Original release date: November 24, 2014
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| advantech — eki-6340 | cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi. | 2014-11-20 | 9.0 | CVE-2014-8387 BID BUGTRAQ MISC FULLDISC |
| advantech — advantech_webaccess | Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document. | 2014-11-20 | 7.2 | CVE-2014-8388 MISC |
| apache — mod_auth_mellon | The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data. | 2014-11-14 | 9.4 | CVE-2014-8567 MLIST CONFIRM SECUNIA CONFIRM |
| apple — iphone_os | Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses. | 2014-11-18 | 7.2 | CVE-2014-4451 |
| apple — iphone_os | The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled. | 2014-11-18 | 7.5 | CVE-2014-4457 |
| apple — apple_tv | The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application. | 2014-11-18 | 9.3 | CVE-2014-4461 |
| arubanetworks — clearpass | Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-6627. | 2014-11-19 | 10.0 | CVE-2014-5342 SECUNIA |
| arubanetworks — clearpass | The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors. | 2014-11-19 | 9.0 | CVE-2014-6625 SECUNIA |
| arubanetworks — clearpass | Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors. | 2014-11-19 | 10.0 | CVE-2014-6626 SECUNIA |
| arubanetworks — clearpass | Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342. | 2014-11-19 | 9.0 | CVE-2014-6627 SECUNIA |
| checkpoint — security_gateway | Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS request. | 2014-11-16 | 7.1 | CVE-2014-8950 CONFIRM SECUNIA |
| checkpoint — security_gateway | Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) Anti-Bot, or (6) Anti-Virus blade is used, allows remote attackers to cause a denial of service (fwk0 process crash, core dump, and restart) via a redirect to the UserCheck page. | 2014-11-16 | 7.1 | CVE-2014-8951 SECUNIA |
| checkpoint — security_gateway | Multiple unspecified vulnerabilities in Check Point Security Gateway R75.40VS, R75.45, R75.46, R75.47, R76, R77, and R77.10, when the (1) IPS blade, (2) IPsec Remote Access, (3) Mobile Access / SSL VPN blade, (4) SSL Network Extender, (5) Identify Awareness blade, (6) HTTPS Inspection, (7) UserCheck, or (8) Data Leak Prevention blade module is enabled, allow remote attackers to cause a denial of service (“stability issue”) via an unspecified “traffic condition.” | 2014-11-16 | 7.1 | CVE-2014-8952 SECUNIA |
| cisco — ios | Cisco IOS on Aironet access points, when “dot11 aaa authenticator” debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509. | 2014-11-14 | 7.1 | CVE-2014-7998 |
| digitalvidhya — digi_online_examination_system | Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/uploads/images/. | 2014-11-20 | 7.5 | CVE-2014-8997 XF EXPLOIT-DB MISC |
| faronics — deep_freeze | The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, related to the IofCallDriver function. | 2014-11-20 | 7.2 | CVE-2014-2382 MISC FULLDISC MISC |
| freerdp_project — freerdp | Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated. | 2014-11-16 | 7.5 | CVE-2014-0250 CONFIRM BID MLIST SUSE |
| google — chrome | Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. | 2014-11-19 | 7.5 | CVE-2014-7900 CONFIRM CONFIRM |
| google — chrome | Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long segment in a JPEG image. | 2014-11-19 | 7.5 | CVE-2014-7901 CONFIRM CONFIRM |
| google — chrome | Use-after-free vulnerability in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. | 2014-11-19 | 7.5 | CVE-2014-7902 CONFIRM |
| google — chrome | Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG image. | 2014-11-19 | 7.5 | CVE-2014-7903 CONFIRM CONFIRM |
| google — chrome | Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2014-11-19 | 7.5 | CVE-2014-7904 CONFIRM |
| google — chrome | Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of the object’s lifetime. | 2014-11-19 | 7.5 | CVE-2014-7906 CONFIRM CONFIRM |
| google — chrome | Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger improper handling of a detached frame, related to the (1) lock and (2) unlock methods. | 2014-11-19 | 7.5 | CVE-2014-7907 CONFIRM CONFIRM |
| google — chrome | Multiple integer overflows in the CheckMov function in media/base/container_names.cc in Google Chrome before 39.0.2171.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a large atom in (1) MPEG-4 or (2) QuickTime .mov data. | 2014-11-19 | 7.5 | CVE-2014-7908 CONFIRM CONFIRM |
| google — chrome | Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 2014-11-19 | 7.5 | CVE-2014-7910 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| lantronix — xprintserver | Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action. | 2014-11-20 | 10.0 | CVE-2014-9002 XF FULLDISC MISC MISC |
| mantisbt — mantisbt | The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier. | 2014-11-18 | 7.5 | CVE-2014-7146 XF BID CONFIRM MLIST |
| microsoft — windows_7 | The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka “Kerberos Checksum Vulnerability.” | 2014-11-18 | 9.0 | CVE-2014-6324 CONFIRM |
| netbsd — netbsd | The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. | 2014-11-17 | 7.5 | CVE-2014-8517 SECUNIA SECUNIA MLIST MLIST SUSE |
| php-fusion — php-fusion | Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php. | 2014-11-17 | 7.5 | CVE-2014-8596 MISC XF BID EXPLOIT-DB MISC OSVDB |
| protected_pages_project — protected_pages | The Protected Pages module 7.x-2.x before 7.x-2.4 for Drupal allows remote attackers to bypass the password protection via a crafted path. | 2014-11-20 | 7.5 | CVE-2014-9024 |
| samba — ppp | Integer overflow in the getword function in options.c in pppd in Paul’s PPP Package (ppp) before 2.4.7 allows attackers to “access privileged options” via a long word in an options file, which triggers a heap-based buffer overflow that “[corrupts] security-relevant variables.” | 2014-11-15 | 7.5 | CVE-2014-3158 CONFIRM MLIST FEDORA |
| sap — governance_risk_and_compliance | Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request. | 2014-11-18 | 9.0 | CVE-2013-3678 MISC XF BID BUGTRAQ MISC FULLDISC MISC |
| vld_interactive — vldpersonals | Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search action to index.php. | 2014-11-20 | 7.5 | CVE-2014-9005 XF EXPLOIT-DB |
| webfs — webfs | The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file. | 2014-11-16 | 7.2 | CVE-2013-0347 XF BID MLIST MLIST MLIST OSVDB |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — cordova | Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL. | 2014-11-15 | 6.4 | CVE-2014-3500 BID |
| apache — cordova | Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView. | 2014-11-15 | 4.3 | CVE-2014-3501 BID |
| apache — cordova | Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent. | 2014-11-15 | 4.3 | CVE-2014-3502 BID |
| apache — qpid | XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message. | 2014-11-17 | 4.3 | CVE-2014-3629 XF BID BUGTRAQ SECUNIA MISC |
| apple — apple_tv | WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462. | 2014-11-18 | 5.4 | CVE-2014-4452 |
| apple — iphone_os | Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. | 2014-11-18 | 5.0 | CVE-2014-4453 |
| apple — mac_os_x | The “System Profiler About This Mac” component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors. | 2014-11-18 | 5.0 | CVE-2014-4458 |
| apple — mac_os_x | Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. | 2014-11-18 | 6.8 | CVE-2014-4459 |
| apple — apple_tv | WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452. | 2014-11-18 | 5.8 | CVE-2014-4462 |
| arubanetworks — clearpass | Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting and diagnostics page in production systems, which allows remote attackers to obtain version numbers, module configuration, and other sensitive information by reading the page. | 2014-11-19 | 5.0 | CVE-2014-6621 SECUNIA |
| arubanetworks — clearpass | Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to determine the validity of filenames via unspecified vectors. | 2014-11-19 | 5.0 | CVE-2014-6622 SECUNIA |
| arubanetworks — clearpass | The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to read arbitrary files via unspecified vectors. | 2014-11-19 | 6.8 | CVE-2014-6624 SECUNIA |
| atlas_systems — aeon | Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems Aeon 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) Action or (2) Form parameter to aeon.dll. | 2014-11-19 | 4.3 | CVE-2014-7290 XF MISC FULLDISC MISC |
| bestpractical — rt-extension-mobileui | The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and caches via unspecified vectors. | 2014-11-15 | 5.0 | CVE-2013-3737 OSVDB SECUNIA |
| cisco — ios | The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014. | 2014-11-17 | 5.0 | CVE-2014-7992 |
| cisco — unified_computing_system | Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477. | 2014-11-18 | 6.8 | CVE-2014-7996 |
| cisco — ios | The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281. | 2014-11-14 | 6.1 | CVE-2014-7997 |
| cisco — unified_communications_manager_im_and_presence_service | Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497. | 2014-11-20 | 5.0 | CVE-2014-8000 |
| codecanyon — phpsound | Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Description fields in a playlist or the (3) filter parameter in an explore action to index.php. | 2014-11-17 | 4.3 | CVE-2014-8954 EXPLOIT-DB MISC |
| commerceguys — commerce | The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via unspecified vectors. | 2014-11-20 | 5.0 | CVE-2014-9025 |
| docker — docker | Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. | 2014-11-17 | 5.0 | CVE-2014-5277 CONFIRM SUSE |
| dolibarr — dolibarr_erp/crm | Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet/tasks/contact.php; (4) lineid parameter in a deletecontact action, (5) ligne parameter in a swapstatut action, or (6) ref parameter to projet/contact.php; (7) id parameter to compta/bank/fiche.php, (8) contact/info.php, (9) holiday/index.php, (10) product/stock/fiche.php, (11) product/stock/info.php, or (12) in an edit action to product/stock/fiche.php; (13) productid parameter in an addline action to product/stock/massstockmove.php; (14) project_ref parameter to projet/tasks/note.php; (15) ref parameter to element.php, (16) ganttview.php, (17) note.php, or (18) tasks.php in projet/; (19) sall or (20) sref parameter to comm/mailing/liste.php; (21) search_bon, (22) search_ligne, (23) search_societ e, or (24) search_code parameter to compta/prelevement/liste.php; (25) search_label parameter to compta/sociales/index.php; (26) search_project parameter to projet/tasks/index.php; (27) search_societe parameter to compta/prelevement/demandes.php; (28) search_statut parameter to user/index.php; (29) socid parameter to compta/recap-compta.php, (30) societe/commerciaux.php, or (31) societe/rib.php; (32) sortorder, (33) sref, (34) sall, or (35) sortfield parameter to product/stock/liste.php; (36) statut parameter to adherents/liste.php or (37) compta/dons/liste.php; (38) tobuy or (39) tosell parameter to product/liste.php; (40) tobuy, (41) tosell, (42) search_categ, or (43) sref parameter to product/reassort.php; (44) type parameter to product/index.php; or the (a) sortorder or (b) sortfield parameter to (45) compta/paiement/cheque/liste.php, (46) compta/prelevement/bons.php, (47) compta/prelevement/rejets.php, (48) product/stats/commande.php, (49) product/stats/commande_fournis seur.php, (50) product/stats/contrat.php, (51) product/stats! /facture.php, (52) product/stats/facture_fournisseur.php, (53) product/stats/propal.php, or (54) product/stock/replenishorders.php. | 2014-11-21 | 6.5 | CVE-2014-7137 MISC BID BUGTRAQ FULLDISC |
| f5 — big-ip_local_traffic_manager | Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the “Resource Administrator” or “Administrator” role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form. | 2014-11-17 | 6.2 | CVE-2014-8727 CONFIRM XF BID EXPLOIT-DB MISC |
| freebsd — freebsd | FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and prevention of new connections) by ending multiple connections before authentication is completed. | 2014-11-18 | 4.3 | CVE-2014-8475 XF BID SECUNIA MISC |
| google — chrome | Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string. | 2014-11-19 | 5.0 | CVE-2014-7899 CONFIRM CONFIRM |
| google — chrome | Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended access restrictions via a crafted web site. | 2014-11-19 | 5.0 | CVE-2014-7905 CONFIRM |
| google — chrome | effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data. | 2014-11-19 | 5.0 | CVE-2014-7909 CONFIRM CONFIRM |
| haxx — curl | cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. | 2014-11-18 | 5.0 | CVE-2014-3613 SUSE |
| haxx — curl | cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. | 2014-11-18 | 5.0 | CVE-2014-3620 SUSE |
| haxx — libcurl | The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. | 2014-11-15 | 4.3 | CVE-2014-3707 UBUNTU CONFIRM |
| ibm — security_identity_manager | Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors. | 2014-11-17 | 5.0 | CVE-2014-6095 AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
| ibm — security_identity_manager | Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2014-11-17 | 4.3 | CVE-2014-6096 AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
| ibm — security_identity_manager | IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request. | 2014-11-17 | 5.0 | CVE-2014-6098 AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
| ibm — security_identity_manager | IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 2014-11-17 | 4.3 | CVE-2014-6105 AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
| ibm — security_identity_manager | IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. | 2014-11-17 | 4.3 | CVE-2014-6107 AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
| imember360 — imember360 | Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that with an unspecified impact via the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to execute arbitrary commands. | 2014-11-16 | 6.8 | CVE-2014-8948 EXPLOIT-DB SECUNIA FULLDISC MISC OSVDB |
| imember360 — imember360 | The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear whether this issue itself crosses privileges. | 2014-11-16 | 6.0 | CVE-2014-8949 EXPLOIT-DB SECUNIA FULLDISC MISC OSVDB |
| incrediblepbx — incredible_pbx_11 | reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5) APPTYR, or (6) APPTPHONE parameters. | 2014-11-20 | 6.5 | CVE-2014-9001 FULLDISC |
| ipa — ilogscanner | Cross-site scripting (XSS) vulnerability in IPA iLogScanner 4.0 allows remote attackers to inject arbitrary web script or HTML by triggering a crafted entry in a log file. | 2014-11-14 | 4.3 | CVE-2014-7248 JVNDB JVN |
| lantronix — xprintserver | Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action. | 2014-11-20 | 6.8 | CVE-2014-9003 XF FULLDISC MISC |
| maarch — letterbox | SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie. | 2014-11-20 | 5.0 | CVE-2014-8995 XF OSVDB MISC |
| manageengine — password_manager_pro | SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter. | 2014-11-17 | 6.5 | CVE-2014-8498 MISC XF BID EXPLOIT-DB FULLDISC MISC OSVDB |
| manageengine — password_manager_pro | Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc. | 2014-11-17 | 6.5 | CVE-2014-8499 MISC XF XF BID EXPLOIT-DB FULLDISC MISC OSVDB OSVDB |
| mantisbt — mantisbt | The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code. | 2014-11-18 | 6.4 | CVE-2014-8598 XF BID MLIST |
| megnicholas — clean_and_simple_contact_form | Cross-site scripting (XSS) vulnerability in the Contact Form Clean and Simple (clean-and-simple-contact-form-by-meg-nicholas) plugin 4.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the cscf[name] parameter to contact-us/. | 2014-11-17 | 4.3 | CVE-2014-8955 XF MISC |
| monstra — monstra | Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values. | 2014-11-20 | 5.0 | CVE-2014-9006 XF MISC |
| mulesoft — mule_enterprise_management_console | Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC. | 2014-11-20 | 6.5 | CVE-2014-9000 FULLDISC FULLDISC MISC |
| mumble — mumble | The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file. | 2014-11-16 | 5.0 | CVE-2014-3755 MISC BID MLIST MLIST |
| mumble — mumble | The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip. | 2014-11-16 | 5.0 | CVE-2014-3756 BID MLIST MLIST |
| nibbleblog — nibbleblog | Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) author_name or (2) content parameter to index.php. | 2014-11-20 | 4.3 | CVE-2014-8996 XF BID FULLDISC MISC |
| pandorafms — pandora_flexible_monitoring_system | Cross-site scripting (XSS) vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via the refr parameter to index.php. | 2014-11-19 | 4.3 | CVE-2014-8629 XF FULLDISC MISC |
| phpmemcachedadmin_project — phpmemcachedadmin | Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-11-17 | 4.3 | CVE-2014-8732 XF BID BUGTRAQ BUGTRAQ MISC |
| phpmoneybooks — phpmoneybooks | Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | 2014-11-17 | 4.3 | CVE-2012-1669 BID BUGTRAQ EXPLOIT-DB FULLDISC MISC OSVDB |
| phpmoneybooks — phpmoneybooks | Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2012-1669. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might have been fixed in 1.0.3. | 2014-11-17 | 4.3 | CVE-2012-6665 SECUNIA OSVDB |
| phpscriptlerim — php_scriptlerim_who’s_who | Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who’s Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php. | 2014-11-17 | 6.8 | CVE-2014-8953 XF EXPLOIT-DB MISC |
| pivotal — spring_framework | Directory traversal vulnerability in Pivitol Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling. | 2014-11-20 | 5.0 | CVE-2014-3625 CONFIRM |
| puppetlabs — facter | Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine. | 2014-11-16 | 6.2 | CVE-2014-3248 BID SECUNIA SECUNIA MISC |
| qemu — qemu | Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption. | 2014-11-15 | 4.6 | CVE-2014-5388 MLIST CONFIRM UBUNTU MLIST MLIST CONFIRM |
| redhat — openshift | Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme. | 2014-11-16 | 6.5 | CVE-2014-0233 CONFIRM |
| redhat — tcpdump | Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame. | 2014-11-20 | 5.0 | CVE-2014-8767 XF BID BUGTRAQ FULLDISC MISC |
| redhat — tcpdump | Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame. | 2014-11-20 | 5.0 | CVE-2014-8768 XF BID BUGTRAQ FULLDISC MISC |
| redhat — tcpdump | tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access. | 2014-11-20 | 6.4 | CVE-2014-8769 XF BID BUGTRAQ FULLDISC MISC |
| rubyonrails — ruby_on_rails | The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string. | 2014-11-16 | 5.0 | CVE-2014-3916 XF BID MLIST MLIST |
| rubyonrails — ruby_on_rails | Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow. | 2014-11-15 | 5.0 | CVE-2014-4975 CONFIRM XF UBUNTU MLIST |
| rubyonrails — ruby_on_rails | Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a (backslash) character, a similar issue to CVE-2014-7818. | 2014-11-18 | 5.0 | CVE-2014-7829 MLIST |
| simple_email_form_project — simple_email_form | Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the mod_simpleemailform_field2_1 parameter to index.php. | 2014-11-21 | 4.3 | CVE-2014-8539 MISC BID BUGTRAQ MISC |
| tibco — managed_file_transfer_command_center | TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive information or modify data by leveraging agent access. | 2014-11-20 | 6.4 | CVE-2014-7194 |
| tibco — silver_fabric_enabler | Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6.0.2 and 6.5.x before 6.5.2, Spotfire Deployment Kit 6.0.x before 6.0.2 and 6.5.x before 6.5.2, and Silver Fabric Enabler for Spotfire Web Player before 1.6.1 allows remote authenticated users to obtain sensitive information via unspecified vectors. | 2014-11-20 | 4.0 | CVE-2014-7195 |
| twilio_project — twilio | The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restirct access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tokens by leveraging the “access administration pages” Drupal permission. | 2014-11-20 | 5.5 | CVE-2014-9023 |
| ubercart — ubercart | The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the “administer product classes” permission to execute arbitrary PHP code via unspecified vectors. | 2014-11-15 | 6.0 | CVE-2012-2301 BID MLIST MLIST SECUNIA |
| ubercart — ubercart | The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the “view own orders” permission to obtain sensitive information via unspecified vectors. | 2014-11-20 | 4.0 | CVE-2014-9026 |
| uninett — mod_auth_mellon | The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a “session overflow” involving “sessions overlapping in memory.” | 2014-11-15 | 6.4 | CVE-2014-8566 SECUNIA SECUNIA REDHAT CONFIRM |
| vld_interactive — vldpersonals | Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a member_profile action to index.php. | 2014-11-20 | 4.3 | CVE-2014-9004 XF EXPLOIT-DB |
| vtiger — vtiger_crm | views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter. | 2014-11-15 | 5.0 | CVE-2014-2268 MISC BID EXPLOIT-DB |
| web_component_roles_project — web_component_roles | The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x before 7.x-1.8 for Drupal allows remote attackers to bypass the “disabled” restriction and modify read-only components via a crafted form. | 2014-11-20 | 6.4 | CVE-2014-9022 |
| x7chat — x7_chat | lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch. | 2014-11-20 | 6.5 | CVE-2014-8998 XF BID EXPLOIT-DB MISC |
| xen — xen | The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer derference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP). | 2014-11-19 | 5.4 | CVE-2014-8594 |
| xoops — xoops | SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter. | 2014-11-20 | 6.5 | CVE-2014-8999 BID FULLDISC MISC |
| zend — zend_framework | Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657. | 2014-11-15 | 6.4 | CVE-2014-2681 MANDRIVA MLIST CONFIRM |
| zend — zend_framework | Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0, when PHP-FPM is used, does not properly share the libxml_disable_entity_loader setting between threads, which might allow remote attackers to conduct XML External Entity (XXE) attacks via an XML external entity declaration in conjunction with an entity reference. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657. | 2014-11-15 | 6.8 | CVE-2014-2682 MANDRIVA MLIST CONFIRM |
| zend — zend_framework | Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-6532. | 2014-11-15 | 5.0 | CVE-2014-2683 MANDRIVA MLIST CONFIRM |
| zend — zend_framework | The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association handle, which allows remote attackers to bypass authentication and spoof arbitrary OpenID identities by using a malicious OpenID Provider that generates OpenID tokens with arbitrary identifier and claimed_id values. | 2014-11-15 | 6.4 | CVE-2014-2684 MANDRIVA MLIST CONFIRM |
| zte — zxdsl | Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name or (2) conduct cross-site scripting (XSS) attacks via the sysUserName parameter in a save action to adminpasswd.cgi or (3) change the admin user password via the sysPassword parameter in a save action to adminpasswd.cgi. | 2014-11-20 | 6.8 | CVE-2014-9019 XF BID BUGTRAQ MISC |
| zteusa — zxhn_h108l_firmware | ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1. | 2014-11-20 | 5.0 | CVE-2014-8493 MISC XF EXPLOIT-DB EXPLOIT-DB FULLDISC MISC |
| zteusa — zxdsl_831 | Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected products and codebases. | 2014-11-20 | 4.3 | CVE-2014-9020 XF BID BID BUGTRAQ BUGTRAQ MISC MISC |
| zteusa — zxdsl_831 | Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 allow remote attackers to inject arbitrary web script or HTML via the (1) tr69cAcsURL, (2) tr69cAcsUser, (3) tr69cAcsPwd, (4) tr69cConnReqPwd, or (5) tr69cDebugEnable parameter to the TR-069 client page (tr69cfg.cgi); the (6) timezone parameter to the Time and date page (sntpcfg.sntp); or the (7) hostname parameter in a save action to the Quick Stats page (psilan.cgi). NOTE: this issue was SPLIT from CVE-2014-9020 per ADT1 due to different affected products and codebases. | 2014-11-20 | 4.3 | CVE-2014-9021 XF BID BUGTRAQ MISC |
| zteusa — zxdsl_831cii | Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the (1) enblftp, (2) enblhttp, (3) enblsnmp, (4) enbltelnet, (5) enbltftp, (6) enblicmp, or (7) enblssh parameter to accesslocal.cmd. | 2014-11-20 | 6.8 | CVE-2014-9027 XF MISC |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — hive | Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI. | 2014-11-16 | 3.5 | CVE-2014-0228 BUGTRAQ MISC |
| apple — apple_tv | dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file. | 2014-11-18 | 2.1 | CVE-2014-4455 |
| apple — iphone_os | CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files. | 2014-11-18 | 2.1 | CVE-2014-4460 |
| apple — iphone_os | Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime “Leave a Message” feature. | 2014-11-18 | 2.1 | CVE-2014-4463 |
| d-bus_project — d-bus | D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1. | 2014-11-18 | 2.1 | CVE-2014-7824 CONFIRM XF BID MLIST |
| freeipa — freeipa | FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind. | 2014-11-19 | 3.5 | CVE-2014-7828 MLIST MLIST CONFIRM CONFIRM XF BID FEDORA |
| ibm — tivoli_storage_manager | The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename. | 2014-11-18 | 2.1 | CVE-2014-4817 XF |
| ibm — security_identity_manager | IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation. | 2014-11-17 | 2.1 | CVE-2014-6110 AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
| nlnetlabs — ldns | The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file. | 2014-11-15 | 2.1 | CVE-2014-3209 CONFIRM CONFIRM BID MLIST MLIST |
| python — python | Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. | 2014-11-15 | 3.3 | CVE-2014-2667 MLIST MLIST MLIST SUSE SUSE |
| redhat — jboss_enterprise_application_platform | JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions audit.log, which allows local users to obtain sensitive information by reading this file. | 2014-11-17 | 2.1 | CVE-2014-0059 |
| xen — xen | arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction. | 2014-11-19 | 1.9 | CVE-2014-8595 |
This product is provided subject to this Notification and this Privacy & Use policy.