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter. 2012-12-28 3.5 CVE-2012-3871 boatmob -- boat_browser The Boat Browser application before 4.2 and Boat Browser Mini application before 3.9 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. 2012-12-26 1.2 CVE-2012-5179 d-link -- dcs-932l_camera The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value. 2012-12-24 3.3 CVE-2012-4046 debian -- apt Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file. 2012-12-26 2.1 CVE-2012-0961 epiqo -- email The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the stored address via unspecified vectors. 2012-12-26 2.6 CVE-2012-5588 gnome -- gnome_display_manager vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs. 2012-12-21 1.9 CVE-2010-2387 linux -- linux_kernel The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message. 2012-12-27 3.6 CVE-2012-2669 linux -- linux_kernel Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized. 2012-12-21 1.9 CVE-2012-4508 marc_ingram -- services The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource." 2012-12-26 2.1 CVE-2012-5586 mixpanel_project -- mixpanel Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via the Maxpanel token. 2012-12-26 2.1 CVE-2012-5585 naver -- loctouch The Loctouch application 3.4.6 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files. 2012-12-26 2.6 CVE-2012-5183 netgenius -- multilink The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link. 2012-12-26 3.5 CVE-2012-5589 openstack -- keystone tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file. 2012-12-26 2.1 CVE-2012-5483 wordpress -- wordpress WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack. 2012-12-27 2.6 CVE-2012-5868 x -- x.org_x11 The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and crash) or obtain potentially sensitive information from memory via a SetEventMask request that triggers an invalid pointer dereference. 2012-12-21 3.6 CVE-2012-1699
'IT 와 Social 이야기 > Security' 카테고리의 다른 글
| [US-CERT: Bulletin (SB13-002)] 2012년 12월 24일까지 공개된 보안 취약점 요약 Vulnerability Symmary (0) | 2013.01.03 |
|---|---|
| 보안 취약점 관리 사이클 Vulnerability Management Life Cycle Diagrams (0) | 2012.12.31 |
| 18 곳의 2013년 보안 전망 요약 18 Security Prediction for 2013 (0) | 2012.12.27 |
| 보안 전문업체가 바라보는 2013년 보안 전망 Browsing Security Predictions for 2013 (0) | 2012.12.27 |
| [한국DB진흥원] 2013년 데이터베이스 무상 보안 테스팅 및 컨설팅 지원 사업 안내 (0) | 2012.12.06 |
