SB14-356: Vulnerability Summary for the Week of December 15, 2014

Original release date: December 22, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
alliedtelesis — ar440s Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 9924SP, CentreCOM 9924T/4SP, Rapier 48i, and SwitchBlade4000 with firmware before 2.9.1-21 allows remote attackers to execute arbitrary code via a crafted HTTP POST request. 2014-12-19 10.0 CVE-2014-7249
arris — touchstone_tg862g/ct_firmware ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access via a request to home_loggedout.php. 2014-12-18 10.0 CVE-2014-9406
FULLDISC
docker — docker Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation. 2014-12-12 7.5 CVE-2014-6407
MLIST
SECUNIA
SECUNIA
SUSE
FEDORA
docker — docker Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction. 2014-12-16 10.0 CVE-2014-9357
CONFIRM
BUGTRAQ
emc — documentum_content_server EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object’s owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515. 2014-12-16 9.0 CVE-2014-4626
MISC
ettercap_project — ettercap Heap-based buffer overflow in the dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual length of the password. 2014-12-19 7.5 CVE-2014-6395
MISC
CONFIRM
BUGTRAQ
ettercap_project — ettercap The dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 8.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted password length, which triggers a 0 character to be written to an arbitrary memory location. 2014-12-19 7.5 CVE-2014-6396
MISC
CONFIRM
BUGTRAQ
ettercap_project — ettercap Integer underflow in Ettercap 8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the dissector_dhcp function in dissectors/ec_dhcp.c, (2) length value to the dissector_gg function in dissectors/ec_gg.c, or (3) string length to the get_decode_len function in ec_utils.c or a request without a (4) username or (5) password to the dissector_TN3270 function in dissectors/ec_TN3270.c. 2014-12-19 7.5 CVE-2014-9376
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
ettercap_project — ettercap Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet. 2014-12-19 7.5 CVE-2014-9377
MISC
CONFIRM
BUGTRAQ
ettercap_project — ettercap Ettercap 8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted (1) name to the parse_line function in mdns_spoof/mdns_spoof.c or (2) base64 encoded password to the dissector_imap function in dissectors/ec_imap.c. 2014-12-19 7.5 CVE-2014-9378
MISC
CONFIRM
CONFIRM
BUGTRAQ
ettercap_project — ettercap The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which triggers a stack-based buffer overflow. 2014-12-19 7.5 CVE-2014-9379
MISC
CONFIRM
BUGTRAQ
google — android luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291. 2014-12-15 7.2 CVE-2014-7911
FULLDISC
google — android Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135. 2014-12-15 7.5 CVE-2014-8507
MISC
FULLDISC
MISC
google — android The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category information via a third-party authenticator in a crafted application, aka Bug 17356824. 2014-12-15 7.2 CVE-2014-8609
MISC
FULLDISC
MISC
gparted — gparted GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label. 2014-12-19 7.2 CVE-2014-7208
FULLDISC
honeywell — opos_suite Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx in Honeywell OPOS Suite before 1.13.4.15 allow remote attackers to execute arbitrary code via a crafted file that is improperly handled by the Open method. 2014-12-12 7.5 CVE-2014-8269
MISC
MISC
k7computing — k7firewall_packet_driver Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver (aka K7Firewall Packet Driver) before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call. 2014-12-12 7.2 CVE-2014-7136
MISC
FULLDISC
MISC
k7computing — k7av_sentry_device_driver Stack-based buffer overflow in the K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via unspecified vectors. 2014-12-12 7.2 CVE-2014-8956
MISC
FULLDISC
MISC
libvncserver — libvncserver The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message. 2014-12-15 7.5 CVE-2014-6052
MISC
CONFIRM
MLIST
SECUNIA
SECUNIA
MLIST
linux — linux_kernel arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. 2014-12-17 7.2 CVE-2014-9322
CONFIRM
CONFIRM
MLIST
CONFIRM
malwarebytes — malwarebytes_anti-exploit The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable. 2014-12-16 9.3 CVE-2014-4936
MISC
manageengine — desktop_central The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object. 2014-12-16 10.0 CVE-2014-9371
MISC
manageengine — netflow_analyzer Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. (dot dot) in the filename. 2014-12-16 10.0 CVE-2014-9373
MISC
mozilla — network_security_services The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function’s improper handling of an arbitrary-length encoding of 0x00. 2014-12-15 7.5 CVE-2014-1569
MISC
MISC
CONFIRM
MISC
qemu — qemu The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data. 2014-12-12 7.5 CVE-2014-7840
CONFIRM
XF
MLIST
rpm — rpm Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. 2014-12-16 7.5 CVE-2013-6435
CONFIRM
CONFIRM
REDHAT
REDHAT
REDHAT
rpm — rpm Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow. 2014-12-16 10.0 CVE-2014-8118
REDHAT
safenet-inc — safenet_authentication_service_outlook_web_access_agent Directory traversal vulnerability in SafeNet Authentication Service (SAS) Outlook Web Access Agent (formerly CRYPTOCard) before 1.03.30109 allows remote attackers to read arbitrary files via a .. (dot dot) in the GetFile parameter to owa/owa. 2014-12-16 7.8 CVE-2014-5359
MISC
sap — businessobjects SAP BussinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905. 2014-12-17 10.0 CVE-2014-9387
BUGTRAQ
MISC
FULLDISC
sixapart — movabletype SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2014-12-16 7.5 CVE-2014-9057
SECUNIA
zenoss — zenoss_core Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions and place files in a directory with public (1) read or (2) execute access via a move action, aka ZEN-15386. 2014-12-15 7.5 CVE-2014-6256
CERT-VN
CONFIRM
zenoss — zenoss_core Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome server or (2) deploying a crafted web site that is visited during a login session, aka ZEN-12657. 2014-12-15 9.3 CVE-2014-6261
zenoss — zenoss_core The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408. 2014-12-15 7.5 CVE-2014-9249
zoneo-soft — phptraffica SQL injection vulnerability in Php/Functions/log_function.php in phpTrafficA 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via a User-Agent HTTP header. 2014-12-16 7.5 CVE-2014-8340
BUGTRAQ
MISC

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — subversion The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist. 2014-12-18 5.0 CVE-2014-3580
SECUNIA
apache — http_server The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers. 2014-12-15 5.0 CVE-2014-3583
CONFIRM
apache — subversion The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist. 2014-12-18 5.0 CVE-2014-8108
SECUNIA
arris — touchstone_tg862g/ct_firmware Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php, (2) add a port forwarding rule via a request to port_forwarding_add.php, (3) change the wireless network to open via a request to wireless_network_configuration_edit.php, or (4) conduct cross-site scripting (XSS) attacks via the keyword parameter to managed_sites_add_keyword.php. 2014-12-17 6.8 CVE-2014-5437
FULLDISC
FULLDISC
bittorrent — bittorrent The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000. 2014-12-12 6.8 CVE-2014-8515
MISC
c-icap_project — c-icap Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request. 2014-12-17 5.0 CVE-2013-7402
DEBIAN
CONFIRM
SECUNIA
SECUNIA
MLIST
ca — release_automation Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. 2014-12-16 6.8 CVE-2014-8246
BUGTRAQ
SECTRACK
FULLDISC
ca — release_automation Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-12-16 4.3 CVE-2014-8247
BUGTRAQ
SECTRACK
FULLDISC
ca — release_automation SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query. 2014-12-16 6.5 CVE-2014-8248
BUGTRAQ
SECTRACK
FULLDISC
cisco — prime_security_manager Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Prime Security Manager (aka PRSM) 9.2.1-2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) Access Policies or (2) Device Summary Dashboard parameter, aka Bug ID CSCuq80661. 2014-12-12 4.3 CVE-2014-3364
cisco — isb8320-e_high-definition_ip-only_dvr The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID CSCup85422. 2014-12-16 4.3 CVE-2014-8006
cisco — adaptive_security_appliance_software Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via crafted attributes in a cookie, aka Bug ID CSCuh24695. 2014-12-18 4.3 CVE-2014-8012
cisco — ios_xr Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710. 2014-12-18 5.0 CVE-2014-8014
cisco — ironport_email_security_appliances The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages, aka Bug ID CSCzv93864. 2014-12-18 5.0 CVE-2014-8016
dell — idrac6_modular The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack. 2014-12-19 5.0 CVE-2014-8272
digium — asterisk Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame. 2014-12-12 5.0 CVE-2014-9374
SECTRACK
BID
BUGTRAQ
SECUNIA
FULLDISC
MISC
docker — docker Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image. 2014-12-12 5.0 CVE-2014-6408
MLIST
SECUNIA
SECUNIA
SUSE
FEDORA
docker — docker Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) “docker load” operation or (2) “registry communications.” 2014-12-16 6.4 CVE-2014-9358
CONFIRM
BUGTRAQ
dokuwiki — dokuwiki The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php. 2014-12-17 4.3 CVE-2014-9253
CONFIRM
CONFIRM
XF
SECTRACK
BID
MISC
MLIST
ekahau — activator Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts. 2014-12-19 4.3 CVE-2014-2716
BID
BUGTRAQ
MISC
MISC
ekahau — activator Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack. 2014-12-19 5.0 CVE-2014-9408
BID
BUGTRAQ
MISC
MISC
emc — rsa_authentication_manager Open redirect vulnerability in EMC RSA Authentication Manager 8.x before 8.1 Patch 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2014-12-12 5.8 CVE-2014-2516
BUGTRAQ
emc — isilon_insightiq Cross-site scripting (XSS) vulnerability in EMC Isilon InsightIQ 2.x and 3.x before 3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-12-12 4.3 CVE-2014-4628
BUGTRAQ
emc — rsa_archer_egrc Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-12-12 4.3 CVE-2014-4633
BUGTRAQ
ettercap_project — ettercap The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature. 2014-12-19 5.0 CVE-2014-9380
MISC
CONFIRM
BUGTRAQ
ettercap_project — ettercap Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a large memory allocation. 2014-12-19 5.0 CVE-2014-9381
MISC
CONFIRM
BUGTRAQ
file_project — file The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. 2014-12-17 5.0 CVE-2014-8116
CONFIRM
CONFIRM
CONFIRM
SECTRACK
MLIST
file_project — file softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. 2014-12-17 5.0 CVE-2014-8117
CONFIRM
CONFIRM
SECTRACK
MLIST
firebirdsql — firebird The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status. 2014-12-16 5.0 CVE-2014-9323
SUSE
glpi-project — glpi SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter. 2014-12-19 6.5 CVE-2014-9258
EXPLOIT-DB
MISC
SECUNIA
OSVDB
goywp — webpress Multiple cross-site scripting (XSS) vulnerabilities in goYWP WebPress 13.00.06 allow remote attackers to inject arbitrary web script or HTML via the (1) search_param parameter to search.php or (2) name, (3) address, or (4) comment parameter to forms.php. 2014-12-16 4.3 CVE-2014-8751
FULLDISC
MISC
hp — tcp_ip_services_openvms Multiple unspecified vulnerabilities in the POP implementation in HP OpenVMS TCP/IP 5.7 before ECO5 allow remote attackers to cause a denial of service via unspecified vectors. 2014-12-17 5.0 CVE-2014-7880
ibm — business_process_manager The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a (1) process application or (2) toolkit. 2014-12-16 6.5 CVE-2014-4844
XF
ibm — security_access_manager_for_mobile IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site. 2014-12-18 4.3 CVE-2014-6076
XF
ibm — security_access_manager_for_mobile Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. 2014-12-18 6.8 CVE-2014-6077
XF
ibm — security_access_manager_for_mobile IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack. 2014-12-18 5.0 CVE-2014-6078
XF
ibm — security_access_manager_for_mobile SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2014-12-18 6.5 CVE-2014-6080
XF
ibm — security_access_manager_for_mobile IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (administration UI outage) via unspecified vectors. 2014-12-18 4.0 CVE-2014-6082
XF
ibm — security_access_manager_for_mobile IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. 2014-12-18 5.0 CVE-2014-6083
XF
ibm — security_access_manager_for_mobile IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive information by sniffing the network during use of a weak SSL cipher. 2014-12-18 5.0 CVE-2014-6084
XF
ibm — security_access_manager_for_mobile IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers to obtain sensitive information by sniffing the network during an HTTP session. 2014-12-18 5.0 CVE-2014-6086
XF
ibm — security_access_manager_for_mobile IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive information by sniffing the network during use of a weak algorithm in an SSL cipher suite. 2014-12-18 5.0 CVE-2014-6087
XF
ibm — security_access_manager_for_mobile IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive information by sniffing the network during use of the null SSL cipher. 2014-12-18 5.0 CVE-2014-6088
XF
ibm — security_access_manager_for_mobile IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (disrupted system operations) by uploading a file to a protected area. 2014-12-18 4.0 CVE-2014-6089
XF
CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4 allows remote attackers to spoof OpenID and OpenID Connect cookies, and consequently obtain sensitive information, via a crafted URL. 2014-12-18 5.0 CVE-2014-6164
XF
ibm — websphere_application_server The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4, and Feature Pack for CEA 1.x before 1.0.0.15, allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2014-12-18 4.3 CVE-2014-6166
XF
ibm — websphere_application_server Cross-site scripting (XSS) vulnerability in the URL rewriting feature in IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2014-12-18 4.3 CVE-2014-6167
XF
ibm — websphere_portal Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2014-12-18 4.3 CVE-2014-6171
XF
ibm — websphere_application_server IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to conduct clickjacking attacks via a crafted web site. 2014-12-18 4.3 CVE-2014-6174
XF
ibm — business_process_manager IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher. 2014-12-16 4.3 CVE-2014-6176
XF
ibm — business_process_manager Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL. 2014-12-16 4.0 CVE-2014-6182
XF
ibm — websphere_portal IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages setting is enabled, allows remote authenticated users to write to pages via an XML injection attack. 2014-12-18 4.9 CVE-2014-6193
XF
AIXAPAR
ibm — db2 IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying an identity column within a crafted ALTER TABLE statement. 2014-12-12 4.0 CVE-2014-6209
XF
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm — db2 IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements. 2014-12-12 4.0 CVE-2014-6210
XF
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
ibm — websphere_application_server IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet’s deployment descriptor security constraints and ServletSecurity annotations. 2014-12-18 5.1 CVE-2014-8890
XF
ibm — db2 IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted XML query. 2014-12-18 4.0 CVE-2014-8901
XF
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm — websphere_portal Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2014-12-18 4.3 CVE-2014-8902
XF
AIXAPAR
k7computing — k7av_sentry_device_driver The K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to cause a denial of service (NULL pointer dereference) as demonstrated by a filename containing “crashme{1}quot;. 2014-12-12 4.9 CVE-2014-8608
MISC
BID
FULLDISC
MISC
libvncserver — libvncserver The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc. 2014-12-15 5.0 CVE-2014-6053
MLIST
UBUNTU
SECUNIA
SECUNIA
MLIST
manageengine — password_manager_pro Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. (dot dot) in a filename. 2014-12-16 6.4 CVE-2014-9372
MISC
mantisbt — mantisbt The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_issues SOAP request. 2014-12-17 5.0 CVE-2014-8553
CONFIRM
CONFIRM
CONFIRM
XF
MLIST
mantisbt — mantisbt bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter. 2014-12-17 5.0 CVE-2014-9388
CONFIRM
MLIST
microsoft — internet_explorer Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted HTML document in conjunction with a Cascading Style Sheets (CSS) token sequence specifying the run-in value for the display property, leading to improper CElement reference counting. 2014-12-15 6.8 CVE-2014-8967
MISC
modwsgi — mod_wsgi mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors. 2014-12-16 6.9 CVE-2014-8583
CONFIRM
UBUNTU
MLIST
MLIST
SUSE
novell — edirectory Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter. 2014-12-19 4.3 CVE-2014-5212
CONFIRM
BUGTRAQ
novell — edirectory nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request. 2014-12-19 4.0 CVE-2014-5213
CONFIRM
BUGTRAQ
openstack — horizon OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page. 2014-12-12 4.3 CVE-2014-8124
SECUNIA
pcre — perl-compatible_regular_expression_library Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. 2014-12-16 5.0 CVE-2014-8964
CONFIRM
MLIST
FEDORA
pingidentity — pingfederate Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter. 2014-12-12 6.4 CVE-2014-8489
MISC
FULLDISC
MISC
pwgen_project — pwgen Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. 2014-12-19 5.0 CVE-2013-4440
MLIST
MLIST
FEDORA
FEDORA
FEDORA
pwgen_project — pwgen Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers. 2014-12-19 5.0 CVE-2013-4442
MISC
MLIST
MLIST
FEDORA
FEDORA
FEDORA
redhat — libvirt The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection. 2014-12-12 4.3 CVE-2013-4399
BID
GENTOO
SECUNIA
revive-adserver — revive_adserver Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php. 2014-12-19 4.3 CVE-2014-8793
MISC
CONFIRM
BID
BUGTRAQ
BUGTRAQ
MISC
MISC
revive-adserver — revive_adserver The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack. 2014-12-19 5.0 CVE-2014-8875
BID
BUGTRAQ
MISC
revive-adserver — revive_adserver Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-delete.php in admin/ or (4) unlink accounts via a request to admin-user-unlink.php. (5) advertiser-user-unlink.php, or (6) affiliate-user-unlink.php in admin/. 2014-12-19 6.8 CVE-2014-9407
ricksoft — wbs_gantt-chart Cross-site scripting (XSS) vulnerability in the data-export feature in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7267. 2014-12-19 4.3 CVE-2014-7268
splunk — splunk Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.7, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-12-16 4.3 CVE-2014-5466
symantec — web_gateway The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts. 2014-12-17 6.5 CVE-2014-7285
BID
thermostat_project — thermostat The agent in Thermostat before 1.0.6, when using unspecified configurations, allows local users to obtain the JMX management URLs of all local Java virtual machines and gain privileges via unknown vectors. 2014-12-18 4.4 CVE-2014-8120
REDHAT
tsutaya — tsutaya The TSUTAYA application 5.3 and earlier for Android allows remote attackers to execute arbitrary Java methods via a crafted HTML document. 2014-12-19 6.8 CVE-2014-7241
CONFIRM
unitedplanet — intrexx_professional Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter. 2014-12-19 4.3 CVE-2014-2026
BID
BUGTRAQ
MISC
MISC
w3edge — total_cache Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the “Cache key” in the HTML-Comments, as demonstrated by the PATH_INFO to the default URI. 2014-12-19 4.3 CVE-2014-8724
MISC
BUGTRAQ
MISC
zenoss — zenoss_core Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to hijack the authentication of arbitrary users, aka ZEN-12653. 2014-12-15 6.8 CVE-2014-6253
CONFIRM
zenoss — zenoss_core Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script or HTML via an attribute in a (1) device name, (2) device detail, (3) report name, (4) report detail, or (5) portlet name, or (6) a string to a helper method, aka ZEN-15381 and ZEN-15410. 2014-12-15 4.3 CVE-2014-6254
zenoss — zenoss_core Open redirect vulnerability in the login form in Zenoss Core before 4.2.5 SP161 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the came_from parameter, aka ZEN-11998. 2014-12-15 6.4 CVE-2014-6255
zenoss — zenoss_core Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions by using a web-endpoint URL to invoke an object helper method, aka ZEN-15407. 2014-12-15 5.0 CVE-2014-6257
zenoss — zenoss_core An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote attackers to cause a denial of service (CPU consumption) by triggering an arbitrary regular-expression match attempt, aka ZEN-15411. 2014-12-15 5.0 CVE-2014-6258
zenoss — zenoss_core Zenoss Core through 5 Beta 3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka ZEN-15414, a similar issue to CVE-2003-1564. 2014-12-15 5.0 CVE-2014-6259
zenoss — zenoss_core Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of service (paging outage) by leveraging an unattended workstation, aka ZEN-15412. 2014-12-15 6.8 CVE-2014-6260
zenoss — zenoss_core Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by internal URL information, aka ZEN-15382. 2014-12-15 5.0 CVE-2014-9245
zenoss — zenoss_core Zenoss Core through 5 Beta 3 allows remote authenticated users to obtain sensitive (1) user account, (2) e-mail address, and (3) role information by visiting the ZenUsers (aka User Manager) page, aka ZEN-15389. 2014-12-15 4.0 CVE-2014-9247
zenoss — zenoss_core Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406. 2014-12-15 5.0 CVE-2014-9248
zenoss — zenoss_core Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain credential information via script access to this cookie, aka ZEN-10418. 2014-12-15 5.0 CVE-2014-9250
zenoss — zenoss_core Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack on hash values in the database, aka ZEN-15413. 2014-12-15 5.0 CVE-2014-9251
zenoss — zenoss_core Cross-site request forgery (CSRF) vulnerability in Zenoss Core through 5 Beta 3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger arbitrary code execution via a ZenPack upload, aka ZEN-15388. 2014-12-15 6.8 CVE-2014-9385
CONFIRM
zenoss — zenoss_core Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the session ID cookie, which makes it easier for remote attackers to hijack sessions by leveraging an unattended workstation, aka ZEN-12691. 2014-12-15 6.8 CVE-2014-9386

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
arris — touchstone_tg862g/ct_firmware Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php. 2014-12-17 3.5 CVE-2014-5438
FULLDISC
google — android AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795. 2014-12-15 3.3 CVE-2014-8610
MISC
MISC
FULLDISC
FULLDISC
MISC
ibm — rational_quality_manager Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x through 2.0.1.1, 3.x before 3.0.1.6 iFix 4, 4.x before 4.0.7 iFix 2, and 5.x before 5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2014-12-18 3.5 CVE-2014-4801
XF
ibm — cognos_business_intelligence Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence 10.1 before IF10, 10.1.1 before IF9, 10.2 before IF11, 10.2.1 before IF8, and 10.2.1.1 before IF7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2014-12-12 3.5 CVE-2014-6145
XF
ibm — business_process_manager Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2014-12-18 3.5 CVE-2014-6173
XF
juniper — mobile_system_software Juniper WLC devices with WLAN Software releases 8.0.x before 8.0.4, 9.0.x before 9.0.2.11, 9.0.3.x before 9.0.3.5, and 9.1.x before 9.1.1, when “Proxy ARP” or “No Broadcast” features are enabled in a clustered setup, allows remote attackers to cause a denial of service (device disconnect) via unspecified vectors. 2014-12-12 2.9 CVE-2014-6381
SECTRACK
BID
linux — linux_kernel arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value. 2014-12-17 2.1 CVE-2014-8133
CONFIRM
CONFIRM
MLIST
CONFIRM
linux — linux_kernel The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. 2014-12-12 2.1 CVE-2014-8134
CONFIRM
mit — kerberos The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy. 2014-12-16 3.5 CVE-2014-5353
mit — kerberos plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin “add_principal -nokey” or “purgekeys -all” command. 2014-12-16 3.5 CVE-2014-5354
CONFIRM
puppetlabs — puppet_server Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service. 2014-12-17 1.9 CVE-2014-7170
ricksoft — wbs_gantt-chart Cross-site scripting (XSS) vulnerability in the output-page generator in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7268. 2014-12-19 3.5 CVE-2014-7267
zenoss — zenoss_core Zenoss Core through 5 Beta 3 stores cleartext passwords in the session database, which might allow local users to obtain sensitive information by reading database entries, aka ZEN-15416. 2014-12-15 2.1 CVE-2014-9252

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Leave a Reply