CVE-2013-1650
published 2013-09-05CVE-2013-1650: Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions (group "other" readable) under…
PriorityP410low2.1CVSS 2.0
AVLACLAuNCPINAN
EXPLOIT
EPSS
0.79%
51.7th percentile
Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions (group "other" readable) under opt/open-xchange/etc/, which allows local users to obtain sensitive information via standard filesystem operations.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open-xchange | open-xchange_server | — | — |
| open-xchange | open-xchange_server | — | — |
| open-xchange | open-xchange_server | — | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q4qr-fcpc-m3j6: Open-Xchange Server before 6
ghsa_unreviewed·2022-05-17
CVE-2013-1650 [LOW] GHSA-q4qr-fcpc-m3j6: Open-Xchange Server before 6
Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions (group "other" readable) under opt/open-xchange/etc/, which allows local users to obtain sensitive information via standard filesystem operations.
Red Hat
v8: DoS (out-of-bounds read) in DehoistArrayIndex function in hydrogen.cc
vendor_redhat·2013-12-04·CVSS 7.5
CVE-2013-6640 [HIGH] CWE-125 v8: DoS (out-of-bounds read) in DehoistArrayIndex function in hydrogen.cc
v8: DoS (out-of-bounds read) in DehoistArrayIndex function in hydrogen.cc
The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.
Package: ruby193-v8 (CloudForms Management Engine 5) - Will not fix
Package: ruby193-v8 (OpenShift Enterprise 1) - Will not fix
Package: v8 (Red Hat OpenShift Enterprise 2) - Will not fix
Package: ruby193-v8 (Red Hat OpenStack Platform 3) - Will not fix
Package: v8 (Red Hat OpenStack Platform 3) - Will not fix
Package: ruby193-v8 (Red Hat OpenStack Platform 4) - Will not fix
Package: v8 (Red Hat
Red Hat
v8: DoS (out-of-bounds write) in DehoistArrayIndex function in hydrogen.cc
vendor_redhat·2013-12-04·CVSS 7.5
CVE-2013-6639 [HIGH] CWE-787 v8: DoS (out-of-bounds write) in DehoistArrayIndex function in hydrogen.cc
v8: DoS (out-of-bounds write) in DehoistArrayIndex function in hydrogen.cc
The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index.
Package: ruby193-v8 (CloudForms Management Engine 5) - Will not fix
Package: ruby193-v8 (OpenShift Enterprise 1) - Will not fix
Package: v8 (Red Hat OpenShift Enterprise 2) - Will not fix
Package: ruby193-v8 (Red Hat OpenStack Platform 3) - Will not fix
Package: v8 (Red Hat OpenStack Platform 3) - Will not fix
Package: ruby193-v8 (Red Hat OpenStack Platform 4) - Will
Red Hat
v8: multiple buffer overflows in runtime.cc
vendor_redhat·2013-12-04·CVSS 7.5
CVE-2013-6638 [HIGH] v8: multiple buffer overflows in runtime.cc
v8: multiple buffer overflows in runtime.cc
Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large typed array, related to the (1) Runtime_TypedArrayInitialize and (2) Runtime_TypedArrayInitializeFromArrayLike functions.
Statement: Not Vulnerable. This issue only affects versions of v8 that support typed arrays. This issue does not affect the versions of v8 as shipped with various Red Hat products.
Package: ruby193-v8 (CloudForms Management Engine 5) - Not affected
Package: ruby193-v8 (OpenShift Enterprise 1) - Not affected
Package: v8 (Red Hat OpenShift Enterprise 2) - Not affected
Package: ruby19
Red Hat
libjpeg: information leak (read of uninitialized memory)
vendor_redhat·2013-11-12·CVSS 5.0
CVE-2013-6629 [MEDIUM] CWE-456 libjpeg: information leak (read of uninitialized memory)
libjpeg: information leak (read of uninitialized memory)
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Package: libjpeg-turbo (Red Hat Enterprise Linux 7) - Not affected
Red Hat
libjpeg: information leak (read of uninitialized memory)
vendor_redhat·2013-11-12·CVSS 5.0
CVE-2013-6630 [MEDIUM] CWE-456 libjpeg: information leak (read of uninitialized memory)
libjpeg: information leak (read of uninitialized memory)
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Package: libjpeg (Red Hat Enterprise Linux 5) - Not affected
Package: libjpeg-turbo (Red Hat Enterprise Linux 7) - Not affected
No detection rules found.
Exploit-DB
Google Chrome < 31.0.1650.48 - HTTP 1xx base::StringTokenizerT<...>::QuickGetNext Out-of-Bounds Read
exploitdb·2016-12-19
CVE-2013-6627 Google Chrome < 31.0.1650.48 - HTTP 1xx base::StringTokenizerT<...>::QuickGetNext Out-of-Bounds Read
Google Chrome ::QuickGetNext Out-of-Bounds Read
---
'''
Source: http://blog.skylined.nl/20161219001.html
Synopsis
A specially crafted HTTP response can allow a malicious web-page to trigger a out-of-bounds read vulnerability in Google Chrome. The data is read from the main process' memory.
Known affected software, attack vectors and potential mitigations
Google Chrome up to, but not including, 31.0.1650.48
An attacker would need to get a target user to open a specially crafted web-page. Disabling JavaScript does not prevent an attacker from triggering the vulnerable code path, but may prevent exfiltration of information.
Since the affected code has not been changed since 2009, I assume this affects all versions of Chrome released in the last few years.
Details
The HttpStream
Exploit-DB
Open-Xchange Server 6 - Multiple Vulnerabilities
exploitdb·2013-03-15·CVSS 4.3
CVE-2013-1651 [MEDIUM] Open-Xchange Server 6 - Multiple Vulnerabilities
Open-Xchange Server 6 - Multiple Vulnerabilities
---
Multiple security issues for Open-Xchange Server have been discovered and fixed. The vendor has chosen responsible full disclosure to publish security issue details. Users of the software have already been provided with patched versions.
Proof regarding authenticity can be obtained from the published release notes:
http://software.open-xchange.com/OX6/6.20/doc/Release_Notes_for_Public_Patch_Release_1310_6.20.7_Rev14_2013-02-28.pdf
http://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Public_Patch_Release_1311_6.22.0_Rev13_2013-02-28.pdf
http://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Public_Patch_Release_1312_6.22.1_Rev14_2013-02-28.pdf
Product: Open-Xchange Server 6
Vendor: Open-Xchange GmbH
Internal refe
Bugzilla
CVE-2013-6638 v8: multiple buffer overflows in runtime.cc
bugzilla·2013-12-10·CVSS 7.5
CVE-2013-6638 [HIGH] CVE-2013-6638 v8: multiple buffer overflows in runtime.cc
CVE-2013-6638 v8: multiple buffer overflows in runtime.cc
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6638 to the following vulnerability:
Name: CVE-2013-6638
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6638
Assigned: 20131105
Reference: http://www.mail-archive.com/[email protected]/msg79646.html
Reference: http://code.google.com/p/v8/source/detail?r=17800
Reference: http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html
Reference: https://code.google.com/p/chromium/issues/detail?id=319722
Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigge
Bugzilla
CVE-2013-6640 v8: DoS (out-of-bounds read) in DehoistArrayIndex function in hydrogen.cc
bugzilla·2013-12-10·CVSS 7.5
CVE-2013-6640 [HIGH] CVE-2013-6640 v8: DoS (out-of-bounds read) in DehoistArrayIndex function in hydrogen.cc
CVE-2013-6640 v8: DoS (out-of-bounds read) in DehoistArrayIndex function in hydrogen.cc
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6640 to the following vulnerability:
Name: CVE-2013-6640
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6640
Assigned: 20131105
Reference: http://code.google.com/p/v8/source/detail?r=17801
Reference: http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html
Reference: https://code.google.com/p/chromium/issues/detail?id=319860
The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element wi
Bugzilla
CVE-2013-6639 v8: DoS (out-of-bounds write) in DehoistArrayIndex function in hydrogen.cc
bugzilla·2013-12-10·CVSS 7.5
CVE-2013-6639 [HIGH] CVE-2013-6639 v8: DoS (out-of-bounds write) in DehoistArrayIndex function in hydrogen.cc
CVE-2013-6639 v8: DoS (out-of-bounds write) in DehoistArrayIndex function in hydrogen.cc
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6639 to the following vulnerability:
Name: CVE-2013-6639
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6639
Assigned: 20131105
Reference: http://code.google.com/p/v8/source/detail?r=17801
Reference: http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html
Reference: https://code.google.com/p/chromium/issues/detail?id=319835
The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets th
Bugzilla
CVE-2013-6631 libjingle: use-after-free flaw
bugzilla·2013-11-18·CVSS 7.5
CVE-2013-6631 [HIGH] CVE-2013-6631 libjingle: use-after-free flaw
CVE-2013-6631 libjingle: use-after-free flaw
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6631 to
the following vulnerability:
Name: CVE-2013-6631
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6631
Assigned: 20131105
Reference: http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
Reference: https://code.google.com/p/chromium/issues/detail?id=296804
Reference: https://code.google.com/p/webrtc/source/detail?r=4827
Reference: https://webrtc-codereview.appspot.com/2275008
Use-after-free vulnerability in the Channel::SendRTCPPacket function
in voice_engine/channel.cc in libjingle in WebRTC, as used in Google
Chrome before 31.0.1650.48 and other products, allows remote attackers
to cause a denial of service (heap memory corruption)
2013-09-05
Published