wifi1
tower1
cat52
tower4
wifi2
tower3
tower2
tower5
cat51
wifi3
Security and Firewalls PDF Print E-mail
Written by Administrator   
Tuesday, April 26 2011 09:15

In today's internet, intrusion dectection is a must to ensure data reliablity for all parties. Nexus offers a state-of-the-art security solution to combat unauthorized access to your network. Firewalls are monitored contantly 24x7 by a trained staff with failsafe backup servers at every turn. Whether wirleline or wireless, Nexus has the manpower and resourses to protect your data.

 

Last Updated on Wednesday, March 27 2013 08:26
 

CERT Cyber Security Bulletins

US-CERT Bulletins
Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
  • SB14-328: Vulnerability Summary for the Week of November 17, 2014
    Original release date: November 24, 2014

    The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

    The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

    • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

    • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

    • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

    Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

    High Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    advantech -- eki-6340cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi.2014-11-209.0CVE-2014-8387
    BID
    BUGTRAQ
    MISC
    FULLDISC
    advantech -- advantech_webaccessStack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document.2014-11-207.2CVE-2014-8388
    MISC
    apache -- mod_auth_mellonThe mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.2014-11-149.4CVE-2014-8567
    MLIST
    CONFIRM
    SECUNIA
    CONFIRM
    apple -- iphone_osApple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses.2014-11-187.2CVE-2014-4451
    apple -- iphone_osThe Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled.2014-11-187.5CVE-2014-4457
    apple -- apple_tvThe kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.2014-11-189.3CVE-2014-4461
    arubanetworks -- clearpassAruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-6627.2014-11-1910.0CVE-2014-5342
    SECUNIA
    arubanetworks -- clearpassThe Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors.2014-11-199.0CVE-2014-6625
    SECUNIA
    arubanetworks -- clearpassAruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors.2014-11-1910.0CVE-2014-6626
    SECUNIA
    arubanetworks -- clearpassAruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342.2014-11-199.0CVE-2014-6627
    SECUNIA
    checkpoint -- security_gatewayUnspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS request.2014-11-167.1CVE-2014-8950
    CONFIRM
    SECUNIA
    checkpoint -- security_gatewayUnspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) Anti-Bot, or (6) Anti-Virus blade is used, allows remote attackers to cause a denial of service (fwk0 process crash, core dump, and restart) via a redirect to the UserCheck page.2014-11-167.1CVE-2014-8951
    SECUNIA
    checkpoint -- security_gatewayMultiple unspecified vulnerabilities in Check Point Security Gateway R75.40VS, R75.45, R75.46, R75.47, R76, R77, and R77.10, when the (1) IPS blade, (2) IPsec Remote Access, (3) Mobile Access / SSL VPN blade, (4) SSL Network Extender, (5) Identify Awareness blade, (6) HTTPS Inspection, (7) UserCheck, or (8) Data Leak Prevention blade module is enabled, allow remote attackers to cause a denial of service ("stability issue") via an unspecified "traffic condition."2014-11-167.1CVE-2014-8952
    SECUNIA
    cisco -- iosCisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509.2014-11-147.1CVE-2014-7998
    digitalvidhya -- digi_online_examination_systemUnrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/uploads/images/.2014-11-207.5CVE-2014-8997
    XF
    EXPLOIT-DB
    MISC
    faronics -- deep_freezeThe DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, related to the IofCallDriver function.2014-11-207.2CVE-2014-2382
    MISC
    FULLDISC
    MISC
    freerdp_project -- freerdpMultiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated.2014-11-167.5CVE-2014-0250
    CONFIRM
    BID
    MLIST
    SUSE
    google -- chromeUse-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.2014-11-197.5CVE-2014-7900
    CONFIRM
    CONFIRM
    google -- chromeInteger overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long segment in a JPEG image.2014-11-197.5CVE-2014-7901
    CONFIRM
    CONFIRM
    google -- chromeUse-after-free vulnerability in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.2014-11-197.5CVE-2014-7902
    CONFIRM
    google -- chromeBuffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG image.2014-11-197.5CVE-2014-7903
    CONFIRM
    CONFIRM
    google -- chromeBuffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.2014-11-197.5CVE-2014-7904
    CONFIRM
    google -- chromeUse-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of the object's lifetime.2014-11-197.5CVE-2014-7906
    CONFIRM
    CONFIRM
    google -- chromeMultiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger improper handling of a detached frame, related to the (1) lock and (2) unlock methods.2014-11-197.5CVE-2014-7907
    CONFIRM
    CONFIRM
    google -- chromeMultiple integer overflows in the CheckMov function in media/base/container_names.cc in Google Chrome before 39.0.2171.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a large atom in (1) MPEG-4 or (2) QuickTime .mov data.2014-11-197.5CVE-2014-7908
    CONFIRM
    CONFIRM
    google -- chromeMultiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2014-11-197.5CVE-2014-7910
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    lantronix -- xprintserverLantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action.2014-11-2010.0CVE-2014-9002
    XF
    FULLDISC
    MISC
    MISC
    mantisbt -- mantisbtThe XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.2014-11-187.5CVE-2014-7146
    XF
    BID
    CONFIRM
    MLIST
    microsoft -- windows_7The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability."2014-11-189.0CVE-2014-6324
    CONFIRM
    netbsd -- netbsdThe fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.2014-11-177.5CVE-2014-8517
    SECUNIA
    SECUNIA
    MLIST
    MLIST
    SUSE
    php-fusion -- php-fusionMultiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php.2014-11-177.5CVE-2014-8596
    MISC
    XF
    BID
    EXPLOIT-DB
    MISC
    OSVDB
    protected_pages_project -- protected_pagesThe Protected Pages module 7.x-2.x before 7.x-2.4 for Drupal allows remote attackers to bypass the password protection via a crafted path.2014-11-207.5CVE-2014-9024
    samba -- pppInteger overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[corrupts] security-relevant variables."2014-11-157.5CVE-2014-3158
    CONFIRM
    MLIST
    FEDORA
    sap -- governance_risk_and_complianceMultiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request.2014-11-189.0CVE-2013-3678
    MISC
    XF
    BID
    BUGTRAQ
    MISC
    FULLDISC
    MISC
    vld_interactive -- vldpersonalsMultiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search action to index.php.2014-11-207.5CVE-2014-9005
    XF
    EXPLOIT-DB
    webfs -- webfsThe Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file.2014-11-167.2CVE-2013-0347
    XF
    BID
    MLIST
    MLIST
    MLIST
    OSVDB
    Back to top

    Medium Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    apache -- cordovaApache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL.2014-11-156.4CVE-2014-3500
    BID
    apache -- cordovaApache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.2014-11-154.3CVE-2014-3501
    BID
    apache -- cordovaApache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent.2014-11-154.3CVE-2014-3502
    BID
    apache -- qpidXML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message.2014-11-174.3CVE-2014-3629
    XF
    BID
    BUGTRAQ
    SECUNIA
    MISC
    apple -- apple_tvWebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.2014-11-185.4CVE-2014-4452
    apple -- iphone_osApple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors.2014-11-185.0CVE-2014-4453
    apple -- mac_os_xThe "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors.2014-11-185.0CVE-2014-4458
    apple -- mac_os_xUse-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.2014-11-186.8CVE-2014-4459
    apple -- apple_tvWebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452.2014-11-185.8CVE-2014-4462
    arubanetworks -- clearpassAruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting and diagnostics page in production systems, which allows remote attackers to obtain version numbers, module configuration, and other sensitive information by reading the page.2014-11-195.0CVE-2014-6621
    SECUNIA
    arubanetworks -- clearpassAruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to determine the validity of filenames via unspecified vectors.2014-11-195.0CVE-2014-6622
    SECUNIA
    arubanetworks -- clearpassThe Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to read arbitrary files via unspecified vectors.2014-11-196.8CVE-2014-6624
    SECUNIA
    atlas_systems -- aeonMultiple cross-site scripting (XSS) vulnerabilities in Atlas Systems Aeon 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) Action or (2) Form parameter to aeon.dll.2014-11-194.3CVE-2014-7290
    XF
    MISC
    FULLDISC
    MISC
    bestpractical -- rt-extension-mobileuiThe MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and caches via unspecified vectors.2014-11-155.0CVE-2013-3737
    OSVDB
    SECUNIA
    cisco -- iosThe DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.2014-11-175.0CVE-2014-7992
    cisco -- unified_computing_systemCross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477.2014-11-186.8CVE-2014-7996
    cisco -- iosThe DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281.2014-11-146.1CVE-2014-7997
    cisco -- unified_communications_manager_im_and_presence_serviceCisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497.2014-11-205.0CVE-2014-8000
    codecanyon -- phpsoundMultiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Description fields in a playlist or the (3) filter parameter in an explore action to index.php.2014-11-174.3CVE-2014-8954
    EXPLOIT-DB
    MISC
    commerceguys -- commerceThe default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via unspecified vectors.2014-11-205.0CVE-2014-9025
    docker -- dockerDocker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.2014-11-175.0CVE-2014-5277
    CONFIRM
    SUSE
    dolibarr -- dolibarr_erp/crmMultiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet/tasks/contact.php; (4) lineid parameter in a deletecontact action, (5) ligne parameter in a swapstatut action, or (6) ref parameter to projet/contact.php; (7) id parameter to compta/bank/fiche.php, (8) contact/info.php, (9) holiday/index.php, (10) product/stock/fiche.php, (11) product/stock/info.php, or (12) in an edit action to product/stock/fiche.php; (13) productid parameter in an addline action to product/stock/massstockmove.php; (14) project_ref parameter to projet/tasks/note.php; (15) ref parameter to element.php, (16) ganttview.php, (17) note.php, or (18) tasks.php in projet/; (19) sall or (20) sref parameter to comm/mailing/liste.php; (21) search_bon, (22) search_ligne, (23) search_societ e, or (24) search_code parameter to compta/prelevement/liste.php; (25) search_label parameter to compta/sociales/index.php; (26) search_project parameter to projet/tasks/index.php; (27) search_societe parameter to compta/prelevement/demandes.php; (28) search_statut parameter to user/index.php; (29) socid parameter to compta/recap-compta.php, (30) societe/commerciaux.php, or (31) societe/rib.php; (32) sortorder, (33) sref, (34) sall, or (35) sortfield parameter to product/stock/liste.php; (36) statut parameter to adherents/liste.php or (37) compta/dons/liste.php; (38) tobuy or (39) tosell parameter to product/liste.php; (40) tobuy, (41) tosell, (42) search_categ, or (43) sref parameter to product/reassort.php; (44) type parameter to product/index.php; or the (a) sortorder or (b) sortfield parameter to (45) compta/paiement/cheque/liste.php, (46) compta/prelevement/bons.php, (47) compta/prelevement/rejets.php, (48) product/stats/commande.php, (49) product/stats/commande_fournis seur.php, (50) product/stats/contrat.php, (51) product/stats! /facture.php, (52) product/stats/facture_fournisseur.php, (53) product/stats/propal.php, or (54) product/stock/replenishorders.php.2014-11-216.5CVE-2014-7137
    MISC
    BID
    BUGTRAQ
    FULLDISC
    f5 -- big-ip_local_traffic_managerMultiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form.2014-11-176.2CVE-2014-8727
    CONFIRM
    XF
    BID
    EXPLOIT-DB
    MISC
    freebsd -- freebsdFreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and prevention of new connections) by ending multiple connections before authentication is completed.2014-11-184.3CVE-2014-8475
    XF
    BID
    SECUNIA
    MISC
    google -- chromeGoogle Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string.2014-11-195.0CVE-2014-7899
    CONFIRM
    CONFIRM
    google -- chromeGoogle Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended access restrictions via a crafted web site.2014-11-195.0CVE-2014-7905
    CONFIRM
    google -- chromeeffects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data.2014-11-195.0CVE-2014-7909
    CONFIRM
    CONFIRM
    haxx -- curlcURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.2014-11-185.0CVE-2014-3613
    SUSE
    haxx -- curlcURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.2014-11-185.0CVE-2014-3620
    SUSE
    haxx -- libcurlThe curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.2014-11-154.3CVE-2014-3707
    UBUNTU
    CONFIRM
    ibm -- security_identity_managerDirectory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors.2014-11-175.0CVE-2014-6095
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    ibm -- security_identity_managerCross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.2014-11-174.3CVE-2014-6096
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    ibm -- security_identity_managerIBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request.2014-11-175.0CVE-2014-6098
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    ibm -- security_identity_managerIBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors.2014-11-174.3CVE-2014-6105
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    ibm -- security_identity_managerIBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.2014-11-174.3CVE-2014-6107
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    imember360 -- imember360Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that with an unspecified impact via the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to execute arbitrary commands.2014-11-166.8CVE-2014-8948
    EXPLOIT-DB
    SECUNIA
    FULLDISC
    MISC
    OSVDB
    imember360 -- imember360The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear whether this issue itself crosses privileges.2014-11-166.0CVE-2014-8949
    EXPLOIT-DB
    SECUNIA
    FULLDISC
    MISC
    OSVDB
    incrediblepbx -- incredible_pbx_11reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5) APPTYR, or (6) APPTPHONE parameters.2014-11-206.5CVE-2014-9001
    FULLDISC
    ipa -- ilogscannerCross-site scripting (XSS) vulnerability in IPA iLogScanner 4.0 allows remote attackers to inject arbitrary web script or HTML by triggering a crafted entry in a log file.2014-11-144.3CVE-2014-7248
    JVNDB
    JVN
    lantronix -- xprintserverCross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action.2014-11-206.8CVE-2014-9003
    XF
    FULLDISC
    MISC
    maarch -- letterboxSQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie.2014-11-205.0CVE-2014-8995
    XF
    OSVDB
    MISC
    manageengine -- password_manager_proSQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter.2014-11-176.5CVE-2014-8498
    MISC
    XF
    BID
    EXPLOIT-DB
    FULLDISC
    MISC
    OSVDB
    manageengine -- password_manager_proMultiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc.2014-11-176.5CVE-2014-8499
    MISC
    XF
    XF
    BID
    EXPLOIT-DB
    FULLDISC
    MISC
    OSVDB
    OSVDB
    mantisbt -- mantisbtThe XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code.2014-11-186.4CVE-2014-8598
    XF
    BID
    MLIST
    megnicholas -- clean_and_simple_contact_formCross-site scripting (XSS) vulnerability in the Contact Form Clean and Simple (clean-and-simple-contact-form-by-meg-nicholas) plugin 4.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the cscf[name] parameter to contact-us/.2014-11-174.3CVE-2014-8955
    XF
    MISC
    monstra -- monstraMonstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values.2014-11-205.0CVE-2014-9006
    XF
    MISC
    mulesoft -- mule_enterprise_management_consoleMule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC.2014-11-206.5CVE-2014-9000
    FULLDISC
    FULLDISC
    MISC
    mumble -- mumbleThe QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file.2014-11-165.0CVE-2014-3755
    MISC
    BID
    MLIST
    MLIST
    mumble -- mumbleThe client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip.2014-11-165.0CVE-2014-3756
    BID
    MLIST
    MLIST
    nibbleblog -- nibbleblogMultiple cross-site scripting (XSS) vulnerabilities in Nibbleblog before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) author_name or (2) content parameter to index.php.2014-11-204.3CVE-2014-8996
    XF
    BID
    FULLDISC
    MISC
    pandorafms -- pandora_flexible_monitoring_systemCross-site scripting (XSS) vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via the refr parameter to index.php.2014-11-194.3CVE-2014-8629
    XF
    FULLDISC
    MISC
    phpmemcachedadmin_project -- phpmemcachedadminCross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-11-174.3CVE-2014-8732
    XF
    BID
    BUGTRAQ
    BUGTRAQ
    MISC
    phpmoneybooks -- phpmoneybooksDirectory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.2014-11-174.3CVE-2012-1669
    BID
    BUGTRAQ
    EXPLOIT-DB
    FULLDISC
    MISC
    OSVDB
    phpmoneybooks -- phpmoneybooksDirectory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2012-1669. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might have been fixed in 1.0.3.2014-11-174.3CVE-2012-6665
    SECUNIA
    OSVDB
    phpscriptlerim -- php_scriptlerim_who's_whoMultiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php.2014-11-176.8CVE-2014-8953
    XF
    EXPLOIT-DB
    MISC
    pivotal -- spring_frameworkDirectory traversal vulnerability in Pivitol Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.2014-11-205.0CVE-2014-3625
    CONFIRM
    puppetlabs -- facterUntrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.2014-11-166.2CVE-2014-3248
    BID
    SECUNIA
    SECUNIA
    MISC
    qemu -- qemuOff-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.2014-11-154.6CVE-2014-5388
    MLIST
    CONFIRM
    UBUNTU
    MLIST
    MLIST
    CONFIRM
    redhat -- openshiftRed Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme.2014-11-166.5CVE-2014-0233
    CONFIRM
    redhat -- tcpdumpInteger underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.2014-11-205.0CVE-2014-8767
    XF
    BID
    BUGTRAQ
    FULLDISC
    MISC
    redhat -- tcpdumpMultiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.2014-11-205.0CVE-2014-8768
    XF
    BID
    BUGTRAQ
    FULLDISC
    MISC
    redhat -- tcpdumptcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access.2014-11-206.4CVE-2014-8769
    XF
    BID
    BUGTRAQ
    FULLDISC
    MISC
    rubyonrails -- ruby_on_railsThe str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.2014-11-165.0CVE-2014-3916
    XF
    BID
    MLIST
    MLIST
    rubyonrails -- ruby_on_railsOff-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.2014-11-155.0CVE-2014-4975
    CONFIRM
    XF
    UBUNTU
    MLIST
    rubyonrails -- ruby_on_railsDirectory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \ (backslash) character, a similar issue to CVE-2014-7818.2014-11-185.0CVE-2014-7829
    MLIST
    simple_email_form_project -- simple_email_formCross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the mod_simpleemailform_field2_1 parameter to index.php.2014-11-214.3CVE-2014-8539
    MISC
    BID
    BUGTRAQ
    MISC
    tibco -- managed_file_transfer_command_centerTIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive information or modify data by leveraging agent access.2014-11-206.4CVE-2014-7194
    tibco -- silver_fabric_enablerSpotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6.0.2 and 6.5.x before 6.5.2, Spotfire Deployment Kit 6.0.x before 6.0.2 and 6.5.x before 6.5.2, and Silver Fabric Enabler for Spotfire Web Player before 1.6.1 allows remote authenticated users to obtain sensitive information via unspecified vectors.2014-11-204.0CVE-2014-7195
    twilio_project -- twilioThe Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restirct access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tokens by leveraging the "access administration pages" Drupal permission.2014-11-205.5CVE-2014-9023
    ubercart -- ubercartThe Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer product classes" permission to execute arbitrary PHP code via unspecified vectors.2014-11-156.0CVE-2012-2301
    BID
    MLIST
    MLIST
    SECUNIA
    ubercart -- ubercartThe Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtain sensitive information via unspecified vectors.2014-11-204.0CVE-2014-9026
    uninett -- mod_auth_mellonThe mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving "sessions overlapping in memory."2014-11-156.4CVE-2014-8566
    SECUNIA
    SECUNIA
    REDHAT
    CONFIRM
    vld_interactive -- vldpersonalsCross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a member_profile action to index.php.2014-11-204.3CVE-2014-9004
    XF
    EXPLOIT-DB
    vtiger -- vtiger_crmviews/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter.2014-11-155.0CVE-2014-2268
    MISC
    BID
    EXPLOIT-DB
    web_component_roles_project -- web_component_rolesThe Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x before 7.x-1.8 for Drupal allows remote attackers to bypass the "disabled" restriction and modify read-only components via a crafted form.2014-11-206.4CVE-2014-9022
    x7chat -- x7_chatlib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.2014-11-206.5CVE-2014-8998
    XF
    BID
    EXPLOIT-DB
    MISC
    xen -- xenThe do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer derference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP).2014-11-195.4CVE-2014-8594
    xoops -- xoopsSQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter.2014-11-206.5CVE-2014-8999
    BID
    FULLDISC
    MISC
    zend -- zend_frameworkZend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657.2014-11-156.4CVE-2014-2681
    MANDRIVA
    MLIST
    CONFIRM
    zend -- zend_frameworkZend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0, when PHP-FPM is used, does not properly share the libxml_disable_entity_loader setting between threads, which might allow remote attackers to conduct XML External Entity (XXE) attacks via an XML external entity declaration in conjunction with an entity reference. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657.2014-11-156.8CVE-2014-2682
    MANDRIVA
    MLIST
    CONFIRM
    zend -- zend_frameworkZend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-6532.2014-11-155.0CVE-2014-2683
    MANDRIVA
    MLIST
    CONFIRM
    zend -- zend_frameworkThe GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association handle, which allows remote attackers to bypass authentication and spoof arbitrary OpenID identities by using a malicious OpenID Provider that generates OpenID tokens with arbitrary identifier and claimed_id values.2014-11-156.4CVE-2014-2684
    MANDRIVA
    MLIST
    CONFIRM
    zte -- zxdslMultiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name or (2) conduct cross-site scripting (XSS) attacks via the sysUserName parameter in a save action to adminpasswd.cgi or (3) change the admin user password via the sysPassword parameter in a save action to adminpasswd.cgi.2014-11-206.8CVE-2014-9019
    XF
    BID
    BUGTRAQ
    MISC
    zteusa -- zxhn_h108l_firmwareZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.2014-11-205.0CVE-2014-8493
    MISC
    XF
    EXPLOIT-DB
    EXPLOIT-DB
    FULLDISC
    MISC
    zteusa -- zxdsl_831Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected products and codebases.2014-11-204.3CVE-2014-9020
    XF
    BID
    BID
    BUGTRAQ
    BUGTRAQ
    MISC
    MISC
    zteusa -- zxdsl_831Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 allow remote attackers to inject arbitrary web script or HTML via the (1) tr69cAcsURL, (2) tr69cAcsUser, (3) tr69cAcsPwd, (4) tr69cConnReqPwd, or (5) tr69cDebugEnable parameter to the TR-069 client page (tr69cfg.cgi); the (6) timezone parameter to the Time and date page (sntpcfg.sntp); or the (7) hostname parameter in a save action to the Quick Stats page (psilan.cgi). NOTE: this issue was SPLIT from CVE-2014-9020 per ADT1 due to different affected products and codebases.2014-11-204.3CVE-2014-9021
    XF
    BID
    BUGTRAQ
    MISC
    zteusa -- zxdsl_831ciiMultiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the (1) enblftp, (2) enblhttp, (3) enblsnmp, (4) enbltelnet, (5) enbltftp, (6) enblicmp, or (7) enblssh parameter to accesslocal.cmd.2014-11-206.8CVE-2014-9027
    XF
    MISC
    Back to top

    Low Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    apache -- hiveApache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.2014-11-163.5CVE-2014-0228
    BUGTRAQ
    MISC
    apple -- apple_tvdyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.2014-11-182.1CVE-2014-4455
    apple -- iphone_osCFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files.2014-11-182.1CVE-2014-4460
    apple -- iphone_osApple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature.2014-11-182.1CVE-2014-4463
    d-bus_project -- d-busD-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.2014-11-182.1CVE-2014-7824
    CONFIRM
    XF
    BID
    MLIST
    freeipa -- freeipaFreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind.2014-11-193.5CVE-2014-7828
    MLIST
    MLIST
    CONFIRM
    CONFIRM
    XF
    BID
    FEDORA
    ibm -- tivoli_storage_managerThe server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename.2014-11-182.1CVE-2014-4817
    XF
    ibm -- security_identity_managerIBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation.2014-11-172.1CVE-2014-6110
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    nlnetlabs -- ldnsThe ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.2014-11-152.1CVE-2014-3209
    CONFIRM
    CONFIRM
    BID
    MLIST
    MLIST
    python -- pythonRace condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.2014-11-153.3CVE-2014-2667
    MLIST
    MLIST
    MLIST
    SUSE
    SUSE
    redhat -- jboss_enterprise_application_platformJBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions audit.log, which allows local users to obtain sensitive information by reading this file.2014-11-172.1CVE-2014-0059
    xen -- xenarch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction.2014-11-191.9CVE-2014-8595
    Back to top

    This product is provided subject to this Notification and this Privacy & Use policy.


  • SB14-322: Vulnerability Summary for the Week of November 10, 2014
    Original release date: November 18, 2014 | Last revised: November 20, 2014

    The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

    The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

    • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

    • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

    • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

    Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

    High Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    adobe -- airUse-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0588 and CVE-2014-8438.2014-11-1110.0CVE-2014-0573
    adobe -- airDouble free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors.2014-11-1110.0CVE-2014-0574
    adobe -- airAdobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0581, CVE-2014-8440, and CVE-2014-8441.2014-11-1110.0CVE-2014-0576
    adobe -- airAdobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, and CVE-2014-0590.2014-11-1110.0CVE-2014-0577
    adobe -- airAdobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-8440, and CVE-2014-8441.2014-11-1110.0CVE-2014-0581
    adobe -- airHeap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0589.2014-11-1110.0CVE-2014-0582
    adobe -- airHeap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to complete a transition from Low Integrity to Medium Integrity via unspecified vectors.2014-11-117.5CVE-2014-0583
    adobe -- airAdobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0585, CVE-2014-0586, and CVE-2014-0590.2014-11-1110.0CVE-2014-0584
    adobe -- airAdobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0586, and CVE-2014-0590.2014-11-1110.0CVE-2014-0585
    adobe -- airAdobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, and CVE-2014-0590.2014-11-1110.0CVE-2014-0586
    adobe -- airUse-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0573 and CVE-2014-8438.2014-11-1110.0CVE-2014-0588
    adobe -- airHeap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0582.2014-11-1110.0CVE-2014-0589
    adobe -- airAdobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, and CVE-2014-0586.2014-11-1110.0CVE-2014-0590
    adobe -- airUse-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0573 and CVE-2014-0588.2014-11-1110.0CVE-2014-8438
    adobe -- airAdobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8441.2014-11-1110.0CVE-2014-8440
    adobe -- airAdobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8440.2014-11-1110.0CVE-2014-8441
    adobe -- airAdobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to complete a transition from Low Integrity to Medium Integrity by leveraging incorrect permissions.2014-11-117.5CVE-2014-8442
    apache -- mod_auth_mellonThe mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request.2014-11-149.4CVE-2014-8567
    MLIST
    CONFIRM
    belkin -- n750_wireless_routerBuffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long sting in the jump parameter.2014-11-1210.0CVE-2014-1635
    MISC
    MISC
    BID
    EXPLOIT-DB
    OSVDB
    checkpoint -- security_gatewayUnspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS request.2014-11-167.1CVE-2014-8950
    CONFIRM
    SECUNIA
    checkpoint -- security_gatewayUnspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) Anti-Bot, or (6) Anti-Virus blade is used, allows remote attackers to cause a denial of service (fwk0 process crash, core dump, and restart) via a redirect to the UserCheck page.2014-11-167.1CVE-2014-8951
    SECUNIA
    checkpoint -- security_gatewayMultiple unspecified vulnerabilities in Check Point Security Gateway R75.40VS, R75.45, R75.46, R75.47, R76, R77, and R77.10, when the (1) IPS blade, (2) IPsec Remote Access, (3) Mobile Access / SSL VPN blade, (4) SSL Network Extender, (5) Identify Awareness blade, (6) HTTPS Inspection, (7) UserCheck, or (8) Data Leak Prevention blade module is enabled, allow remote attackers to cause a denial of service ("stability issue") via an unspecified "traffic condition."2014-11-167.1CVE-2014-8952
    SECUNIA
    cisco -- iosCisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509.2014-11-147.1CVE-2014-7998
    freerdp_project -- freerdpMultiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated.2014-11-1610.0CVE-2014-0250
    CONFIRM
    BID
    MLIST
    SUSE
    hp -- helion_cloud_development_platformThe Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers' installations, which allows remote attackers to execute arbitrary code by leveraging these keys for a connection.2014-11-1310.0CVE-2014-7878
    huawei -- ec156Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll in the Mobile Partner directory.2014-11-137.2CVE-2014-8359
    XF
    BID
    MISC
    MISC
    libreoffice -- libreofficeUse-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.2014-11-077.5CVE-2014-3693
    SECUNIA
    SECUNIA
    linux -- linux_kernelThe SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.2014-11-107.8CVE-2014-3673
    CONFIRM
    CONFIRM
    CONFIRM
    linux -- linux_kernelThe sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.2014-11-107.8CVE-2014-3687
    CONFIRM
    CONFIRM
    CONFIRM
    magentocommerce -- magmiUnrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/.2014-11-139.0CVE-2014-8770
    EXPLOIT-DB
    OSVDB
    mantisbt -- mantisbtSQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1609.2014-11-137.5CVE-2014-8554
    XF
    BID
    CONFIRM
    MLIST
    MLIST
    microsoft -- windows_server_2003Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability."2014-11-117.2CVE-2014-4076
    microsoft -- officeMicrosoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanese) Elevation of Privilege Vulnerability," as exploited in the wild in 2014.2014-11-119.3CVE-2014-4077
    microsoft -- xml_core_servicesXML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (system-state corruption) via crafted XML content, aka "MSXML Remote Code Execution Vulnerability."2014-11-119.3CVE-2014-4118
    microsoft -- internet_explorerMicrosoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6341.2014-11-119.3CVE-2014-4143
    microsoft -- .net_frameworkMicrosoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka "TypeFilterLevel Vulnerability."2014-11-119.3CVE-2014-4149
    microsoft -- windows_7Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font, aka "Denial of Service in Windows Kernel Mode Driver Vulnerability."2014-11-117.1CVE-2014-6317
    MS
    CONFIRM
    microsoft -- windows_7Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka "Microsoft Schannel Remote Code Execution Vulnerability."2014-11-1110.0CVE-2014-6321
    microsoft -- windows_7OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."2014-11-119.3CVE-2014-6332
    microsoft -- office_compatibility_packMicrosoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Double Delete Remote Code Execution Vulnerability."2014-11-119.3CVE-2014-6333
    microsoft -- office_compatibility_packMicrosoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Bad Index Remote Code Execution Vulnerability."2014-11-119.3CVE-2014-6334
    microsoft -- office_compatibility_packMicrosoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Invalid Pointer Remote Code Execution Vulnerability."2014-11-119.3CVE-2014-6335
    microsoft -- internet_explorerMicrosoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2014-11-119.3CVE-2014-6337
    microsoft -- internet_explorerMicrosoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4143.2014-11-119.3CVE-2014-6341
    microsoft -- internet_explorerMicrosoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6348.2014-11-119.3CVE-2014-6342
    microsoft -- internet_explorerMicrosoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2014-11-119.3CVE-2014-6343
    microsoft -- internet_explorerMicrosoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2014-11-119.3CVE-2014-6344
    microsoft -- internet_explorerMicrosoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2014-11-119.3CVE-2014-6347
    microsoft -- internet_explorerMicrosoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6342.2014-11-119.3CVE-2014-6348
    microsoft -- internet_explorerMicrosoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2014-11-119.3CVE-2014-6351
    microsoft -- internet_explorerMicrosoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2014-11-119.3CVE-2014-6353
    netbsd -- netbsdThe fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.2014-11-177.5CVE-2014-8517
    SECUNIA
    SECUNIA
    MLIST
    MLIST
    SUSE
    php-fusion -- php-fusionMultiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php.2014-11-177.5CVE-2014-8596
    MISC
    XF
    BID
    EXPLOIT-DB
    MISC
    OSVDB
    qemu -- qemuThe vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.2014-11-147.2CVE-2014-3689
    MLIST
    UBUNTU
    OSVDB
    DEBIAN
    DEBIAN
    SECUNIA
    SECUNIA
    SECUNIA
    redhat -- openshiftRed Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors.2014-11-137.5CVE-2014-3674
    rockwellautomation -- connected_components_workbenchRockwell Automation Connected Components Workbench (CCW) before 7.00.00 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an invalid property value to an ActiveX control that was built with an outdated compiler.2014-11-137.5CVE-2014-5424
    samba -- pppInteger overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[corrupts] security-relevant variables."2014-11-157.5CVE-2014-3158
    CONFIRM
    MLIST
    FEDORA
    webfs -- webfsThe Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file.2014-11-167.2CVE-2013-0347
    XF
    BID
    MLIST
    MLIST
    MLIST
    OSVDB
    Back to top

    Medium Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    adobe -- airAdobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow remote attackers to discover session tokens via unspecified vectors.2014-11-115.0CVE-2014-8437
    apache -- cordovaApache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL.2014-11-156.4CVE-2014-3500
    BID
    apache -- cordovaApache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.2014-11-154.3CVE-2014-3501
    BID
    apache -- cordovaApache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent.2014-11-154.3CVE-2014-3502
    BID
    apache -- qpidXML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message.2014-11-174.3CVE-2014-3629
    XF
    BID
    BUGTRAQ
    SECUNIA
    MISC
    arubanetworks -- clearpassCross-site scripting (XSS) vulnerability in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-11-074.3CVE-2014-6620
    SECUNIA
    arubanetworks -- clearpassCross-site request forgery (CSRF) vulnerability in the Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to hijack the authentication of a logged in user via unspecified vectors.2014-11-074.3CVE-2014-6623
    SECUNIA
    bad_behavior_project -- bad_behaviorThe Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log file.2014-11-124.0CVE-2014-8735
    bestpractical -- rt-extension-mobileuiThe MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and caches via unspecified vectors.2014-11-155.0CVE-2013-3737
    OSVDB
    SECUNIA
    cisco -- unified_communications_managerThe Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376.2014-11-134.3CVE-2014-7991
    cisco -- iosThe DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.2014-11-175.0CVE-2014-7992
    cisco -- iosThe DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281.2014-11-146.1CVE-2014-7997
    citrix -- netscaler_application_delivery_controller_firmwareCitrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316.e before 10.1-129.1105.e, when using unspecified configurations, allows remote authenticated users to access "network resources" of other users via unknown vectors.2014-11-074.9CVE-2014-8580
    codecanyon -- phpsoundMultiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Description fields in a playlist or the (3) filter parameter in an explore action to index.php.2014-11-174.3CVE-2014-8954
    EXPLOIT-DB
    MISC
    docker -- dockerDocker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.2014-11-175.0CVE-2014-5277
    CONFIRM
    SUSE
    drupal -- ubercartThe Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer product classes" permission to execute arbitrary PHP code via unspecified vectors.2014-11-156.0CVE-2012-2301
    BID
    MLIST
    MLIST
    SECUNIA
    elipse -- e3Elipse E3 3.x and earlier allows remote attackers to cause a denial of service (application crash and plant outage) via a rapid series of HTTP requests to index.html on TCP port 1681.2014-11-105.0CVE-2014-8652
    FULLDISC
    MISC
    f5 -- big-ip_local_traffic_managerMultiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form.2014-11-176.2CVE-2014-8727
    CONFIRM
    BID
    EXPLOIT-DB
    MISC
    gnu -- gnutlsThe _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.2014-11-135.0CVE-2014-8564
    CONFIRM
    SECUNIA
    SECUNIA
    haxx -- libcurlThe curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.2014-11-154.3CVE-2014-3707
    UBUNTU
    CONFIRM
    ibm -- security_identity_managerDirectory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors.2014-11-175.0CVE-2014-6095
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    ibm -- security_identity_managerCross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.2014-11-174.3CVE-2014-6096
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    ibm -- db2IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement.2014-11-084.0CVE-2014-6097
    AIXAPAR
    ibm -- security_identity_managerIBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request.2014-11-175.0CVE-2014-6098
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    ibm -- security_identity_managerIBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors.2014-11-174.3CVE-2014-6105
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    ibm -- security_identity_managerIBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.2014-11-174.3CVE-2014-6107
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    ibm -- netcool/impactCross-site scripting (XSS) vulnerability in IBM Tivoli Netcool/Impact 6.1.1 before 6.1.1.1-TIV-NCI-IF0001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2014-11-084.3CVE-2014-6161
    XF
    imember360 -- imember360Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that with an unspecified impact via the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to execute arbitrary commands.2014-11-166.8CVE-2014-8948
    EXPLOIT-DB
    SECUNIA
    FULLDISC
    MISC
    OSVDB
    imember360 -- imember360The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear whether this issue itself crosses privileges.2014-11-166.0CVE-2014-8949
    EXPLOIT-DB
    SECUNIA
    FULLDISC
    MISC
    OSVDB
    ipa -- ilogscannerCross-site scripting (XSS) vulnerability in IPA iLogScanner 4.0 allows remote attackers to inject arbitrary web script or HTML by triggering a crafted entry in a log file.2014-11-144.3CVE-2014-7248
    JVNDB
    JVN
    jexperts -- channel_platformMultiple cross-site scripting (XSS) vulnerabilities in JExperts Channel Platform 5.0.33_CCB allow remote attackers to inject arbitrary web script or HTML via the (1) usuario.nome variable in an editarUsuario action to usuario.do or (2) titulo.form variable in a novoChamado action to ticket.do.2014-11-134.3CVE-2014-8557
    XF
    BID
    FULLDISC
    MISC
    linux -- linux_kernelThe WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c.2014-11-104.9CVE-2014-3610
    CONFIRM
    CONFIRM
    UBUNTU
    MLIST
    CONFIRM
    linux -- linux_kernelRace condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation.2014-11-104.9CVE-2014-3611
    CONFIRM
    UBUNTU
    MLIST
    CONFIRM
    linux -- linux_kernelarch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.2014-11-104.9CVE-2014-3690
    CONFIRM
    CONFIRM
    MLIST
    MLIST
    CONFIRM
    CONFIRM
    linux -- linux_kernelA certain Debian patch to the IPv6 implementation in the Linux kernel 3.2.x through 3.2.63 does not properly validate arguments in ipv6_select_ident function calls, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging (1) tun or (2) macvtap device access.2014-11-104.9CVE-2014-7207
    CONFIRM
    MLIST
    linux -- linux_kernelkernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application.2014-11-104.9CVE-2014-7825
    CONFIRM
    CONFIRM
    MLIST
    CONFIRM
    linux -- linux_kernelkernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application.2014-11-104.6CVE-2014-7826
    CONFIRM
    CONFIRM
    MLIST
    CONFIRM
    linux -- linux_kernelThe kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601.2014-11-104.6CVE-2014-8369
    MLIST
    CONFIRM
    CONFIRM
    MLIST
    CONFIRM
    linux -- linux_kernelThe instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 lacks intended decoder-table flags for certain RIP-relative instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application.2014-11-104.9CVE-2014-8480
    CONFIRM
    CONFIRM
    MLIST
    MLIST
    CONFIRM
    linux -- linux_kernelThe instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 does not properly handle invalid instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application that triggers (1) an improperly fetched instruction or (2) an instruction that occupies too many bytes. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8480.2014-11-104.9CVE-2014-8481
    CONFIRM
    CONFIRM
    MLIST
    MLIST
    CONFIRM
    linux -- linux_kernelThe d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.2014-11-104.9CVE-2014-8559
    MLIST
    MLIST
    MLIST
    MLIST
    MLIST
    MLIST
    MLIST
    CONFIRM
    MLIST
    linux -- linux_kernelThe ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext information by reading packets.2014-11-105.0CVE-2014-8709
    CONFIRM
    MLIST
    CONFIRM
    CONFIRM
    manageengine -- password_manager_proSQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter.2014-11-176.5CVE-2014-8498
    MISC
    XF
    BID
    EXPLOIT-DB
    FULLDISC
    MISC
    OSVDB
    manageengine -- password_manager_proMultiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc.2014-11-176.5CVE-2014-8499
    MISC
    XF
    XF
    BID
    EXPLOIT-DB
    FULLDISC
    MISC
    OSVDB
    OSVDB
    megnicholas -- clean_and_simple_contact_formCross-site scripting (XSS) vulnerability in the Contact Form Clean and Simple (clean-and-simple-contact-form-by-meg-nicholas) plugin 4.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the cscf[name] parameter to contact-us/.2014-11-174.3CVE-2014-8955
    XF
    MISC
    microsoft -- internet_information_servicesThe IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions" list, which makes it easier for remote attackers to bypass an intended rule set via an HTTP request, aka "IIS Security Feature Bypass Vulnerability."2014-11-115.0CVE-2014-4078
    microsoft -- sharepoint_foundationCross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka "SharePoint Elevation of Privilege Vulnerability."2014-11-114.3CVE-2014-4116
    microsoft -- windows_7The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly log unauthorized login attempts supplying valid credentials, which makes it easier for remote attackers to bypass intended access restrictions via a series of attempts, aka "Remote Desktop Protocol (RDP) Failure to Audit Vulnerability."2014-11-115.0CVE-2014-6318
    microsoft -- windows_7The Windows Audio service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted web site, as demonstrated by execution of web script in Internet Explorer, aka "Windows Audio Service Vulnerability."2014-11-114.3CVE-2014-6322
    microsoft -- internet_explorerMicrosoft Internet Explorer 7 through 11 allows remote attackers to obtain sensitive clipboard information via a crafted web site, aka "Internet Explorer Clipboard Information Disclosure Vulnerability."2014-11-114.3CVE-2014-6323
    microsoft -- active_directory_federation_servicesMicrosoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability."2014-11-115.0CVE-2014-6331
    microsoft -- internet_explorerMicrosoft Internet Explorer 8 and 9 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."2014-11-115.0CVE-2014-6339
    microsoft -- internet_explorerMicrosoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."2014-11-114.3CVE-2014-6340
    microsoft -- internet_explorerMicrosoft Internet Explorer 9 and 10 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."2014-11-114.3CVE-2014-6345
    microsoft -- internet_explorerMicrosoft Internet Explorer 8 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."2014-11-114.3CVE-2014-6346
    microsoft -- internet_explorerMicrosoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-6350.2014-11-114.3CVE-2014-6349
    microsoft -- internet_explorerMicrosoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-6349.2014-11-114.3CVE-2014-6350
    mumble -- mumbleThe QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file.2014-11-165.0CVE-2014-3755
    MISC
    BID
    MLIST
    MLIST
    mumble -- mumbleThe client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip.2014-11-165.0CVE-2014-3756
    BID
    MLIST
    MLIST
    open_atrium_project -- open_atriumThe Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revision of the node.2014-11-125.0CVE-2014-8736
    phpmemcachedadmin_project -- phpmemcachedadminCross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-11-174.3CVE-2014-8732
    XF
    BID
    BUGTRAQ
    BUGTRAQ
    MISC
    phpmoneybooks -- phpmoneybooksDirectory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.2014-11-174.3CVE-2012-1669
    BID
    BUGTRAQ
    EXPLOIT-DB
    FULLDISC
    MISC
    OSVDB
    phpmoneybooks -- phpmoneybooksDirectory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2012-1669. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might have been fixed in 1.0.3.2014-11-174.3CVE-2012-6665
    SECUNIA
    OSVDB
    phpmyadmin -- phpmyadminCross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.2014-11-084.3CVE-2014-6300
    CONFIRM
    SUSE
    phpscriptlerim -- php_scriptlerim_who's_whoMultiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php.2014-11-176.8CVE-2014-8953
    XF
    EXPLOIT-DB
    MISC
    progress -- openedgeDirectory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the selection parameter.2014-11-125.0CVE-2014-8555
    MISC
    EXPLOIT-DB
    puppetlabs -- facterUntrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.2014-11-166.2CVE-2014-3248
    BID
    SECUNIA
    SECUNIA
    MISC
    qemu -- qemuOff-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.2014-11-154.6CVE-2014-5388
    MLIST
    CONFIRM
    UBUNTU
    MLIST
    MLIST
    CONFIRM
    qemu -- qemuThe set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.2014-11-145.0CVE-2014-7815
    CONFIRM
    SECUNIA
    SECUNIA
    SECUNIA
    CONFIRM
    redhat -- openshiftRed Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme.2014-11-166.5CVE-2014-0233
    CONFIRM
    redhat -- libvirtThe virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.2014-11-135.0CVE-2014-7823
    SECUNIA
    rubyonrails -- ruby_on_railsThe str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.2014-11-165.0CVE-2014-3916
    XF
    BID
    MLIST
    MLIST
    rubyonrails -- ruby_on_railsOff-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.2014-11-155.0CVE-2014-4975
    CONFIRM
    XF
    UBUNTU
    MLIST
    rubyonrails -- ruby_on_railsDirectory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence.2014-11-084.3CVE-2014-7818
    MLIST
    rubyonrails -- ruby_on_railsMultiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.2014-11-085.0CVE-2014-7819
    MLIST
    MLIST
    trendmicro -- interscan_web_security_virtual_applianceThe AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration input when saving filters.2014-11-074.0CVE-2014-8510
    MISC
    uninett -- mod_auth_mellonThe mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving "sessions overlapping in memory."2014-11-156.4CVE-2014-8566
    SECUNIA
    REDHAT
    vtiger -- vtiger_crmviews/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter.2014-11-155.0CVE-2014-2268
    MISC
    BID
    EXPLOIT-DB
    zend -- zend_frameworkZend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657.2014-11-156.4CVE-2014-2681
    MANDRIVA
    MLIST
    CONFIRM
    zend -- zend_frameworkZend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0, when PHP-FPM is used, does not properly share the libxml_disable_entity_loader setting between threads, which might allow remote attackers to conduct XML External Entity (XXE) attacks via an XML external entity declaration in conjunction with an entity reference. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657.2014-11-156.8CVE-2014-2682
    MANDRIVA
    MLIST
    CONFIRM
    zend -- zend_frameworkZend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-6532.2014-11-155.0CVE-2014-2683
    MANDRIVA
    MLIST
    CONFIRM
    zend -- zend_frameworkThe GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association handle, which allows remote attackers to bypass authentication and spoof arbitrary OpenID identities by using a malicious OpenID Provider that generates OpenID tokens with arbitrary identifier and claimed_id values.2014-11-156.4CVE-2014-2684
    MANDRIVA
    MLIST
    CONFIRM
    Back to top

    Low Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    apache -- hiveApache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.2014-11-163.5CVE-2014-0228
    BUGTRAQ
    MISC
    drupal -- organic_groups_menuThe Organic Groups Menu (aka OG Menu) module before 7.x-2.2 for Drupal allows remote authenticated users with the "access administration pages" permission to change module settings via unspecified vectors.2014-11-123.5CVE-2014-8734
    XF
    eucalyptus -- eucalyptusEucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obtain sensitive information by reading cloud-requests.log.2014-11-072.1CVE-2014-5037
    SECUNIA
    eucalyptus -- eucalyptusEucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or lower, logs user and system passwords, which allows local users to obtain sensitive information by reading the cloud log files.2014-11-072.1CVE-2014-5038
    forgerock -- openamThe Core Server in OpenAM 9.5.3 through 9.5.5, 10.0.0 through 10.0.2, 10.1.0-Xpress, and 11.0.0 through 11.0.2, when deployed on a multi-server network, allows remote authenticated users to cause a denial of service (infinite loop) via a crafted cookie in a request.2014-11-133.5CVE-2014-7246
    JVNDB
    JVN
    freebsd -- freebsdThe setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer.2014-11-132.1CVE-2014-8476
    FREEBSD
    SECUNIA
    SECUNIA
    ibm -- security_identity_managerIBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation.2014-11-173.3CVE-2014-6110
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    ibm -- sterling_b2b_integratorIBM Sterling B2B Integrator 5.2.x through 5.2.4, when the Connect:Direct Server Adapter is configured, does not properly process the logging configuration, which allows local users to obtain sensitive information by reading log files.2014-11-081.9CVE-2014-6146
    XF
    AIXAPAR
    ibm -- db2IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement.2014-11-083.5CVE-2014-6159
    XF
    AIXAPAR
    AIXAPAR
    AIXAPAR
    linux -- linux_kernelarch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.2014-11-102.1CVE-2014-3645
    CONFIRM
    MLIST
    CONFIRM
    linux -- linux_kernelarch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.2014-11-102.1CVE-2014-3646
    CONFIRM
    CONFIRM
    UBUNTU
    MLIST
    linux -- linux_kernelarch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.2014-11-102.1CVE-2014-3647
    CONFIRM
    CONFIRM
    UBUNTU
    MLIST
    CONFIRM
    nlnetlabs -- ldnsThe ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.2014-11-152.1CVE-2014-3209
    CONFIRM
    CONFIRM
    BID
    MLIST
    MLIST
    python -- pythonRace condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.2014-11-153.3CVE-2014-2667
    MLIST
    MLIST
    MLIST
    SUSE
    SUSE
    qemu -- qemuThe sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.2014-11-072.1CVE-2014-3640
    DEBIAN
    MLIST
    MLIST
    MLIST
    redhat -- jboss_enterprise_application_platformJBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions audit.log, which allows local users to obtain sensitive information by reading this file.2014-11-172.1CVE-2014-0059
    redhat -- openshiftRed Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.2014-11-132.1CVE-2014-3602
    Back to top

    This product is provided subject to this Notification and this Privacy & Use policy.


  • SB14-314: Vulnerability Summary for the Week of November 3, 2014
    Original release date: November 10, 2014 | Last revised: November 12, 2014

    The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

    The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

    • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

    • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

    • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

    Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

    High Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    accuenergy -- acuvim_iiThe web server on the AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to bypass authentication and modify settings via a direct request to an unspecified URL.2014-11-057.5CVE-2014-2373
    accuenergy -- acuvim_iiThe AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript.2014-11-057.5CVE-2014-2374
    asus -- rt_firmwareASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image.2014-11-047.8CVE-2014-2718
    XF
    BID
    FULLDISC
    MISC
    MISC
    bittorrent -- bootstrap-dhtThe lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap) allows remote attackers to execute arbitrary code via a crafted packet, which triggers an out-of-bounds read, related to "Improper Indexing."2014-10-317.5CVE-2014-8509
    CONFIRM
    MISC
    BID
    ca -- cloud_service_managementCA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.2014-11-047.5CVE-2014-8474
    cisco -- rv120wThe network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126.2014-11-079.0CVE-2014-2177
    cisco -- rv120wCross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145.2014-11-077.5CVE-2014-2178
    clip-share -- clipshareSQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ClipShare 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ch parameter.2014-11-047.5CVE-2014-8339
    XF
    MISC
    MISC
    compal_broadband_networks -- firmwareThe Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors.2014-11-0610.0CVE-2014-8656
    MISC
    EXPLOIT-DB
    MISC
    OSVDB
    cp_multi_view_event_calendar_project -- cp_multi_view_event_calendarSQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter.2014-11-047.5CVE-2014-8586
    XF
    BID
    EXPLOIT-DB
    MISC
    OSVDB
    debian -- aptAPT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.2014-11-037.5CVE-2014-0487
    SECUNIA
    SECUNIA
    debian -- aptAPT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.2014-11-037.5CVE-2014-0489
    SECUNIA
    SECUNIA
    debian -- aptThe apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.2014-11-037.5CVE-2014-0490
    SECUNIA
    SECUNIA
    emc -- rsa_web_threat_detectionSQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.2014-11-079.0CVE-2014-4627
    BUGTRAQ
    espocrm -- espocrmDirectory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php.2014-10-3110.0CVE-2014-7985
    MISC
    BID
    BUGTRAQ
    MISC
    ffmpeg -- ffmpegHeap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.2014-11-037.5CVE-2014-5271
    CONFIRM
    OSVDB
    CONFIRM
    ffmpeg -- ffmpeglibavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data.2014-11-057.5CVE-2014-8541
    CONFIRM
    CONFIRM
    ffmpeg -- ffmpeglibavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.2014-11-057.5CVE-2014-8542
    CONFIRM
    CONFIRM
    ffmpeg -- ffmpeglibavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data.2014-11-057.5CVE-2014-8543
    CONFIRM
    CONFIRM
    ffmpeg -- ffmpeglibavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.2014-11-057.5CVE-2014-8544
    CONFIRM
    CONFIRM
    ffmpeg -- ffmpeglibavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data.2014-11-057.5CVE-2014-8545
    CONFIRM
    CONFIRM
    ffmpeg -- ffmpegInteger underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data.2014-11-057.5CVE-2014-8546
    CONFIRM
    CONFIRM
    ffmpeg -- ffmpeglibavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data.2014-11-057.5CVE-2014-8547
    CONFIRM
    CONFIRM
    ffmpeg -- ffmpegOff-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data.2014-11-057.5CVE-2014-8548
    CONFIRM
    CONFIRM
    ffmpeg -- ffmpeglibavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data.2014-11-057.5CVE-2014-8549
    CONFIRM
    CONFIRM
    fortinet -- coyote_point_equalizerFortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors.2014-11-017.5CVE-2014-8582
    XF
    CONFIRM
    freeradius -- freeradiusStack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.2014-11-017.5CVE-2014-2015
    CONFIRM
    UBUNTU
    MLIST
    MLIST
    MLIST
    french_national_commission_on_informatics_and_liberty -- cookievizSQL injection vulnerability in info.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the domain parameter.2014-11-067.5CVE-2014-8351
    XF
    FULLDISC
    hp -- laserjet_cm3530_multifunction_printer_firmwareUnspecified vulnerability on the HP LaserJet CM3530 Multifunction Printer CC519A and CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.2014-11-049.0CVE-2014-7875
    joomla -- joomla!Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive.2014-11-037.5CVE-2014-7228
    MISC
    linksys -- e4200v2Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain sensitive information or modify data via a JNAP action in a JNAP/ HTTP request.2014-11-017.5CVE-2014-8244
    pro_softnet_corporation -- ibackupiBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Control) for ib_service.exe, which allows local users to gain privileges via a Trojan horse file.2014-11-037.2CVE-2014-5507
    XF
    BID
    EXPLOIT-DB
    MISC
    qemu -- qemuInteger signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow.2014-11-047.5CVE-2013-4148
    FEDORA
    CONFIRM
    qemu -- qemuBuffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table.2014-11-047.5CVE-2013-4149
    FEDORA
    CONFIRM
    qemu -- qemuThe virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an out-of-bounds write.2014-11-047.5CVE-2013-4150
    FEDORA
    CONFIRM
    qemu -- qemuThe virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write.2014-11-047.5CVE-2013-4151
    FEDORA
    CONFIRM
    qemu -- qemuBuffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports.2014-11-047.5CVE-2013-4526
    MLIST
    FEDORA
    CONFIRM
    qemu -- qemuBuffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers.2014-11-047.5CVE-2013-4527
    MLIST
    FEDORA
    CONFIRM
    qemu -- qemuBuffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image.2014-11-047.5CVE-2013-4529
    MLIST
    FEDORA
    qemu -- qemuBuffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image.2014-11-047.5CVE-2013-4530
    MLIST
    FEDORA
    CONFIRM
    qemu -- qemuBuffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len in a savevm image.2014-11-047.5CVE-2013-4531
    MLIST
    FEDORA
    CONFIRM
    qemu -- qemuBuffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image.2014-11-047.5CVE-2013-4533
    MLIST
    FEDORA
    CONFIRM
    qemu -- qemuBuffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements.2014-11-047.5CVE-2013-4534
    MLIST
    FEDORA
    CONFIRM
    qemu -- qemuThe ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image.2014-11-047.5CVE-2013-4537
    MLIST
    FEDORA
    CONFIRM
    qemu -- qemuMultiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image.2014-11-047.5CVE-2013-4538
    MLIST
    FEDORA
    CONFIRM
    qemu -- qemuMultiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image.2014-11-047.5CVE-2013-4539
    MLIST
    FEDORA
    CONFIRM
    qemu -- qemuBuffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image.2014-11-047.5CVE-2013-4540
    MLIST
    FEDORA
    CONFIRM
    qemu -- qemuThe usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value.2014-11-047.5CVE-2013-4541
    FEDORA
    CONFIRM
    qemu -- qemuThe virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access.2014-11-047.5CVE-2013-4542
    FEDORA
    CONFIRM
    qemu -- qemuArray index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image.2014-11-047.5CVE-2013-6399
    FEDORA
    CONFIRM
    qemu -- qemuHeap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image.2014-11-047.5CVE-2014-0182
    FEDORA
    CONFIRM
    qemu -- qemuInteger overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.2014-11-047.5CVE-2014-0222
    MLIST
    FEDORA
    FEDORA
    rsyslog -- rsyslogrsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.2014-11-017.5CVE-2014-3634
    MLIST
    DEBIAN
    SECUNIA
    SECUNIA
    sap -- commoncryptolibSAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.2014-11-047.5CVE-2014-8587
    CONFIRM
    CONFIRM
    SECUNIA
    MISC
    sap -- hanaSQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2014-11-047.5CVE-2014-8588
    MISC
    MISC
    MISC
    sap -- document_management_servicesSAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors.2014-11-067.2CVE-2014-8660
    MISC
    MISC
    MISC
    sap -- customer_relationship_management_internet_salesThe SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors.2014-11-0610.0CVE-2014-8661
    MISC
    MISC
    sap -- payroll_processUnspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling.2014-11-067.8CVE-2014-8662
    MISC
    MISC
    sap -- netweaver_business_warehouseSQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2014-11-067.5CVE-2014-8663
    MISC
    MISC
    sap -- environment_health_and_safetySQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2014-11-067.5CVE-2014-8664
    MISC
    MISC
    sap -- contract_accountingSQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2014-11-067.5CVE-2014-8668
    MISC
    MISC
    sap -- customer_relationship_managementThe SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors.2014-11-0610.0CVE-2014-8669
    MISC
    MISC
    MISC
    smarty -- smartySmarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.2014-11-037.5CVE-2014-8350
    CONFIRM
    CONFIRM
    XF
    BID
    MLIST
    MLIST
    symantec -- endpoint_protection_managerThe management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.2014-11-077.5CVE-2014-3437
    BID
    testlink -- testlinklib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter.2014-10-317.5CVE-2014-8081
    CONFIRM
    XF
    BID
    BUGTRAQ
    Back to top

    Medium Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    abb -- robotstudioUntrusted search path vulnerability in ABB RobotStudio 5.6x before 5.61.02 and Test Signal Viewer 1.5 allows local users to gain privileges via a Trojan horse DLL that is accessed as a result of incorrect DLL configuration by an optional installation program.2014-11-076.9CVE-2014-5430
    MISC
    ait-pro -- bulletproof-securityCross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter.2014-11-064.3CVE-2014-7958
    BUGTRAQ
    MISC
    ait-pro -- bulletproof-securitySQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter.2014-11-066.5CVE-2014-7959
    BUGTRAQ
    MISC
    allomani -- allomani_weblinksMultiple cross-site scripting (XSS) vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default URI to admin.php or the (2) id parameter to admin.php or (3) go.php.2014-11-044.3CVE-2014-8593
    XF
    BID
    MISC
    axway -- securetransportCross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/.2014-11-046.8CVE-2013-7057
    XF
    EXPLOIT-DB
    OSVDB
    bundler -- bundlerBundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.2014-10-315.0CVE-2013-0334
    FEDORA
    FEDORA
    FEDORA
    ca -- cloud_service_managementCA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to conduct replay attacks via unspecified vectors.2014-11-044.3CVE-2014-8471
    ca -- cloud_service_managementCA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.2014-11-046.8CVE-2014-8472
    ca -- cloud_service_managementCross-site request forgery (CSRF) vulnerability in CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.2014-11-046.8CVE-2014-8473
    cisco -- rv120wThe Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998.2014-11-075.0CVE-2014-2179
    cisco -- unity_connectionThe Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCur06493.2014-11-074.0CVE-2014-7988
    cisco -- b200_m3Cisco Unified Computing System on B-Series blade servers allows local users to gain shell privileges via a crafted (1) ping6 or (2) traceroute6 command, aka Bug ID CSCuq38176.2014-11-076.8CVE-2014-7989
    cisco -- air-ct5760Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the "request system shell" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815.2014-11-076.8CVE-2014-7990
    citrix -- xenmobileCitrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 applications, does not properly encrypt cached application data, which allows context-dependent attackers to obtain sensitive information by reading the cache.2014-10-315.0CVE-2014-8495
    XF
    BID
    classapps -- selectsurvey.netMultiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx.2014-11-066.5CVE-2014-6030
    FULLDISC
    MISC
    compal_broadband_networks -- firmwareCross-site scripting (XSS) vulnerability in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to inject arbitrary web script or HTML via the userData cookie.2014-11-064.3CVE-2014-8653
    XF
    MISC
    BID
    EXPLOIT-DB
    MISC
    OSVDB
    compal_broadband_networks -- firmwareMultiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attackers to hijack the authentication of administrators for requests that (1) have unspecified impact on DDNS configuration via a request to basicDDNS.html, (2) change the wifi password via the psKey parameter to setWirelessSecurity.html, (3) add a static MAC address via the MacAddress parameter in an add_static action to setBasicDHCP1.html, or (4) enable or disable UPnP via the UPnP parameter in an apply action to setAdvancedOptions.html.2014-11-066.8CVE-2014-8654
    XF
    MISC
    BID
    EXPLOIT-DB
    MISC
    OSVDB
    OSVDB
    OSVDB
    OSVDB
    compal_broadband_networks -- firmwareThe Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via an (a) admin or a (b) root value in the userData cookie in a request to (1) CmgwWirelessSecurity.xml, (2) DocsisConfigFile.xml, or (3) CmgwBasicSetup.xml in xml/ or (4) basicDDNS.html, (5) basicLanUsers.html, or (6) rootDesc.xml.2014-11-065.0CVE-2014-8655
    XF
    BID
    EXPLOIT-DB
    MISC
    OSVDB
    compal_broadband_networks -- firmwareThe Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to cause a denial of service (disconnect all wifi clients) via a request to wirelessChannelStatus.html.2014-11-065.0CVE-2014-8657
    XF
    MISC
    EXPLOIT-DB
    MISC
    OSVDB
    croogo -- croogoMultiple cross-site scripting (XSS) vulnerabilities in Croogo before 2.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to admin/contacts/contacts/add page; (2) data[Block][title] or (3) data[Block][alias] parameter to admin/blocks/blocks/edit page; (4) data[Region][title] parameter to admin/blocks/regions/add page; (5) data[Menu][title] or (6) data[Menu][alias] parameter to admin/menus/menus/add page; or (7) data[Link][title] parameter to admin/menus/links/add/menu page.2014-10-314.3CVE-2014-8577
    MISC
    XF
    OSVDB
    OSVDB
    OSVDB
    OSVDB
    EXPLOIT-DB
    MISC
    debian -- aptAPT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.2014-11-036.8CVE-2014-0488
    SECUNIA
    SECUNIA
    denon -- avr-3313ciCross-site scripting (XSS) vulnerability in s_network.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname.2014-11-064.3CVE-2014-8508
    MISC
    download_manager_project -- download_managerDirectory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.2014-11-045.0CVE-2014-8585
    XF
    BID
    MISC
    ellislab -- expressionengineMultiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php.2014-11-046.5CVE-2014-5387
    MISC
    MISC
    FULLDISC
    enalean -- tuleapSQL injection vulnerability in Enalean Tuleap before 7.5 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman.2014-11-046.5CVE-2014-7176
    MISC
    XF
    BID
    EXPLOIT-DB
    FULLDISC
    MISC
    enalean -- tuleapXML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.2014-10-314.0CVE-2014-7177
    MISC
    CONFIRM
    XF
    BID
    OSVDB
    FULLDISC
    epicor -- epicor_enterpriseEpicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection and email settings page.2014-11-035.0CVE-2014-4311
    EXPLOIT-DB
    FULLDISC
    MISC
    espocrm -- espocrminstall/index.php in EspoCRM before 2.6.0 allows remote attackers to re-install the application via a 1 value in the installProcess parameter.2014-10-315.0CVE-2014-7986
    MISC
    BID
    BUGTRAQ
    MISC
    espocrm -- espocrmCross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php.2014-10-314.3CVE-2014-7987
    MISC
    BID
    BUGTRAQ
    MISC
    estsoft -- alupdateESTsoft ALUpdate 8.5.1.0.0 uses weak permissions (Users: Full Control) for the (1) AlUpdate folder and (2) AlUpdate.exe, which allows local users to gain privileges via a Trojan horse file.2014-11-034.6CVE-2014-8494
    XF
    BID
    MISC
    f5 -- big-ip_advanced_firewall_managerMultiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.0, ARM 11.3.0 through 11.6.0, Analytics 11.0.0 through 11.6.0, APM and Edge Gateway 11.0.0 through 11.6.0 and 10.1.0 through 10.2.4, PEM 11.3.0 through 11.6.0, PSM 11.0.0 through 11.4.1 and 10.0.0 through 10.2.4, and WOM 11.0.0 through 11.3.0 and 10.0.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allow remote authenticated users to read arbitrary files and cause a denial of service via a crafted request, as demonstrated using (1) viewList or (2) deal elements.2014-11-015.5CVE-2014-6032
    MISC
    MISC
    FULLDISC
    FULLDISC
    FULLDISC
    ffmpeg -- ffmpeglibavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats.2014-11-036.8CVE-2014-5272
    CONFIRM
    MLIST
    formalms_project -- formalmsMultiple cross-site scripting (XSS) vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the (1) id_custom parameter in an amanmenu request or (2) id_game parameter in an alms/games/edit request to appCore/index.php.2014-11-064.3CVE-2014-5257
    MISC
    BUGTRAQ
    MISC
    fortinet -- fortianalyzer_firmwareMultiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.2014-10-314.3CVE-2014-2334
    fortinet -- fortianalyzer_firmwareMultiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.2014-10-314.3CVE-2014-2335
    fortinet -- fortimanagerMultiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.2014-10-314.3CVE-2014-2336
    french_national_commission_on_informatics_and_liberty -- cookievizCross-site scripting (XSS) vulnerability in json.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz allows remote we servers to inject arbitrary web script or HTML via the max_date parameter.2014-11-064.3CVE-2014-8352
    XF
    FULLDISC
    gwt_mobile_phonegap_showcase_project -- gwt_mobile_phonegap_showcaseCross-site scripting (XSS) vulnerability in the GWT Mobile PhoneGap Showcase application for Android allows remote attackers to inject arbitrary web script or HTML via a crafted Bluetooth Device Name field.2014-11-074.3CVE-2014-8671
    MISC
    MISC
    ibm -- websphere_commerceIBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.2014-11-054.0CVE-2014-4769
    XF
    ibm -- cognos_mobileIBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and 10.2.1 before FP4 IF1 preserves a session between the Cognos Mobile server and the Cognos Business Intelligence server after a logoff action on a mobile device, which makes it easier for remote attackers to bypass intended Business Intelligence restrictions by leveraging access to authentication data that was captured before this logoff.2014-11-054.3CVE-2014-4810
    XF
    ibm -- websphere_commerceIBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application crash) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.2014-11-054.3CVE-2014-4834
    XF
    ibm -- notes_travelerThe IBM Notes Traveler application before 9.0.1.3 for Android lacks a warning message during selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which the user had intended to use HTTPS.2014-11-045.0CVE-2014-6130
    XF
    katello -- katelloKatello allows remote attackers to cause a denial foser service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/controllers/katello/, which is passed to the to_sym method.2014-11-035.0CVE-2014-3712
    MISC
    XF
    BID
    MLIST
    meinberg -- lantime_m100Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-11-054.3CVE-2014-5417
    modx -- modx_revolutionCross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the "a" parameter to manager/. NOTE: this issue exists because of a CVE-2014-2080 regression.2014-11-064.3CVE-2014-5451
    MISC
    CONFIRM
    BID
    BUGTRAQ
    MISC
    nordex -- nordex_control_2_scadaCross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.2014-11-054.3CVE-2014-5408
    openstack -- keystoneOpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.2014-11-036.5CVE-2014-0204
    CONFIRM
    CONFIRM
    openstack -- horizonCross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template.2014-10-314.3CVE-2014-3473
    CONFIRM
    BID
    openstack -- horizonCross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578.2014-10-314.3CVE-2014-3475
    CONFIRM
    BID
    openstack -- computeOpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request.2014-10-314.0CVE-2014-3708
    CONFIRM
    openstack -- computeThe VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.2014-10-314.0CVE-2014-8333
    CONFIRM
    SECUNIA
    openstack -- horizonCross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475.2014-10-314.3CVE-2014-8578
    CONFIRM
    BID
    php -- phpThe donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.2014-11-055.0CVE-2014-3710
    CONFIRM
    CONFIRM
    CONFIRM
    plone -- ploneThe batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request.2014-11-034.3CVE-2012-5500
    CONFIRM
    MLIST
    REDHAT
    plone -- ploneThe error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope.2014-11-035.0CVE-2012-5508
    CONFIRM
    CONFIRM
    CONFIRM
    MLIST
    plone -- ploneZope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2).2014-11-035.0CVE-2012-6661
    CONFIRM
    CONFIRM
    CONFIRM
    MLIST
    qemu -- qemuInteger overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.2014-11-044.6CVE-2014-0223
    MLIST
    FEDORA
    qemu -- qemuhw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."2014-11-046.8CVE-2014-3461
    REDHAT
    REDHAT
    FEDORA
    MLIST
    quassel-irc -- quassel_ircThe blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.2014-11-065.0CVE-2014-8483
    DEBIAN
    SECUNIA
    SECUNIA
    redhat -- freeipaThe ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server.2014-11-035.0CVE-2013-0336
    CONFIRM
    XF
    BID
    SECUNIA
    redhat -- network_satelliteMultiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do.2014-11-034.3CVE-2014-3654
    refinedwiki -- refinedwiki_original_themeCross-site scripting (XSS) vulnerability in RefinedWiki Original Theme 3.x before 3.5.13 and 4.x before 4.0.12 for Confluence allows remote authenticated users with permissions to create or edit content to inject arbitrary web script or HTML via the versionComment parameter to pages/doeditpage.action.2014-11-064.0CVE-2014-8658
    MISC
    XF
    BID
    BUGTRAQ
    FULLDISC
    MISC
    rewardingyourself -- rewardingyourselfCross-site scripting (XSS) vulnerability in the RewardingYourself application for Android and BlackBerry OS allows remote attackers to inject arbitrary web script or HTML via a crafted QR code.2014-11-074.3CVE-2014-8672
    MISC
    MISC
    rsyslog -- rsyslogInteger overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.2014-11-015.0CVE-2014-3683
    MLIST
    SECUNIA
    ruby-lang -- rubyThe REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.2014-11-035.0CVE-2014-8080
    SECUNIA
    sap -- netweaverThe Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern.2014-11-065.0CVE-2014-0995
    CONFIRM
    XF
    BUGTRAQ
    MISC
    FULLDISC
    MISC
    MISC
    sap -- network_interface_routerInteger overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests.2014-11-045.0CVE-2014-8589
    CONFIRM
    CONFIRM
    MISC
    MISC
    sap -- netweaver_java_application_serverXML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request.2014-11-044.3CVE-2014-8590
    MISC
    MISC
    MISC
    sap -- netweaverUnspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors.2014-11-045.0CVE-2014-8591
    CONFIRM
    CONFIRM
    MISC
    MISC
    sap -- netweaverUnspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request.2014-11-045.0CVE-2014-8592
    CONFIRM
    CONFIRM
    MISC
    MISC
    MISC
    MISC
    MISC
    MISC
    sap -- environment_health_and_safetyDirectory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors.2014-11-065.0CVE-2014-8659
    MISC
    MISC
    MISC
    sap -- business_intelligence_development_workbenchThe SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files.2014-11-065.0CVE-2014-8665
    MISC
    MISC
    sap -- business_intelligence_development_workbenchThe User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors.2014-11-065.0CVE-2014-8666
    MISC
    MISC
    sap -- hana_web-based_development_workbenchCross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-11-064.3CVE-2014-8667
    MISC
    MISC
    symantec -- endpoint_protection_managerMultiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-11-074.3CVE-2014-3438
    CONFIRM
    BID
    symantec -- endpoint_protection_managerConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors.2014-11-076.1CVE-2014-3439
    CONFIRM
    BID
    testlink -- testlinklib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message.2014-10-315.0CVE-2014-8082
    CONFIRM
    XF
    BID
    vbulletin -- vbulletinOpen redirect vulnerability in go.php in vBulletin 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.2014-11-065.8CVE-2014-8670
    BID
    MISC
    web_dorado_spider_video_player_project -- web_dorado_spider_video_playerCross-site scripting (XSS) vulnerability in the Web Dorado Spider Video Player (aka WordPress Video Player) plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-11-044.3CVE-2014-8584
    webedition -- webedition_cmsDirectory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.2014-11-064.0CVE-2014-5258
    MISC
    BUGTRAQ
    MISC
    wordfence_security_project -- wordfence_securityCross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the whoisval parameter on the WordfenceWhois page to wp-admin/admin.php.2014-11-064.3CVE-2014-4664
    MISC
    wp-dbmanager_project -- wp-dbmanagerThe WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka "Path to Backup:" field) or (2) $backup['mysqldumppath'] variable.2014-10-316.5CVE-2014-8334
    XF
    MISC
    BID
    BUGTRAQ
    MLIST
    MLIST
    FULLDISC
    MISC
    OSVDB
    xmlsoft -- libxml2parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.2014-11-045.0CVE-2014-3660
    MISC
    CONFIRM
    MISC
    BID
    DEBIAN
    REDHAT
    SUSE
    Back to top

    Low Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    compfight_project -- compfightCross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter.2014-11-053.5CVE-2014-8622
    MISC
    eset -- personal_firewall_ndis_filterThe ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls.2014-11-042.1CVE-2014-4974
    MISC
    XF
    BID
    FULLDISC
    MISC
    linksys -- e4200v2Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain the administrator's MD5 password hash via a direct request for the /.htpasswd URI.2014-11-013.3CVE-2014-8243
    openstack -- horizonCross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name.2014-10-313.5CVE-2014-3474
    CONFIRM
    BID
    phpmyadmin -- phpmyadminMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page.2014-11-053.5CVE-2014-8326
    CONFIRM
    CONFIRM
    qemu -- qemuThe VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.2014-11-012.1CVE-2014-3615
    REDHAT
    REDHAT
    CONFIRM
    CONFIRM
    shim_project -- shimThe default configuration in systemd-shim 8 enables the Abandon debugging clause, which allows local users to cause a denial of service via unspecified vectors.2014-10-312.1CVE-2014-8399
    CONFIRM
    Back to top

    This product is provided subject to this Notification and this Privacy & Use policy.


CERT Technical Feed

US-CERT Alerts
Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
  • TA14-323A: Microsoft Windows Kerberos KDC Remote Privilege Escalation Vulnerability
    Original release date: November 19, 2014

    Systems Affected

    • Microsoft Windows Vista, 7, 8, and 8.1
    • Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2

    Overview

    A remote escalation of privilege vulnerability exists in implementations of Kerberos Key Distribution Center (KDC) in Microsoft Windows which could allow a remote attacker to take control of a vulnerable system. [1]

    Description

    The Microsoft Windows Kerberos KDC fails to properly check service tickets for valid signatures, which can allow aspects of the service ticket to be forged. The improper check allows an attacker to escalate valid domain user account privileges to those of a domain administrator account, which renders the entire domain vulnerable to compromise.

    At the time this release was issued, Microsoft was aware of limited, targeted attacks attempting to exploit this vulnerability.

    Impact

    A valid domain user can pass invalid domain administrator credentials, gain access and compromise any system on the domain, including the domain controller. [2]

    Solution

    An update is available from Microsoft. Please see Microsoft Security Bulletin MS14-068 and Microsoft Research Security and Defense Blog for more details, and apply the necessary updates.[1, 3

    References

    Revision History

    • November 19, 2014: Initial Draft

    This product is provided subject to this Notification and this Privacy & Use policy.


  • TA14-318B: Microsoft Windows OLE Automation Array Remote Code Execution Vulnerability
    Original release date: November 14, 2014

    Systems Affected

    • Microsoft Windows Vista, 7, 8, 8.1, RT, and RT 8.1
    • Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2

    Overview

    A vulnerability in Microsoft Windows Object Linking and Embedding (OLE) could allow remote code execution if a user views a specially-crafted web page in Internet Explorer.[1]

    Description

    The Microsoft Windows OLE OleAut32.dll library provides the SafeArrayRedim function that allows resizing of SAFEARRAY objects in memory.[2] In certain circumstances, this library does not properly check sizes of arrays when an error occurs. The improper size allows an attacker to manipulate memory in a way that can bypass the Internet Explorer Enhanced Protected Mode (EPM) sandbox as well as the Enhanced Mitigation Experience Toolkit (EMET).

    This vulnerability can be exploited using a specially-crafted web page utilizing VBscript in Internet Explorer. However, it may impact other software that makes use of OleAut32.dll and VBscript.

    Exploit code is publicly available for this vulnerability. Additional details may be found in CERT/CC Vulnerability Note VU#158647.

    Impact

    Arbitrary code can be run on the computer with user privileges. If the user is an administrator, the attacker may run arbitrary code as an administrator, fully compromising the system. 

    Solution

    An update is available from Microsoft.[3] Please see Microsoft Security Bulletin MS14-064 for more details and mitigation guidance, and apply the necessary updates.

    References

    Revision History

    • November 14, 2014: Initial Release

    This product is provided subject to this Notification and this Privacy & Use policy.


  • TA14-318A: Microsoft Secure Channel (Schannel) Vulnerability (CVE-2014-6321)
    Original release date: November 14, 2014

    Systems Affected

    • Microsoft Windows Vista, 7, 8, 8.1, RT, and RT 8.1
    • Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2

    Microsoft Windows XP and 2000 may also be affected.

    Overview

    A critical vulnerability in Microsoft Windows systems could allow a remote attacker to execute arbitrary code via specially crafted network traffic.[1]

    Description

    Microsoft Secure Channel (Schannel) is a security package that provides SSL and TLS on Microsoft Windows platforms.[2, 3] Due to a flaw in Schannel, a remote attacker could execute arbitrary code on both client and server applications.[1]

    It may be possible for exploitation to occur without authentication and via unsolicited network traffic. According to Microsoft MS14-066, there are no known mitigations or workarounds.[2]

    Microsoft patches are typically reverse-engineered and exploits developed in a matter of days or weeks.[4] An anonymous Pastebin user has threatened to publish an exploit on Friday, November 14, 2014.[5]

    Impact

    This flaw allows a remote attacker to execute arbitrary code and fully compromise vulnerable systems.[6]

    Solution

    Microsoft has released Security Bulletin MS14-066 to address this vulnerability in supported operating systems.[2]

    References

    Revision History

    • November 14, 2014: Initial Release

    This product is provided subject to this Notification and this Privacy & Use policy.


Valid XHTML 1.0 Transitional CSS ist valide!