The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.
Monthly Archives: August 2014
2FA – are big banks failing America?
The Target breach caused real damage to millions of American card users – but big financial institutions are doing little to remedy security issues, according to the New York Times.
A report found that two-factor security was STILL not on offer at major banks such as Citibank, Capital One and for AmEx cards, when it came to online banking. Many other banks require customers to opt in.
The reason, the NYT claims, is economy – for the banks, “Companies have gone back and forth about whether to even allow their customers to sign up for that second factor and require the company to generate a one-time code to be entered in addition to a username and password.”
“While such precautions add to the consumer’s security, they can also increase the company’s tech support needs.”
2FA: Big savings – for banks
The opinion piece, a plea for increased adoption of two-factor authentication systems, has ignited debate.
Computer World discusses if there are any “silver bullets†for a world where passwords are stolen in industrial quantities. Some attacks such as a recent attempt against PayPal have attempted to bypass these systems – but they are still another hurdle for gangs to clear.
The below ESET video explains what two-factor is.
Two-factor systems are far more secure than passwords – many high-profile hacks, such as those against the Twitter accounts of media organizations last year, could not have happened if a 2FA system had been in place. Even if a hacker places malware on a PC and steals a password, they are still locked out.
2FA: Why are banks failing us?
Information Week says that 2FA systems are a key part of ensuring corporate security: “Passwords are the Achilles heel of any network. Around 80% of all domain compromises carried out by our Penetration Testing team come from either a weak password being set, or a password being reused somewhere. Any company that takes its security seriously should protect privileged accounts with strong two-factor authentication (2FA).”
A recent report found that two-thirds of companies who allowed ‘working from home’ failed to provide secure access to company networks, putting private corporate information at risk.
Two-factor systems can help small businesses by allowing home working – and cutting overheads such as office space.
Bank attacks – safety tips
Both Information Age and Computer World suggested further measures – with Computer World suggesting Google Chromebooks as ideal for banking.
“Like private browsing, guest mode erases all traces of your browsing activity when you’re done, but in addition, it also starts you off with a clean slate. That is, when you logon as a Guest there are no cookies, favorites or browsing history to be discovered, stolen or manipulated,†the magazine writes.
One of the more disquieting aspects of the NYT report was that 2FA protection was offered only to some customers – and banks were not clear as to why.
Many sites – including Twitter, Gmail and Dropbox – offer two-factor systems already, free, although you have to enable them yourself – it’s usually found under Settings or Privacy, and most sites walk you through the process.
It’s worth doing so if you keep any private information in such accounts – and particularly if you store sensitive business information.
Two-factor authentication makes it far more difficult – although not impossible – for cybercriminals to break into accounts on sites such as Twitter and Dropbox. At present, though, the system is “opt-in†– you have to go to settings, and add your authentication method manually.
Â
The post 2FA – are big banks failing America? appeared first on We Live Security.
Fedora Security Team
Vulnerabilities in software happen. When they get fixed it’s up to the packager to make those fixes available to the systems using the software. Duplicating much of the response efforts that Red Hat Product Security performs for Red Hat products, the Fedora Security Team (FST) has recently been created to assist packagers get vulnerability fixes downstream in a timely manner.
At the beginning of July, there were over 500 vulnerability tickets open* against Fedora and EPEL. Many of these vulnerabilities already had patches or releases available to remedy the problems but not all. The Team has already found several examples of upstream not knowing that the vulnerability exists and was able to fix the issue quickly. This is one of the reasons having a dedicated team to work these issues is so important.
In the few short weeks since the Team was created, we’ve already closed 14 vulnerability tickets and are working another 150. We hope to be able to work in a more real-time environment once the backlog decreases. Staying in front of the vulnerabilities will not be easy, however. During the week of August 3rd, 27 new tickets were opened for packages in Fedora and EPEL. While we haven’t figured out a way to get ahead of the problem, we are trying to deal with the aftermath and get fixes pushed to the users as quickly as possible.
Additional information on the mission and the Team can be found on our wiki page. If you’d like to get involved please join us for one of our meetings and subscribe to our listserv.
* A separate vulnerability ticket is sometimes opened for different versions of Fedora and EPEL resulting in multiple tickets for a single vulnerability. This makes informing the packager easier but also inflates the numbers significantly.
MS14-044 – Important: Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340) – Version: 1.1
Severity Rating: Important
Revision Note: V1.1 (August 13, 2014): Revised bulletin to correct the Update FAQ that addresses the question, Will these security updates be offered to SQL Server clusters?
Summary: This security update resolves two privately reported vulnerabilities in Microsoft SQL Server (one in SQL Server Master Data Services and the other in the SQL Server relational database management system). The more severe of these vulnerabilities, affecting SQL Server Master Data Services, could allow elevation of privilege if a user visits a specially crafted website that injects a client-side script into the user’s instance of Internet Explorer. In all cases, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker’s website, or by getting them to open an attachment sent through email.
MS14-036 – Critical: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (2967487) – Version: 2.0
Severity Rating: Critical
Revision Note: V2.0 (August 12, 2014): Rereleased bulletin to announce the offering of update 2881071 to replace update 2767915 for systems running Microsoft Office 2010 Service Pack 1 or Microsoft Office 2010 Service Pack 2. See the Update FAQ for details.
Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync. The vulnerabilities could allow remote code execution if a user opens a specially crafted file or webpage. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS14-048 – Important: Vulnerability in OneNote Could Allow Remote Code Execution (2977201) – Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (August 12, 2014): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft OneNote. The vulnerability could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft OneNote. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS14-047 – Important: Vulnerability in LRPC Could Allow Security Feature Bypass (2978668) – Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (August 12, 2014): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker uses the vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that takes advantage of the ASLR bypass to run arbitrary code.
MS14-043 – Critical: Vulnerability in Windows Media Center Could Allow Remote Code Execution (2978742) – Version: 1.0
Severity Rating: Critical
Revision Note: V1.0 (August 12, 2014): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that invokes Windows Media Center resources.
MS14-050 – Important: Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (2977202) – Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (August 12, 2014): Bulletin published.
Summary: This security update resolves one privately reported vulnerability in Microsoft SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could use a specially crafted app to run arbitrary JavaScript in the context of the user on the current SharePoint site.
SB14-223: Vulnerability Summary for the Week of August 4, 2014
Original release date: August 11, 2014
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| all_video_gallery_plugin_project — all_video_gallery_plugin | Unspecified vulnerability in the All Video Gallery (all-video-gallery) plugin before 1.2.0 for WordPress has unspecified impact and attack vectors. | 2014-08-06 | 7.5 | CVE-2012-6653 |
| ayatana_project — unity | Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not properly take focus of the keyboard when switching to the lock screen, which allows physically proximate attackers to bypass the lock screen by (1) leveraging a machine that had text selected when locking or (2) resuming from a suspension. | 2014-08-07 | 7.2 | CVE-2014-5195 CONFIRM UBUNTU |
| ctdb_project — ctdb | ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related to “several temp file vulnerabilities” in (1) tcp/tcp_connect.c, (2) server/eventscript.c, (3) tools/ctdb_diagnostics, (4) config/gdb_backtrace, and (5) include/ctdb_private.h. | 2014-08-06 | 7.5 | CVE-2013-4159 CONFIRM MLIST MISC |
| lead_octopus — lead_octopus | SQL injection vulnerability in lib/optin/optin_page.php in the Lead Octopus plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2014-08-07 | 7.5 | CVE-2014-5189 BID MISC OSVDB |
| rocketsoftware — rocket_servergraph | Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet. | 2014-08-07 | 10.0 | CVE-2014-3914 MISC MISC MISC MISC MISC EXPLOIT-DB |
| samba — samba | NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h. | 2014-08-06 | 7.9 | CVE-2014-3560 CONFIRM UBUNTU SECTRACK |
| sphider — sphider | Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Spider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter. | 2014-08-06 | 7.5 | CVE-2014-5082 MISC |
| sphider — sphider | SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter. | 2014-08-07 | 7.5 | CVE-2014-5192 XF EXPLOIT-DB |
| splunk — splunk | Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the file parameter. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7394 is for the issue in the “runshellscript echo.sh” script. | 2014-08-07 | 9.3 | CVE-2013-6771 MISC |
| splunk — splunk | The “runshellscript echo.sh” script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string. NOTE: this issue was SPLIT from CVE-2013-6771 per ADT2 due to different vulnerability types. | 2014-08-07 | 9.0 | CVE-2013-7394 MISC |
| status2k — status2k | SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter. | 2014-08-06 | 7.5 | CVE-2014-5089 MISC |
| teampass — teampass | TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) “change_user_language” request to sources/main.queries.php. | 2014-08-07 | 7.5 | CVE-2014-3771 MLIST MLIST |
| teampass — teampass | TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php. | 2014-08-07 | 7.5 | CVE-2014-3772 MLIST MLIST |
| teampass — teampass | Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_password action in sources/main.queries.php; iDisplayStart parameter to (3) datatable.logs.php or (4) a file in source/datatable/; or iDisplayLength parameter to (5) datatable.logs.php or (6) a file in source/datatable/; or allow remote authenticated users to execute arbitrary SQL commands via a sSortDir_ parameter to (7) datatable.logs.php or (8) a file in source/datatable/. | 2014-08-07 | 7.5 | CVE-2014-3773 MLIST MLIST |
| yealink — sip-t38g | cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files. | 2014-08-03 | 9.0 | CVE-2013-5758 OSVDB EXPLOIT-DB EXPLOIT-DB MISC MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| all_video_gallery_plugin_project — all-video-gallery | SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit action in the allvideogallery_videos page to wp-admin/admin.php. | 2014-08-06 | 6.5 | CVE-2014-5186 MISC |
| canonical — reportbug | reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py. | 2014-08-06 | 6.8 | CVE-2014-0479 CONFIRM BID DEBIAN |
| ckeditor — ckeditor | Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-08-07 | 4.3 | CVE-2014-5191 SECUNIA |
| efssoft — easy_file_sharing_web_server | Multiple cross-site scripting (XSS) vulnerabilities in Easy File Sharing (EFS) Web Server 6.8 allow remote authenticated users to inject arbitrary web script or HTML via the content parameter when (1) creating a topic or (2) posting an answer. NOTE: some of these details are obtained from third party information. | 2014-08-06 | 4.3 | CVE-2014-5178 XF BUGTRAQ SECUNIA MISC |
| embarcadero — er/studio_data_architect | Stack-based buffer overflow in the loadExtensionFactory method in the TSVisualization ActiveX control in Embarcadero ER/Studio Data Architect allows remote attackers to execute arbitrary code via unspecified vectors. | 2014-08-07 | 6.8 | CVE-2014-4647 MISC XF BID |
| freelinking_for_case_tracker_project — freelinking_for_case_tracker | The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link. | 2014-08-06 | 4.3 | CVE-2014-5179 XF BID |
| hdwplayer — hdw-player-video-player-video-gallery | SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action to wp-admin/admin.php. | 2014-08-06 | 6.5 | CVE-2014-5180 MISC |
| ipython — ipython_notebook | IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page. | 2014-08-07 | 6.8 | CVE-2014-3429 CONFIRM CONFIRM XF MLIST MLIST CONFIRM |
| last.fm_rotation_plugin_project — lastfm-rotation_plugin | Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the snode parameter. | 2014-08-06 | 5.0 | CVE-2014-5181 MISC |
| lyris — list_manager | Cross-site scripting (XSS) vulnerability in doemailpassword.tml in Lyris ListManager (LM) 8.95a allows remote attackers to inject arbitrary web script or HTML via the EmailAddr parameter. | 2014-08-07 | 4.3 | CVE-2014-5188 MISC BID MISC |
| openstack — compute | api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests. | 2014-08-07 | 4.3 | CVE-2014-3517 CONFIRM |
| ostenta — yawpp | Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php. | 2014-08-06 | 6.0 | CVE-2014-5182 MISC |
| pyplate — pyplate | Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 2014-08-07 | 5.0 | CVE-2014-3852 MLIST MLIST |
| pyplate — pyplate | Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 2014-08-07 | 5.0 | CVE-2014-3853 MLIST MLIST |
| pyplate — pyplate | Cross-site request forgery (CSRF) vulnerability in admin/addScript.py in Pyplate 0.08 allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the title parameter. | 2014-08-07 | 6.8 | CVE-2014-3854 MLIST MLIST |
| pyplate — pyplate | Directory traversal vulnerability in download.py in Pyplate 0.08 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | 2014-08-07 | 5.0 | CVE-2014-3855 MLIST MLIST |
| quartz_plugin_project — quartz_plugin | SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands via the quote parameter in an edit action in the quartz/quote_form.php page to wp-admin/edit.php. | 2014-08-06 | 6.0 | CVE-2014-5185 MISC |
| si_captcha_anti-spam_project — si_captcha_anti-spam | Cross-site scripting (XSS) vulnerability in captcha-secureimage/test/index.php in the SI CAPTCHA Anti-Spam plugin 2.7.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 2014-08-07 | 4.3 | CVE-2014-5190 BID MISC |
| simple_retail_menus_plugin_project — simple-retail-menus | SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus (simple-retail-menus) plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL commands via the targetmenu parameter in an edit action to wp-admin/admin.php. | 2014-08-06 | 6.5 | CVE-2014-5183 MISC |
| solarwinds — network_configuration_manager | Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property. | 2014-08-07 | 6.8 | CVE-2014-3459 MISC |
| sphider — sphider | Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082. | 2014-08-07 | 4.3 | CVE-2014-5193 EXPLOIT-DB |
| sphider — sphider | Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter. | 2014-08-07 | 6.5 | CVE-2014-5194 EXPLOIT-DB |
| status2k — status2k | Cross-site scripting (XSS) vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php. | 2014-08-06 | 4.3 | CVE-2014-5088 MISC |
| status2k — status2k | admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel. | 2014-08-06 | 6.5 | CVE-2014-5090 MISC |
| stripshow_plugin_project — stripshow | SQL injection vulnerability in the stripshow-storylines page in the stripShow plugin 2.5.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the story parameter in an edit action to wp-admin/admin.php. | 2014-08-06 | 6.5 | CVE-2014-5184 MISC |
| symantec — endpoint_protection | Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call. | 2014-08-06 | 6.9 | CVE-2014-3434 CERT-VN BID EXPLOIT-DB |
| teampass — teampass | Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element. | 2014-08-07 | 4.3 | CVE-2014-3774 MLIST MLIST |
| tom_m8te_plugin_project — tom-m8te_plugin | Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php. | 2014-08-06 | 5.0 | CVE-2014-5187 MISC |
| yealink — sip-t38g | Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx. | 2014-08-03 | 4.0 | CVE-2013-5756 EXPLOIT-DB |
| yealink — sip-t38g | Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx. | 2014-08-03 | 4.0 | CVE-2013-5757 EXPLOIT-DB |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| pyplate — pyplate | usr/lib/cgi-bin/create_passwd_file.py in Pyplate 0.08 uses world-readable permissions for passwd.db, which allows local users to obtain the administrator password by reading this file. | 2014-08-07 | 2.1 | CVE-2014-3851 MLIST MLIST |
| redhat — enterprise_virtualization | libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods. | 2014-08-03 | 1.9 | CVE-2014-0179 SUSE SUSE CONFIRM |
| redhat — enterprise_virtualization | The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM’s disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM’s memory and obtain sensitive information via an uninitialized storage volume. | 2014-08-06 | 3.5 | CVE-2014-3559 |
| redhat — enterprise_virtualization | libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors. | 2014-08-03 | 1.2 | CVE-2014-5177 REDHAT SUSE SUSE CONFIRM |
| xbmc — xbmc | XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file. | 2014-08-07 | 2.1 | CVE-2014-3800 MISC MLIST MLIST MISC |
This product is provided subject to this Notification and this Privacy & Use policy.