[Securityresearch.at: Governance Risk & Compliance Consulting]
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
| High Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
| Back to top | ||||
| adobe -- adobe_air | Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on Windows, before 10.3.183.90 and 11.x before 11.7.700.225 on Mac OS X, before 10.3.183.90 and 11.x before 11.2.202.291 on Linux, before 11.1.111.59 on Android 2.x and 3.x, and before 11.1.115.63 on Android 4.x; Adobe AIR before 3.7.0.2090 on Windows and Android and before 3.7.0.2100 on Mac OS X; and Adobe AIR SDK & Compiler before 3.7.0.2090 on Windows and before 3.7.0.2100 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 2013-06-11 | 10.0 | CVE-2013-3343 |
| hp -- insight_diagnostics | HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors. | 2013-06-14 | 10.0 | CVE-2013-3573 |
| hp -- insight_diagnostics | Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter. | 2013-06-14 | 7.8 | CVE-2013-3574 |
| linux -- linux_kernel | Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging connectivity to an IrDA infrared network and sending a large integer value for a (1) name length or (2) attribute length. | 2013-06-08 | 7.5 | CVE-2011-1180 |
| linux -- linux_kernel | A certain Red Hat patch to the sctp_sock_migrate function in net/sctp/socket.c in the Linux kernel before 2.6.21, as used in Red Hat Enterprise Linux (RHEL) 5, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted SCTP packet. | 2013-06-08 | 7.8 | CVE-2011-2482 |
| linux -- linux_kernel | Race condition in the sctp_rcv function in net/sctp/input.c in the Linux kernel before 2.6.29 allows remote attackers to cause a denial of service (system hang) via SCTP packets. NOTE: in some environments, this issue exists because of an incomplete fix for CVE-2011-2482. | 2013-06-08 | 7.1 | CVE-2011-4348 |
| microsoft -- office | Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability." | 2013-06-11 | 9.3 | CVE-2013-1331 |
| microsoft -- windows_7 | The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability." | 2013-06-11 | 9.0 | CVE-2013-1339 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3141. | 2013-06-11 | 9.3 | CVE-2013-3110 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3123. | 2013-06-11 | 9.3 | CVE-2013-3111 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3113, CVE-2013-3121, CVE-2013-3139, and CVE-2013-3142. | 2013-06-11 | 9.3 | CVE-2013-3112 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3121, CVE-2013-3139, and CVE-2013-3142. | 2013-06-11 | 9.3 | CVE-2013-3113 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3119. | 2013-06-11 | 9.3 | CVE-2013-3114 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 7 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | 2013-06-11 | 9.3 | CVE-2013-3116 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3122 and CVE-2013-3124. | 2013-06-11 | 9.3 | CVE-2013-3117 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3120 and CVE-2013-3125. | 2013-06-11 | 9.3 | CVE-2013-3118 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3114. | 2013-06-11 | 9.3 | CVE-2013-3119 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3125. | 2013-06-11 | 9.3 | CVE-2013-3120 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3139, and CVE-2013-3142. | 2013-06-11 | 9.3 | CVE-2013-3121 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3117 and CVE-2013-3124. | 2013-06-11 | 9.3 | CVE-2013-3122 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3111. | 2013-06-11 | 9.3 | CVE-2013-3123 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3117 and CVE-2013-3122. | 2013-06-11 | 9.3 | CVE-2013-3124 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3120. | 2013-06-11 | 9.3 | CVE-2013-3125 |
| microsoft -- windows_7 | Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability." | 2013-06-11 | 7.1 | CVE-2013-3138 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3142. | 2013-06-11 | 9.3 | CVE-2013-3139 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3110. | 2013-06-11 | 9.3 | CVE-2013-3141 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3139. | 2013-06-11 | 9.3 | CVE-2013-3142 |
| Medium Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
| Back to top | ||||
| apache -- http_server | mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. | 2013-06-10 | 5.1 | CVE-2013-1862 |
| cisco -- prime_central_for_hosted_collaboration_solution | Cross-site scripting (XSS) vulnerability in the portal page in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCue23798. | 2013-06-14 | 4.3 | CVE-2013-3375 |
| cisco -- video_surveillance_operations_manager | Open redirect vulnerability in the help page in Cisco Video Surveillance Operations Manager allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCty74490. | 2013-06-14 | 4.3 | CVE-2013-3376 |
| cisco -- secure_access_control_server | The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279. | 2013-06-11 | 4.0 | CVE-2013-3380 |
| cisco -- hosted_collaboration_solution | Cisco Hosted Collaboration Mediation allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets on port 162, aka Bug ID CSCug85756. | 2013-06-11 | 5.0 | CVE-2013-3381 |
| ffmpeg -- ffmpeg | The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20130328 through 20130501 does not properly use the bytestream2 API, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted RLE data. NOTE: the vendor has listed this as an issue fixed in 1.2.1, but the issue is actually in new code that was not shipped with the 1.2.1 release or any earlier release. | 2013-06-09 | 4.3 | CVE-2013-3670 |
| ffmpeg -- ffmpeg | The format_line function in log.c in libavutil in FFmpeg before 1.2.1 uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via crafted data that triggers a log message. | 2013-06-09 | 4.3 | CVE-2013-3671 |
| ffmpeg -- ffmpeg | The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted American Laser Games (ALG) MM Video data. | 2013-06-09 | 4.3 | CVE-2013-3672 |
| ffmpeg -- ffmpeg | The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg before 1.2.1 does not properly manage the disposal methods of frames, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted GIF data. | 2013-06-09 | 4.3 | CVE-2013-3673 |
| ffmpeg -- ffmpeg | The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data. | 2013-06-09 | 4.3 | CVE-2013-3674 |
| ffmpeg -- ffmpeg | The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush video data. | 2013-06-09 | 4.3 | CVE-2013-3675 |
| filemaker -- filemaker_pro | FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2013-06-10 | 5.8 | CVE-2013-2319 |
| filemaker -- filemaker_pro | Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 12 and Pro Advanced before 12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-06-10 | 4.3 | CVE-2013-3640 |
| hp -- insight_diagnostics | hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter. | 2013-06-14 | 5.0 | CVE-2013-3575 |
| juniper -- junos_pulse_access_control_service | Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority (CA) certificate in the Trusted Server CAs list, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging control over that test CA. | 2013-06-13 | 4.3 | CVE-2013-3970 |
| linux -- linux_kernel | A certain Red Hat patch to the __br_deliver function in net/bridge/br_forward.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging connectivity to a network interface that uses an Ethernet bridge device. | 2013-06-08 | 6.8 | CVE-2011-2942 |
| linux -- linux_kernel | A certain Red Hat patch to the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames. | 2013-06-08 | 5.7 | CVE-2011-3593 |
| linux -- linux_kernel | The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 3.0 does not properly handle invalid parameters, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by writing to a /proc/#####/attr/current file. | 2013-06-08 | 4.6 | CVE-2011-3619 |
| linux -- linux_kernel | The br_parse_ip_options function in net/bridge/br_netfilter.c in the Linux kernel before 2.6.39 does not properly initialize a certain data structure, which allows remote attackers to cause a denial of service by leveraging connectivity to a network interface that uses an Ethernet bridge device. | 2013-06-08 | 4.3 | CVE-2011-4087 |
| linux -- linux_kernel | The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a KVM_ASSIGN_PCI_DEVICE operation. | 2013-06-08 | 4.0 | CVE-2011-4347 |
| microsoft -- windows_7 | The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability." | 2013-06-11 | 4.4 | CVE-2013-3136 |
| orchardproject -- orchard | Cross-site scripting (XSS) vulnerability in the Orchard.Comments module in Orchard before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-06-14 | 4.3 | CVE-2013-3645 |
| pizzahut -- pizza_hut_japan_official_order_application | The Pizza Hut Japan Official Order application before 1.1.1.a for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2013-06-10 | 5.8 | CVE-2013-3641 |
| qnap -- surveillance_station_pro | QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors. | 2013-06-07 | 5.0 | CVE-2013-0142 |
| qnap -- surveillance_station_pro | cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string. | 2013-06-07 | 6.5 | CVE-2013-0143 |
| qnap -- viostor_network_video_recorder | Cross-site request forgery (CSRF) vulnerability in cgi-bin/create_user.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a NEW USER action. | 2013-06-07 | 6.8 | CVE-2013-0144 |
| redhat -- enterprise_linux | A certain Red Hat patch to the be2net implementation in the kernel package before 2.6.32-218.el6 on Red Hat Enterprise Linux (RHEL) 6, when promiscuous mode is enabled, allows remote attackers to cause a denial of service (system crash) via non-member VLAN packets. | 2013-06-08 | 4.6 | CVE-2011-3347 |
| wireshark -- wireshark | The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2013-06-09 | 5.0 | CVE-2013-4074 |
| wireshark -- wireshark | epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2013-06-09 | 5.0 | CVE-2013-4075 |
| wireshark -- wireshark | Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2013-06-09 | 5.0 | CVE-2013-4076 |
| wireshark -- wireshark | Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c. | 2013-06-09 | 5.0 | CVE-2013-4077 |
| wireshark -- wireshark | epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2013-06-09 | 5.0 | CVE-2013-4078 |
| wireshark -- wireshark | The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (infinite loop and application hang) via a crafted packet. | 2013-06-09 | 5.0 | CVE-2013-4079 |
| wireshark -- wireshark | The dissect_r3_upstreamcommand_queryconfig function in epan/dissectors/packet-assa_r3.c in the Assa Abloy R3 dissector in Wireshark 1.8.x before 1.8.8 does not properly handle a zero-length item, which allows remote attackers to cause a denial of service (infinite loop, and CPU and memory consumption) via a crafted packet. | 2013-06-09 | 5.0 | CVE-2013-4080 |
| wireshark -- wireshark | The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted packet. | 2013-06-09 | 5.0 | CVE-2013-4082 |
| wireshark -- wireshark | The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2013-06-09 | 5.0 | CVE-2013-4083 |
| Low Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
| Back to top | ||||
| linux -- linux_kernel | The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user. | 2013-06-08 | 3.3 | CVE-2011-1585 |
| linux -- linux_kernel | The fallocate implementation in the GFS2 filesystem in the Linux kernel before 3.2 relies on the page cache, which might allow local users to cause a denial of service by preallocating blocks in certain situations involving insufficient memory. | 2013-06-08 | 1.9 | CVE-2011-4098 |
| microsoft -- internet_explorer | Microsoft Internet Explorer 9 and 10, when script debugging is enabled, does not properly handle objects in memory during the processing of script, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Internet Explorer Script Debug Vulnerability." | 2013-06-11 | 0.0 | CVE-2013-3126 |
| redhat -- enterprise_linux | The perf subsystem in the kernel package 2.6.32-122.el6.x86_64 in Red Hat Enterprise Linux (RHEL) 6 does not properly handle NMIs, which might allow local users to cause a denial of service (excessive log messages) via unspecified vectors. | 2013-06-08 | 1.9 | CVE-2011-2693 |
| rsa -- authentication_manager | EMC RSA Authentication Manager 8.0 before P1 allows local users to discover cleartext operating-system passwords, HTTP plug-in proxy passwords, and SNMP communities by reading a (1) log file or (2) configuration file. | 2013-06-07 | 2.1 | CVE-2013-0947 |
| wireshark -- wireshark | The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet. | 2013-06-09 | 0.0 | CVE-2013-4081 |
- 자세한 내용 확인하기: US-CERT: Bulletin (SB13-168)
'IT 와 Social 이야기 > Security' 카테고리의 다른 글
| [US-CERT: Bulletin (SB13-182)] 2013년 6월 24일까지 공개된 보안 취약점 요약 Vulnerability Summary (0) | 2013.07.02 |
|---|---|
| [US-CERT: Bulletin (SB13-175)] 2013년 6월 17일까지 공개된 보안 취약점 요약 Vulnerability Summary (0) | 2013.06.25 |
| [BIS] 영국의 현황 조사 사례로 살펴 본 데이터 침해(유출) 대응 비용 (0) | 2013.06.17 |
| [SecurityTube] OFFENSIVE SECURITY 2013 - LINUX OVERVIEW (0) | 2013.06.17 |
| [Ponemon] 암호화 트랜드 2012 Global Encryption Trends Study (0) | 2013.06.14 |
