wifi2
wifi3
tower3
cat51
tower5
wifi1
tower4
tower2
cat52
tower1
Security and Firewalls PDF Print E-mail
Written by Administrator   
Tuesday, April 26 2011 09:15

In today's internet, intrusion dectection is a must to ensure data reliablity for all parties. Nexus offers a state-of-the-art security solution to combat unauthorized access to your network. Firewalls are monitored contantly 24x7 by a trained staff with failsafe backup servers at every turn. Whether wirleline or wireless, Nexus has the manpower and resourses to protect your data.

 

Last Updated on Wednesday, March 27 2013 08:26
 

CERT Cyber Security Bulletins

US-CERT Bulletins
Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
  • SB14-111: Vulnerability Summary for the Week of April 14, 2014
    Original release date: April 21, 2014

    The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

    The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

    • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

    • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

    • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

    Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

    High Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    adobe -- adobe_readerThe Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636.2014-04-159.3CVE-2014-0514
    advantech -- advantech_webaccessMultiple SQL injection vulnerabilities in DBVisitor.dll in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary SQL commands via SOAP requests to unspecified functions.2014-04-127.5CVE-2014-0763
    advantech -- advantech_webaccessStack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long NodeName parameter.2014-04-127.5CVE-2014-0764
    advantech -- advantech_webaccessStack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long GotoCmd argument.2014-04-127.5CVE-2014-0765
    advantech -- advantech_webaccessStack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long NodeName2 argument.2014-04-127.5CVE-2014-0766
    advantech -- advantech_webaccessStack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long AccessCode argument.2014-04-127.5CVE-2014-0767
    advantech -- advantech_webaccessStack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long AccessCode2 argument.2014-04-127.5CVE-2014-0768
    advantech -- advantech_webaccessStack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long UserName parameter.2014-04-127.5CVE-2014-0770
    advantech -- advantech_webaccessThe CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to execute (1) setup.exe, (2) bwvbprt.exe, and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument, as demonstrated by a UNC share pathname.2014-04-127.5CVE-2014-0773
    apache -- xalan-javaThe TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.2014-04-157.5CVE-2014-0107
    blackberry -- blackberry_z10Stack-based buffer overflow in a certain decryption function in qconnDoor on Blackberry Z10 devices with software 10.1.0.2312, when developer-mode has been previously enabled, allows remote attackers to execute arbitrary code via a crafted packet in a TCP session on a wireless network.2014-04-129.3CVE-2014-2389
    construtiva -- cis_manager_cmsSQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter.2014-04-117.5CVE-2014-2847
    emc -- cloud_tiering_appliance_softwareEMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.2014-04-167.8CVE-2014-0644
    ioserver -- ioserver_opc_serverThe Modbus slave/outstation driver in the OPC Drivers 1.0.20 and earlier in IOServer OPC Server allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted packet.2014-04-117.8CVE-2014-0777
    j2k-codec -- j2k-codecMultiple unspecified vulnerabilities in J2k-Codec allow remote attackers to execute arbitrary code via a crafted JPEG 2000 file.2014-04-1210.0CVE-2014-0349
    juniper -- junosJuniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is enabled, allows remote attackers to cause a denial of service (kernel panic and crash) via a large number of crafted IGMP packets.2014-04-147.1CVE-2014-0614
    juniper -- junosThe Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 before 11.4R9, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D10, and 12.1X46 before 12.1X46-D10, as used in the SRX Series services gateways, allows remote attackers to cause a denial of service (flow daemon crash and restart) via a crafted URL.2014-04-147.1CVE-2014-2714
    juniper -- screenosJuniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet.2014-04-157.8CVE-2014-2842
    linux -- linux_kernelRace condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c.2014-04-147.1CVE-2014-2706
    nullsoft -- winampStack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk.2014-04-167.5CVE-2013-4694
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.2014-04-1510.0CVE-2014-0429
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0455 and CVE-2014-2402.2014-04-159.3CVE-2014-0432
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.2014-04-157.5CVE-2014-0446
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.2014-04-157.6CVE-2014-0448
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412.2014-04-157.5CVE-2014-0451
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423.2014-04-157.5CVE-2014-0452
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.2014-04-157.5CVE-2014-0454
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402.2014-04-159.3CVE-2014-0455
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.2014-04-1510.0CVE-2014-0456
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.2014-04-1510.0CVE-2014-0457
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.2014-04-157.5CVE-2014-0458
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.2014-04-159.3CVE-2014-0461
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.2014-04-159.3CVE-2014-2397
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-0455.2014-04-157.5CVE-2014-2402
    oracle -- database_serverUnspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to "Advisor" and "Select Any Dictionary" privileges.2014-04-158.5CVE-2014-2406
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.2014-04-159.3CVE-2014-2410
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451.2014-04-157.5CVE-2014-2412
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB.2014-04-157.5CVE-2014-2414
    oracle -- javafxUnspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.2014-04-1510.0CVE-2014-2421
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.2014-04-157.5CVE-2014-2423
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.2014-04-157.5CVE-2014-2427
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.2014-04-157.6CVE-2014-2428
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Security.2014-04-157.5CVE-2014-2470
    orbitscripts -- orbit_open_ad_serverSQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_directory.2014-04-117.5CVE-2014-2540
    osisoft -- pi_interfaceThe DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for DNP3 allows remote attackers to cause a denial of service (interface shutdown) via a crafted TCP packet.2014-04-127.1CVE-2013-2809
    paperthin -- commonspot_content_serverPaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a direct request.2014-04-157.5CVE-2014-2859
    paperthin -- commonspot_content_serverMultiple absolute path traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a full pathname in a parameter.2014-04-1510.0CVE-2014-2863
    paperthin -- commonspot_content_serverMultiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences.2014-04-1510.0CVE-2014-2864
    paperthin -- commonspot_content_serverPaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a '\0' character, as demonstrated by using this character within a pathname on the drive containing the web root directory of a ColdFusion installation.2014-04-157.5CVE-2014-2865
    paperthin -- commonspot_content_serverPaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access restrictions, which allows remote attackers to perform unspecified operations by modifying this code.2014-04-1510.0CVE-2014-2866
    paperthin -- commonspot_content_serverUnrestricted file upload vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code by uploading a ColdFusion page, and then accessing it via unspecified vectors.2014-04-1510.0CVE-2014-2867
    paperthin -- commonspot_content_serverPaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable.2014-04-157.5CVE-2014-2868
    paperthin -- commonspot_content_serverPaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via shell metacharacters in an unspecified context.2014-04-1510.0CVE-2014-2874
    pivotx -- pivotxMultiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors.2014-04-157.5CVE-2014-0342
    sophos -- web_appliance_firmwareThe Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.2014-04-118.5CVE-2014-2849
    sophos -- web_appliance_firmwareThe network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.2014-04-118.5CVE-2014-2850
    suse -- kiwikiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown.2014-04-167.5CVE-2011-3180
    suse -- kiwikiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile."2014-04-167.5CVE-2011-4192
    suse -- kiwikiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in an image name.2014-04-167.5CVE-2011-4195
    vmware -- vsphere_clientVMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors.2014-04-119.3CVE-2014-1209
    wellintech -- kingscadaStack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitrary code via a crafted packet.2014-04-1210.0CVE-2014-0787
    xangati -- xangati_software_releaseMultiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatus action to servlet/MGConfigData, (2) the download parameter in a download action to servlet/MGConfigData, (3) the download parameter in a port_svc action to servlet/MGConfigData, (4) the file parameter in a getfile action to servlet/Installer, or (5) the binfile parameter to servlet/MGConfigData.2014-04-157.8CVE-2014-0358
    xangati -- xangati_software_releaseXangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a gui_input_test.pl params parameter to servlet/Installer.2014-04-159.0CVE-2014-0359
    zyxel -- n300_netusb_nbg-419nThe ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 has a hardcoded password of qweasdzxc for an unspecified account, which allows remote attackers to obtain index.asp login access via an HTTP request.2014-04-157.8CVE-2014-0354
    zyxel -- n300_netusb_nbg-419nMultiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allow man-in-the-middle attackers to execute arbitrary code via (1) a long temp attribute in a yweather:condition element in a forecastrss file that is processed by the checkWeather function; the (2) WeatherCity or (3) WeatherDegree variable to the detectWeather function; unspecified input to the (4) UpnpAddRunRLQoS, (5) UpnpDeleteRunRLQoS, or (6) UpnpDeletePortCheckType function; or (7) the SET COUNTRY udps command.2014-04-157.9CVE-2014-0355
    zyxel -- n300_netusb_nbg-419nThe ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2) set_language, (3) SystemCommand, or (4) NTPSyncWithHost function in management.c, or a (5) SET COUNTRY, (6) SET WLAN SSID, (7) SET WLAN CHANNEL, (8) SET WLAN STATUS, or (9) SET WLAN COUNTRY udps command.2014-04-157.9CVE-2014-0356
    Back to top

    Medium Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    advanced_package_tool -- advanced_package_toolThe pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it more difficult to detect that the Packages file is modified and unsigned.2014-04-154.3CVE-2012-0214
    advantech -- advantech_webaccessThe OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.2014-04-125.0CVE-2014-0771
    advantech -- advantech_webaccessThe OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.2014-04-125.0CVE-2014-0772
    amos_benari -- rbovirtThe rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.2014-04-176.8CVE-2014-0036
    amtelco -- misecuremessagesAmtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application.2014-04-155.0CVE-2014-0357
    apache -- http_serverThe mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."2014-04-155.0CVE-2013-5704
    apache -- syncopeApache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."2014-04-176.5CVE-2014-0111
    apps4u@android -- sd_card_managerDirectory traversal vulnerability in the apps4u@android SD Card Manager application before 20140224 for Android allows attackers to overwrite or create arbitrary files via a crafted filename.2014-04-115.8CVE-2014-1969
    bzip -- bzip2The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.2014-04-164.6CVE-2011-4089
    cambridge_enterprise -- jbig-kitStack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted image file.2014-04-116.8CVE-2013-6369
    canonical -- libpam-modulesUntrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.04 LTS, when using certain configurations such as "session optional pam_motd.so", allows local users to gain privileges by modifying the PATH environment variable to reference a malicious command, as demonstrated via uname.2014-04-156.9CVE-2011-3628
    cisco -- ons_15454Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (flash write outage) via a TCP FIN attack that triggers file-descriptor exhaustion, aka Bug ID CSCug97315.2014-04-125.0CVE-2014-2139
    cisco -- ons_15454Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (card reset) via a TCP FIN attack that triggers file-descriptor exhaustion and a failure to open a CAL pipe, aka Bug ID CSCug97348.2014-04-125.0CVE-2014-2140
    cisco -- ons_15454Cisco ONS 15454 controller cards with software 10.0 and earlier allow remote attackers to cause a denial of service (card reload) via a crafted HTTP URI, aka Bug ID CSCun06870.2014-04-125.0CVE-2014-2142
    dell -- sonicwall_email_securityMultiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page.2014-04-174.3CVE-2014-2879
    elfutils_project -- elfutilsInteger overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.2014-04-116.8CVE-2014-0172
    emc -- rsa_bsafeEMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate chain.2014-04-115.8CVE-2014-0636
    emc -- documentum_content_serverEMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors.2014-04-155.5CVE-2014-0642
    emc -- cloud_tiering_appliance_softwareEMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack.2014-04-164.7CVE-2014-0645
    eucalyptus -- eucalyptusThe web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and (1) Cloud Controller (CLC), (2) Walrus, (3) Storage Controller (SC), and (4) VMware Broker (VB).2014-04-155.0CVE-2013-4768
    freebsd -- freebsdThe NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order when converting a directory file handle to a vnode, which allows remote authenticated users to cause a denial of service (deadlock) via vectors involving a thread that uses the correct locking order.2014-04-164.0CVE-2014-1453
    gopivotal -- grailsThe default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 before 2.3.6 does not properly restrict access to files in the WEB-INF directory, which allows remote attackers to obtain sensitive information via a direct request. NOTE: this identifier has been SPLIT due to different researchers and different vulnerability types. See CVE-2014-2857 for the META-INF variant and CVE-2014-2858 for the directory traversal.2014-04-155.0CVE-2014-0053
    gopivotal -- grailsThe default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 does not properly restrict access to files in the META-INF directory, which allows remote attackers to obtain sensitive information via a direct request. NOTE: this issue was SPLIT from CVE-2014-0053 due to different researchers per ADT5.2014-04-155.0CVE-2014-2857
    gopivotal -- grailsDirectory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors related to a "configured block." NOTE: this issue was SPLIT from CVE-2014-0053 per ADT2 due to different vulnerability types.2014-04-155.0CVE-2014-2858
    haxx -- curlThe default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.2014-04-156.4CVE-2014-0138
    haxx -- curlcURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.2014-04-155.8CVE-2014-0139
    ibm -- messagesight_jms_clientThe server in IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon crash and message data loss) via malformed headers during a WebSockets connection upgrade.2014-04-154.3CVE-2014-0921
    ibm -- messagesight_jms_clientIBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (resource consumption) via WebSockets MQ Telemetry Transport (MQTT) data.2014-04-154.3CVE-2014-0922
    ibm -- messagesight_jms_clientIBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon restart) via crafted MQ Telemetry Transport (MQTT) authentication data.2014-04-154.3CVE-2014-0923
    ibm -- messagesight_jms_clientIBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 does not verify that all of the characters of a password are correct, which makes it easier for remote authenticated users to bypass intended access restrictions by leveraging knowledge of a password substring.2014-04-154.6CVE-2014-0924
    juniper -- srx100Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before 11.4R11, 12.1X44 before 12.1X44-D26, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, and 12.1X46 before 12.1X46-D10, when Dynamic IPsec VPN is configured, allows remote attackers to cause a denial of service (new Dynamic VPN connection failures and CPU and disk consumption) via unknown vectors.2014-04-145.0CVE-2014-0612
    juniper -- junosCross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11.4X27.62 (BBE), 12.1 before 12.1R9, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.2 before 12.2R7, 12.3 before 12.3R6, 13.1 before 13.1R4, 13.2 before 13.2R3, and 13.3 before 13.3R1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-04-144.3CVE-2014-2711
    juniper -- junosCross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before 12.2R1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to index.php.2014-04-144.3CVE-2014-2712
    juniper -- junosJuniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, 12.3R4 before 12.3R4-S3, 13.1 before 13.1R4, 13.2 before 13.2R2, and 13.3 before 13.3R1, as used in MX Series and T4000 routers, allows remote attackers to cause a denial of service (PFE restart) via a crafted IP packet to certain (1) Trio or (2) Cassis-based Packet Forwarding Engine (PFE) modules.2014-04-145.0CVE-2014-2713
    katello -- katelloThe users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.2014-04-176.5CVE-2013-2143
    kbd-project -- kbdThe init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.2014-04-166.3CVE-2011-0460
    kokuyo -- camiappThe Content Provider in the KOKUYO CamiApp application 1.21.1 and earlier for Android allows attackers to bypass intended access restrictions and read database information via a crafted application.2014-04-155.8CVE-2014-1986
    linux -- linux_kerneldrivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.2014-04-145.5CVE-2014-0077
    linux -- linux_kernelThe ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced.2014-04-145.5CVE-2014-0155
    linux -- linux_kernelThe cma_req_handler function in drivers/infiniband/core/cma.c in the Linux kernel 3.14.x through 3.14.1 attempts to resolve an RDMA over Converged Ethernet (aka RoCE) address that is properly resolved within a different module, which allows remote attackers to cause a denial of service (incorrect pointer dereference and system crash) via crafted network traffic.2014-04-144.6CVE-2014-2739
    linux -- linux_kernelInteger overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.2014-04-146.9CVE-2014-2851
    linuxfoundation -- cups-filterscups-browsed in cups-filters 1.0.41 before 1.0.51 in allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."2014-04-175.8CVE-2014-2707
    modsecurity -- modsecurityapache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.2014-04-155.0CVE-2013-5705
    mysql -- mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.2014-04-154.0CVE-2014-0384
    mysql -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.2014-04-154.0CVE-2014-2419
    mysql -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.2014-04-156.0CVE-2014-2436
    mysql -- mysqlUnspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2014-04-155.1CVE-2014-2440
    net-snmp -- net-snmpThe AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.2014-04-175.0CVE-2014-2310
    openafs -- openafsBuffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument.2014-04-145.0CVE-2014-0159
    openafs -- openafsOpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet.2014-04-145.0CVE-2014-2852
    openfabrics -- ibutilsUntrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse program in refix/lib/, related to an incorrect RPATH setting in the ELF header.2014-04-154.4CVE-2008-3277
    openssl -- opensslRace condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.2014-04-144.0CVE-2010-5298
    openstack -- python-keystoneclientThe auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."2014-04-156.0CVE-2014-0105
    openstack -- horizonCross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template.2014-04-154.3CVE-2014-0157
    openstack -- computeThe Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests.2014-04-156.0CVE-2014-0167
    openstack -- keystoneThe V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."2014-04-155.0CVE-2014-2828
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via vectors related to HTTP Request Handling, a different vulnerability than CVE-2014-0426.2014-04-154.3CVE-2014-0413
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality via vectors related to HTTP Request Handling.2014-04-155.0CVE-2014-0414
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via vectors related to HTTP Request Handling, a different vulnerability than CVE-2014-0413.2014-04-154.3CVE-2014-0426
    oracle -- sunosUnspecified vulnerability in Oracle Solaris 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Print Filter Utility.2014-04-154.6CVE-2014-0442
    oracle -- sunosUnspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel.2014-04-154.9CVE-2014-0447
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via unknown vectors related to Deployment.2014-04-155.0CVE-2014-0449
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.7 and 11.1.1.8 allows remote attackers to affect confidentiality via unknown vectors related to People Connection.2014-04-155.0CVE-2014-0450
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.2014-04-154.0CVE-2014-0453
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.2014-04-154.3CVE-2014-0459
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI.2014-04-155.8CVE-2014-0460
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0464.2014-04-154.3CVE-2014-0463
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0463.2014-04-154.3CVE-2014-0464
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2400.2014-04-154.3CVE-2014-2399
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2399.2014-04-154.3CVE-2014-2400
    oracle -- javafxUnspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D.2014-04-155.0CVE-2014-2401
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP.2014-04-155.0CVE-2014-2403
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, and 11.1.2.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to WebGate.2014-04-154.0CVE-2014-2404
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2415, CVE-2014-2416, CVE-2014-2417, and CVE-2014-2418.2014-04-155.0CVE-2014-2407
    oracle -- database_serverUnspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to the "Grant Any Object Privilege."2014-04-156.6CVE-2014-2408
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment.2014-04-156.4CVE-2014-2409
    oracle -- identity_analyticsUnspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 5.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Security.2014-04-156.5CVE-2014-2411
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.2014-04-154.3CVE-2014-2413
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2416, CVE-2014-2417, and CVE-2014-2418.2014-04-155.0CVE-2014-2415
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2415, CVE-2014-2417, and CVE-2014-2418.2014-04-155.0CVE-2014-2416
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2415, CVE-2014-2416, and CVE-2014-2418.2014-04-155.0CVE-2014-2417
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2415, CVE-2014-2416, and CVE-2014-2417.2014-04-155.0CVE-2014-2418
    oracle -- javafxUnspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2014-04-156.8CVE-2014-2422
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.0 allows remote authenticated users to affect integrity via vectors related to CEP system.2014-04-154.0CVE-2014-2424
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect confidentiality via unknown vectors.2014-04-154.0CVE-2014-2425
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity and availability via unknown vectors related to Admin Console.2014-04-154.9CVE-2014-2426
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise CS Campus Self Service component in Oracle PeopleSoft Products 9.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Campus Mobile.2014-04-154.0CVE-2014-2429
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.53 allows remote attackers to affect availability via unknown vectors related to Integration Broker.2014-04-155.0CVE-2014-2433
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.2014-04-154.0CVE-2014-2434
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.2014-04-154.0CVE-2014-2435
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Integration Broker, a different vulnerability than CVE-2014-2447.2014-04-155.0CVE-2014-2437
    oracle -- virtualizationUnspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Workspace Web Application.2014-04-156.4CVE-2014-2439
    oracle -- vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests.2014-04-154.4CVE-2014-2441
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.2014-04-154.0CVE-2014-2442
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology.2014-04-154.3CVE-2014-2443
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB.2014-04-156.5CVE-2014-2444
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via vectors related to QAS.2014-04-154.0CVE-2014-2446
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Integration Broker, a different vulnerability than CVE-2014-2437.2014-04-155.0CVE-2014-2447
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Install and Packaging.2014-04-155.0CVE-2014-2448
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise HRMS Talent Acquisition Manager component in Oracle PeopleSoft Products 9.0, 9.1, and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.2014-04-154.0CVE-2014-2449
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.2014-04-154.0CVE-2014-2450
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 allows remote authenticated users to affect availability via unknown vectors related to Webserver Plugin.2014-04-154.0CVE-2014-2452
    oracle -- hyperionUnspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect integrity via unknown vectors related to User Interface.2014-04-154.3CVE-2014-2453
    oracle -- hyperionUnspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect confidentiality via unknown vectors related to User Interface.2014-04-154.3CVE-2014-2454
    oracle -- hyperionUnspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to User Interface.2014-04-156.0CVE-2014-2455
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Agile Product Lifecycle component in Oracle Supply Chain Products Suite 6.0 and 6.1.0 allows remote attackers to affect integrity via unknown vectors related to Install.2014-04-154.3CVE-2014-2457
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Agile Product Lifecycle component in Oracle Supply Chain Products Suite 6.1.0.3 and 6.1.1.3 allows remote attackers to affect integrity via unknown vectors related to Install.2014-04-154.3CVE-2014-2458
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, 6.2, 6.3, 6.3.1, 6.3.2, and 6.3.3 allows remote authenticated users to affect confidentiality via vectors related to CSV Management.2014-04-154.0CVE-2014-2460
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, 6.2, 6.3, 6.3.1, 6.3.2, and 6.3.3 allows remote attackers to affect confidentiality via unknown vectors related to Security.2014-04-155.0CVE-2014-2461
    oracle -- virtualizationUnspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect integrity via unknown vectors related to Workspace Web Application.2014-04-154.3CVE-2014-2463
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.2014-04-154.3CVE-2014-2465
    oracle -- siebel_crmUnspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Open_UI.2014-04-154.3CVE-2014-2468
    oracle -- sunosUnspecified vulnerability in Lighthttpd in Oracle Solaris 11.1 allows attackers to cause a denial of service via unknown vectors.2014-04-175.0CVE-2014-2469
    oracle -- ilearningUnspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect integrity via unknown vectors related to Learner Pages.2014-04-154.3CVE-2014-2471
    oracle -- identity_managerOpen redirect vulnerability in Oracle Identity Manager 11g R2 SP1 (11.1.2.1.0) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin.2014-04-175.8CVE-2014-2880
    osisoft -- pi_interfaceThe DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for DNP3 allows physically proximate attackers to cause a denial of service (interface shutdown) via crafted input over a serial line.2014-04-124.7CVE-2013-2828
    paperthin -- commonspot_content_serverMultiple cross-site scripting (XSS) vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to inject arbitrary web script or HTML via a crafted HTTP request to a (1) ColdFusion or (2) JavaScript component.2014-04-154.3CVE-2014-2860
    paperthin -- commonspot_content_serverIncomplete blacklist vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string, as demonstrated by bypassing a protection mechanism that removes only the "alert" string.2014-04-154.3CVE-2014-2861
    paperthin -- commonspot_content_serverPaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not check authorization in unspecified situations, which allows remote authenticated users to perform actions via unknown vectors.2014-04-156.5CVE-2014-2862
    paperthin -- commonspot_content_serverPaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain sensitive information via requests to unspecified URIs, as demonstrated by pathname, SQL server, e-mail address, and IP address information.2014-04-155.0CVE-2014-2869
    paperthin -- commonspot_content_serverThe default configuration of PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 uses cleartext for storage of credentials in a database, which makes it easier for context-dependent attackers to obtain sensitive information via unspecified vectors.2014-04-155.0CVE-2014-2870
    paperthin -- commonspot_content_serverPaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an HTTP session for entering credentials on login pages, which allows remote attackers to obtain sensitive information by sniffing the network.2014-04-155.0CVE-2014-2871
    paperthin -- commonspot_content_serverPaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain potentially sensitive information from a directory listing via unspecified vectors.2014-04-155.0CVE-2014-2872
    paperthin -- commonspot_content_serverPaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote attackers to obtain sensitive server information by using a predictable name in a request for a file.2014-04-155.0CVE-2014-2873
    python -- pillowThe (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.2014-04-174.4CVE-2014-1932
    raoul_proenca -- gnewMultiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnew_template parameter to (1) users/profile.php, (2) articles/index.php, or (3) admin/polls.php; (4) category_id parameter to news/submit.php; news_id parameter to (5) news/send.php or (6) comments/add.php; or (7) post_subject or (8) thread_id parameter to posts/edit.php.2014-04-154.3CVE-2013-7368
    redhat -- network_proxyThe monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks.2014-04-156.0CVE-2010-2236
    redhat -- libvirtThe LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel function.2014-04-155.8CVE-2013-6456
    redhat -- openstackPackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.2014-04-176.4CVE-2014-0071
    redmine -- redmineOpen redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter).2014-04-115.8CVE-2014-1985
    reviewboard -- review_boardCross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name.2014-04-114.3CVE-2013-4795
    rodrigo_polo -- stream_video_playerCross-site request forgery (CSRF) vulnerability in the Stream Video Player plugin 1.4.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors.2014-04-116.8CVE-2013-2706
    roundup-tracker -- roundupCross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link.2014-04-114.3CVE-2012-6130
    roundup-tracker -- roundupCross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.2014-04-114.3CVE-2012-6131
    sap -- routerThe passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtrain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.2014-04-174.3CVE-2014-0984
    snilesh -- content_slideCross-site request forgery (CSRF) vulnerability in the Content Slide plugin 1.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors.2014-04-116.8CVE-2013-2708
    springsource -- spring_frameworkThe Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.2014-04-176.8CVE-2014-0054
    squid-cache -- squidSquid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.2014-04-145.0CVE-2014-0128
    strongswan -- strongswanIKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.2014-04-166.4CVE-2014-2338
    sun -- sunosUnspecified vulnerability in Oracle Solaris 10, when running on the SPARC64-X Platform, allows local users to affect confidentiality, integrity, and availability via unknown vectors.2014-04-154.6CVE-2014-0421
    suse -- studio_extension_for_system_zCross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted application, related to cloning.2014-04-164.3CVE-2011-4193
    tenable -- nessusA race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp directory with a Trojan horse program.2014-04-116.9CVE-2014-2848
    vmware -- vsphere_clientVMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.2014-04-115.8CVE-2014-1210
    vmware -- playervmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via a crafted buffer in an IOCTL call. NOTE: the researcher reports "Vendor rated issue as non-exploitable."2014-04-154.9CVE-2014-2384
    xen -- xenThe netback driver in Xen, when using certain Linux versions that do not allow sleeping in softirq context, allows local guest administrators to cause a denial of service ("scheduling while atomic" error and host crash) via a malformed packet, which causes a mutex to be taken when trying to disable the interface.2014-04-154.4CVE-2014-2580
    zyxel -- n300_netusb_nbg-419nThe ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to bypass authentication by using %2F sequences in place of / (slash) characters.2014-04-156.1CVE-2014-0353
    Back to top

    Low Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    apache -- zookeeperApache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.2014-04-172.1CVE-2014-0085
    canonical -- update-managerDistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file.2014-04-171.9CVE-2011-3154
    canonical -- accountsserviceThe Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.2014-04-163.6CVE-2011-4406
    citrix -- vdi-in-a-boxCitrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administrator credentials by reading the log.2014-04-152.1CVE-2014-2690
    hp -- array_configuration_utilityUnspecified vulnerability in HP Array Configuration Utility, Array Diagnostics Utility, ProLiant Array Diagnostics, and SmartSSD Wear Gauge Utility 9.40 and earlier allows local users to gain privileges via unknown vectors.2014-04-122.1CVE-2013-6216
    marcel_brinkkemper -- lazyest-galleryCross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information.2014-04-112.6CVE-2014-2333
    mysql -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.2014-04-153.5CVE-2014-2430
    mysql -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.2014-04-152.6CVE-2014-2431
    mysql -- mysqlUnspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.2014-04-152.8CVE-2014-2432
    mysql -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.2014-04-153.5CVE-2014-2438
    novell -- suse_lifecycle_management_serverSUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors.2014-04-162.1CVE-2011-0993
    ontariosystems -- artiva_architectThe Artiva Agency Single Sign-On (SSO) implementation in Artiva Workstation 1.3.x before 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5, when the domain-name option is enabled, allows remote attackers to login to arbitrary domain accounts by using the corresponding username on a Windows client machine.2014-04-153.5CVE-2014-0348
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via unknown vectors related to Admin Console.2014-04-153.5CVE-2014-0465
    oracle -- javafxUnspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.2014-04-153.5CVE-2014-2398
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.2014-04-152.6CVE-2014-2420
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2014-2467.2014-04-153.5CVE-2014-2445
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.2014-04-153.5CVE-2014-2451
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3.2 and 6.3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Security.2014-04-153.7CVE-2014-2459
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.2014-04-153.5CVE-2014-2464
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.2014-04-152.1CVE-2014-2466
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2014-2445.2014-04-153.5CVE-2014-2467
    packagekit_project -- packagekitThe Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method.2014-04-162.1CVE-2013-1764
    pivotx -- pivotxMultiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templates_internal/entries.tpl; (4) an event field to objects.php; or the (5) email or (6) nickname field to pages.php, related to templates_internal/users.tpl.2014-04-153.5CVE-2014-0341
    python -- pillowThe (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.2014-04-172.1CVE-2014-1933
    websense -- triton_unified_security_centerThe Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component.2014-04-123.5CVE-2014-0347
    Back to top

    This product is provided subject to this Notification and this Privacy & Use policy.


  • SB14-104: Vulnerability Summary for the Week of April 7, 2014
    Original release date: April 14, 2014

    The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

    The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

    • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

    • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

    • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

    Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

    High Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    adobe -- adobe_airBuffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows attackers to execute arbitrary code via unspecified vectors.2014-04-089.3CVE-2014-0507
    advanced_forum_signatures_project -- advanced_forum_signaturesMultiple SQL injection vulnerabilities in signature.php in the Advanced Forum Signatures (aka afsignatures) plugin 2.0.4 for MyBB allow remote attackers to execute arbitrary SQL commands via the (1) afs_type, (2) afs_background, (3) afs_showonline, (4) afs_bar_left, (5) afs_bar_center, (6) afs_full_line1, (7) afs_full_line2, (8) afs_full_line3, (9) afs_full_line4, (10) afs_full_line5, or (11) afs_full_line6 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2014-04-087.5CVE-2011-5277
    advanced_forum_signatures_project -- advanced_forum_signaturesSQL injection vulnerability in signature.php in Advanced Forum Signatures plugin (aka afsignatures) 2.0.4 for MyBB allows remote attackers to execute arbitrary SQL commands via the afs_bar_right parameter.2014-04-087.5CVE-2011-5278
    cacti -- cactiSQL injection vulnerability in graph_xport.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2014-04-107.5CVE-2014-2708
    cisco -- adaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 before 8.4(7.5), 8.7 before 8.7(1.11), 9.0 before 9.0(3.10), and 9.1 before 9.1(3.4) allows remote authenticated users to gain privileges by leveraging level-0 ASDM access, aka Bug ID CSCuj33496.2014-04-108.5CVE-2014-2126
    cisco -- adaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly process management-session information during privilege validation for SSL VPN portal connections, which allows remote authenticated users to gain privileges by establishing a Clientless SSL VPN session and entering crafted URLs, aka Bug ID CSCul70099.2014-04-108.5CVE-2014-2127
    cisco -- adaptive_security_appliance_softwareThe SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted SIP packets, aka Bug ID CSCuh44052.2014-04-107.1CVE-2014-2129
    clip-bucket -- clipbucketMultiple SQL injection vulnerabilities in the update_counter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to (1) videos.php or (2) channels.php. NOTE: some of these details are obtained from third party information.2014-04-087.5CVE-2012-6643
    erlang-solutions -- mongooseimErlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.2014-04-107.8CVE-2014-2829
    google -- chromeCross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."2014-04-097.5CVE-2014-1716
    google -- chromeGoogle V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.2014-04-097.5CVE-2014-1717
    google -- chromeInteger overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/renderer_host/software_frame_manager.cc in the software compositor in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted mapping of a large amount of renderer memory.2014-04-097.5CVE-2014-1718
    google -- chromeUse-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworker_stub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger a SharedWorker termination during script loading.2014-04-097.5CVE-2014-1719
    google -- chromeUse-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attributes.2014-04-097.5CVE-2014-1720
    google -- chromeGoogle V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by improper handling of a heap allocation of a number outside the Small Integer (aka smi) range.2014-04-097.5CVE-2014-1721
    google -- chromeUse-after-free vulnerability in the RenderBlock::addChildIgnoringAnonymousColumnBlocks function in core/rendering/RenderBlock.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving addition of a child node.2014-04-097.5CVE-2014-1722
    google -- chromeThe UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers (IRIs), which makes it easier for remote attackers to spoof URLs via crafted use of right-to-left (RTL) Unicode text.2014-04-097.5CVE-2014-1723
    google -- chromeUse-after-free vulnerability in Free(b)soft Laboratory Speech Dispatcher 0.7.1, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service (application hang) or possibly have unspecified other impact via a text-to-speech request.2014-04-097.5CVE-2014-1724
    google -- chromeUse-after-free vulnerability in content/renderer/renderer_webcolorchooser_impl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to forms.2014-04-097.5CVE-2014-1727
    google -- chromeMultiple unspecified vulnerabilities in Google Chrome before 34.0.1847.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2014-04-097.5CVE-2014-1728
    google -- chromeMultiple unspecified vulnerabilities in Google V8 before 3.24.35.22, as used in Google Chrome before 34.0.1847.116, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2014-04-097.5CVE-2014-1729
    igniterealtime -- openfireIgnite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.2014-04-107.8CVE-2014-2741
    isode -- m-linkIsode M-Link before 16.0v7 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.2014-04-107.8CVE-2014-2742
    lightwitch -- metronomeplugins/mod_compression.lua in Lightwitch Metronome through 3.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.2014-04-107.8CVE-2014-2743
    lightwitch -- metronomeplugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service (resource consumption) via compressed XML elements in an XMPP stream, aka an "xmppbomb" attack.2014-04-107.8CVE-2014-2744
    microsoft -- internet_explorerMicrosoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1751 and CVE-2014-1755.2014-04-089.3CVE-2014-0235
    microsoft -- internet_explorerMicrosoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0235 and CVE-2014-1755.2014-04-089.3CVE-2014-1751
    microsoft -- internet_explorerMicrosoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2014-04-089.3CVE-2014-1752
    microsoft -- internet_explorerMicrosoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2014-04-089.3CVE-2014-1753
    microsoft -- internet_explorerMicrosoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0235 and CVE-2014-1751.2014-04-089.3CVE-2014-1755
    microsoft -- office_compatibility_packMicrosoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility Pack SP3, allocates memory incorrectly for file conversions from a binary (aka .doc) format to a newer format, which allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office File Format Converter Vulnerability."2014-04-089.3CVE-2014-1757
    microsoft -- wordStack-based buffer overflow in Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Word Stack Overflow Vulnerability."2014-04-089.3CVE-2014-1758
    microsoft -- publisherpubconv.dll in Microsoft Publisher 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via a crafted .pub file, aka "Arbitrary Pointer Dereference Vulnerability."2014-04-089.3CVE-2014-1759
    microsoft -- internet_explorerMicrosoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2014-04-089.3CVE-2014-1760
    pearson -- esis_enterprise_student_information_systemSQL injection vulnerability in the password reset functionality in Pearson eSIS Enterprise Student Information System, possibly 3.3.0.13 and earlier, allows remote attackers to execute arbitrary SQL commands via the new password.2014-04-107.5CVE-2014-1455
    prosody -- prosodyProsody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack, related to core/portmanager.lua and util/xmppstream.lua.2014-04-107.8CVE-2014-2745
    sap -- bi_universal_data_integrationSQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema.2014-04-107.5CVE-2013-7355
    sap -- adminadapterUnspecified vulnerability in SAP adminadapter allows remote attackers to read or write to arbitrary files via unknown vectors.2014-04-107.5CVE-2013-7360
    sap -- ccms_agentAn unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors.2014-04-107.5CVE-2013-7362
    sap -- solution_managerUnspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or remove applications via vectors involving the P4 protocol.2014-04-107.5CVE-2013-7363
    sap -- netweaverAn unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors.2014-04-107.5CVE-2013-7364
    sap -- enterprise_portalSAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors.2014-04-107.5CVE-2013-7367
    sap -- enhancement_packageThe Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these details are obtained from third party information.2014-04-107.5CVE-2014-2748
    sap -- print_and_output_managementSAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.2014-04-107.5CVE-2014-2751
    sap -- business_object_processing_framework_for_abapSAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.2014-04-107.5CVE-2014-2752
    tibco -- rendezvousBuffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data.2014-04-087.5CVE-2014-2543
    tibco -- analystUnspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.2; Spotfire Professional 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Web Player 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Automation Services 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Deployment Kit 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Desktop 6.x before 6.0.1; and Spotfire Analyst 6.x before 6.0.1 allows remote attackers to execute arbitrary code via unknown vectors.2014-04-097.5CVE-2014-2544
    tigase -- tigasenet/IOService.java in Tigase before 5.2.1 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.2014-04-107.8CVE-2014-2746
    Back to top

    Medium Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    adobe -- adobe_airAdobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.2014-04-085.0CVE-2014-0508
    adobe -- adobe_airCross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-04-084.3CVE-2014-0509
    cisco -- adaptive_security_appliance_softwareThe SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47, 8.3 before 8.3(2.40), 8.4 before 8.4(7.3), 8.6 before 8.6(1.13), 9.0 before 9.0(3.8), and 9.1 before 9.1(3.2) allows remote attackers to bypass authentication via (1) a crafted cookie value within modified HTTP POST data or (2) a crafted URL, aka Bug ID CSCua85555.2014-04-105.0CVE-2014-2128
    cisco -- ons_15454The session-termination functionality on Cisco ONS 15454 controller cards with software 9.6 and earlier does not initialize an unspecified pointer, which allows remote authenticated users to cause a denial of service (card reset) via crafted session-close actions, aka Bug ID CSCug97416.2014-04-104.0CVE-2014-2141
    cisco -- ios_xrCisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266.2014-04-056.1CVE-2014-2144
    cisco -- unity_connectionDirectory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071.2014-04-054.0CVE-2014-2145
    clip-bucket -- clipbucketCross-site scripting (XSS) vulnerability in ClipBucket 2.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter to view_channel.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2014-04-084.3CVE-2012-6642
    clip-bucket -- clipbucketMultiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php.2014-04-084.3CVE-2012-6644
    cms_tree_page_view_project -- cms_tree_page_viewCross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-general.php.2014-04-074.3CVE-2012-1834
    danielb -- finderCross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "checkbox and radio button functionalities."2014-04-084.3CVE-2012-1561
    danielb -- finderCross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via the title of a node, a different vulnerability than CVE-2012-1561.2014-04-084.3CVE-2012-6645
    david_paleino -- wicdThe SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message.2014-04-076.9CVE-2012-2095
    dell -- openmanage_server_administratorOpen redirect vulnerability in Dell OpenManage Server Administrator (OMSA) before 7.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter to HelpViewer.2014-04-105.8CVE-2013-0740
    dvs_custom_notification_project -- dvs_custom_notificationMultiple cross-site request forgery (CSRF) vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change application settings or (2) conduct cross-site scripting (XSS) attacks.2014-04-106.8CVE-2012-4921
    fortinet -- fortiadc-1000eCross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/.2014-04-104.3CVE-2014-0331
    google -- chromeThe base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call.2014-04-095.0CVE-2014-1725
    google -- chromeThe drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access.2014-04-094.3CVE-2014-1726
    horde -- groupwareCross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view.2014-04-054.3CVE-2012-5565
    horde -- groupwareMultiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.17, as used in Horde Groupware Webmail Edition before 4.0.8, allow remote attackers to inject arbitrary web script or HTML via the (1) tasks view or (2) search view.2014-04-054.3CVE-2012-5566
    horde -- groupwareMultiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject arbitrary web script or HTML via crafted event location parameters in the (1) month, (2) monthlist, or (3) prevmonthlist fields, related to portal blocks.2014-04-054.3CVE-2012-5567
    horde -- groupwareCross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565.2014-04-054.3CVE-2012-6640
    hp -- icewall_identity_managerUnspecified vulnerability in HP IceWall Identity Manager 4.0 through SP1 and 5.0 and IceWall SSO 10.0 Password Reset Option, when Apache Commons FileUpload is used, allows remote authenticated users to cause a denial of service via unknown vectors.2014-04-054.0CVE-2014-2600
    huawei -- echo_lifeCross-site scripting (XSS) vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML via an invalid TELNET connection attempt with a crafted username that is not properly handled during construction of the "failed log-in attempts over telnet" log view.2014-04-054.3CVE-2014-0337
    ibm -- optim_workload_replayCross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Workload Replay 1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.2014-04-054.3CVE-2014-0827
    ibm -- business_process_managerThe User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information, configure e-mail notifications, or modify task assignments via REST API calls.2014-04-106.0CVE-2014-0908
    ibm -- spss_analytic_serverIBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which allows remote authenticated users to obtain sensitive information via unspecified vectors.2014-04-104.0CVE-2014-0920
    jeremy_massel -- underconstructionCross-site request forgery (CSRF) vulnerability in the underConstruction plugin before 1.09 for WordPress allows remote attackers to hijack the authentication of administrators for requests that deactivate a plugin via unspecified vectors.2014-04-106.8CVE-2013-2699
    kernel -- linux-pamMultiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty funtion, which is used by the format_timestamp_name function.2014-04-105.8CVE-2014-2583
    lee_howard -- hylafax+Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, when using LDAP authentication, might allow remote attackers to cause a denial of service (child hang) or execute arbitrary code via a long USER command.2014-04-066.8CVE-2013-5680
    lesterchan -- wp-postviewsCross-site request forgery (CSRF) vulnerability in the options admin page in the WP-PostViews plugin before 1.63 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors.2014-04-106.8CVE-2013-3252
    microsoft -- windows_7Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse cmd.exe file in the current working directory, as demonstrated by a directory that contains a .bat or .cmd file, aka "Windows File Handling Vulnerability."2014-04-086.9CVE-2014-0315
    microsoft -- officeThe XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013, and Office for Mac 2011, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption and persistent application hang) via a crafted XML document containing a large number of nested entity references, as demonstrated by a crafted text/plain e-mail message to Outlook, a similar issue to CVE-2003-1564.2014-04-055.0CVE-2014-2730
    openssl -- opensslThe (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.2014-04-075.0CVE-2014-0160
    prestashop -- prestashopCross-site scripting (XSS) vulnerability in redirect.php in the Socolissimo module (modules/socolissimo/) in PrestaShop before 1.4.7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to "parameter names and values."2014-04-074.3CVE-2012-6641
    prosody -- prosodyProsody before 0.9.4, when mod_compression is enabled, allows remote attackers to cause a denial of service (resource consumption) via compressed XML elements in an XMPP stream, aka "zip bomb" attack.2014-04-104.3CVE-2014-2750
    qianqin -- qtranslateCross-site request forgery (CSRF) vulnerability in the qTranslate plugin 2.5.34 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors.2014-04-106.8CVE-2013-3251
    redhat -- jboss_bpm_suiteJBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or (2) Drools expression.2014-04-106.5CVE-2013-6468
    restful_web_services_project -- restwsThe RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows remote attackers to cause a denial of service via a GET request with an HTTP Accept header set to a non-HTML type, which can "interfere with Drupal's page cache."2014-04-064.3CVE-2013-1946
    rodrigo_polo -- stream_video_playerCross-site request forgery (CSRF) vulnerability in the Stream Video Player plugin 1.4.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors.2014-04-116.8CVE-2013-2706
    roundup-tracker -- roundupCross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter.2014-04-104.3CVE-2012-6132
    sap -- ccms_/_database_monitorUnspecified vulnerability in the SAP CCMS / Database Monitors for Oracle allows attackers to obtain the database password via unknown vectors.2014-04-105.0CVE-2013-7356
    sap -- j2ee_engineUnspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors.2014-04-105.0CVE-2013-7357
    sap -- guided_procedures_archive_monitorUnspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors.2014-04-105.0CVE-2013-7358
    sap -- mobile_infrastructureUnspecified vulnerability in SAP Mobile Infrastructure allows remote attackers to obtain sensitive port information via unknown vectors, related to an "internal port scanning" issue.2014-04-105.0CVE-2013-7359
    sap -- cm_servicesDirectory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors.2014-04-105.0CVE-2013-7361
    sap -- enterprise_portalCross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.2014-04-104.3CVE-2013-7365
    sap -- software_deployment_managerThe SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications.2014-04-105.0CVE-2013-7366
    sap -- hanaThe HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request.2014-04-105.0CVE-2014-2749
    silverstripe -- silverstripeCross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as demonstrated by a request to (1) admin/reports/, (2) admin/comments/, (3) admin/, (4) admin/show/, (5) admin/assets/, and (6) admin/security/.2014-04-084.3CVE-2011-4958
    tibco -- rendezvousThe Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 do not properly implement access control, which allows remote attackers to obtain sensitive information or modify transmitted information via unspecified vectors.2014-04-085.0CVE-2014-2541
    tibco -- rendezvousCross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-04-084.3CVE-2014-2542
    wordpress -- wordpressWordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php.2014-04-094.0CVE-2014-0165
    wordpress -- wordpressThe wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie.2014-04-096.4CVE-2014-0166
    wp-plugins -- wp-printCross-site request forgery (CSRF) vulnerability in the Options in the WP-Print plugin before 2.52 for WordPress allows remote attackers to hijack the authentication of administrators for requests that manipulate plugin settings via unspecified vectors.2014-04-106.8CVE-2013-2693
    znc -- znc-msvcThe CBounceDCCMod::OnPrivCTCP funcion in bouncedcc.cpp in the bouncedcc module in ZNC 0.200 and 0.202 allows remote attackers to cause a denial of service (crash) via a crafted DCC RESUME request.2014-04-085.0CVE-2012-0033
    Back to top

    Low Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    cloudbees -- jenkinsCross-site scripting (XSS) vulnerability in CloudBees Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.2014-04-102.1CVE-2013-2033
    gnu -- a2psThe tempname_ensure function lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.2014-04-052.1CVE-2001-1593
    Back to top

    This product is provided subject to this Notification and this Privacy & Use policy.


  • SB14-097: Vulnerability Summary for the Week of March 31, 2014
    Original release date: April 07, 2014

    The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

    The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

    • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

    • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

    • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

    Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

    High Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    alliedtelesis -- at-rg634aThe administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.2014-03-3110.0CVE-2014-1982
    androidsu -- chainsdd_superuserUntrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an arbitrary .jar file and gain privileges via a crafted BOOTCLASSPATH environment variable for a /system/xbin/su process. NOTE: another researcher was unable to reproduce this with ChainsDD Superuser.2014-03-3110.0CVE-2013-6774
    autodesk -- sketchbookHeap-based buffer overflow in Autodesk SketchBook for Enterprise 2014, Pro, and Express before 6.25, and Copic Edition before 2.0.2 allows remote attackers to execute arbitrary code via RLE-compressed channel data in a PSD file.2014-04-029.3CVE-2013-5365
    ca -- erwin_web_portalMultiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors.2014-04-047.5CVE-2014-2210
    cartpauj -- mingle-forumMultiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php.2014-04-027.5CVE-2013-0735
    chainfire -- supersuThe Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su.2014-03-3110.0CVE-2013-6775
    checkpoint -- security_gatewayMultiple unspecified vulnerabilities in Check Point Security Gateway 80 R71.x before R71.45 (730159141) and R75.20.x before R75.20.4 and 600 and 1100 appliances R75.20.x before R75.20.42 have unknown impact and attack vectors related to "important security fixes."2014-04-0110.0CVE-2013-7350
    coreftp -- core_ftpStack-based buffer overflow in Core FTP before 2.2 build 1785 allows remote FTP servers to execute arbitrary code via a crafted directory name in a CWD command reply.2014-04-049.3CVE-2013-3930
    crowbar -- barclampBarclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs.2014-04-047.5CVE-2014-0592
    emc -- vplex_geosynchronyDirectory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors.2014-04-019.0CVE-2014-0632
    emc -- vplex_geosynchronyThe GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation.2014-04-017.7CVE-2014-0633
    emc -- vplex_geosynchronySession fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors.2014-04-017.5CVE-2014-0635
    horde -- horde_application_frameworkThe framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.2014-04-017.5CVE-2014-1691
    hp -- storeonce_2610_iscsi_backup_systemUnspecified vulnerability in HP StoreOnce Virtual Storage Appliance (VSA) before 3.7.2, StoreOnce 26xx and 4210 iSCSI Backup System before 3.9.0, StoreOnce 4210 FC Backup System before 3.9.0, and StoreOnce 4xxx Backup System before 3.9.0 allows remote attackers to obtain sensitive information or cause a denial of service via unknown vectors.2014-03-287.8CVE-2013-6211
    ibm -- flex_system_v7000_softwareIBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; and Flex System V7000 with software 6.3 and 6.4 before 6.4.1.8, and 7.1 and 7.2 before 7.2.0.3, allow remote attackers to obtain CLI access, and consequently cause a denial of service, via unspecified traffic to the administrative IP address.2014-03-287.5CVE-2014-0880
    jgaa -- warftpdUnspecified vulnerability in War FTP Daemon (warftpd) 1.82, when running as a Windows service, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to log messages and the "internal log handler to the Windows Event log."2014-03-3110.0CVE-2013-2278
    koushik_dutta -- superuserThe CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android allows attackers to gain privileges via shell metacharacters in the -c option to /system/xbin/su.2014-03-3110.0CVE-2013-6769
    koushik_dutta -- superuserThe CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script.2014-03-317.6CVE-2013-6770
    linux -- linux_kernelRace condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions.2014-04-017.1CVE-2014-2672
    raoul_proenca -- gnewMultiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id parameter to comments/add.php or (4) comments/edit.php, or (5) thread_id parameter to posts/add.php. NOTE: this issue was SPLIT due to differences in researchers and disclosure dates. CVE-2013-7349 already covers the news_id parameter to news/send.php, user_email parameter to users/register.php, and thread_id to posts/edit.php vectors.2014-03-317.5CVE-2013-5640
    raoul_proenca -- gnewMultiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.php or (4) users/register.php. NOTE: these issues were SPLIT from CVE-2013-5640 due to differences in researchers and disclosure dates.2014-03-317.5CVE-2013-7349
    samsung -- kiesBuffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the password argument.2014-04-0410.0CVE-2012-6429
    schneider-electric -- conceptMultiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.2014-04-019.3CVE-2013-0662
    schneider-electric -- opc_factory_server_tlxcdlfofsMultiple buffer overflows in the OPC Automation 2.0 Server Object ActiveX control in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 3.5 and earlier, TLXCDSTOFS33 3.5 and earlier, TLXCDLUOFS33 3.5 and earlier, TLXCDLTOFS33 3.5 and earlier, and TLXCDLFOFS33 3.5 and earlier allow remote attackers to cause a denial of service via long arguments to unspecified functions.2014-04-047.8CVE-2014-0789
    sonatype -- nexusUnspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path."2014-03-317.5CVE-2014-2034
    symantec -- liveupdate_administratorThe forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account.2014-03-287.5CVE-2014-1644
    symantec -- liveupdate_administratorSQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2014-03-287.5CVE-2014-1645
    theforeman -- foremanMultiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism.2014-04-047.5CVE-2012-5648
    tracker-software -- pdf-xchangeHeap-based buffer overflow in Tracker Software PDF-XChange before 2.5.208 allows remote attackers to execute arbitrary code via a crafted Define Huffman Table header in a JPEG image file stream in a PDF file.2014-04-029.3CVE-2013-0729
    vtiger -- vtiger_crmMultiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php.2014-04-027.5CVE-2013-3213
    zyxel -- p-660h-61The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboot) via a flood of TCP SYN packets.2014-04-017.8CVE-2013-3588
    Back to top

    Medium Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    apache -- commons_fileuploadMultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.2014-04-015.0CVE-2014-0050
    apache -- couchdbApache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.2014-03-285.0CVE-2014-2668
    apple -- safariWebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access.2014-04-025.0CVE-2014-1297
    apple -- safariWebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.2014-04-026.8CVE-2014-1298
    apple -- safariWebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.2014-04-026.8CVE-2014-1299
    apple -- safariWebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.2014-04-026.8CVE-2014-1301
    apple -- safariWebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.2014-04-026.8CVE-2014-1302
    apple -- safariWebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.2014-04-026.8CVE-2014-1304
    apple -- safariWebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.2014-04-026.8CVE-2014-1305
    apple -- safariWebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.2014-04-026.8CVE-2014-1307
    apple -- safariWebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.2014-04-026.8CVE-2014-1308
    apple -- safariWebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.2014-04-026.8CVE-2014-1309
    apple -- safariWebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.2014-04-026.8CVE-2014-1310
    apple -- safariWebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.2014-04-026.8CVE-2014-1311
    apple -- safariWebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.2014-04-026.8CVE-2014-1312
    apple -- safariWebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.2014-04-026.8CVE-2014-1313
    b2evolution -- b2evolutionSQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.2014-04-026.5CVE-2013-2945
    b2evolution -- b2evolutionCross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-2945.2014-04-026.8CVE-2013-7352
    cartpauj -- mingle-forumMultiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words parameter in a search action to wpf.class.php or (2) togroupusers parameter in an add_user_togroup action to fs-admin/fs-admin.php.2014-03-284.3CVE-2013-0734
    cisco -- emergency_responderCross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384.2014-04-044.3CVE-2014-2114
    cisco -- emergency_responderMultiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250.2014-04-046.8CVE-2014-2115
    cisco -- emergency_responderCisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882.2014-04-044.3CVE-2014-2116
    cisco -- emergency_responderMultiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters, aka Bug ID CSCun37909.2014-04-044.3CVE-2014-2117
    cisco -- unity_connectionCross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028.2014-04-014.3CVE-2014-2125
    cisco -- iosThe packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD) packets, aka Bug IDs CSCug41049 and CSCue61890.2014-03-286.1CVE-2014-2131
    cisco -- web_security_virtual_applianceCRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002.2014-04-014.3CVE-2014-2137
    cisco -- security_managerCRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349.2014-04-014.3CVE-2014-2138
    cisco -- iosThe IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021.2014-04-045.0CVE-2014-2143
    dotcms -- dotcmsMultiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) _loginUserName parameter to application/login/login.html, (2) my_account_login parameter to c/portal_public/login, or (3) email parameter to forgotPassword.2014-04-024.3CVE-2013-3484
    emc -- vplex_geosynchronyEMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.2014-04-016.0CVE-2014-0634
    emc -- rsa_adaptive_authentication_on-premiseCross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2014-04-044.3CVE-2014-0637
    emc -- rsa_adaptive_authentication_on-premiseCross-site scripting (XSS) vulnerability in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a "cross-frame scripting" issue.2014-04-044.3CVE-2014-0638
    ganglia -- ganglia-webCross-site scripting (XSS) vulnerability in views_view.php in Ganglia Web 3.5.7 allows remote attackers to inject arbitrary web script or HTML via the view_name parameter.2014-04-024.3CVE-2013-1770
    gnu -- a2psThe fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.2014-04-036.8CVE-2014-0466
    gpeasy -- gpeasy_cmsCross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a new_section action to index.php.2014-03-284.3CVE-2013-0807
    ibm -- websphere_portalCross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-04-014.3CVE-2014-0828
    igor_sysoev -- nginxHeap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.2014-03-285.1CVE-2014-0133
    jeff_kreitner -- hms-testimonialsMultiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add new testimonials via the hms-testimonials-addnew page, (2) add new groups via the hms-testimonials-addnewgroup page, (3) change default settings via the hms-testimonials-settings page, (4) change advanced settings via the hms-testimonials-settings-advanced page, (5) change custom fields settings via the hms-testimonials-settings-fields page, or (6) change template settings via the hms-testimonials-templates-new page to wp-admin/admin.php.2014-04-026.8CVE-2013-4240
    jgaa -- warftpdFormat string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command.2014-03-314.0CVE-2009-5141
    koushik_dutta -- superuserUntrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process program via a crafted PATH environment variable for a /system/xbin/su process.2014-03-315.0CVE-2013-6768
    linux -- linux_kernelDouble free vulnerability in the ioctx_alloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via vectors involving an error condition in the aio_setup_ring function.2014-04-014.6CVE-2013-7348
    linux -- linux_kernelThe arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service (Program Check and system crash) via certain instructions that are executed with the processor in the Transactional state.2014-04-014.7CVE-2014-2673
    linux -- linux_kernelThe rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.2014-04-014.7CVE-2014-2678
    microsoft -- windows_media_playerMicrosoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file.2014-03-316.8CVE-2014-2671
    mozilla -- firefoxThe saltProfileName function in base/GeckoProfileDirectories.java in Mozilla Firefox through 28.0.1 on Android relies on Android's weak approach to seeding the Math.random function, which makes it easier for attackers to bypass a profile-randomization protection mechanism via a crafted application.2014-03-295.0CVE-2014-1516
    openstack -- keystoneThe memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.2014-04-015.0CVE-2014-2237
    oracle -- vm_virtualboxVBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.2014-03-314.4CVE-2014-0981
    oracle -- vm_virtualboxMultiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted index, which are not properly handled by the (1) CR_VERTEXATTRIB4NUBARB_OPCODE to the crServerDispatchVertexAttrib4NubARB function, (2) CR_VERTEXATTRIB1DARB_OPCODE to the crServerDispatchVertexAttrib1dARB function, (3) CR_VERTEXATTRIB1FARB_OPCODE to the crServerDispatchVertexAttrib1fARB function, (4) CR_VERTEXATTRIB1SARB_OPCODE to the crServerDispatchVertexAttrib1sARB function, (5) CR_VERTEXATTRIB2DARB_OPCODE to the crServerDispatchVertexAttrib2dARB function, (6) CR_VERTEXATTRIB2FARB_OPCODE to the crServerDispatchVertexAttrib2fARB function, (7) CR_VERTEXATTRIB2SARB_OPCODE to the crServerDispatchVertexAttrib2sARB function, (8) CR_VERTEXATTRIB3DARB_OPCODE to the crServerDispatchVertexAttrib3dARB function, (9) CR_VERTEXATTRIB3FARB_OPCODE to the crServerDispatchVertexAttrib3fARB function, (10) CR_VERTEXATTRIB3SARB_OPCODE to the crServerDispatchVertexAttrib3sARB function, (11) CR_VERTEXATTRIB4DARB_OPCODE to the crServerDispatchVertexAttrib4dARB function, (12) CR_VERTEXATTRIB4FARB_OPCODE to the crServerDispatchVertexAttrib4fARB function, and (13) CR_VERTEXATTRIB4SARB_OPCODE to the crServerDispatchVertexAttrib4sARB function.2014-03-316.9CVE-2014-0983
    pearson -- esis_enterprise_student_information_systemCross-site scripting (XSS) vulnerability in aal/loginverification.aspx in Pearson eSIS Enterprise Student Information System allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-04-014.3CVE-2014-1942
    posh_project -- poshThe remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie.2014-04-015.0CVE-2014-2212
    postfix_admin_project -- postfix_adminSQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias.2014-04-026.5CVE-2014-2655
    postgresql -- postgresqlPostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.2014-03-314.0CVE-2014-0060
    postgresql -- postgresqlThe validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.2014-03-316.5CVE-2014-0061
    postgresql -- postgresqlRace condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.2014-03-314.9CVE-2014-0062
    postgresql -- postgresqlMultiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.2014-03-316.5CVE-2014-0063
    postgresql -- postgresqlMultiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.2014-03-316.5CVE-2014-0064
    postgresql -- postgresqlMultiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063.2014-03-316.5CVE-2014-0065
    postgresql -- postgresqlThe chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.2014-03-314.0CVE-2014-0066
    postgresql -- postgresqlThe "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.2014-03-314.6CVE-2014-0067
    postgresql -- postgresqlMultiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact via vectors related to the (1) hstore_recv, (2) hstore_from_arrays, and (3) hstore_from_array functions in contrib/hstore/hstore_io.c; and the (4) hstoreArrayToPairs function in contrib/hstore/hstore_op.c, which triggers a buffer overflow. NOTE: this issue was SPLIT from CVE-2014-0064 because it has a different set of affected versions.2014-03-316.5CVE-2014-2669
    pyyaml -- libyamlHeap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.2014-03-286.8CVE-2014-2525
    qemu -- qemuBuffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has manually modified certain permissions or ACLs.2014-04-014.0CVE-2011-3346
    redhat -- network_satelliteCRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.2014-04-014.3CVE-2013-1869
    redhat -- jboss_web_framework_kitThe doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests.2014-03-314.3CVE-2014-0086
    redhat -- jboss_enterprise_application_platformRed Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access restrictions.2014-04-035.8CVE-2014-0093
    roberta_bramski -- uploaderMultiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.2014-04-044.3CVE-2013-2287
    siemens -- ruggedcom_rugged_operating_systemThe web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface outage) via crafted HTTP packets.2014-04-015.0CVE-2014-2590
    splunk -- splunkCross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-04-024.3CVE-2014-2578
    wpsymposium -- wp_symposiumOpen redirect vulnerability in invite.php in the WP Symposium plugin 13.04 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the u parameter.2014-03-285.8CVE-2013-2694
    wpsymposium -- wp_symposiumCross-site scripting (XSS) vulnerability in invite.php in the WP Symposium plugin before 13.04 for WordPress allows remote attackers to inject arbitrary web script or HTML via the u parameter.2014-03-284.3CVE-2013-2695
    xcloner -- xclonerCross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php.2014-04-036.8CVE-2014-2340
    xen -- xenMultiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894.2014-04-015.2CVE-2014-1891
    xen -- xenXen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891, CVE-2014-1893, and CVE-2014-1894.2014-04-015.2CVE-2014-1892
    xen -- xenMultiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894.2014-04-015.2CVE-2014-1893
    xen -- xenMultiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1893.2014-04-015.2CVE-2014-1894
    xen -- xenOff-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read.2014-04-015.8CVE-2014-1895
    xen -- xenThe (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring."2014-04-014.9CVE-2014-1896
    xen -- xenThe HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveraging access to certain service domains for HVM guests and a large input.2014-03-284.9CVE-2014-2599
    zingiri -- forumsDirectory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter to index.php.2014-04-045.0CVE-2012-4920
    zohocorp -- manageengine_opstorProperties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter.2014-03-296.5CVE-2014-0344
    Back to top

    Low Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    ibm -- websphere_portalCross-site scripting (XSS) vulnerability in the Social Rendering implementation in the IBM Connections integration in IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2014-04-013.5CVE-2014-0901
    otrs -- otrsCross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields.2014-04-023.5CVE-2014-2553
    redhat -- jboss_operations_networkRed Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail.2014-04-013.5CVE-2011-4573
    redhat -- jboss_operations_networkRed Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials.2014-04-013.7CVE-2012-0032
    redhat -- congaLuci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac session cookie, which allows attackers to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7347 for the incorrect enforcement of a user timeout.2014-03-313.7CVE-2012-3359
    redhat -- congaLuci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user and password in a cookie.2014-03-313.7CVE-2013-7347
    zohocorp -- manageengine_opstorCross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344.2014-03-293.5CVE-2014-2670
    Back to top

    This product is provided subject to this Notification and this Privacy & Use policy.


CERT Technical Feed

US-CERT Alerts
Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
  • TA14-098A: OpenSSL 'Heartbleed' vulnerability (CVE-2014-0160)
    Original release date: April 08, 2014

    Systems Affected

    • OpenSSL 1.0.1 through 1.0.1f
    • OpenSSL 1.0.2-beta

    Overview

    A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension.

    Description

    OpenSSL versions 1.0.1 through 1.0.1f contain a flaw in its implementation of the TLS/DTLS heartbeat functionality. This flaw allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL library in chunks of 64k at a time. Note that an attacker can repeatedly leverage the vulnerability to retrieve as many 64k chunks of memory as are necessary to retrieve the intended secrets. The sensitive information that may be retrieved using this vulnerability include:

    • Primary key material (secret keys)
    • Secondary key material (user names and passwords used by vulnerable services)
    • Protected content (sensitive data used by vulnerable services)
    • Collateral (memory addresses and content that can be leveraged to bypass exploit mitigations)

    Exploit code is publicly available for this vulnerability.  Additional details may be found in CERT/CC Vulnerability Note VU#720951.

    Impact

    This flaw allows a remote attacker to retrieve private memory of an application that uses the vulnerable OpenSSL library in chunks of 64k at a time.

    Solution

    OpenSSL 1.0.1g has been released to address this vulnerability.  Any keys generated with a vulnerable version of OpenSSL should be considered compromised and regenerated and deployed after the patch has been applied.

    US-CERT recommends system administrators consider implementing Perfect Forward Secrecy to mitigate the damage that may be caused by future private key disclosures.

    References

    Revision History

    • Initial Publication

    This product is provided subject to this Notification and this Privacy & Use policy.


  • TA14-069A: Microsoft Ending Support for Windows XP and Office 2003
    Original release date: March 10, 2014 | Last revised: March 11, 2014

    Systems Affected

    • Microsoft Windows XP with Service Pack 3 (SP3) Operating System
    • Microsoft Office 2003 Products

    Overview

    Microsoft is ending support for the Windows XP operating system and Office 2003 product line on April 8, 2014. [1] After this date, these products will no longer receive:

    • Security patches which help protect PCs from harmful viruses, spyware, and other malicious software
    • Assisted technical support from Microsoft
    • Software and content updates

    Description

    All software products have a lifecycle. End of support refers to the date when Microsoft no longer provides automatic fixes, updates, or online technical assistance. [2] As of February 2014, nearly 30 percent of Internet-connected PCs still run Windows XP. [3]

    Microsoft will send “End of Support” notifications to users of Windows XP who have elected to receive updates via Windows Update. Users in organizations using Windows Server Update Services (WSUS), System Center Configuration manager, or Windows Intune will not receive the notification. [4]

    Impact

    Computer systems running unsupported software are exposed to an elevated risk to cybersecurity dangers, such as malicious attacks or electronic data loss.

    Users may also encounter problems with software and hardware compatibility since new software applications and hardware devices may not be built for Windows XP or Office 2003.

    Organizations that are governed by regulatory obligations may find they are no longer able to satisfy compliance requirements. [4]

    Solution

    Computers operating Windows XP with SP3 or running Office 2003 products will continue to work after support ends. However, using unsupported software may increase the risk of viruses and other security threats.

    Users have the option to upgrade to a currently supported operating system or office productivity suite. The Microsoft “End of Support” pages for Windows XP and Office 2003 offer additional details.

    There are software vendors and service providers in the marketplace who offer assistance in migrating from Windows XP or Office 2003 to a currently supported operating system or office productivity suite. US-CERT does not endorse or support any particular product or vendor.

    Users who choose to continue using Windows XP after the end of support may mitigate some risks by using a web browser other than Internet Explorer. The Windows XP versions of some alternative browsers will continue to recieve support temporarily. Users should consult the support pages of their chosen alternative browser for more details.

    References

    Revision History

    • March 10, 2014 - Initial Release

    This product is provided subject to this Notification and this Privacy & Use policy.


  • TA14-017A: UDP-based Amplification Attacks
    Original release date: January 17, 2014 | Last revised: March 07, 2014

    Systems Affected

    Certain UDP protocols have been identified as potential attack vectors:

    • DNS
    • NTP
    • SNMPv2
    • NetBIOS
    • SSDP
    • CharGEN
    • QOTD
    • BitTorrent
    • Kad
    • Quake Network Protocol
    • Steam Protocol

    Overview

    A Distributed Reflective Denial of Service (DRDoS) attack is an emerging form of Distributed Denial of Service (DDoS) that relies on the use of publicly accessible UDP servers, as well as bandwidth amplification factors, to overwhelm a victim system with UDP traffic.

    Description

    UDP, by design, is a connection-less protocol that does not validate source IP addresses.  Unless the application-layer protocol uses countermeasures such as session initiation, it is very easy to forge the IP packet datagram to include an arbitrary source IP address [7].  When many UDP packets have their source IP address forged to a single address, the server responds to that victim, creating a reflected Denial of Service (DoS) Attack.

    Recently, certain UDP protocols have been found to have particular responses to certain commands that are much larger than the initial request.  Where before, attackers were limited linearly by the number of packets directly sent to the target to conduct a DoS attack, now a single packet can generate tens or hundreds of times the bandwidth in its response.  This is called an amplification attack, and when combined with a reflective DoS attack on a large scale it makes it relatively easy to conduct DDoS attacks.  

    To measure the potential effect of an amplification attack, we use a metric called the bandwidth amplification factor (BAF).  BAF can be calculated as the number of UDP payload bytes that an amplifier sends to answer a request, compared to the number of UDP payload bytes of the request [9] [10].

    The list of known protocols, and their associated bandwidth amplification factors, is listed below.  US-CERT would like to offer thanks to Christian Rossow for providing this information to us.  For more information on bandwith amplificatication factors, please see Christian's blog and associated research paper.

    ProtocolBandwidth Amplification FactorVulnerable Command
    DNS28 to 54see: TA13-088A [1]
    NTP556.9see: TA14-013A [2]
    SNMPv26.3GetBulk request
    NetBIOS3.8Name resolution
    SSDP30.8SEARCH request
    CharGEN358.8Character generation request
    QOTD140.3Quote request
    BitTorrent3.8File search
    Kad16.3Peer list exchange
    Quake Network Protocol63.9Server info exchange
    Steam Protocol5.5Server info exchange

     

    Impact

    Attackers can utilize the bandwidth and relative trust of large servers that provide the above UDP protocols to flood victims with unwanted traffic, a DDoS attack.

    Solution

    DETECTION

    Detection of DRDoS attacks is not easy, due to their use of large, trusted servers that provide UDP services.  As a victim, traditional DoS mitigation techniques may apply.

    As a network operator of one of these exploitable services, look for abnormally large responses to a particular IP address.  This may indicate that an attacker is using your service to conduct a DRDoS attack.

    MITIGATION

    Source IP Verification

    Because the UDP requests being sent by the attacker-controlled clients must have a source IP address spoofed to appear as the victim’s IP, the first step to reducing the effectiveness of UDP amplification is for Internet Service Providers to reject any UDP traffic with spoofed addresses. The Network Working Group of the Internet Engineering Task Force (IETF) released Best Current Practice 38 document in May 2000 and Best Current Practice 84 in March 2004 that describes how an Internet Service Provider can filter network traffic on their network to reject packets with source addresses not reachable via the actual packet’s path [3][4].  The changes recommended in these documents would cause a routing device to evaluate whether it is possible to reach the source IP address of the packet via the interface that transmitted the packet. If it is not possible, then the packet most likely has a spoofed source IP address. This configuration change would substantially reduce the potential for most popular types of DDoS attacks. As such, we highly recommend to all network operators to perform network ingress filtering if possible.  Note that it will not explicitly protect a UDP service provider from being exploited in a DRDoS (all network providers must use ingress filtering in order to completely eliminate the threat).

    To verify your network has implemented ingress filtering, download the open source tools from the Spoofer Project [5].

    Traffic Shaping

    Limiting responses to UDP requests is another potential mitigation to this issue.  This may require testing to discover the optimal limit that does not interfere with legitimate traffic.  The IETF released Request for Comment 2475 and Request for Comment 3260 that describes some methods to shape and control traffic [6] [8].  Most network devices today provide these functions in their software. 

    References

    Revision History

    • February 09, 2014 - Initial Release
    • March 07, 2014 - Updated page to include research links

    This product is provided subject to this Notification and this Privacy & Use policy.


Valid XHTML 1.0 Transitional CSS ist valide!