Security Vulnerabilities, CVEs, Published In January 2013 CVSS score >= 6

Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop.

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.

Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (incorrect memory copy) via a SOAPAction header that lacks a " (double quote) character, a different vulnerability than CVE-2013-0230.

The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and service crash) via a SOAPAction header that lacks a # (pound sign) character, a different vulnerability than CVE-2013-0230.

Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center testing library in Cisco WebEx Training Center allows remote attackers to hijack the authentication of arbitrary users for requests that delete tests, aka Bug ID CSCzu81067.

Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device configuration via an SNMP request, aka Bug ID CSCua60653.

The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636.

Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659.

The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service (device reload) via crafted IP packets, aka Bug ID CSCtx80743.

WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

Buffer overflow in Drive Control Program (DCP) in EMC AlphaStor 4.0 before build 814 allows remote attackers to execute arbitrary code via vectors involving a new device name.

Format string vulnerability in the _vsnsprintf function in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary code via format string specifiers in a command.

The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation.

content/renderer/media/webrtc_audio_renderer.cc in Google Chrome before 24.0.1312.56 on Mac OS X does not use an appropriate buffer size for the 96 kHz sampling rate, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a web site that provides WebRTC audio.