[VIM] [CVENEW] New CVE CANs: 2013/03/15 10:00 ; count=4

coley at mitre.org coley at mitre.org
Fri Mar 15 09:04:23 CDT 2013


======================================================
Name: CVE-2013-2371
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2371
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130304
Category: 
Reference: CONFIRM:http://www.tibco.com/mk/advisory.jsp
Reference: CONFIRM:http://www.tibco.com/multimedia/spotfire-statistics-services-advisory-2013-03-12_tcm8-18479.txt
Reference: CONFIRM:http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jsp

The Web API in the Statistics Server in TIBCO Spotfire Statistics
Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before
5.0.1 allows remote attackers to obtain sensitive information via an
unspecified HTTP request.



======================================================
Name: CVE-2013-2372
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2372
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130304
Category: 
Reference: CONFIRM:http://www.tibco.com/mk/advisory.jsp
Reference: CONFIRM:http://www.tibco.com/multimedia/spotfire-web-player-advisory-2013-03-12_tcm8-18480.txt
Reference: CONFIRM:http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jsp

Cross-site scripting (XSS) vulnerability in the Engine in TIBCO
Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x
before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to inject
arbitrary web script or HTML via unspecified vectors.



======================================================
Name: CVE-2013-2373
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2373
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130304
Category: 
Reference: CONFIRM:http://www.tibco.com/mk/advisory.jsp
Reference: CONFIRM:http://www.tibco.com/multimedia/spotfire-web-player-advisory-2013-03-12_tcm8-18480.txt
Reference: CONFIRM:http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jsp

The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x
before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not
properly implement access control, which allows remote attackers to
obtain sensitive information or modify data via unspecified vectors.



======================================================
Name: CVE-2013-2492
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2492
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130306
Category: 
Reference: MISC:https://gist.github.com/zeroSteiner/85daef257831d904479c
Reference: MISC:https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb
Reference: CONFIRM:http://tracker.firebirdsql.org/browse/CORE-4058

Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before
18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote
attackers to execute arbitrary code via a crafted packet to TCP port
3050, related to a missing size check during extraction of a group
number from CNCT information.





More information about the VIM mailing list