cpe:/a:canonical:telepathy-idle:0.1.14 cpe:/o:canonical:ubuntu_linux:13.04 cpe:/a:canonical:telepathy-idle:0.1.14.1 cpe:/a:canonical:telepathy-idle:0.1.11.2 cpe:/a:canonical:telepathy-idle:0.1.11.1 cpe:/o:canonical:ubuntu_linux:12.04:-:lts cpe:/a:canonical:telepathy-idle:0.1.12.1 cpe:/a:canonical:telepathy-idle:0.1.10.1 cpe:/o:canonical:ubuntu_linux:12.10

CVE-2007-6746

2013-05-21T14:55:01.310-04:00

2013-05-22T00:00:00.000-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-22T08:46:00.000-04:00

CONFIRM https://bugs.freedesktop.org/show_bug.cgi?id=63810 UBUNTU USN-1821-1 BID 59474 MLIST [oss-security] 20130424 CVE(-2007-xxxx?) request: telepathy-idle does not check SSL certificates SECUNIA 53361 FEDORA FEDORA-2013-6534 telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

cpe:/a:openssl:openssl:0.9.6a cpe:/a:openssl:openssl:0.9.6:beta2 cpe:/a:openssl:openssl:0.9.6 cpe:/a:openssl:openssl:0.9.7:beta3 cpe:/a:openssl:openssl:0.9.7:beta1 cpe:/a:redhat:openssl:0.9.6b-3 cpe:/a:openssl:openssl:0.9.7k cpe:/a:openssl:openssl:0.9.6h cpe:/a:openssl:openssl:0.9.7 cpe:/a:openssl:openssl:0.9.2b cpe:/a:openssl:openssl:0.9.8h cpe:/a:openssl:openssl:0.9.8f cpe:/a:openssl:openssl:0.9.5:beta1 cpe:/a:openssl:openssl:0.9.8k cpe:/a:openssl:openssl:0.9.7h cpe:/a:openssl:openssl:0.9.7d cpe:/a:openssl:openssl:0.9.6a:beta2 cpe:/a:openssl:openssl:0.9.5a:beta2 cpe:/a:openssl:openssl:0.9.6e cpe:/a:redhat:openssl:0.9.7a-2 cpe:/a:openssl:openssl:0.9.6i cpe:/a:openssl:openssl:0.9.6:beta3 cpe:/a:openssl:openssl:0.9.1c cpe:/a:openssl:openssl:0.9.7e cpe:/a:openssl:openssl:0.9.6d cpe:/a:openssl:openssl:0.9.7f cpe:/a:openssl:openssl:0.9.8e cpe:/a:openssl:openssl:0.9.3 cpe:/a:openssl:openssl:0.9.7i cpe:/a:openssl:openssl:0.9.6a:beta1 cpe:/a:openssl:openssl:0.9.7b cpe:/a:openssl:openssl:0.9.4 cpe:/a:openssl:openssl:0.9.8c cpe:/a:openssl:openssl:0.9.5 cpe:/a:openssl:openssl:0.9.6:beta1 cpe:/a:openssl:openssl:1.0.0:beta3 cpe:/a:openssl:openssl:1.0.0:beta2 cpe:/a:openssl:openssl:0.9.8l cpe:/a:openssl:openssl:0.9.6g cpe:/a:openssl:openssl:1.0.0:beta1 cpe:/a:openssl:openssl:0.9.6l cpe:/a:openssl:openssl:0.9.7c cpe:/a:openssl:openssl:0.9.5a:beta1 cpe:/a:openssl:openssl:0.9.6f cpe:/a:openssl:openssl:0.9.8j cpe:/a:openssl:openssl:0.9.6j cpe:/a:openssl:openssl:0.9.6b cpe:/a:openssl:openssl:0.9.6a:beta3 cpe:/a:openssl:openssl:0.9.6c cpe:/a:openssl:openssl:0.9.7:beta5 cpe:/a:openssl:openssl:0.9.8i cpe:/a:openssl:openssl:0.9.3a cpe:/a:openssl:openssl:0.9.5:beta2 cpe:/a:openssl:openssl:0.9.5a cpe:/a:openssl:openssl:0.9.7:beta6 cpe:/a:openssl:openssl:0.9.7g cpe:/a:openssl:openssl:0.9.6k cpe:/a:openssl:openssl:0.9.7a cpe:/a:redhat:openssl:0.9.6-15 cpe:/a:openssl:openssl:0.9.7:beta4 cpe:/a:openssl:openssl:0.9.8 cpe:/a:openssl:openssl:0.9.8a cpe:/a:openssl:openssl:1.0.0:beta4 cpe:/a:openssl:openssl:0.9.8b cpe:/a:openssl:openssl:0.9.7l cpe:/a:openssl:openssl:0.9.6m cpe:/a:openssl:openssl:0.9.7j cpe:/a:openssl:openssl:0.9.7m cpe:/a:openssl:openssl:0.9.8g cpe:/a:openssl:openssl:0.9.8d cpe:/a:openssl:openssl:0.9.7:beta2

CVE-2009-4355

2010-01-14T14:30:00.390-05:00

2013-05-21T14:56:17.977-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2010-01-15T10:14:00.000-05:00

REDHAT RHSA-2010:0095 CONFIRM https://kb.bluecoat.com/index?page=content&id=SA50 CONFIRM https://issues.rpath.com/browse/RPL-3157 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=546707 VUPEN ADV-2010-0916 VUPEN ADV-2010-0839 VUPEN ADV-2010-0124 UBUNTU USN-884-1 MLIST [oss-security] 20100113 [PATCH] memory consumption (DoS) in openssl CVE-2009-4355 MANDRIVA MDVSA-2010:022 DEBIAN DSA-1970 CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004 SLACKWARE SSA:2010-060-02 SECUNIA 42733 SECUNIA 42724 SECUNIA 39461 SECUNIA 38761 SECUNIA 38200 SECUNIA 38181 SECUNIA 38175 SUSE SUSE-SA:2010:008 FEDORA FEDORA-2010-5357 FEDORA FEDORA-2010-5744 CONFIRM http://cvs.openssl.org/chngview?cn=19167 CONFIRM http://cvs.openssl.org/chngview?cn=19069 CONFIRM http://cvs.openssl.org/chngview?cn=19068 Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.

cpe:/a:siemens:simatic_pcs_7:7.1 cpe:/a:siemens:simatic_pcs_7:7.0 cpe:/a:siemens:simatic_pcs_7 cpe:/a:siemens:simatic_pcs_7:7.1:sp1 cpe:/a:siemens:simatic_wincc cpe:/a:siemens:simatic_pcs_7:6.1 cpe:/a:siemens:simatic_wincc:6.2 cpe:/a:siemens:simatic_pcs_7:7.0:sp1 cpe:/a:siemens:simatic_pcs_7:6.0 cpe:/a:siemens:simatic_wincc:7.0

CVE-2010-2772

2010-07-22T01:43:58.250-04:00

2013-05-20T22:57:42.127-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2010-07-22T14:00:00.000-04:00

ALLOWS_ADMIN_ACCESS

XF simatic-wincc-default-password(60587) MISC http://www.wired.com/threatlevel/2010/07/siemens-scada/ MISC http://www.wilderssecurity.com/showpost.php?p=1712134&postcount=22 VUPEN ADV-2010-1893 BID 41753 CONFIRM http://www.sea.siemens.com/us/News/Industrial/Pages/WinCC_Update.aspx MISC http://www.f-secure.com/weblog/archives/00001987.html MISC http://www.automation.siemens.com/forum/guests/PostShow.aspx?PostID=16127&16127&Language=en&PageIndex=1 CONFIRM http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&caller=viewhttp://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&c SECUNIA 40682 MISC http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/ MISC http://infoworld.com/d/security-central/siemens-warns-users-dont-change-passwords-after-worm-attack-915?sourcefssr MISC http://infoworld.com/d/security-central/new-weaponized-virus-targets-industrial-secrets-725 MISC http://ics-cert.us-cert.gov/advisories/ICSA-12-205-01 Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568.

cpe:/a:indusoft:web_studio:6.1:sp6 cpe:/a:indusoft:web_studio:7.0 cpe:/a:advantech:advantech_studio:6.1:sp6_61.6.01.05 cpe:/a:indusoft:web_studio:6.1 cpe:/a:indusoft:thin_client:7.0

CVE-2011-0340

2011-05-04T18:55:01.467-04:00

2013-05-20T23:04:44.983-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2011-05-05T08:41:00.000-04:00

VUPEN ADV-2011-1116 VUPEN ADV-2011-1115 MISC http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-02.pdf BID 47596 CONFIRM http://www.indusoft.com/hotfixes/hotfixes.php CONFIRM http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm MISC http://secunia.com/secunia_research/2011-37/ MISC http://secunia.com/secunia_research/2011-36/ SECUNIA 43116 SECUNIA 42928 MISC http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03 Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.

cpe:/a:indusoft:web_studio:7.0b2:hotfix7.0.01.04

CVE-2011-0342

2011-09-02T12:55:01.460-04:00

2013-05-20T23:04:45.633-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-09-02T13:07:00.000-04:00

BID 49403 CONFIRM http://www.indusoft.com/hotfixes/hotfixes.php MISC http://secunia.com/secunia_research/2011-61/ SECUNIA 44875 MISC http://ics-cert.us-cert.gov/advisories/ICSA-11-273-02 Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ISSymbol.ocx 301.1104.601.0 in InduSoft Web Studio 7.0B2 hotfix 7.0.01.04 allow remote attackers to execute arbitrary code via a long parameter to the (1) Open, (2) Close, or (3) SetCurrentLanguage method.

cpe:/a:ge:intelligent_platforms_proficy_historian:4.0 cpe:/a:ge:intelligent_platforms_proficy_historian:3.5

CVE-2011-1918

2011-11-02T13:55:00.777-04:00

2013-05-20T23:08:21.513-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-11-03T08:56:00.000-04:00

MISC http://www.us-cert.gov/control_systems/pdf/ICSA-11-243-03.pdf BID 50475 MISC http://ics-cert.us-cert.gov/advisories/ICSA-11-243-03A Stack-based buffer overflow in the Data Archiver service in GE Intelligent Platforms Proficy Historian before 3.5 SIM 17 and 4.x before 4.0 SIM 12 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic.

cpe:/a:3ssoftware:codesys:3.4:sp4

CVE-2011-5007

2011-12-24T20:55:04.647-05:00

2013-05-20T23:12:51.183-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-12-26T16:57:00.000-05:00

MISC http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf MISC http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf EXPLOIT-DB 18187 SECUNIA 47018 BUGTRAQ 20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2 OSVDB 77387 MISC http://ics-cert.us-cert.gov/advisories/ICSA-12-320-01 MISC http://aluigi.altervista.org/adv/codesys_1-adv.txt Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080.

cpe:/o:ruggedcom:ros:3.9 cpe:/o:ruggedcom:ros:3.7 cpe:/o:ruggedcom:ros:3.10 cpe:/o:ruggedcom:ros:3.8 cpe:/o:ruggedcom:ros:3.3 cpe:/o:ruggedcom:ros:3.2

CVE-2012-1803

2012-04-27T20:55:01.203-04:00

2013-05-20T23:16:18.110-04:00

8.5

NETWORK

MEDIUM

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

2012-04-30T12:30:00.000-04:00

MISC http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-116-01A.pdf CONFIRM http://www.kb.cert.org/vuls/id/MAPG-8RCPEN CERT-VN VU#889195 MISC http://www.wired.com/threatlevel/2012/04/ruggedcom-backdoor/ BID 53215 CONFIRM http://www.ruggedcom.com/productbulletin/ros-security-page/ FULLDISC 20120423 RuggedCom - Backdoor Accounts in my SCADA network? You don't say... MISC http://ics-cert.us-cert.gov/advisories/ICSA-12-146-01A MISC http://arstechnica.com/business/news/2012/04/backdoor-in-mission-critical-hardware-threatens-power-traffic-control-systems.ars BUGTRAQ 20120423 RuggedCom - Backdoor Accounts in my SCADA network? You don't say... RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session.

cpe:/a:mozilla:firefox:12.0 cpe:/a:mozilla:thunderbird:12.0 cpe:/a:mozilla:seamonkey:2.9

CVE-2012-1942

2012-06-05T19:55:01.687-04:00

2013-05-16T23:20:30.270-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2012-06-06T12:40:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=748764 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-45.html CONFIRM http://www.mozilla.org/security/announce/2012/mfsa2012-35.html The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context.

cpe:/a:pro-face:pro-server_ex:1.23.000 cpe:/a:pro-face:pro-server_ex:1.24.200 cpe:/a:pro-face:pro-server_ex:1.30.000 cpe:/a:pro-face:wingp_pc_runtime:3.1.00 cpe:/a:pro-face:pro-server_ex:1.21.000

CVE-2012-3792

2012-06-25T13:55:01.113-04:00

2013-05-20T23:19:19.620-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2012-06-26T08:47:00.000-04:00

CONFIRM https://www.hmisource.com/otasuke/news/2012/0606.html CONFIRM https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt BID 53499 SECUNIA 49172 MISC http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01 MISC http://aluigi.org/adv/proservrex_1-adv.txt Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (out-of-bounds read operation) via a crafted packet that triggers a certain Find Node check attempt.

cpe:/a:pro-face:pro-server_ex:1.23.000 cpe:/a:pro-face:pro-server_ex:1.24.200 cpe:/a:pro-face:pro-server_ex:1.30.000 cpe:/a:pro-face:wingp_pc_runtime:3.1.00 cpe:/a:pro-face:pro-server_ex:1.21.000

CVE-2012-3793

2012-06-25T13:55:01.193-04:00

2013-05-20T23:19:25.580-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2012-06-26T09:04:00.000-04:00

CONFIRM https://www.hmisource.com/otasuke/news/2012/0606.html CONFIRM https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt XF proserverex-overflow-dos(75547) BID 53499 SECUNIA 49172 MISC http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01 MISC http://aluigi.org/adv/proservrex_1-adv.txt Integer overflow in Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode that triggers an incorrect memory allocation and a buffer overflow.

cpe:/a:pro-face:pro-server_ex:1.23.000 cpe:/a:pro-face:pro-server_ex:1.24.200 cpe:/a:pro-face:pro-server_ex:1.30.000 cpe:/a:pro-face:wingp_pc_runtime:3.1.00 cpe:/a:pro-face:pro-server_ex:1.21.000

CVE-2012-3794

2012-06-25T13:55:01.253-04:00

2013-05-20T23:19:25.697-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2012-06-26T09:11:00.000-04:00

CONFIRM https://www.hmisource.com/otasuke/news/2012/0606.html CONFIRM https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt XF proserverex-exception-dos(75551) BID 53499 SECUNIA 49172 MISC http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01 MISC http://aluigi.org/adv/proservrex_1-adv.txt Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted packet with a certain opcode that triggers an invalid attempt to allocate a large amount of memory.

cpe:/a:pro-face:pro-server_ex:1.23.000 cpe:/a:pro-face:pro-server_ex:1.24.200 cpe:/a:pro-face:pro-server_ex:1.30.000 cpe:/a:pro-face:wingp_pc_runtime:3.1.00 cpe:/a:pro-face:pro-server_ex:1.21.000

CVE-2012-3795

2012-06-25T13:55:01.363-04:00

2013-05-20T23:19:25.783-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2012-06-26T09:14:00.000-04:00

CONFIRM https://www.hmisource.com/otasuke/news/2012/0606.html CONFIRM https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt BID 53499 SECUNIA 49172 MISC http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01 MISC http://aluigi.org/adv/proservrex_1-adv.txt Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode and a large value in a size field.

cpe:/a:pro-face:pro-server_ex:1.23.000 cpe:/a:pro-face:pro-server_ex:1.24.200 cpe:/a:pro-face:pro-server_ex:1.30.000 cpe:/a:pro-face:wingp_pc_runtime:3.1.00 cpe:/a:pro-face:pro-server_ex:1.21.000

CVE-2012-3796

2012-06-25T13:55:01.410-04:00

2013-05-20T23:19:25.970-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2012-06-26T09:20:00.000-04:00

CONFIRM https://www.hmisource.com/otasuke/news/2012/0606.html CONFIRM https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt BID 53499 SECUNIA 49172 MISC http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01 MISC http://aluigi.org/adv/proservrex_1-adv.txt Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to obtain sensitive information from daemon memory via a crafted packet with a certain opcode.

cpe:/a:pro-face:pro-server_ex:1.23.000 cpe:/a:pro-face:pro-server_ex:1.24.200 cpe:/a:pro-face:pro-server_ex:1.30.000 cpe:/a:pro-face:wingp_pc_runtime:3.1.00 cpe:/a:pro-face:pro-server_ex:1.21.000

CVE-2012-3797

2012-06-25T13:55:01.457-04:00

2013-05-20T23:19:26.073-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2012-06-26T09:22:00.000-04:00

CONFIRM https://www.hmisource.com/otasuke/news/2012/0606.html CONFIRM https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt BID 53499 SECUNIA 49172 MISC http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01 MISC http://aluigi.org/adv/proservrex_1-adv.txt Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a short crafted packet with a certain opcode.

cpe:/h:korenix:jetport:5601 cpe:/h:korenix:jetport:5604 cpe:/h:korenix:jetport:5604i cpe:/h:korenix:jetport:5601f

CVE-2012-4577

2012-08-21T14:55:01.327-04:00

2013-05-20T23:20:28.937-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2012-08-22T09:19:00.000-04:00

XF jetport-default-password(77992) BID 55196 MISC http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity MISC http://ics-cert.us-cert.gov/advisories/ICSA-12-297-02 MISC http://ics-cert.us-cert.gov/advisories/ICSA-12-263-02 The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, which allows remote attackers to obtain administrative access via an SSH session.

cpe:/h:rockwellautomation:ab_micrologix_controller:1500 cpe:/h:rockwellautomation:ab_micrologix_controller:1100 cpe:/h:rockwellautomation:ab_micrologix_controller:1200 cpe:/h:rockwellautomation:slc_500_controller:- cpe:/h:rockwellautomation:ab_micrologix_controller:1400 cpe:/h:rockwellautomation:plc-5_controller:-

CVE-2012-4690

2012-12-08T10:55:01.007-05:00

2013-05-20T23:20:35.573-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2012-12-10T11:32:00.000-05:00

MISC http://www.us-cert.gov/control_systems/pdf/ICSA-12-342-01.pdf MISC https://rockwellautomation.custhelp.com/app/answers/detail/a_id/511407 MISC http://ics-cert.us-cert.gov/advisories/ICSA-12-342-01A Rockwell Automation Allen-Bradley MicroLogix controller 1100, 1200, 1400, and 1500; SLC 500 controller platform; and PLC-5 controller platform, when Static status is not enabled, allow remote attackers to cause a denial of service via messages that trigger modification of status bits.

cpe:/o:siemens:ruggedmax_os:4.2.1.4621.22 cpe:/o:siemens:rox_i_os:1.14.5 cpe:/o:siemens:rox_ii_os:2.3.0 cpe:/o:siemens:ros:3.11.0

CVE-2012-4698

2012-12-23T16:55:01.437-05:00

2013-05-20T23:20:36.340-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2012-12-24T09:39:00.000-05:00

MISC http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-01.pdf CONFIRM https://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-622607.pdf CONFIRM http://www.ruggedcom.com/productbulletin/ros-security-page/ MISC http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations.

cpe:/a:3s-software:codesys_gateway-server:2.3.8.0 cpe:/a:3s-software:codesys_gateway-server:2.3.9 cpe:/a:3s-software:codesys_gateway-server:2.3.9.1 cpe:/a:3s-software:codesys_gateway-server:2.3.8.1 cpe:/a:3s-software:codesys_gateway-server:2.3.9.2 cpe:/a:3s-software:codesys_gateway-server:2.3.6.0 cpe:/a:3s-software:codesys_gateway-server:2.3.7.0 cpe:/a:3s-software:codesys_gateway-server:2.3.9.3 cpe:/a:3s-software:codesys_gateway-server:2.3.8.2 cpe:/a:3s-software:codesys_gateway-server:2.3.5.1 cpe:/a:3s-software:codesys_gateway-server:2.3.5.3 cpe:/a:3s-software:codesys_gateway-server:2.3.9.4 cpe:/a:3s-software:codesys_gateway-server:2.3.9.20 cpe:/a:3s-software:codesys_gateway-server:2.3.9.18 cpe:/a:3s-software:codesys_gateway-server:2.3.9.19 cpe:/a:3s-software:codesys_gateway-server:2.3.9.5 cpe:/a:3s-software:codesys_gateway-server:2.3.5.2

CVE-2012-4704

2013-02-24T06:48:21.033-05:00

2013-05-20T23:20:36.797-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-02-25T12:54:00.000-05:00

MISC http://ics-cert.us-cert.gov/advisories/ICSA-13-050-01A Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet.

CVE-2012-4705

2013-02-24T06:48:21.063-05:00

2013-05-20T23:20:36.890-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-02-25T13:11:00.000-05:00

MISC http://ics-cert.us-cert.gov/advisories/ICSA-13-050-01A Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname.

CVE-2012-4706

2013-02-24T06:48:21.110-05:00

2013-05-20T23:20:36.973-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-02-25T13:01:00.000-05:00

MISC http://ics-cert.us-cert.gov/advisories/ICSA-13-050-01A Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to cause a denial of service via a crafted packet that triggers a heap-based buffer overflow.

cpe:/a:3s-software:codesys_gateway-server:2.3.8.0 cpe:/a:3s-software:codesys_gateway-server:2.3.9 cpe:/a:3s-software:codesys_gateway-server:2.3.8.1 cpe:/a:3s-software:codesys_gateway-server:2.3.9.1 cpe:/a:3s-software:codesys_gateway-server:2.3.9.2 cpe:/a:3s-software:codesys_gateway-server:2.3.6.0 cpe:/a:3s-software:codesys_gateway-server:2.3.7.0 cpe:/a:3s-software:codesys_gateway-server:2.3.9.3 cpe:/a:3s-software:codesys_gateway-server:2.3.8.2 cpe:/a:3s-software:codesys_gateway-server:2.3.5.1 cpe:/a:3s-software:codesys_gateway-server:2.3.5.3 cpe:/a:3s-software:codesys_gateway-server:2.3.9.4 cpe:/a:3s-software:codesys_gateway-server:2.3.9.18 cpe:/a:3s-software:codesys_gateway-server:2.3.9.19 cpe:/a:3s-software:codesys_gateway-server:2.3.9.5 cpe:/a:3s-software:codesys_gateway-server:2.3.5.2

CVE-2012-4707

2013-02-24T06:48:21.143-05:00

2013-05-20T23:20:37.053-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-02-25T13:00:00.000-05:00

MISC http://ics-cert.us-cert.gov/advisories/ICSA-13-050-01A 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors that trigger an out-of-bounds memory access.

CVE-2012-4708

2013-02-24T06:48:21.190-05:00

2013-05-20T23:20:37.133-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-02-25T13:02:00.000-05:00

MISC http://ics-cert.us-cert.gov/advisories/ICSA-13-050-01A Stack-based buffer overflow in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet.

cpe:/a:wellintech:kingview:6.53 cpe:/a:wellintech:kingview:6.52 cpe:/a:wellintech:kingview:6.55

CVE-2012-4711

2013-02-15T07:09:27.820-05:00

2013-05-20T23:20:37.297-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-02-15T09:59:00.000-05:00

MISC http://ics-cert.us-cert.gov/pdf/ICSA-13-043-02.pdf MISC http://ics-cert.us-cert.gov/advisories/ICSA-13-043-02A Buffer overflow in kingMess.exe 65.20.2003.10300 in WellinTech KingView 6.52, kingMess.exe 65.20.2003.10400 in KingView 6.53, and kingMess.exe 65.50.2011.18049 in KingView 6.55 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted packet.

cpe:/a:dentrix:g5:15.1.293

CVE-2012-4952

2013-05-01T08:00:07.190-04:00

2013-05-21T00:00:00.000-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-01T08:34:00.000-04:00

CONFIRM http://www.kb.cert.org/vuls/id/JALR-8ZRHUK CERT-VN VU#948155 CONFIRM http://www.dentrix.com/support/software-updates/g5.aspx Henry Schein Dentrix G5 before 15.1.294 has a single internal-database password that is shared across different customers' installations, which allows remote attackers to obtain sensitive information about patients by leveraging knowledge of this password from another installation.

cpe:/a:siemens:sipass_integrated:mp2.6

CVE-2012-5409

2012-11-01T06:44:47.717-04:00

2013-05-20T23:21:26.053-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2012-11-01T13:31:00.000-04:00

CONFIRM http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-938777.pdf OSVDB 86129 SECUNIA 50900 MISC http://ioactive.com/pdfs/SIEMENS_Sipass_Integrated_Ethernet_Bus_Arbitrary_Pointer_Dereference_V4.pdf MISC http://ics-cert.us-cert.gov/advisories/ICSA-12-305-01 AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data to any memory location and consequently execute arbitrary code via crafted messages, as demonstrated by an arbitrary pointer dereference attack or a buffer overflow attack.

cpe:/o:redhat:enterprise_linux_eus:5.9.z::server cpe:/o:redhat:enterprise_linux_server_aus:6.4 cpe:/o:redhat:enterprise_linux_server:6.0 cpe:/o:redhat:enterprise_linux_server_eus:6.4.z cpe:/o:redhat:enterprise_linux_hpc_node:6 cpe:/o:redhat:enterprise_linux:5::server cpe:/o:redhat:enterprise_linux_workstation:6.0 cpe:/o:redhat:enterprise_linux_desktop:5.0::client cpe:/o:redhat:enterprise_linux_long_life:5.9::server cpe:/o:redhat:enterprise_linux_desktop:6.0

CVE-2012-6137

2013-05-21T14:55:01.653-04:00

2013-05-22T09:09:48.957-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-22T08:55:00.000-04:00

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=885130 XF redhat-ssl-cve20126137-sec-bypass(84020) SECTRACK 1028520 BID 59674 SECUNIA 53330 REDHAT RHSA-2013:0788 OSVDB 93058 rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials.

cpe:/a:patrick_masotta:serva32:2.1.0

CVE-2013-0145

2013-05-20T10:44:34.263-04:00

2013-05-20T00:00:00.000-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2013-05-20T11:22:00.000-04:00

CERT-VN VU#127108 Buffer overflow in the TFTPD service in Serva32 2.1.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in a read request.

cpe:/a:rubyonrails:ruby_on_rails:3.0.7:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.2.9 cpe:/a:rubyonrails:ruby_on_rails:3.0.17 cpe:/a:rubyonrails:ruby_on_rails:3.0.0:rc cpe:/a:rubyonrails:ruby_on_rails:3.2.2 cpe:/a:rubyonrails:ruby_on_rails:3.0.7 cpe:/a:rubyonrails:ruby_on_rails:3.1.7 cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc4 cpe:/a:rubyonrails:ruby_on_rails:3.1.0:beta1 cpe:/a:rubyonrails:ruby_on_rails:3.1.4 cpe:/a:rubyonrails:ruby_on_rails:3.1.1:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.1.2:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.0.1:pre cpe:/a:rubyonrails:ruby_on_rails:3.0.9 cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc3 cpe:/a:rubyonrails:ruby_on_rails:3.0.6:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.1.6 cpe:/a:rubyonrails:ruby_on_rails:3.1.5 cpe:/a:rubyonrails:ruby_on_rails:3.0.13 cpe:/a:rubyonrails:ruby_on_rails:3.0.7:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.0.5:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc4 cpe:/a:rubyonrails:ruby_on_rails:3.0.4 cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc3 cpe:/a:rubyonrails:ruby_on_rails:3.0.16 cpe:/a:rubyonrails:ruby_on_rails:3.0.1 cpe:/a:rubyonrails:ruby_on_rails:3.1.9 cpe:/a:rubyonrails:ruby_on_rails:3.2.8 cpe:/a:rubyonrails:ruby_on_rails:3.2.6 cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc4 cpe:/a:rubyonrails:ruby_on_rails:3.2.4 cpe:/a:rubyonrails:ruby_on_rails:3.1.1:rc3 cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc7 cpe:/a:rubyonrails:ruby_on_rails:3.1.2:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.0.13:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.2.3:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.0.14 cpe:/a:rubyonrails:ruby_on_rails:3.2.0 cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc6 cpe:/a:rubyonrails:ruby_on_rails:3.1.1:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.1.5:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.0.6:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.0.0:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.1.0 cpe:/a:rubyonrails:ruby_on_rails:3.1.4:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.1.2 cpe:/a:rubyonrails:ruby_on_rails:3.0.10 cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta2 cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.0.5 cpe:/a:rubyonrails:ruby_on_rails:3.0.12 cpe:/a:rubyonrails:ruby_on_rails:3.2.5 cpe:/a:rubyonrails:ruby_on_rails:3.0.18 cpe:/a:rubyonrails:ruby_on_rails:3.1.1 cpe:/a:rubyonrails:ruby_on_rails:3.2.2:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.0.0 cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta3 cpe:/a:rubyonrails:ruby_on_rails:3.0.2:pre cpe:/a:rubyonrails:ruby_on_rails:3.1.8 cpe:/a:rubyonrails:ruby_on_rails:3.2.3:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc5 cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc8 cpe:/a:rubyonrails:ruby_on_rails:3.0.4:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.0.12:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.2.0:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.2.3 cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc3 cpe:/a:rubyonrails:ruby_on_rails:3.1.3 cpe:/a:rubyonrails:ruby_on_rails:3.0.8 cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.0.10:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.2.0:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.2.1 cpe:/a:rubyonrails:ruby_on_rails:3.0.11 cpe:/a:rubyonrails:ruby_on_rails:3.0.2 cpe:/a:rubyonrails:ruby_on_rails:3.0.6 cpe:/a:rubyonrails:ruby_on_rails:3.2.10 cpe:/a:rubyonrails:ruby_on_rails:3.2.7 cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta4 cpe:/a:rubyonrails:ruby_on_rails:3.0.3 cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc5 cpe:/a:rubyonrails:ruby_on_rails:3.0.4:rc cpe:/a:rubyonrails:ruby_on_rails:3.2.4:rc1

CVE-2013-0155

2013-01-13T17:55:00.900-05:00

2013-05-20T23:22:30.130-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-01-14T13:58:00.000-05:00

MLIST [rubyonrails-security] 20130108 Unsafe Query Generation Risk in Ruby on Rails (CVE-2013-0155) DEBIAN DSA-2609 REDHAT RHSA-2013:0155 REDHAT RHSA-2013:0154 MISC http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694.

cpe:/a:rubyonrails:ruby_on_rails:1.2.2 cpe:/a:rubyonrails:ruby_on_rails:3.2.9 cpe:/a:rubyonrails:ruby_on_rails:2.1.0 cpe:/a:rubyonrails:ruby_on_rails:0.11.1 cpe:/a:rubyonrails:ruby_on_rails:3.0.0:rc cpe:/a:rubyonrails:ruby_on_rails:0.6.5 cpe:/a:rubyonrails:ruby_on_rails:2.3.14 cpe:/a:rubyonrails:ruby_on_rails:0.10.1 cpe:/a:rubyonrails:ruby_on_rails:3.1.4 cpe:/a:rubyonrails:ruby_on_rails:3.1.1:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.1.2:rc2 cpe:/a:rubyonrails:ruby_on_rails:2.3.10 cpe:/a:rubyonrails:ruby_on_rails:3.0.9 cpe:/a:rubyonrails:ruby_on_rails:2.2.2 cpe:/a:rubyonrails:ruby_on_rails:0.5.7 cpe:/a:rubyonrails:ruby_on_rails:0.14.2 cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc3 cpe:/a:rubyonrails:ruby_on_rails:0.8.0 cpe:/a:rubyonrails:ruby_on_rails:1.2.4 cpe:/a:rubyonrails:ruby_on_rails:1.2.1 cpe:/a:rubyonrails:ruby_on_rails:3.0.16 cpe:/a:rubyonrails:ruby_on_rails:3.1.9 cpe:/a:rubyonrails:ruby_on_rails:3.2.8 cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc4 cpe:/a:rubyonrails:ruby_on_rails:0.9.0 cpe:/a:rubyonrails:ruby_on_rails:3.1.1:rc3 cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc7 cpe:/a:rubyonrails:ruby_on_rails:3.1.2:rc1 cpe:/a:rubyonrails:ruby_on_rails:2.3.9 cpe:/a:rubyonrails:ruby_on_rails:3.0.14 cpe:/a:rubyonrails:ruby_on_rails:3.2.0 cpe:/a:rubyonrails:ruby_on_rails:0.13.0 cpe:/a:rubyonrails:ruby_on_rails:0.14.3 cpe:/a:rubyonrails:ruby_on_rails:3.1.4:rc1 cpe:/a:rubyonrails:ruby_on_rails:1.1.3 cpe:/a:rubyonrails:ruby_on_rails:0.9.1 cpe:/a:rubyonrails:ruby_on_rails:1.2.3 cpe:/a:rubyonrails:ruby_on_rails:3.0.10 cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta cpe:/a:rubyonrails:ruby_on_rails:2.2.0 cpe:/a:rubyonrails:ruby_on_rails:0.14.4 cpe:/a:rubyonrails:ruby_on_rails:2.2.1 cpe:/a:rubyonrails:ruby_on_rails:3.0.12 cpe:/a:rubyonrails:ruby_on_rails:0.9.3 cpe:/a:rubyonrails:ruby_on_rails:2.0.0 cpe:/a:rubyonrails:ruby_on_rails:3.1.1 cpe:/a:rubyonrails:ruby_on_rails:1.1.4 cpe:/a:rubyonrails:ruby_on_rails:0.12.1 cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta3 cpe:/a:rubyonrails:ruby_on_rails:3.1.8 cpe:/a:rubyonrails:ruby_on_rails:3.0.2:pre cpe:/a:rubyonrails:ruby_on_rails:3.2.3:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc5 cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc8 cpe:/a:rubyonrails:ruby_on_rails:3.0.4:rc1 cpe:/a:rubyonrails:ruby_on_rails:1.1.6 cpe:/a:rubyonrails:ruby_on_rails:0.14.1 cpe:/a:rubyonrails:ruby_on_rails:0.13.1 cpe:/a:rubyonrails:ruby_on_rails:3.0.12:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.2.0:rc1 cpe:/a:rubyonrails:ruby_on_rails:0.7.0 cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc3 cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.0.10:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.2.0:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.0.11 cpe:/a:rubyonrails:ruby_on_rails:3.0.2 cpe:/a:rubyonrails:ruby_on_rails:3.0.6 cpe:/a:rubyonrails:ruby_on_rails:3.2.10 cpe:/a:rubyonrails:ruby_on_rails:3.2.7 cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta4 cpe:/a:rubyonrails:ruby_on_rails:1.1.5 cpe:/a:rubyonrails:ruby_on_rails:2.0.0:rc2 cpe:/a:rubyonrails:ruby_on_rails:1.2.6 cpe:/a:rubyonrails:ruby_on_rails:0.11.0 cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc5 cpe:/a:rubyonrails:ruby_on_rails:1.2.0 cpe:/a:rubyonrails:ruby_on_rails:3.0.4:rc cpe:/a:rubyonrails:ruby_on_rails:1.1.0 cpe:/a:rubyonrails:ruby_on_rails:3.0.7:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc1 cpe:/a:rubyonrails:ruby_on_rails:0.9.4.1 cpe:/a:rubyonrails:ruby_on_rails:2.0.4 cpe:/a:rubyonrails:ruby_on_rails:3.0.17 cpe:/a:rubyonrails:ruby_on_rails:3.2.2 cpe:/a:rubyonrails:ruby_on_rails:3.1.7 cpe:/a:rubyonrails:ruby_on_rails:3.0.7 cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc4 cpe:/a:rubyonrails:ruby_on_rails:3.1.0:beta1 cpe:/a:rubyonrails:ruby_on_rails:1.1.1 cpe:/a:rubyonrails:ruby_on_rails:2.3.4 cpe:/a:rubyonrails:ruby_on_rails:3.0.1:pre cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc3 cpe:/a:rubyonrails:ruby_on_rails:2.0.2 cpe:/a:rubyonrails:ruby_on_rails:3.0.6:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.1.6 cpe:/a:rubyonrails:ruby_on_rails:1.2.5 cpe:/a:rubyonrails:ruby_on_rails:3.1.5 cpe:/a:rubyonrails:ruby_on_rails:0.9.2 cpe:/a:rubyonrails:ruby_on_rails:3.0.13 cpe:/a:rubyonrails:ruby_on_rails:0.12.0 cpe:/a:rubyonrails:ruby_on_rails:3.0.7:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.0.5:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc4 cpe:/a:rubyonrails:ruby_on_rails:3.0.4 cpe:/a:rubyonrails:ruby_on_rails:2.3.12 cpe:/a:rubyonrails:ruby_on_rails:3.0.1 cpe:/a:rubyonrails:ruby_on_rails:2.1.2 cpe:/a:rubyonrails:ruby_on_rails:3.2.6 cpe:/a:rubyonrails:ruby_on_rails:2.0.0:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.2.4 cpe:/a:rubyonrails:ruby_on_rails:3.0.13:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.2.3:rc1 cpe:/a:rubyonrails:ruby_on_rails:0.8.5 cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc6 cpe:/a:rubyonrails:ruby_on_rails:0.5.6 cpe:/a:rubyonrails:ruby_on_rails:3.1.1:rc1 cpe:/a:rubyonrails:ruby_on_rails:2.3.13 cpe:/a:rubyonrails:ruby_on_rails:3.1.5:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.0.6:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.0.0:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.1.0 cpe:/a:rubyonrails:ruby_on_rails:0.5.5 cpe:/a:rubyonrails:ruby_on_rails:1.0.0 cpe:/a:rubyonrails:ruby_on_rails:2.1 cpe:/a:rubyonrails:ruby_on_rails:3.1.2 cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta2 cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.0.5 cpe:/a:rubyonrails:ruby_on_rails:2.3.11 cpe:/a:rubyonrails:ruby_on_rails:3.2.5 cpe:/a:rubyonrails:ruby_on_rails:0.9.4 cpe:/a:rubyonrails:ruby_on_rails:3.0.18 cpe:/a:rubyonrails:ruby_on_rails:3.2.2:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.0.0 cpe:/a:rubyonrails:ruby_on_rails:1.1.2 cpe:/a:rubyonrails:ruby_on_rails:2.0.1 cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc1 cpe:/a:rubyonrails:ruby_on_rails:3.2.3 cpe:/a:rubyonrails:ruby_on_rails:2.3.2 cpe:/a:rubyonrails:ruby_on_rails:3.1.3 cpe:/a:rubyonrails:ruby_on_rails:3.0.8 cpe:/a:rubyonrails:rails:1.2.4 cpe:/a:rubyonrails:ruby_on_rails:2.3.3 cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc2 cpe:/a:rubyonrails:ruby_on_rails:3.2.1 cpe:/a:rubyonrails:ruby_on_rails:1.9.5 cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc1 cpe:/a:rubyonrails:ruby_on_rails:0.5.0 cpe:/a:rubyonrails:ruby_on_rails:3.0.3 cpe:/a:rubyonrails:ruby_on_rails:0.10.0 cpe:/a:rubyonrails:ruby_on_rails:0.6.0 cpe:/a:rubyonrails:ruby_on_rails:2.1.1 cpe:/a:rubyonrails:ruby_on_rails:3.2.4:rc1

CVE-2013-0156

2013-01-13T17:55:00.947-05:00

2013-05-20T23:22:30.360-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2013-01-14T13:36:00.000-05:00

CERT-VN VU#628463 CERT-VN VU#380039 MLIST [rubyonrails-security] 20130108 Multiple vulnerabilities in parameter parsing in Action Pack (CVE-2013-0156) MISC https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156 MISC http://www.insinuator.net/2013/01/rails-yaml/ DEBIAN DSA-2604 CONFIRM http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/ REDHAT RHSA-2013:0155 REDHAT RHSA-2013:0154 REDHAT RHSA-2013:0153 APPLE APPLE-SA-2013-03-14-1 MISC http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.

cpe:/o:windriver:vxworks:6.7 cpe:/o:windriver:vxworks:6.5 cpe:/o:windriver:vxworks:6.8 cpe:/o:windriver:vxworks:6.6 cpe:/o:windriver:vxworks:6.9

CVE-2013-0711

2013-03-20T14:55:01.700-04:00

2013-05-20T23:23:03.920-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-03-21T13:20:00.000-04:00

JVNDB JVNDB-2013-000018 JVN JVN#45545972 MISC http://jvn.jp/en/jp/JVN45545972/995359/index.html MISC http://ics-cert.us-cert.gov/advisories/ICSA-13-091-01 IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to cause a denial of service (daemon outage) via a crafted authentication request.

cpe:/o:windriver:vxworks:6.7 cpe:/o:windriver:vxworks:6.5 cpe:/o:windriver:vxworks:6.8 cpe:/o:windriver:vxworks:6.6 cpe:/o:windriver:vxworks:6.9

CVE-2013-0713

2013-03-20T14:55:01.747-04:00

2013-05-20T23:23:04.073-04:00

6.8

NETWORK

LOW

SINGLE_INSTANCE

NONE

COMPLETE

http://nvd.nist.gov

2013-03-21T13:28:00.000-04:00

JVNDB JVNDB-2013-000020 JVN JVN#52492830 MISC http://jvn.jp/en/jp/JVN52492830/995359/index.html MISC http://ics-cert.us-cert.gov/advisories/ICSA-13-091-01 IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted pty request.

cpe:/o:windriver:vxworks:6.7 cpe:/o:windriver:vxworks:6.5 cpe:/o:windriver:vxworks:6.8 cpe:/o:windriver:vxworks:6.6 cpe:/o:windriver:vxworks:6.9

CVE-2013-0714

2013-03-20T14:55:01.767-04:00

2013-05-20T23:23:04.157-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-03-21T13:30:00.000-04:00

JVNDB JVNDB-2013-000021 JVN JVN#20671901 MISC http://jvn.jp/en/jp/JVN20671901/995359/index.html MISC http://ics-cert.us-cert.gov/advisories/ICSA-13-091-01 IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to execute arbitrary code or cause a denial of service (daemon hang) via a crafted public-key authentication request.

cpe:/o:windriver:vxworks:6.7 cpe:/o:windriver:vxworks:6.5 cpe:/o:windriver:vxworks:6.8 cpe:/o:windriver:vxworks:6.6 cpe:/o:windriver:vxworks:6.9

CVE-2013-0715

2013-03-20T14:55:01.787-04:00

2013-05-20T23:23:04.237-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

NONE

PARTIAL

http://nvd.nist.gov

2013-03-21T13:32:00.000-04:00

JVNDB JVNDB-2013-000022 JVN JVN#65923092 MISC http://jvn.jp/en/jp/JVN65923092/995359/index.html MISC http://ics-cert.us-cert.gov/advisories/ICSA-13-091-01 The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remote authenticated users to cause a denial of service (CLI session crash) via a crafted command string.

cpe:/o:windriver:vxworks:6.7 cpe:/o:windriver:vxworks:6.5 cpe:/o:windriver:vxworks:6.8 cpe:/o:windriver:vxworks:6.6 cpe:/o:windriver:vxworks:6.9

CVE-2013-0716

2013-03-20T14:55:01.807-04:00

2013-05-20T23:23:04.317-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2013-03-21T13:36:00.000-04:00

JVNDB JVNDB-2013-000023 JVN JVN#41022517 MISC http://jvn.jp/en/jp/JVN41022517/995359/index.html MISC http://ics-cert.us-cert.gov/advisories/ICSA-13-091-01 The web server in Wind River VxWorks 5.5 through 6.9 allows remote attackers to cause a denial of service (daemon crash) via a crafted URI.

cpe:/a:mozilla:thunderbird:17.0.5 cpe:/a:mozilla:firefox:20.0 cpe:/a:mozilla:firefox_esr:17.0 cpe:/a:mozilla:thunderbird_esr:17.0.3 cpe:/a:mozilla:thunderbird:17.0.3 cpe:/a:mozilla:firefox:20.0.1 cpe:/a:mozilla:thunderbird_esr:17.0.4 cpe:/a:mozilla:thunderbird_esr:17.0.1 cpe:/a:mozilla:firefox_esr:17.0.4 cpe:/a:mozilla:thunderbird:17.0.4 cpe:/a:mozilla:firefox_esr:17.0.3 cpe:/a:mozilla:thunderbird_esr:17.0.5 cpe:/a:mozilla:thunderbird:17.0.1 cpe:/a:mozilla:thunderbird:17.0 cpe:/a:mozilla:firefox_esr:17.0.1 cpe:/a:mozilla:thunderbird:17.0.2 cpe:/a:mozilla:thunderbird_esr:17.0 cpe:/a:mozilla:firefox:19.0 cpe:/a:mozilla:firefox_esr:17.0.5 cpe:/a:mozilla:firefox:19.0.2 cpe:/a:mozilla:thunderbird_esr:17.0.2 cpe:/a:mozilla:firefox:19.0.1 cpe:/a:mozilla:firefox_esr:17.0.2

CVE-2013-0801

2013-05-16T07:45:30.633-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T09:14:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=866544 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=864558 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=852315 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=849597 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=808402 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=787283 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-41.html Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

cpe:/a:rsa:pluggable_authentication_module:6.0 cpe:/a:rsa:securid_web_agent:5.3.4 cpe:/a:rsa:authentication_api:8.1 cpe:/a:rsa:authentication_agent:6.1.3

CVE-2013-0941

2013-05-22T09:29:45.513-04:00

2013-05-22T00:00:00.000-04:00

6.8

LOCAL

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

2013-05-22T10:08:00.000-04:00

BUGTRAQ 20130516 ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.

cpe:/a:emc:rsa_authentication_agent:7.1

CVE-2013-0942

2013-05-22T09:29:55.837-04:00

2013-05-22T00:00:00.000-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-22T10:24:00.000-04:00

BUGTRAQ 20130510 ESA-2013-031: RSA Authentication Agent Cross-Site Scripting (XSS) Vulnerability Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

cpe:/a:apple:itunes:6.0.4 cpe:/a:apple:itunes:7.1.1 cpe:/a:apple:itunes:7.4.0 cpe:/a:apple:itunes:10.5.1 cpe:/a:apple:itunes:10.1.1.4 cpe:/a:apple:itunes:7.3.1 cpe:/a:apple:itunes:10.5.1.42 cpe:/a:apple:itunes:5.0.1 cpe:/a:apple:itunes:10.1.1 cpe:/a:apple:itunes:7.4.1 cpe:/a:apple:itunes:4.7.2 cpe:/a:apple:itunes:7.6.0 cpe:/a:apple:itunes:7.6 cpe:/a:apple:itunes:10.1.2 cpe:/a:apple:itunes:4.6 cpe:/a:apple:itunes:7.0.0 cpe:/a:apple:itunes:6.0.0 cpe:/a:apple:itunes:9.2.1 cpe:/a:apple:itunes:10.6 cpe:/a:apple:itunes:9.2 cpe:/a:apple:itunes:7.5 cpe:/a:apple:itunes:10.6.3 cpe:/a:apple:itunes:8.0.1 cpe:/a:apple:itunes:9.1 cpe:/a:apple:itunes:10.2 cpe:/a:apple:itunes:7.4.3 cpe:/a:apple:itunes:10.4.1.10 cpe:/a:apple:itunes:7.4.2 cpe:/a:apple:itunes:7.3.2 cpe:/a:apple:itunes:4.2.0 cpe:/a:apple:itunes:4.5 cpe:/a:apple:itunes:4.5.0 cpe:/a:apple:itunes:9.0.2 cpe:/a:apple:itunes:7.7.1 cpe:/a:apple:itunes:4.8.0 cpe:/a:apple:itunes:10.5 cpe:/a:apple:itunes:10.4.0.80 cpe:/a:apple:itunes:7.0.2 cpe:/a:apple:itunes:6.0.1 cpe:/a:apple:itunes:11.0.2 cpe:/a:apple:itunes:7.2.0 cpe:/a:apple:itunes:7.1.0 cpe:/a:apple:itunes:10.1 cpe:/a:apple:itunes:10.2.2.12 cpe:/a:apple:itunes:7.7.0 cpe:/a:apple:itunes:7.3.0 cpe:/a:apple:itunes:4.7 cpe:/a:apple:itunes:4.0.1 cpe:/a:apple:itunes:10.5.2 cpe:/a:apple:itunes:6.0.3 cpe:/a:apple:itunes:9.0.0 cpe:/a:apple:itunes:10.0 cpe:/a:apple:itunes:9.0.1 cpe:/a:apple:itunes:4.6.0 cpe:/a:apple:itunes:7.6.2 cpe:/a:apple:itunes:10.3.1 cpe:/a:apple:itunes:7.4 cpe:/a:apple:itunes:4.7.0 cpe:/a:apple:itunes:4.0.0 cpe:/a:apple:itunes:7.7 cpe:/a:apple:itunes:4.1.0 cpe:/a:apple:itunes:5.0 cpe:/a:apple:itunes:7.0.1 cpe:/a:apple:itunes:10.3 cpe:/a:apple:itunes:5.0.0 cpe:/a:apple:itunes:6.0.2 cpe:/a:apple:itunes:9.1.1 cpe:/a:apple:itunes:4.9.0 cpe:/a:apple:itunes:10.0.1 cpe:/a:apple:itunes:6.0.5 cpe:/a:apple:itunes:10.4 cpe:/a:apple:itunes:8.0.0 cpe:/a:apple:itunes:9.0.3 cpe:/a:apple:itunes:10.6.1 cpe:/a:apple:itunes:4.7.1 cpe:/a:apple:itunes:10.4.1 cpe:/a:apple:itunes:7.5.0 cpe:/a:apple:itunes:7.6.1 cpe:/a:apple:itunes:10.5.3

CVE-2013-0991

2013-05-20T10:44:34.410-04:00

2013-05-20T00:00:00.000-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-20T11:24:00.000-04:00

CONFIRM http://support.apple.com/kb/HT5766 APPLE APPLE-SA-2013-05-16-1 WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

cpe:/a:apple:itunes:6.0.4 cpe:/a:apple:itunes:7.1.1 cpe:/a:apple:itunes:7.4.0 cpe:/a:apple:itunes:10.5.1 cpe:/a:apple:itunes:10.1.1.4 cpe:/a:apple:itunes:7.3.1 cpe:/a:apple:itunes:10.5.1.42 cpe:/a:apple:itunes:5.0.1 cpe:/a:apple:itunes:10.1.1 cpe:/a:apple:itunes:7.4.1 cpe:/a:apple:itunes:4.7.2 cpe:/a:apple:itunes:7.6.0 cpe:/a:apple:itunes:7.6 cpe:/a:apple:itunes:10.1.2 cpe:/a:apple:itunes:4.6 cpe:/a:apple:itunes:7.0.0 cpe:/a:apple:itunes:6.0.0 cpe:/a:apple:itunes:9.2.1 cpe:/a:apple:itunes:10.6 cpe:/a:apple:itunes:9.2 cpe:/a:apple:itunes:7.5 cpe:/o:microsoft:windows_xp:sp2 cpe:/a:apple:itunes:10.6.3 cpe:/a:apple:itunes:8.0.1 cpe:/a:apple:itunes:9.1 cpe:/a:apple:itunes:10.2 cpe:/a:apple:itunes:7.4.3 cpe:/a:apple:itunes:10.4.1.10 cpe:/a:apple:itunes:7.4.2 cpe:/a:apple:itunes:7.3.2 cpe:/a:apple:itunes:4.2.0 cpe:/a:apple:itunes:4.5 cpe:/a:apple:itunes:4.5.0 cpe:/a:apple:itunes:9.0.2 cpe:/a:apple:itunes:7.7.1 cpe:/a:apple:itunes:4.8.0 cpe:/a:apple:itunes:10.5 cpe:/a:apple:itunes:10.4.0.80 cpe:/a:apple:itunes:7.0.2 cpe:/a:apple:itunes:6.0.1 cpe:/a:apple:itunes:11.0.2 cpe:/a:apple:itunes:7.2.0 cpe:/a:apple:itunes:7.1.0 cpe:/a:apple:itunes:10.1 cpe:/a:apple:itunes:10.2.2.12 cpe:/a:apple:itunes:7.7.0 cpe:/a:apple:itunes:7.3.0 cpe:/a:apple:itunes:4.7 cpe:/a:apple:itunes:4.0.1 cpe:/a:apple:itunes:10.5.2 cpe:/a:apple:itunes:6.0.3 cpe:/a:apple:itunes:9.0.0 cpe:/a:apple:itunes:10.0 cpe:/a:apple:itunes:9.0.1 cpe:/a:apple:itunes:4.6.0 cpe:/a:apple:itunes:7.6.2 cpe:/a:apple:itunes:10.3.1 cpe:/a:apple:itunes:7.4 cpe:/a:apple:itunes:4.7.0 cpe:/a:apple:itunes:4.0.0 cpe:/a:apple:itunes:7.7 cpe:/a:apple:itunes:4.1.0 cpe:/a:apple:itunes:5.0 cpe:/a:apple:itunes:7.0.1 cpe:/a:apple:itunes:10.3 cpe:/a:apple:itunes:5.0.0 cpe:/a:apple:itunes:6.0.2 cpe:/a:apple:itunes:9.1.1 cpe:/a:apple:itunes:4.9.0 cpe:/a:apple:itunes:10.0.1 cpe:/a:apple:itunes:6.0.5 cpe:/a:apple:itunes:10.4 cpe:/a:apple:itunes:8.0.0 cpe:/a:apple:itunes:9.0.3 cpe:/a:apple:itunes:10.6.1 cpe:/a:apple:itunes:4.7.1 cpe:/a:apple:itunes:10.4.1 cpe:/a:apple:itunes:7.5.0 cpe:/a:apple:itunes:7.6.1 cpe:/a:apple:itunes:10.5.3

CVE-2013-0992

2013-05-20T10:44:34.447-04:00

2013-05-20T00:00:00.000-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-20T12:28:00.000-04:00

CVE-2013-0993

2013-05-20T10:44:34.480-04:00

2013-05-20T00:00:00.000-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-20T12:28:00.000-04:00

CVE-2013-0994

2013-05-20T10:44:34.543-04:00

2013-05-20T12:32:11.263-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-20T12:29:00.000-04:00

CVE-2013-0995

2013-05-20T10:44:34.580-04:00

2013-05-20T12:35:32.420-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-20T12:34:00.000-04:00

CVE-2013-0996

2013-05-20T10:44:34.613-04:00

2013-05-20T12:35:54.467-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-20T12:35:00.000-04:00

CVE-2013-0997

2013-05-20T10:44:34.647-04:00

2013-05-20T12:37:21.217-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-20T12:36:00.000-04:00

CVE-2013-0998

2013-05-20T10:44:34.677-04:00

2013-05-20T12:38:04.417-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-20T12:37:00.000-04:00

CVE-2013-0999

2013-05-20T10:44:34.710-04:00

2013-05-20T12:42:17.237-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-20T12:38:00.000-04:00

CVE-2013-1000

2013-05-20T10:44:34.750-04:00

2013-05-20T12:39:43.833-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-20T12:38:00.000-04:00

CVE-2013-1001

2013-05-20T10:44:34.787-04:00

2013-05-20T12:40:33.927-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-20T12:39:00.000-04:00

CVE-2013-1002

2013-05-20T10:44:34.817-04:00

2013-05-20T12:41:15.730-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-20T12:40:00.000-04:00

CVE-2013-1003

2013-05-20T10:44:34.850-04:00

2013-05-20T12:42:07.353-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-20T12:41:00.000-04:00

CVE-2013-1004

2013-05-20T10:44:34.883-04:00

2013-05-20T12:42:48.847-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-20T12:42:00.000-04:00

CVE-2013-1005

2013-05-20T10:44:34.920-04:00

2013-05-20T12:43:34.063-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-20T12:42:00.000-04:00

CVE-2013-1006

2013-05-20T10:44:34.973-04:00

2013-05-20T12:43:49.103-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-20T12:43:00.000-04:00

CVE-2013-1007

2013-05-20T10:44:35.007-04:00

2013-05-20T12:44:17.977-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-20T12:43:00.000-04:00

CVE-2013-1008

2013-05-20T10:44:35.040-04:00

2013-05-20T12:46:09.797-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-20T12:45:00.000-04:00

CVE-2013-1010

2013-05-20T10:44:35.097-04:00

2013-05-20T12:45:03.860-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-20T12:44:00.000-04:00

CVE-2013-1011

2013-05-20T10:44:35.180-04:00

2013-05-20T12:46:02.980-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-20T12:45:00.000-04:00

CVE-2013-1014

2013-05-20T10:44:35.207-04:00

2013-05-20T12:49:58.790-04:00

2.9

ADJACENT_NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-20T12:47:00.000-04:00

CONFIRM http://support.apple.com/kb/HT5766 APPLE APPLE-SA-2013-05-16-1 Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.

cpe:/a:novell:imanager:2.7:sp4_patch1 cpe:/a:novell:imanager:2.7.3:ftf2 cpe:/a:novell:imanager:2.7:sp4 cpe:/a:novell:imanager:2.7:sp5 cpe:/a:novell:imanager:2.7:sp4_patch4 cpe:/a:novell:imanager:2.7.3:ftf4 cpe:/a:novell:imanager:2.7.1 cpe:/a:novell:imanager:2.7:refresh6 cpe:/a:novell:imanager:2.7 cpe:/a:novell:imanager:2.7.3:sp3 cpe:/a:novell:imanager:2.7.3 cpe:/a:novell:imanager:2.7.2 cpe:/a:novell:imanager:2.7:sp6 cpe:/a:novell:imanager:2.7.4 cpe:/a:novell:imanager:2.7:sp4_patch2 cpe:/a:novell:imanager:2.7.5 cpe:/a:novell:imanager:2.7:sp4_patch3

CVE-2013-1088

2013-04-24T06:28:37.790-04:00

2013-05-16T00:00:00.000-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-04-24T08:37:00.000-04:00

CONFIRM https://bugzilla.novell.com/show_bug.cgi?id=726260 CONFIRM http://www.novell.com/support/kb/doc.php?id=7010166 Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.

cpe:/h:cisco:ace_application_controle_engine_module:-

CVE-2013-1175

2013-05-15T23:36:22.627-04:00

2013-05-16T00:00:00.000-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2013-05-16T08:35:00.000-04:00

CISCO 20130514 Cisco ACE Log Retention Denial of Service Vulnerability The SSL logging daemon in the Application Control Engine module in Cisco ACE allows remote attackers to cause a denial of service (disk consumption) via a large number of SSL connections that trigger log entries, aka Bug ID CSCug78957.

cpe:/a:cisco:unified_communications_manager

CVE-2013-1188

2013-05-15T23:36:22.690-04:00

2013-05-16T00:00:00.000-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2013-05-16T08:57:00.000-04:00

CISCO 20130514 Cisco Unified Communications Manager Authentication Denial of Service Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515.

cpe:/a:cisco:secure_access_control_system:-

CVE-2013-1200

2013-05-15T23:36:22.710-04:00

2013-05-16T09:02:46.077-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-16T09:01:00.000-04:00

CISCO 20130515 Cisco Secure Access Control System Session Fixation Web Vulnerability Session fixation vulnerability in Cisco Secure Access Control System (ACS) allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787.

cpe:/a:cisco:telepresence_supervisor_mse_8050_software:2.2%281.17%29 cpe:/h:cisco:telepresence_supervisor_mse_8050:-

CVE-2013-1236

2013-05-15T23:36:22.727-04:00

2013-05-16T09:13:47.487-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T09:07:00.000-04:00

CISCO 20130515 Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability Cisco TelePresence Supervisor MSE 8050 before 2.3(1.31) allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing TCP connections at a high rate, aka Bug IDs CSCuf76076 and CSCuf79763.

cpe:/a:cisco:webex_social:-

CVE-2013-1244

2013-05-15T23:36:22.747-04:00

2013-05-16T00:00:00.000-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-16T09:45:00.000-04:00

CISCO 20130514 WebEx Social Allows JavaScript URLs in Links Attached to Posts Cross-site scripting (XSS) vulnerability in the portal module in Cisco WebEx Social allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL in the link field in a post, aka Bug ID CSCue67199.

cpe:/a:cisco:webex_social:-

CVE-2013-1245

2013-05-15T23:36:22.767-04:00

2013-05-16T00:00:00.000-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-16T09:55:00.000-04:00

CISCO 20130514 WebEx Social Client-Side Restriction Bypass Attribute Change Vulnerability The user-management page in Cisco WebEx Social relies on client-side validation of values in the Screen Name, First Name, Middle Name, Last Name, Email Address, and Job Title fields, which allows remote authenticated users to bypass intended access restrictions via crafted requests, aka Bug ID CSCue67190.

cpe:/a:microsoft:visio:2007:sp3 cpe:/a:microsoft:visio:2010:sp1 cpe:/a:microsoft:visio:2003:sp3

CVE-2013-1301

2013-05-14T23:36:33.410-04:00

2013-05-15T09:51:32.820-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-15T09:43:00.000-04:00

MS MS13-044 Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."

cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_8:-:-:x86 cpe:/o:microsoft:windows_8:-:-:x64 cpe:/o:microsoft:windows_rt:-

CVE-2013-1305

2013-05-14T23:36:33.447-04:00

2013-05-15T10:07:21.027-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2013-05-15T10:05:00.000-04:00

MS MS13-039 HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."

cpe:/a:microsoft:internet_explorer:8

CVE-2013-1311

2013-05-14T23:36:34.077-04:00

2013-05-15T10:46:32.827-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T10:32:00.000-04:00

MS MS13-037 Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."

cpe:/o:microsoft:windows_xp::sp3

CVE-2013-1313

2013-02-13T07:04:14.087-05:00

2013-05-15T23:35:27.870-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-02-13T13:56:00.000-05:00

MS MS13-020 MS MS13-037 Object Linking and Embedding (OLE) Automation in Microsoft Windows XP SP3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted RTF document, aka "OLE Automation Remote Code Execution Vulnerability."

cpe:/a:microsoft:publisher:2003:sp3

CVE-2013-1318

2013-05-14T23:36:34.153-04:00

2013-05-15T10:52:58.573-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T10:52:00.000-04:00

MS MS13-042 Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."

cpe:/a:microsoft:publisher:2003:sp3

CVE-2013-1319

2013-05-14T23:36:34.177-04:00

2013-05-15T10:56:31.287-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T10:55:00.000-04:00

MS MS13-042 Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."

cpe:/a:microsoft:publisher:2003:sp3

CVE-2013-1320

2013-05-14T23:36:34.193-04:00

2013-05-15T10:57:39.183-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T10:57:00.000-04:00

MS MS13-042 Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."

cpe:/a:microsoft:publisher:2003:sp3

CVE-2013-1322

2013-05-14T23:36:34.230-04:00

2013-05-15T11:04:09.847-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T11:01:00.000-04:00

MS MS13-042 Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."

cpe:/a:microsoft:publisher:2007:sp3 cpe:/a:microsoft:publisher:2003:sp3 cpe:/a:microsoft:publisher:2010:sp1

CVE-2013-1328

2013-05-14T23:36:34.287-04:00

2013-05-15T11:25:48.127-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T11:24:00.000-04:00

MS MS13-042 Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."

cpe:/a:microsoft:publisher:2003:sp3

CVE-2013-1329

2013-05-14T23:36:34.303-04:00

2013-05-16T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T11:13:00.000-04:00

MS MS13-042 Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."

cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_server_2008:r2:sp1:x64 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_8:-:-:x64 cpe:/o:microsoft:windows_vista:-:sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium cpe:/o:microsoft:windows_rt:- cpe:/o:microsoft:windows_7:-:sp1:x86 cpe:/o:microsoft:windows_server_2008::sp2:itanium cpe:/o:microsoft:windows_8:-:-:x86 cpe:/o:microsoft:windows_server_2008::sp2:x86 cpe:/o:microsoft:windows_7:-:sp1:x64

CVE-2013-1332

2013-05-14T23:36:34.323-04:00

2013-05-16T00:00:00.000-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T12:19:00.000-04:00

MS MS13-046 dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."

cpe:/a:microsoft:word:2003:sp3 cpe:/a:microsoft:word_viewer:-

CVE-2013-1335

2013-05-14T23:36:34.383-04:00

2013-05-15T12:33:07.437-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T12:31:00.000-04:00

MS MS13-043 Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."

cpe:/a:microsoft:.net_framework:3.5.1 cpe:/a:microsoft:.net_framework:4.5 cpe:/a:microsoft:.net_framework:2.0:sp2 cpe:/a:microsoft:.net_framework:3.5 cpe:/a:microsoft:.net_framework:4.0

CVE-2013-1336

2013-05-14T23:36:34.403-04:00

2013-05-15T12:59:21.723-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-15T12:44:00.000-04:00

MS MS13-040 The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."

cpe:/a:microsoft:internet_explorer:8

CVE-2013-1347

2013-05-05T07:07:00.527-04:00

2013-05-15T23:35:29.683-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-06T09:43:00.000-04:00

CONFIRM http://technet.microsoft.com/security/advisory/2847140 MS MS13-038 Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.

cpe:/a:adobe:coldfusion:9.0 cpe:/a:adobe:coldfusion:9.0.2:update_4 cpe:/a:adobe:coldfusion:9.0:update_10 cpe:/a:adobe:coldfusion:10.0 cpe:/a:adobe:coldfusion:9.0.1:update_9 cpe:/a:adobe:coldfusion:10.0:update_4 cpe:/a:adobe:coldfusion:10.0:update_1 cpe:/a:adobe:coldfusion:9.0.1 cpe:/a:adobe:coldfusion:9.0.2 cpe:/a:adobe:coldfusion:10.0:update_3

CVE-2013-1389

2013-05-16T07:45:30.693-04:00

2013-05-16T09:56:27.933-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T09:54:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-13.html Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9.0.1 before Update 10, 9.0.2 before Update 5, and 10 before Update 10 allows remote attackers to execute arbitrary code via unknown vectors.

cpe:/a:mozilla:firefox:20.0 cpe:/a:mozilla:firefox:20.0.1 cpe:/a:mozilla:firefox:19.0 cpe:/a:mozilla:firefox:19.0.2 cpe:/a:mozilla:firefox:19.0.1

CVE-2013-1669

2013-05-16T07:45:30.720-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:14:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=865948 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=855236 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=854001 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=843434 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=837324 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=837007 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=834526 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=826588 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=826392 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=826104 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=822910 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=821850 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=821479 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=819775 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=814552 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=803228 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=791432 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-41.html Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2013-1670

2013-05-16T07:45:30.777-04:00

2013-05-16T10:03:47.010-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-16T10:00:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=853709 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-42.html The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.

cpe:/a:mozilla:firefox:20.0 cpe:/a:mozilla:firefox:20.0.1 cpe:/a:mozilla:firefox:19.0 cpe:/a:mozilla:firefox:19.0.2 cpe:/a:mozilla:firefox:19.0.1

CVE-2013-1671

2013-05-16T07:45:30.797-04:00

2013-05-16T00:00:00.000-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-16T09:21:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=842255 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-43.html Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site.

cpe:/a:mozilla:firefox:20.0 cpe:/a:mozilla:firefox_esr:17.0 cpe:/a:mozilla:thunderbird:17.0.5 cpe:/a:mozilla:thunderbird_esr:17.0.3 cpe:/a:mozilla:thunderbird:17.0.3 cpe:/a:mozilla:firefox:20.0.1 cpe:/a:mozilla:thunderbird_esr:17.0.4 cpe:/a:mozilla:thunderbird_esr:17.0.1 cpe:/a:mozilla:firefox_esr:17.0.4 cpe:/a:mozilla:thunderbird:17.0.4 cpe:/a:mozilla:firefox_esr:17.0.3 cpe:/a:mozilla:thunderbird_esr:17.0.5 cpe:/a:mozilla:thunderbird:17.0.1 cpe:/a:mozilla:thunderbird:17.0 cpe:/a:mozilla:firefox_esr:17.0.1 cpe:/a:mozilla:thunderbird:17.0.2 cpe:/a:mozilla:thunderbird_esr:17.0 cpe:/a:mozilla:firefox:19.0 cpe:/a:mozilla:firefox_esr:17.0.5 cpe:/a:mozilla:firefox:19.0.2 cpe:/a:mozilla:thunderbird_esr:17.0.2 cpe:/a:mozilla:firefox:19.0.1 cpe:/a:mozilla:firefox_esr:17.0.2

CVE-2013-1672

2013-05-16T07:45:30.817-04:00

2013-05-16T10:16:44.470-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:09:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=850492 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-44.html The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via vectors involving junctions.

cpe:/a:mozilla:firefox:20.0 cpe:/a:mozilla:firefox:20.0.1 cpe:/a:mozilla:firefox:19.0 cpe:/a:mozilla:firefox:19.0.2 cpe:/a:mozilla:firefox:19.0.1

CVE-2013-1673

2013-05-16T07:45:30.840-04:00

2013-05-16T00:00:00.000-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:11:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=854088 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-45.html The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not properly maintain Mozilla Maintenance Service registry entries in certain situations involving upgrades from older Firefox versions, which allows local users to gain privileges by leveraging write access to a "trusted path."

CVE-2013-1674

2013-05-16T07:45:30.857-04:00

2013-05-16T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:16:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=860971 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-46.html Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during the playing of a video.

CVE-2013-1675

2013-05-16T07:45:30.877-04:00

2013-05-16T00:00:00.000-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-16T10:23:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=866825 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-47.html Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

CVE-2013-1676

2013-05-16T07:45:30.900-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:19:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=818454 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-48.html The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2013-1677

2013-05-16T07:45:30.923-04:00

2013-05-16T10:41:21.463-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:39:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=826163 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-48.html The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2013-1678

2013-05-16T07:45:30.947-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:22:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=839745 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-48.html The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via unspecified vectors.

CVE-2013-1679

2013-05-16T07:45:30.970-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:29:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=848237 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-48.html Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

CVE-2013-1680

2013-05-16T07:45:30.990-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:30:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=850931 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-48.html Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

CVE-2013-1681

2013-05-16T07:45:31.017-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:33:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=851781 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-48.html Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

cpe:/o:xen:xen:4.0.0 cpe:/o:xen:xen:4.0.2 cpe:/o:xen:xen:4.0.3 cpe:/o:xen:xen:4.1.5 cpe:/o:xen:xen:4.1.4 cpe:/o:xen:xen:4.1.3 cpe:/o:xen:xen:4.1.2 cpe:/o:xen:xen:4.1.1 cpe:/o:xen:xen:4.0.4 cpe:/o:xen:xen:4.1.0 cpe:/o:xen:xen:4.0.1

CVE-2013-1964

2013-05-21T14:55:01.907-04:00

2013-05-22T00:00:00.000-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-22T09:07:00.000-04:00

SECTRACK 1028459 BID 59293 MLIST [oss-security] 20130418 Xen Security Advisory 50 (CVE-2013-1964) - grant table hypercall acquire/release imbalance Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors.

cpe:/a:openstack:devstack:-

CVE-2013-1977

2013-05-21T14:55:02.163-04:00

2013-05-22T00:00:00.000-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-22T09:12:00.000-04:00

MISC https://bugs.launchpad.net/devstack/+bug/1168252 MLIST [oss-security] 20130423 Re: CVE-2013-1977 - OpenStack keystone.conf insecure file permissions MLIST [oss-security] 20130419 CVE-2013-1977 - OpenStack keystone.conf insecure file permissions OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.

cpe:/a:openstack:keystone:2013.1.1

CVE-2013-2006

2013-05-21T14:55:02.340-04:00

2013-05-22T09:23:17.100-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-22T09:20:00.000-04:00

CONFIRM https://github.com/openstack/keystone/commit/c5037dd6b82909efaaa8720e8cfa8bdb8b4a0edd CONFIRM https://bugs.launchpad.net/ossn/+bug/1168252 CONFIRM https://bugs.launchpad.net/keystone/+bug/1172195 BID 59411 MLIST [oss-security] 20130424 Re: CVE-2013-2006 OpenStack keystone LDAP password disclosure in log files MLIST [oss-security] 20130423 CVE-2013-2006 OpenStack keystone LDAP password disclosure in log files REDHAT RHSA-2013:0806 OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.

cpe:/a:qemu:qemu:1.4.1

CVE-2013-2007

2013-05-21T14:55:02.623-04:00

2013-05-22T00:00:00.000-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-22T09:23:00.000-04:00

MISC https://bugzilla.redhat.com/show_bug.cgi?id=956082 XF qemu-cve20132007-priv-esc(84047) SECTRACK 1028521 BID 59675 MLIST [oss-security] 20130506 Xen Security Advisory 51 (CVE-2013-2007) - qemu guest agent (qga) insecure file permissions SECUNIA 53325 OSVDB 93032 CONFIRM http://git.qemu.org/?p=qemu.git;a=commit;h=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67 The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.

cpe:/a:openstack:keystone:2012.1 cpe:/a:openstack:keystone:2013.1

CVE-2013-2059

2013-05-21T14:55:02.867-04:00

2013-05-22T00:00:00.000-04:00

6.0

NETWORK

MEDIUM

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2013-05-22T09:54:00.000-04:00

CONFIRM https://bugs.launchpad.net/keystone/+bug/1166670 XF keystone-cve20132059-security-bypass(84135) BID 59787 MLIST [oss-security] 20130509 RE: [Openstack] [OSSA 2013-011] Keystone tokens not immediately invalidated when user is deleted (CVE-2013-2059) MLIST [oss-security] 20130509 [OSSA 2013-011] Keystone tokens not immediately invalidated when user is deleted (CVE-2013-2059) SECUNIA 53339 SECUNIA 53326 OSVDB 93134 OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.

cpe:/a:web2py:web2py:1.94.4 cpe:/a:web2py:web2py:1.84.4 cpe:/a:web2py:web2py:1.76.4 cpe:/a:web2py:web2py:2.0.1-11 cpe:/a:web2py:web2py:1.83.1 cpe:/a:web2py:web2py:1.91.2 cpe:/a:web2py:web2py:1.99.3 cpe:/a:web2py:web2py:1.91.6 cpe:/a:web2py:web2py:1.90.5 cpe:/a:web2py:web2py:1.88.1 cpe:/a:web2py:web2py:1.96.4 cpe:/a:web2py:web2py:1.76.5 cpe:/a:web2py:web2py:1.81.3 cpe:/a:web2py:web2py:1.76.3 cpe:/a:web2py:web2py:1.86.3 cpe:/a:web2py:web2py:1.81.1 cpe:/a:web2py:web2py:1.90.2 cpe:/a:web2py:web2py:1.93.2 cpe:/a:web2py:web2py:1.96.1 cpe:/a:web2py:web2py:2.1.0 cpe:/a:web2py:web2py:1.90.6 cpe:/a:web2py:web2py:1.80.1 cpe:/a:web2py:web2py:1.90.1 cpe:/a:web2py:web2py:1.78.1 cpe:/a:web2py:web2py:1.82.1 cpe:/a:web2py:web2py:1.94.6 cpe:/a:web2py:web2py:1.90.4 cpe:/a:web2py:web2py:1.94.1 cpe:/a:web2py:web2py:1.98.1 cpe:/a:web2py:web2py:1.99.4 cpe:/a:web2py:web2py:1.99.5 cpe:/a:web2py:web2py:1.87.2 cpe:/a:web2py:web2py:1.79.1 cpe:/a:web2py:web2py:1.92.1 cpe:/a:web2py:web2py:1.89.1 cpe:/a:web2py:web2py:1.85.1 cpe:/a:web2py:web2py:1.98.2 cpe:/a:web2py:web2py:1.76.2 cpe:/a:web2py:web2py:1.94.3 cpe:/a:web2py:web2py:1.76.1 cpe:/a:web2py:web2py:1.99.2 cpe:/a:web2py:web2py:1.77.1 cpe:/a:web2py:web2py:1.79.2 cpe:/a:web2py:web2py:1.96.2 cpe:/a:web2py:web2py:1.93.1 cpe:/a:web2py:web2py:1.89.5 cpe:/a:web2py:web2py:1.94.5 cpe:/a:web2py:web2py:1.99.7 cpe:/a:web2py:web2py:1.91.1 cpe:/a:web2py:web2py:1.85.3 cpe:/a:web2py:web2py:1.99.1 cpe:/a:web2py:web2py:1.81.2 cpe:/a:web2py:web2py:1.81.4 cpe:/a:web2py:web2py:1.77.2 cpe:/a:web2py:web2py:1.78.3 cpe:/a:web2py:web2py:1.86.1 cpe:/a:web2py:web2py:1.94.2 cpe:/a:web2py:web2py:1.97.1 cpe:/a:web2py:web2py:1.87.3 cpe:/a:web2py:web2py:1.83.2 cpe:/a:web2py:web2py:2.2.1 cpe:/a:web2py:web2py:1.77.3 cpe:/a:web2py:web2py:1.87.1 cpe:/a:web2py:web2py:1.91.5 cpe:/a:web2py:web2py:1.84.1 cpe:/a:web2py:web2py:1.81.5 cpe:/a:web2py:web2py:1.95.1

CVE-2013-2311

2013-05-22T09:29:55.850-04:00

2013-05-22T00:00:00.000-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-22T10:31:00.000-04:00

MLIST [web2py] 20121214 web2py 2.3.1 is out JVNDB JVNDB-2013-000040 JVN JVN#10461119 Cross-site scripting (XSS) vulnerability in static/js/share.js (aka the social bookmarking widget) in Web2py before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

cpe:/a:oracle:primavera_products_suite:7.0 cpe:/a:oracle:primavera_products_suite:8.1 cpe:/a:oracle:primavera_products_suite:8.2

CVE-2013-2405

2013-04-17T13:55:07.057-04:00

2013-05-16T00:00:00.000-04:00

5.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov

2013-04-18T09:51:00.000-04:00

CONFIRM http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 7.0, 8.1, and 8.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web Access.

cpe:/a:adobe:acrobat_reader:11.0.02

CVE-2013-2549

2013-03-11T06:55:01.053-04:00

2013-05-16T23:28:24.990-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2013-03-16T11:53:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html MISC http://twitter.com/thezdi/statuses/309771882612281344 MISC http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157 Unspecified vulnerability in Adobe Reader 11.0.02 allows remote attackers to execute arbitrary code via vectors related to a "break into the sandbox," as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013.

cpe:/a:adobe:acrobat_reader:11.0.02

CVE-2013-2550

2013-03-11T06:55:01.060-04:00

2013-05-16T23:28:25.067-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2013-03-16T12:00:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html MISC http://twitter.com/thezdi/statuses/309771882612281344 MISC http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157 Unspecified vulnerability in Adobe Reader 11.0.02 allows attackers to bypass the sandbox protection mechanism via unknown vectors, as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013.

cpe:/a:microsoft:internet_explorer:10

CVE-2013-2551

2013-03-11T06:55:01.070-04:00

2013-05-15T23:36:06.227-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-03-16T09:09:00.000-04:00

MISC http://twitter.com/VUPEN/statuses/309479075385327617 MISC http://twitter.com/thezdi/statuses/309452625173176320 MS MS13-037 MISC http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157 Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.

cpe:/a:adobe:acrobat:9.5.4 cpe:/a:adobe:acrobat:9.3.4:- cpe:/a:adobe:acrobat:10.1.3 cpe:/a:adobe:acrobat_reader:9.0 cpe:/a:adobe:acrobat_reader:10.1.3 cpe:/a:adobe:acrobat_reader:9.1.3 cpe:/a:adobe:acrobat:10.1 cpe:/a:adobe:acrobat:9.3.1:- cpe:/a:adobe:acrobat:9.4.2:- cpe:/a:adobe:acrobat:9.0:-:pro cpe:/a:adobe:acrobat:9.4.5:- cpe:/a:adobe:acrobat_reader:10.1.6 cpe:/a:adobe:acrobat_reader:11.0.1 cpe:/a:adobe:acrobat:10.0.1:-:pro cpe:/a:adobe:acrobat_reader:11.0 cpe:/a:adobe:acrobat:10.1.2 cpe:/a:adobe:acrobat_reader:10.1.4 cpe:/a:adobe:acrobat_reader:9.4.1 cpe:/a:adobe:acrobat:9.1.1:- cpe:/a:adobe:acrobat:9.1.3:- cpe:/a:adobe:acrobat:9.1.3 cpe:/a:adobe:acrobat:9.1:-:pro cpe:/a:adobe:acrobat_reader:9.1.2 cpe:/a:adobe:acrobat_reader:9.4.6 cpe:/a:adobe:acrobat_reader:10.0.2 cpe:/a:adobe:acrobat:10.1.5 cpe:/a:adobe:acrobat_reader:10.1.2 cpe:/a:adobe:acrobat:10.1.4 cpe:/a:adobe:acrobat_reader:9.4 cpe:/a:adobe:acrobat:9.4.1:- cpe:/a:adobe:acrobat:9.0 cpe:/a:adobe:acrobat_reader:9.5 cpe:/a:adobe:acrobat_reader:10.0 cpe:/a:adobe:acrobat_reader:9.1 cpe:/a:adobe:acrobat_reader:10.0.1 cpe:/a:adobe:acrobat:9.5.1 cpe:/a:adobe:acrobat_reader:10.1.1 cpe:/a:adobe:acrobat:10.0.1 cpe:/a:adobe:acrobat:9.3.3 cpe:/a:adobe:acrobat_reader:9.4.5 cpe:/a:adobe:acrobat:10.0 cpe:/a:adobe:acrobat_reader:9.5.4 cpe:/a:adobe:acrobat:9.3.1 cpe:/a:adobe:acrobat_reader:9.5.3 cpe:/a:adobe:acrobat:9.4.7 cpe:/a:adobe:acrobat:10.0:-:pro cpe:/a:adobe:acrobat:11.0 cpe:/a:adobe:acrobat_reader:10.1 cpe:/a:adobe:acrobat_reader:9.3.2 cpe:/a:adobe:acrobat:9.4.6 cpe:/a:adobe:acrobat:9.4.2 cpe:/a:adobe:acrobat:11.0.1 cpe:/a:adobe:acrobat:9.5.3 cpe:/a:adobe:acrobat_reader:10.0.3 cpe:/a:adobe:acrobat:9.1.2 cpe:/a:adobe:acrobat_reader:9.4.3 cpe:/a:adobe:acrobat:9.5.2 cpe:/a:adobe:acrobat:9.4.1 cpe:/a:adobe:acrobat:9.4.4:- cpe:/a:adobe:acrobat:9.4.6:- cpe:/a:adobe:acrobat:9.2:- cpe:/a:adobe:acrobat:9.3 cpe:/a:adobe:acrobat:9.3.2:- cpe:/a:adobe:acrobat_reader:9.3.1 cpe:/a:adobe:acrobat_reader:9.1.1 cpe:/a:adobe:acrobat_reader:9.4.2 cpe:/a:adobe:acrobat:9.1 cpe:/a:adobe:acrobat:9.2 cpe:/a:adobe:acrobat:9.4.4 cpe:/a:adobe:acrobat:9.1.1 cpe:/a:adobe:acrobat:9.4.3 cpe:/a:adobe:acrobat_reader:10.1.5 cpe:/a:adobe:acrobat:10.0.3 cpe:/a:adobe:acrobat:9.5 cpe:/a:adobe:acrobat_reader:9.5.1 cpe:/a:adobe:acrobat_reader:9.3.4 cpe:/a:adobe:acrobat:10.0.2 cpe:/a:adobe:acrobat:9.3.4 cpe:/a:adobe:acrobat_reader:9.3.3 cpe:/a:adobe:acrobat:11.0.2 cpe:/a:adobe:acrobat:10.1.1 cpe:/a:adobe:acrobat:9.4.5 cpe:/a:adobe:acrobat:9.3:-:pro cpe:/a:adobe:acrobat:10.1.6 cpe:/a:adobe:acrobat:9.3.2 cpe:/a:adobe:acrobat_reader:9.3 cpe:/a:adobe:acrobat_reader:11.0.2 cpe:/a:adobe:acrobat_reader:9.2 cpe:/a:adobe:acrobat:9.4 cpe:/a:adobe:acrobat_reader:9.4.4 cpe:/a:adobe:acrobat_reader:9.4.7 cpe:/a:adobe:acrobat_reader:9.5.2 cpe:/a:adobe:acrobat:9.4.3:-

CVE-2013-2718

2013-05-16T07:45:31.037-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:36:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2719

2013-05-16T07:45:31.060-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:43:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2720

2013-05-16T07:45:31.080-04:00

2013-05-16T10:57:29.960-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:56:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2721

2013-05-16T07:45:31.100-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:50:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2722

2013-05-16T07:45:31.120-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:51:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2723

2013-05-16T07:45:31.140-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T11:12:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2724

2013-05-16T07:45:31.160-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T11:16:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors.

CVE-2013-2725

2013-05-16T07:45:31.180-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T11:17:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2726

2013-05-16T07:45:31.200-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T09:28:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2727

2013-05-16T07:45:31.220-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T11:20:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2729.

cpe:/a:adobe:flash_player:11.6.602.168 cpe:/a:adobe:adobe_air:3.5.0.600 cpe:/a:adobe:flash_player:10.3.183.48 cpe:/a:adobe:flash_player:7.0.53.0 cpe:/a:adobe:flash_player:11.1.102.62 cpe:/a:adobe:flash_player:10.3.183.61 cpe:/a:adobe:flash_player:11.3.300.273 cpe:/a:adobe:flash_player:10.3.183.5 cpe:/a:adobe:flash_player:10.3.183.15 cpe:/a:adobe:flash_player:6.0.21.0 cpe:/a:adobe:flash_player:7.0.1 cpe:/a:adobe:adobe_air:3.1.0.4880 cpe:/a:adobe:flash_player:11.2.202.270 cpe:/a:adobe:adobe_air:3.5.0.880 cpe:/a:adobe:flash_player:11.5.502.110 cpe:/a:adobe:flash_player:11.4.402.265 cpe:/a:adobe:flash_player:11.2.202.275 cpe:/a:adobe:flash_player:10.3.183.67 cpe:/a:adobe:flash_player:9.0.28.0 cpe:/a:adobe:flash_player:9.0.31.0 cpe:/a:adobe:flash_player:7.0.25 cpe:/a:adobe:flash_player:11.1.115.54 cpe:/a:adobe:flash_player:9.0.262.0 cpe:/a:adobe:flash_player:7.1 cpe:/a:adobe:flash_player:7.0.61.0 cpe:/a:adobe:flash_player:11.2.202.223 cpe:/a:adobe:flash_player:9.0.20.0 cpe:/a:adobe:flash_player:10.3.183.19 cpe:/a:adobe:flash_player:11.5.502.149 cpe:/a:adobe:adobe_air_sdk:3.4.0.2710 cpe:/a:adobe:flash_player:9.0.125.0 cpe:/a:adobe:flash_player:10.3.181.23 cpe:/a:adobe:flash_player:10.3.183.16 cpe:/a:adobe:flash_player:11.2.202.258 cpe:/a:adobe:flash_player:11.6.602.171 cpe:/a:adobe:flash_player:7.0.73.0 cpe:/a:adobe:flash_player:9.0.124.0 cpe:/a:adobe:flash_player:7.0.63 cpe:/a:adobe:flash_player:11.1.115.34 cpe:/a:adobe:flash_player:10.0.15.3 cpe:/a:adobe:flash_player:11.1.111.44 cpe:/a:adobe:flash_player:9.0.260.0 cpe:/a:adobe:flash_player:10.3.183.29 cpe:/a:adobe:flash_player:10.1 cpe:/a:adobe:flash_player:10.2.154.25 cpe:/a:adobe:flash_player:11.6.602.180 cpe:/a:adobe:flash_player:8.0.35.0 cpe:/a:adobe:flash_player:6.0.79 cpe:/a:adobe:adobe_air_sdk:3.5.0.1060 cpe:/a:adobe:adobe_air:3.5.0.890 cpe:/a:adobe:flash_player:7.0.66.0 cpe:/a:adobe:flash_player:9.0.48.0 cpe:/a:adobe:flash_player:9.0.20 cpe:/a:adobe:flash_player:10.1.106.17 cpe:/a:adobe:flash_player:11.3.300.270 cpe:/a:adobe:flash_player:11.3.300.265 cpe:/a:adobe:flash_player:9.125.0 cpe:/a:adobe:flash_player:10.1.92.8 cpe:/a:adobe:flash_player:7.0.68.0 cpe:/a:adobe:flash_player:11.1.102.55 cpe:/a:adobe:flash_player:9.0.9.0 cpe:/a:adobe:adobe_air:3.2.0.207 cpe:/a:adobe:flash_player:8.0.34.0 cpe:/a:adobe:flash_player:8.0.42.0 cpe:/a:adobe:adobe_air_sdk:3.3.0.3690 cpe:/a:adobe:flash_player:9.0.28 cpe:/a:adobe:flash_player:7.1.1 cpe:/a:adobe:flash_player:10.3.183.63 cpe:/a:adobe:flash_player:7.2 cpe:/a:adobe:adobe_air_sdk:3.1.0.488 cpe:/a:adobe:flash_player:9.0.151.0 cpe:/a:adobe:adobe_air_sdk:3.0.0.4080 cpe:/a:adobe:flash_player:10.2.156.12 cpe:/a:adobe:flash_player:10.1.52.14.1 cpe:/a:adobe:flash_player:10.3.183.18 cpe:/a:adobe:flash_player:10.3.183.68 cpe:/a:adobe:flash_player:10.0.22.87 cpe:/a:adobe:flash_player:9.0.155.0 cpe:/a:adobe:flash_player:9.0.18d60 cpe:/a:adobe:flash_player:9.0.112.0 cpe:/a:adobe:flash_player:10.1.102.64 cpe:/a:adobe:flash_player:10.2.152.32 cpe:/a:adobe:flash_player:11.5.502.135 cpe:/a:adobe:flash_player:7.0.70.0 cpe:/a:adobe:flash_player:9.0.152.0 cpe:/a:adobe:flash_player:11.1.111.8 cpe:/a:adobe:flash_player:11.2.202.261 cpe:/a:adobe:flash_player:11.7.700.169 cpe:/a:adobe:flash_player:7.0.69.0 cpe:/a:adobe:flash_player:11.5.502.146 cpe:/a:adobe:flash_player:8.0 cpe:/a:adobe:flash_player:10.3.181.34 cpe:/a:adobe:flash_player:7.0.19.0 cpe:/a:adobe:flash_player:10.2.154.13 cpe:/a:adobe:flash_player:7.0.67.0 cpe:/a:adobe:flash_player:10.0.12.10 cpe:/a:adobe:flash_player:11.2.202.235 cpe:/a:adobe:adobe_air:3.4.0.2710 cpe:/a:adobe:flash_player:9.0.283.0 cpe:/a:adobe:flash_player:11.2.202.280 cpe:/a:adobe:adobe_air_sdk:3.5.0.890 cpe:/a:adobe:flash_player:10.0.12.36 cpe:/a:adobe:flash_player:7.0.60.0 cpe:/a:adobe:flash_player:10.3.181.16 cpe:/a:adobe:adobe_air:3.1.0.488 cpe:/a:adobe:adobe_air:3.0.0.408 cpe:/a:adobe:adobe_air:3.5.0.1060 cpe:/a:adobe:flash_player:11.2.202.236 cpe:/a:adobe:flash_player:10.2.157.51 cpe:/a:adobe:adobe_air:3.6.0.597 cpe:/a:adobe:flash_player:10.2.153.1 cpe:/a:adobe:flash_player:11.1.115.7 cpe:/a:adobe:flash_player:11.1 cpe:/a:adobe:adobe_air:3.6.0.6090 cpe:/a:adobe:flash_player:9.0.246.0 cpe:/a:adobe:adobe_air_sdk:3.7.0.1530 cpe:/a:adobe:flash_player:10.0.32.18 cpe:/a:adobe:flash_player:10.2.152.33 cpe:/a:adobe:flash_player:11.1.111.50 cpe:/a:adobe:adobe_air:3.3.0.3670 cpe:/a:adobe:flash_player:11.5.502.136 cpe:/a:adobe:flash_player:10.1.95.2 cpe:/a:adobe:flash_player:10.0.0.584 cpe:/a:adobe:flash_player:10.1.85.3 cpe:/a:adobe:flash_player:11.2.202.273 cpe:/a:adobe:flash_player:9.0.280 cpe:/a:adobe:flash_player:9.0 cpe:/a:adobe:flash_player:11.2.202.238 cpe:/a:adobe:adobe_air:3.0.0.4080 cpe:/a:adobe:flash_player:11.0.1.153 cpe:/a:adobe:flash_player:11.2.202.228 cpe:/a:adobe:adobe_air:3.2.0.2070 cpe:/a:adobe:flash_player:7.0.24.0 cpe:/a:adobe:flash_player:11.3.300.262 cpe:/a:adobe:flash_player:10.3.183.11 cpe:/a:adobe:flash_player:10.1.53.64 cpe:/a:adobe:flash_player:10.1.82.76 cpe:/a:adobe:flash_player:10.3.181.14 cpe:/a:adobe:flash_player:8.0.39.0 cpe:/a:adobe:flash_player:10.3.181.26 cpe:/a:adobe:flash_player:10.3.181.22 cpe:/a:adobe:flash_player:11.4.402.287 cpe:/a:adobe:flash_player:11.0.1.152 cpe:/a:adobe:flash_player:10.2.152.26 cpe:/a:adobe:flash_player:9.0.31 cpe:/a:adobe:flash_player:11.3.300.257 cpe:/a:adobe:flash_player:11.4.402.278 cpe:/a:adobe:flash_player:9.0.159.0 cpe:/a:adobe:flash_player:10.3.183.23 cpe:/a:adobe:adobe_air_sdk:3.6.0.599 cpe:/a:adobe:flash_player:10.3.183.43 cpe:/a:adobe:flash_player:10.1.52.15 cpe:/a:adobe:adobe_air:3.4.0.2540 cpe:/a:adobe:adobe_air_sdk:3.4.0.2540 cpe:/a:adobe:flash_player:10.2.159.1 cpe:/a:adobe:flash_player:10.3.183.20 cpe:/a:adobe:flash_player:9.0.277.0 cpe:/a:adobe:flash_player:9.0.45.0 cpe:/a:adobe:flash_player:10.2.152 cpe:/a:adobe:flash_player:11.2.202.233 cpe:/a:adobe:flash_player:8.0.24.0 cpe:/a:adobe:flash_player:10.1.52.14 cpe:/a:adobe:flash_player:11.1.115.48 cpe:/a:adobe:flash_player:10.0.42.34 cpe:/a:adobe:flash_player:8.0.22.0 cpe:/a:adobe:flash_player:8.0.33.0 cpe:/a:adobe:flash_player:10.3.183.7 cpe:/a:adobe:flash_player:11.0 cpe:/a:adobe:flash_player:10.3.183.25 cpe:/a:adobe:flash_player:9.0.114.0 cpe:/a:adobe:adobe_air_sdk:3.5.0.600 cpe:/a:adobe:flash_player:10.1.105.6 cpe:/a:adobe:flash_player:7.0 cpe:/a:adobe:flash_player:11.1.102.59 cpe:/a:adobe:flash_player:11.3.300.271 cpe:/a:adobe:flash_player:11.2.202.262 cpe:/a:adobe:flash_player:10.1.92.10 cpe:/a:adobe:flash_player:7.0.14.0 cpe:/a:adobe:flash_player:9.0.115.0 cpe:/a:adobe:flash_player:9.0.16 cpe:/a:adobe:adobe_air_sdk:3.3.0.3650 cpe:/a:adobe:flash_player:11.1.102.63 cpe:/a:adobe:flash_player:11.6.602.167 cpe:/a:adobe:adobe_air:3.7.0.1530 cpe:/a:adobe:flash_player:9.0.47.0 cpe:/a:adobe:flash_player:10.3.183.10 cpe:/a:adobe:flash_player:11.2.202.251 cpe:/a:adobe:flash_player:10.3.183.50 cpe:/a:adobe:flash_player:11.3.300.268 cpe:/a:adobe:flash_player:10.0.2.54 cpe:/a:adobe:flash_player:10.1.106.16 cpe:/a:adobe:flash_player:9.0.8.0 cpe:/a:adobe:flash_player:10.3.183.75 cpe:/a:adobe:adobe_air:3.1.0.485 cpe:/a:adobe:adobe_air_sdk:3.2.0.2070 cpe:/a:adobe:adobe_air_sdk:3.6.0.6090 cpe:/a:adobe:flash_player:11.2.202.243 cpe:/a:adobe:flash_player:10.0.45.2 cpe:/a:adobe:adobe_air_sdk:3.5.0.880 cpe:/a:adobe:flash_player:10.3.183.51 cpe:/a:adobe:flash_player:10.1.95.1

CVE-2013-2728

2013-05-16T07:45:31.240-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T12:27:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-14.html Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.

CVE-2013-2729

2013-05-16T07:45:31.263-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T11:23:00.000-04:00

CVE-2013-2730

2013-05-16T07:45:31.287-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T11:29:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2733.

CVE-2013-2731

2013-05-16T07:45:31.313-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T12:26:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2732

2013-05-16T07:45:31.373-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T12:29:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2733

2013-05-16T07:45:31.393-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T12:31:00.000-04:00

CVE-2013-2734

2013-05-16T07:45:31.413-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T12:34:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2735

2013-05-16T07:45:31.437-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T12:35:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2736

2013-05-16T07:45:31.453-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T12:38:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2737

2013-05-16T07:45:31.477-04:00

2013-05-16T00:00:00.000-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-16T12:38:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html A JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to obtain sensitive information via unspecified vectors.

cpe:/a:google:chrome:27.0.1453.84 cpe:/a:google:chrome:27.0.1453.42 cpe:/a:google:chrome:27.0.1453.46 cpe:/a:google:chrome:27.0.1453.82 cpe:/a:google:chrome:27.0.1453.12 cpe:/a:google:chrome:27.0.1453.40 cpe:/a:google:chrome:27.0.1453.60 cpe:/a:google:chrome:27.0.1453.7 cpe:/a:google:chrome:27.0.1453.63 cpe:/a:google:chrome:27.0.1453.15 cpe:/a:google:chrome:27.0.1453.43 cpe:/a:google:chrome:27.0.1453.47 cpe:/a:google:chrome:27.0.1453.61 cpe:/a:google:chrome:27.0.1453.45 cpe:/a:google:chrome:27.0.1453.90 cpe:/a:google:chrome:27.0.1453.49 cpe:/a:google:chrome:27.0.1453.3 cpe:/a:google:chrome:27.0.1453.72 cpe:/a:google:chrome:27.0.1453.89 cpe:/a:google:chrome:27.0.1453.34 cpe:/a:google:chrome:27.0.1453.51 cpe:/a:google:chrome:27.0.1453.9 cpe:/a:google:chrome:27.0.1453.13 cpe:/a:google:chrome:27.0.1453.57 cpe:/a:google:chrome:27.0.1453.50 cpe:/a:google:chrome:27.0.1453.81 cpe:/a:google:chrome:27.0.1453.85 cpe:/a:google:chrome:27.0.1453.5 cpe:/a:google:chrome:27.0.1453.2 cpe:/a:google:chrome:27.0.1453.55 cpe:/a:google:chrome:27.0.1453.8 cpe:/a:google:chrome:27.0.1453.69 cpe:/a:google:chrome:27.0.1453.10 cpe:/a:google:chrome:27.0.1453.44 cpe:/a:google:chrome:27.0.1453.67 cpe:/a:google:chrome:27.0.1453.39 cpe:/a:google:chrome:27.0.1453.86 cpe:/a:google:chrome:27.0.1453.59 cpe:/a:google:chrome:27.0.1453.38 cpe:/a:google:chrome:27.0.1453.54 cpe:/a:google:chrome:27.0.1453.58 cpe:/a:google:chrome:27.0.1453.80 cpe:/a:google:chrome:27.0.1453.62 cpe:/a:google:chrome:27.0.1453.1 cpe:/a:google:chrome:27.0.1453.70 cpe:/a:google:chrome:27.0.1453.79 cpe:/a:google:chrome:27.0.1453.65 cpe:/a:google:chrome:27.0.1453.87 cpe:/a:google:chrome:27.0.1453.74 cpe:/a:google:chrome:27.0.1453.88 cpe:/a:google:chrome:27.0.1453.56 cpe:/a:google:chrome:27.0.1453.73 cpe:/a:google:chrome:27.0.1453.91 cpe:/a:google:chrome:27.0.1453.6 cpe:/a:google:chrome:27.0.1453.52 cpe:/a:google:chrome:27.0.1453.77 cpe:/a:google:chrome:27.0.1453.78 cpe:/a:google:chrome:27.0.1453.76 cpe:/a:google:chrome:27.0.1453.0 cpe:/a:google:chrome:27.0.1453.35 cpe:/a:google:chrome:27.0.1453.4 cpe:/a:google:chrome:27.0.1453.83 cpe:/a:google:chrome:27.0.1453.71 cpe:/a:google:chrome:27.0.1453.66 cpe:/a:google:chrome:27.0.1453.68 cpe:/a:google:chrome:27.0.1453.41 cpe:/a:google:chrome:27.0.1453.11 cpe:/a:google:chrome:27.0.1453.36 cpe:/a:google:chrome:27.0.1453.75 cpe:/a:google:chrome:27.0.1453.37 cpe:/a:google:chrome:27.0.1453.64

CVE-2013-2836

2013-05-22T09:29:55.893-04:00

2013-05-22T00:00:00.000-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2013-05-22T10:52:00.000-04:00

CONFIRM https://code.google.com/p/chromium/issues/detail?id=241595 CONFIRM https://code.google.com/p/chromium/issues/detail?id=236631 CONFIRM https://code.google.com/p/chromium/issues/detail?id=232865 CONFIRM https://code.google.com/p/chromium/issues/detail?id=232532 CONFIRM https://code.google.com/p/chromium/issues/detail?id=232389 CONFIRM https://code.google.com/p/chromium/issues/detail?id=231725 CONFIRM https://code.google.com/p/chromium/issues/detail?id=229402 CONFIRM https://code.google.com/p/chromium/issues/detail?id=227390 CONFIRM https://code.google.com/p/chromium/issues/detail?id=226659 CONFIRM https://code.google.com/p/chromium/issues/detail?id=226090 CONFIRM https://code.google.com/p/chromium/issues/detail?id=226012 CONFIRM https://code.google.com/p/chromium/issues/detail?id=225979 CONFIRM https://code.google.com/p/chromium/issues/detail?id=225403 CONFIRM https://code.google.com/p/chromium/issues/detail?id=224920 CONFIRM https://code.google.com/p/chromium/issues/detail?id=223145 CONFIRM https://code.google.com/p/chromium/issues/detail?id=223125 CONFIRM https://code.google.com/p/chromium/issues/detail?id=223034 CONFIRM https://code.google.com/p/chromium/issues/detail?id=222770 CONFIRM https://code.google.com/p/chromium/issues/detail?id=222754 CONFIRM https://code.google.com/p/chromium/issues/detail?id=222036 CONFIRM https://code.google.com/p/chromium/issues/detail?id=196648 CONFIRM https://code.google.com/p/chromium/issues/detail?id=196575 CONFIRM https://code.google.com/p/chromium/issues/detail?id=196571 CONFIRM https://code.google.com/p/chromium/issues/detail?id=181438 CONFIRM https://code.google.com/p/chromium/issues/detail?id=181375 CONFIRM https://code.google.com/p/chromium/issues/detail?id=180920 CONFIRM https://code.google.com/p/chromium/issues/detail?id=180058 CONFIRM https://code.google.com/p/chromium/issues/detail?id=179580 CONFIRM https://code.google.com/p/chromium/issues/detail?id=178761 CONFIRM https://code.google.com/p/chromium/issues/detail?id=178581 CONFIRM https://code.google.com/p/chromium/issues/detail?id=178269 CONFIRM https://code.google.com/p/chromium/issues/detail?id=178130 CONFIRM https://code.google.com/p/chromium/issues/detail?id=177815 CONFIRM https://code.google.com/p/chromium/issues/detail?id=176719 CONFIRM https://code.google.com/p/chromium/issues/detail?id=174920 CONFIRM https://code.google.com/p/chromium/issues/detail?id=173672 CONFIRM https://code.google.com/p/chromium/issues/detail?id=173397 CONFIRM https://code.google.com/p/chromium/issues/detail?id=170715 CONFIRM https://code.google.com/p/chromium/issues/detail?id=168050 CONFIRM https://code.google.com/p/chromium/issues/detail?id=162896 CONFIRM http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.93 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2013-2837

2013-05-22T09:29:55.977-04:00

2013-05-22T11:20:27.820-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2013-05-22T11:19:00.000-04:00

CONFIRM https://code.google.com/p/chromium/issues/detail?id=235638 CONFIRM http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

cpe:/a:google:chrome:27.0.1453.84 cpe:/a:google:chrome:27.0.1453.42 cpe:/a:google:chrome:27.0.1453.46 cpe:/a:google:chrome:27.0.1453.82 cpe:/a:google:chrome:27.0.1453.12 cpe:/a:google:chrome:27.0.1453.40 cpe:/a:google:chrome:27.0.1453.60 cpe:/a:google:v8:- cpe:/a:google:chrome:27.0.1453.7 cpe:/a:google:chrome:27.0.1453.63 cpe:/a:google:chrome:27.0.1453.15 cpe:/a:google:chrome:27.0.1453.43 cpe:/a:google:chrome:27.0.1453.47 cpe:/a:google:chrome:27.0.1453.61 cpe:/a:google:chrome:27.0.1453.45 cpe:/a:google:chrome:27.0.1453.90 cpe:/a:google:chrome:27.0.1453.49 cpe:/a:google:chrome:27.0.1453.3 cpe:/a:google:chrome:27.0.1453.72 cpe:/a:google:chrome:27.0.1453.89 cpe:/a:google:chrome:27.0.1453.34 cpe:/a:google:chrome:27.0.1453.51 cpe:/a:google:chrome:27.0.1453.9 cpe:/a:google:chrome:27.0.1453.13 cpe:/a:google:chrome:27.0.1453.57 cpe:/a:google:chrome:27.0.1453.50 cpe:/a:google:chrome:27.0.1453.81 cpe:/a:google:chrome:27.0.1453.85 cpe:/a:google:chrome:27.0.1453.5 cpe:/a:google:chrome:27.0.1453.2 cpe:/a:google:chrome:27.0.1453.55 cpe:/a:google:chrome:27.0.1453.8 cpe:/a:google:chrome:27.0.1453.69 cpe:/a:google:chrome:27.0.1453.10 cpe:/a:google:chrome:27.0.1453.44 cpe:/a:google:chrome:27.0.1453.67 cpe:/a:google:chrome:27.0.1453.39 cpe:/a:google:chrome:27.0.1453.86 cpe:/a:google:chrome:27.0.1453.59 cpe:/a:google:chrome:27.0.1453.38 cpe:/a:google:chrome:27.0.1453.54 cpe:/a:google:chrome:27.0.1453.58 cpe:/a:google:chrome:27.0.1453.80 cpe:/a:google:chrome:27.0.1453.62 cpe:/a:google:chrome:27.0.1453.1 cpe:/a:google:chrome:27.0.1453.70 cpe:/a:google:chrome:27.0.1453.79 cpe:/a:google:chrome:27.0.1453.65 cpe:/a:google:chrome:27.0.1453.87 cpe:/a:google:chrome:27.0.1453.74 cpe:/a:google:chrome:27.0.1453.88 cpe:/a:google:chrome:27.0.1453.56 cpe:/a:google:chrome:27.0.1453.73 cpe:/a:google:chrome:27.0.1453.91 cpe:/a:google:chrome:27.0.1453.6 cpe:/a:google:chrome:27.0.1453.52 cpe:/a:google:chrome:27.0.1453.77 cpe:/a:google:chrome:27.0.1453.78 cpe:/a:google:chrome:27.0.1453.76 cpe:/a:google:chrome:27.0.1453.0 cpe:/a:google:chrome:27.0.1453.35 cpe:/a:google:chrome:27.0.1453.4 cpe:/a:google:chrome:27.0.1453.83 cpe:/a:google:chrome:27.0.1453.71 cpe:/a:google:chrome:27.0.1453.66 cpe:/a:google:chrome:27.0.1453.68 cpe:/a:google:chrome:27.0.1453.41 cpe:/a:google:chrome:27.0.1453.11 cpe:/a:google:chrome:27.0.1453.36 cpe:/a:google:chrome:27.0.1453.75 cpe:/a:google:chrome:27.0.1453.37 cpe:/a:google:chrome:27.0.1453.64

CVE-2013-2838

2013-05-22T09:29:55.987-04:00

2013-05-22T00:00:00.000-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2013-05-22T11:14:00.000-04:00

CONFIRM https://code.google.com/p/chromium/issues/detail?id=235311 CONFIRM http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html Google V8, as used in Google Chrome before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2013-2839

2013-05-22T09:29:55.997-04:00

2013-05-22T11:19:49.077-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2013-05-22T11:18:00.000-04:00

CONFIRM https://code.google.com/p/chromium/issues/detail?id=230176 CONFIRM http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html Google Chrome before 27.0.1453.93 does not properly perform a cast of an unspecified variable during handling of clipboard data, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2013-2840

2013-05-22T09:29:56.013-04:00

2013-05-22T11:30:15.320-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2013-05-22T11:29:00.000-04:00

CONFIRM https://code.google.com/p/chromium/issues/detail?id=230117 CONFIRM http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2846.