Category Archives: US-CERT

US-CERT Alerts – Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

Adobe Releases Security Updates for Flash, Reader, Acrobat, and ColdFusion

Original release date: December 09, 2014

Adobe has released security updates to address multiple vulnerabilities in Flash, Reader, Acrobat, and ColdFusion. Exploitation of these vulnerabilities may allow a remote attacker to take over an affected system.

US-CERT recommends users and administrators review Adobe Security Bulletins APSB14-27, APSB14-28, and APSB14-29 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases December 2014 Security Bulletin

Original release date: December 09, 2014

Microsoft has released updates to address vulnerabilities in Exchange, Windows, Internet Explorer, and Office as part of the Microsoft Security Bulletin Summary for December 2014. Some of these vulnerabilities could allow elevation of privilege, remote code execution, or disclosure of information.

US-CERT encourages users and administrators to review Microsoft Security Bulletin MS14-DEC and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

SB14-342: Vulnerability Summary for the Week of December 1, 2014

Original release date: December 08, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
canto — canto_curses canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed. 2014-12-03 7.5 CVE-2013-7416
CONFIRM
CONFIRM
XF
BID
MLIST
MLIST
cchgroup — prosystem_fx_engagement CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4) P2EWinService service files in PFX Engagement, which allows local users to obtain LocalSystem privileges via a Trojan horse file. 2014-12-02 7.2 CVE-2014-9113
MISC
EXPLOIT-DB
MISC
creative_minds — cm_download_manager The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function. 2014-12-05 10.0 CVE-2014-8877
CONFIRM
BID
BUGTRAQ
MISC
MISC
fujitsu — arrows_kiss_f-03d FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors. 2014-12-05 7.2 CVE-2014-7253
google_doc_embedder_project — google_doc_embedder SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter. 2014-12-02 7.5 CVE-2014-9173
CONFIRM
XF
EXPLOIT-DB
MISC
OSVDB
graphviz — graphviz Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string. 2014-12-03 7.5 CVE-2014-9157
CONFIRM
XF
BID
SECUNIA
MLIST
MLIST
hikvision — dvr_ds-7204_firmware Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization header. 2014-12-08 7.5 CVE-2014-4880
EXPLOIT-DB
MISC
huawei — p2-6011_firmware The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors. 2014-12-05 7.2 CVE-2014-2273
MISC
XF
BID
huawei — honor_cube_wireless_router_ws860s Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C02B222 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. 2014-12-03 10.0 CVE-2014-9134
BID
internet_initiative_japan — seil_b1_firmware The (1) PPP Access Concentrator (PPPAC) and (2) Dial-Up Networking Internet Initiative Japan Inc. SEIL series routers SEIL/x86 Fuji 1.00 through 3.22; SEIL/X1, SEIL/X2, and SEIL/B1 1.00 through 4.62; SEIL/Turbo 1.82 through 2.18; and SEIL/neu 2FE Plus 1.82 through 2.18 allow remote attackers to cause a denial of service (restart) via crafted (a) GRE or (b) MPPE packets. 2014-12-05 7.8 CVE-2014-7256
JVNDB
JVN
invisionpower — invision_power_board SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter. 2014-12-03 7.5 CVE-2014-9239
FULLDISC
lsyncd_project — lsyncd default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. 2014-12-05 7.5 CVE-2014-8990
CONFIRM
CONFIRM
CONFIRM
BID
MLIST
MLIST
FEDORA
FEDORA
manageengine — desktop_central SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to LinkViewFetchServlet.dat. 2014-12-05 7.5 CVE-2014-3996
MISC
MISC
FULLDISC
manageengine — it360 SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat. 2014-12-05 7.5 CVE-2014-3997
MISC
MISC
FULLDISC
mybb — mybb SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register action. 2014-12-03 7.5 CVE-2014-9240
MISC
openvas — openvas_manager SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. 2014-12-02 7.5 CVE-2014-9220
MLIST
ossec — ossec host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed. 2014-12-01 7.2 CVE-2014-5284
EXPLOIT-DB
MISC
pbboard — pbboard SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email parameter in the register page to index.php. NOTE: the email parameter in the forget page vector is already covered by CVE-2012-4034.2. 2014-12-05 7.5 CVE-2014-9215
MISC
BUGTRAQ
MISC
proticaret — proticaret SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request. 2014-12-03 7.5 CVE-2014-9237
FULLDISC
MISC
services_project — services The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password. 2014-12-01 7.5 CVE-2014-9151
services_project — services The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess the password via a brute force attack. 2014-12-01 7.5 CVE-2014-9152
smartypantsplugins — sp_project_&_document_manager Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) vendor_email[] parameter in the email_vendor function or id parameter in the (2) download_project, (3) download_archive, or (4) remove_cat function. 2014-12-02 7.5 CVE-2014-9178
XF
BUGTRAQ
MISC
EXPLOIT-DB
MISC
subex — roc_fraud_management_system SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ranger_user[name] parameter. 2014-12-02 7.5 CVE-2014-8728
EXPLOIT-DB
technicolor — td5130_router_firmware Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter). 2014-12-05 7.5 CVE-2014-9144
BUGTRAQ
EXPLOIT-DB
MISC
thomsonreuters — fixed_assets_cs The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program. 2014-12-02 7.2 CVE-2014-9141
MISC
websitebaker — websitebaker SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. 2014-12-03 7.5 CVE-2014-9242
FULLDISC
MISC
wpdatatables — wpdatatables SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a get_wdtable action to wp-admin/admin-ajax.php. 2014-12-02 7.5 CVE-2014-9175
XF
BID
MISC
EXPLOIT-DB
MISC
zohocorp — manageengine_opmanager Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter. 2014-12-04 7.5 CVE-2014-6035
MISC
FULLDISC
zohocorp — manageengine_it360 SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeName parameter. 2014-12-04 7.5 CVE-2014-7867
zohocorp — manageengine_it360 Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet. 2014-12-04 7.5 CVE-2014-7868
MISC
FULLDISC
zte — zxdsl ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges. 2014-12-02 10.0 CVE-2014-9183
MISC

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ad-manager_project — ad-manager Open redirect vulnerability in track-click.php in the Ad-Manager plugin 1.1.2 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the out parameter. 2014-12-02 4.3 CVE-2014-8754
XF
MISC
FULLDISC
MISC
adobe — acrobat Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568. 2014-11-29 6.4 CVE-2014-9150
MISC
ait-pro — bulletproof_security Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter. 2014-12-01 5.0 CVE-2014-8749
FULLDISC
altitude — altitude_unified_customer_interaction Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent in Altitude uCI (Unified Customer Interaction) 7.5 allow remote attackers to inject arbitrary web script or HTML via (1) an email hyperlink or the (2) style parameter in the image attribute section. 2014-12-05 4.3 CVE-2014-9212
MISC
anchorcms — anchor_cms models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header. 2014-12-02 4.3 CVE-2014-9182
MISC
antiword_project — antiword Buffer overflow in the bGetPPS function in wordole.c in Antiword 0.37 allows remote attackers to cause a denial of service (crash) via a crafted document. 2014-12-05 5.0 CVE-2014-8123
BID
MLIST
MLIST
apache — hadoop The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache. 2014-12-05 5.0 CVE-2014-3627
SECUNIA
SECUNIA
avatar_uploader_project — avatar_uploader Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (dot dot) in the path of a cropped picture in the uploader panel. 2014-12-01 4.0 CVE-2014-9155
clamav — clamav Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.95.4 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file. 2014-12-01 5.0 CVE-2014-9050
CONFIRM
BID
MLIST
SECUNIA
SECUNIA
FEDORA
creative_minds — cm_download_manager Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_title parameter in the CMDM_admin_settings page to wp-admin/admin.php. 2014-12-05 6.8 CVE-2014-9129
BID
BUGTRAQ
MISC
d-link — dcs-2103_hd_cube_network_camera_firmware Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. 2014-12-03 5.0 CVE-2014-9234
FULLDISC
MISC
d-link — dcs-2103_hd_cube_network_camera_firmware D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character. 2014-12-03 5.0 CVE-2014-9238
FULLDISC
MISC
eleanor-cms — eleanor_cms Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERY_STRING. 2014-12-02 5.0 CVE-2014-9180
MISC
emc — rsa_adaptive_authentication_on-premise RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication. 2014-12-08 5.0 CVE-2014-4631
XF
SECTRACK
BID
BUGTRAQ
f5 — big-ip Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Security Manager (ASM) in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation. 2014-12-08 4.3 CVE-2014-9342
BUGTRAQ
fasttoggle_project — fasttoggle The Fasttoggle module 7.x-1.3 and 7.x-1.4 for Drupal allows remote attackers to block or unblock an account via a crafted user status link. 2014-12-01 5.8 CVE-2014-5268
filefield_project — filefield The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file. 2014-12-01 4.0 CVE-2014-9156
fujitsu — arrows_tab_lte_f-01d Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets 102SH allow local users to execute arbitrary code or read kernel memory via unknown vectors related to userland data and “improper data validation.” 2014-12-05 4.6 CVE-2014-7252
JVNDB
JVN
MISC
MISC
fujitsu — arrows_me_f-11d Unspecified vulnerability in ARROWS Me F-11D allows physically proximate attackers to read or modify flash memory via unknown vectors. 2014-12-05 4.6 CVE-2014-7254
JVNDB
JVN
MISC
gleamtech — filevista GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message. 2014-12-02 4.0 CVE-2014-8788
CONFIRM
FULLDISC
MISC
gleamtech — filevista GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled during extraction. 2014-12-02 6.5 CVE-2014-8789
CONFIRM
FULLDISC
MISC
gnu — glibc iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of “0xffff” to the iconv function when converting IBM930 encoded data to UTF-8. 2014-12-05 5.0 CVE-2012-6656
CONFIRM
CONFIRM
BID
MLIST
MLIST
MANDRIVA
gnu — glibc GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of “0xffff” to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8. 2014-12-05 5.0 CVE-2014-6040
CONFIRM
CONFIRM
BID
MLIST
MLIST
MANDRIVA
gnu — cpio Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. 2014-12-02 5.0 CVE-2014-9112
MISC
MLIST
MLIST
MLIST
SECUNIA
FULLDISC
ibm — java Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache. 2014-12-01 6.9 CVE-2014-3065
CONFIRM
BID
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
ibm — java IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack. 2014-12-01 6.4 CVE-2014-3068
CONFIRM
XF
icecast — icecast Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors. 2014-12-03 5.0 CVE-2014-9018
CONFIRM
CONFIRM
XF
BID
MLIST
MLIST
MANDRIVA
CONFIRM
infoware — mapsuite Absolute path traversal vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to read arbitrary files via unspecified vectors. 2014-12-01 5.0 CVE-2014-2232
MISC
infoware — mapsuite Server-side request forgery (SSRF) vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via unspecified vectors. 2014-12-01 5.0 CVE-2014-2233
MISC
instasqueeze — sexy_squeeze_pages Cross-site scripting (XSS) vulnerability in the InstaSqueeze Sexy Squeeze Pages plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php. 2014-12-02 4.3 CVE-2014-9176
XF
MISC
MISC
internet_initiative_japan — seil_b1_firmware Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 through 4.62, SEIL/X2 2.50 through 4.62, SEIL/B1 2.50 through 4.62, and SEIL/x86 Fuji 1.70 through 3.22 allow remote attackers to cause a denial of service (CPU and traffic consumption) via a large number of NTP requests within a short time, which causes unnecessary NTP responses to be sent. 2014-12-05 5.0 CVE-2014-7255
JVNDB
JVN
kde — kde-runtime Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message. 2014-12-08 4.3 CVE-2014-8600
MISC
BID
FULLDISC
kennziffer — ke_questionnaire The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request. 2014-12-02 5.0 CVE-2014-8874
MISC
BUGTRAQ
FULLDISC
kent-web — clip_board Cross-site scripting (XSS) vulnerability in KENT-WEB Clip Board 2.91 and earlier, when running certain versions of Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-12-05 4.3 CVE-2014-7258
CONFIRM
JVNDB
JVN
lg_electronics — l-03e LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors. 2014-12-05 5.0 CVE-2014-7243
JVNDB
JVN
MISC
libksba_project — libskba Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow. 2014-12-01 5.0 CVE-2014-9087
MISC
SECUNIA
SECUNIA
SECUNIA
MLIST
linux — linux_kernel Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service (L1 guest OS crash) via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842. 2014-11-29 4.9 CVE-2010-5313
CONFIRM
linux — linux_kernel The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association’s output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c. 2014-11-29 5.0 CVE-2014-3688
CONFIRM
CONFIRM
UBUNTU
UBUNTU
MLIST
CONFIRM
DEBIAN
CONFIRM
linux — linux_kernel The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk. 2014-11-29 5.0 CVE-2014-7841
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313. 2014-11-29 4.9 CVE-2014-7842
MLIST
linux — linux_kernel The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary. 2014-11-29 4.9 CVE-2014-7843
MLIST
linux — linux_kernel Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call. 2014-11-29 6.1 CVE-2014-8884
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a “negative groups” issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c. 2014-11-29 4.6 CVE-2014-8989
MLIST
CONFIRM
linux — linux_kernel The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite. 2014-11-29 4.9 CVE-2014-9090
MLIST
modx — modx_revolution MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter. 2014-12-03 6.8 CVE-2014-8773
MISC
CONFIRM
modx — modx_revolution Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x before 2.2.15 allows remote attackers to inject arbitrary web script or HTML via the context_key parameter. 2014-12-03 4.3 CVE-2014-8774
MISC
CONFIRM
modx — modx_revolution MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. 2014-12-03 5.0 CVE-2014-8775
MISC
CONFIRM
mutt — mutt The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function. 2014-12-02 5.0 CVE-2014-9116
CONFIRM
CONFIRM
SECTRACK
BID
MLIST
MLIST
CONFIRM
mybb — mybb Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to report.php, (2) signature parameter in a do_editsig action to usercp.php, or (3) title parameter in the style-templates module in an edit_template action or (4) file parameter in the config-languages module in an edit action to admin/index.php. 2014-12-03 4.3 CVE-2014-9241
MISC
nextendweb — nextend_facebook_connect Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fb_login_button parameter in a newfb_update_options action. 2014-12-05 4.3 CVE-2014-8800
EXPLOIT-DB
MISC
OSVDB
notify_project — notify The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email. 2014-12-01 4.0 CVE-2014-9154
open-xchange — open-xchange_appsuite Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview. 2014-12-01 4.3 CVE-2014-5237
BUGTRAQ
CONFIRM
MISC
openvpn — openvpn OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. 2014-12-03 6.8 CVE-2014-8104
CONFIRM
UBUNTU
phpmyadmin — phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is improperly handled during rendering of the table browse page; a crafted ENUM value that is improperly handled during rendering of the (4) table print view or (5) zoom search page; or (6) a crafted pma_fontsize cookie that is improperly handled during rendering of the home page. 2014-11-30 4.3 CVE-2014-8958
phpmyadmin — phpmyadmin Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter. 2014-11-30 6.5 CVE-2014-8959
CONFIRM
phpmyadmin — phpmyadmin Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file’s line count via a crafted parameter. 2014-11-30 4.0 CVE-2014-8961
phpmyadmin — phpmyadmin libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password. 2014-12-08 5.0 CVE-2014-9218
CONFIRM
CONFIRM
CONFIRM
XF
CONFIRM
phpmyadmin — phpmyadmin Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. 2014-12-08 4.3 CVE-2014-9219
CONFIRM
XF
plex — plex_media_server Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to resources/. 2014-12-02 5.0 CVE-2014-9181
MISC
BUGTRAQ
redhat — packstack OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic plug-in is not used, does not properly set the libvirt_vif_driver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass intended access restrictions. 2014-12-01 5.0 CVE-2014-3703
redhat — tcpdump Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet. 2014-12-05 5.0 CVE-2014-9140
CONFIRM
MLIST
services_project — services Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter in a JSONP response. 2014-12-01 4.3 CVE-2014-9153
springshare — libcal Multiple cross-site scripting (XSS) vulnerabilities in api_events.php in Springshare LibCal 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) m or (2) cid parameter. 2014-12-01 4.3 CVE-2014-7291
XF
MISC
FULLDISC
square_enix_co_ltd — kaku_san_sei_million_aruthur SQUARE ENIX Co., Ltd. Kaku-San-Sei Million Arthur before 2.25 for Android stores “product credentials” on the SD card, which allows attackers to gain privileges via a crafted application. 2014-12-05 5.0 CVE-2014-7259
JVNDB
JVN
sunhater — kcfinder Cross-site scripting (XSS) vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) file or (2) directory (folder) name of an uploaded file. 2014-12-02 4.3 CVE-2014-3988
CONFIRM
supportezzy_ticket_system_project — supportezzy_ticket_system Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket System plugin 1.2.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the “URL (optional)” field in a new ticket. 2014-12-02 4.0 CVE-2014-9179
MISC
svnlabs — html5_mp3_player_with_playlist_free The HTML5 MP3 Player with Playlist Free plugin before 2.7 for WordPress allows remote attackers to obtain the installation path via a request to html5plus/playlist.php. 2014-12-02 5.0 CVE-2014-9177
XF
MISC
MISC
technicolor — td5130_router_firmware Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter. 2014-12-05 4.3 CVE-2014-9142
BUGTRAQ
EXPLOIT-DB
MISC
technicolor — td5130_router_firmware Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer parameter. 2014-12-05 4.3 CVE-2014-9143
BUGTRAQ
EXPLOIT-DB
MISC
torch_gmbh — graylog2 Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards. 2014-12-08 5.0 CVE-2014-9217
tuleap — tuleap project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter. 2014-12-01 6.0 CVE-2014-8791
BID
BUGTRAQ
FULLDISC
MISC
MISC
undertow_project — undertow Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI. 2014-12-01 5.0 CVE-2014-7816
BID
MLIST
vmware — vcenter_server_appliance Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-12-08 4.3 CVE-2014-3797
BUGTRAQ
FULLDISC
vmware — vcenter_server_appliance VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate. 2014-12-08 4.3 CVE-2014-8371
BUGTRAQ
FULLDISC
websitebaker — websitebaker Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to wb/admin/admintools/tool.php or (2) section_id parameter to edit_module_files.php, (3) news/add_post.php, (4) news/modify_group.php, (5) news/modify_post.php, or (6) news/modify_settings.php in wb/modules/. 2014-12-03 4.3 CVE-2014-9243
FULLDISC
MISC
x3cms — x3_cms Multiple cross-site request forgery (CSRF) vulnerabilities in the admin area in X3 CMS 0.5.1 and 0.5.1.1 allow remote attackers to hijack the authentication of administrators via unspecified vectors. 2014-12-03 6.8 CVE-2014-8771
MISC
xen — xen The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode. 2014-12-01 4.9 CVE-2014-8866
BID
SECUNIA
xen — xen The acceleration support for the “REP MOVS” instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors. 2014-12-01 4.9 CVE-2014-8867
BID
SECUNIA
yoast — google_analytics Cross-site scripting (XSS) vulnerability in the Google Analytics by Yoast (google-analytics-for-wordpress) plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the “Manually enter your UA code” (manual_ua_code_field) field in the General Settings. 2014-12-02 4.3 CVE-2014-9174
MISC
CONFIRM
BID
zohocorp — manageengine_it360 Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet. 2014-12-04 5.0 CVE-2014-5445
CONFIRM
MISC
MISC
XF
BID
BUGTRAQ
BUGTRAQ
FULLDISC
zohocorp — manageengine_it360 Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter. 2014-12-04 5.0 CVE-2014-5446
MISC
XF
BID
BUGTRAQ
BUGTRAQ
FULLDISC
MISC
zohocorp — manageengine_it360 Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter. 2014-12-04 5.0 CVE-2014-6034
MISC
FULLDISC
zohocorp — manageengine_it360 Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the fileName parameter. 2014-12-04 6.4 CVE-2014-6036
MISC
FULLDISC
zoph — zoph Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/. 2014-12-03 6.5 CVE-2014-9235
FULLDISC
MISC
zoph — zoph Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) photographer_id or (2) _crumb parameter. 2014-12-03 4.3 CVE-2014-9236
FULLDISC
MISC
zte — zxdsl ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi. 2014-12-02 5.0 CVE-2014-9184
MISC

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
clamav — clamav clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file. 2014-12-01 2.1 CVE-2013-6497
CONFIRM
XF
UBUNTU
BID
MLIST
MLIST
MANDRIVA
SECUNIA
SECUNIA
FEDORA
FEDORA
fedup_project — fedup fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a static name for its download cache, which allows local users to cause a denial of service (prevention of system updates). 2014-12-01 2.1 CVE-2013-6494
BID
FEDORA
nagios — nagios The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702. 2014-12-05 2.1 CVE-2014-4701
SUSE
MLIST
EXPLOIT-DB
SECUNIA
SECUNIA
FULLDISC
MISC
nagios — nagios The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701. 2014-12-05 2.1 CVE-2014-4702
SUSE
MLIST
SECUNIA
SECUNIA
nagios — nagios lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701. 2014-12-05 2.1 CVE-2014-4703
MLIST
FULLDISC
phpmyadmin — phpmyadmin Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. 2014-11-30 3.5 CVE-2014-8960
CONFIRM
redhat — enterprise_virtualization The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes. 2014-12-05 2.1 CVE-2014-3561
XF
SECTRACK
x3cms — x3_cms Cross-site scripting (XSS) vulnerability in the search_controller in X3 CMS 0.5.1 and 0.5.1.1 allows remote authenticated users to inject arbitrary web script or HTML via the search parameter. 2014-12-03 3.5 CVE-2014-8772
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

VMware Releases Security Updates for vCenter Server, vCenter Server Appliance, and ESXi

Original release date: December 05, 2014

VMware has released a security advisory to address multiple vulnerabilities in vCenter Server, vCenter Server Appliance, and ESXi. Exploitation of these vulnerabilities may allow a remote attacker to perform man-in-the-middle or cross-site scripting attacks.

US-CERT encourages users and administrators to review VMware Security Advisory VSMA-2014-0012 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Updates for Safari

Original release date: December 04, 2014 | Last revised: December 05, 2014

Apple has released security updates for Safari to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial of service or execute arbitrary code on an affected system.

Updates include:

  • Safari 8.0.1 for OS X Yosemite v10.10.1
  • Safari 7.1.1 for OS X Mavericks v10.9.5
  • Safari 6.2.1 for OS X Mountain Lion v10.8.5

US-CERT encourages users and administrators to review Apple security update HT6596 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

IBM Releases Security Update for MDM

Original release date: December 04, 2014

IBM has released Tivoli Endpoint Manager Mobile Device Management (MDM) version 9.0.60100 to address a vulnerability which may allow a remote attacker to gain control of an affected system.  

Users and administrators are encouraged to review the IBM Security Bulletin and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

SB14-335: Vulnerability Summary for the Week of November 24, 2014

Original release date: December 01, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — air Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors. 2014-11-25 7.5 CVE-2014-8439
apptha — contus_video_gallery Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow (1) remote attackers to execute arbitrary SQL commands via the vid parameter in a myextract action to wp-admin/admin-ajax.php or (2) remote authenticated users to execute arbitrary SQL commands via the playlistId parameter in the newplaylist page or (3) videoId parameter in a newvideo page to wp-admin/admin.php. 2014-11-26 7.5 CVE-2014-9097
BID
MISC
arris — vap2500_firmware Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors. 2014-11-28 10.0 CVE-2014-8423
MISC
arris — vap2500_firmware ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication. 2014-11-28 7.8 CVE-2014-8424
MISC
arris — vap2500_firmware The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files. 2014-11-28 7.8 CVE-2014-8425
MISC
arubanetworks — clearpass_policy_manager SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2014-11-25 7.5 CVE-2014-8367
XF
SECUNIA
arubanetworks — airwave The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors. 2014-11-25 9.0 CVE-2014-8368
XF
SECUNIA
cisco — openh264 Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. 2014-11-25 7.5 CVE-2014-8001
cisco — openh264 Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. 2014-11-25 7.5 CVE-2014-8002
cononical — ubuntu mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors. 2014-11-25 7.2 CVE-2014-1421
cybozu — dezie Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages. 2014-11-23 9.0 CVE-2014-5314
JVNDB
JVN
dell — sonicwall_analyzer The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors. 2014-11-25 9.0 CVE-2014-8420
MISC
digium — asterisk The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules. 2014-11-24 7.5 CVE-2014-8413
digium — asterisk The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol. 2014-11-24 9.0 CVE-2014-8418
documentfoundation — libreoffice LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file. 2014-11-26 7.5 CVE-2014-9093
CONFIRM
MLIST
MLIST
enalean — tuleap Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function. 2014-11-28 9.3 CVE-2014-7178
MISC
FULLDISC
flac — libflac Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. 2014-11-26 7.5 CVE-2014-8962
MISC
CONFIRM
BUGTRAQ
MISC
flac — libflac Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. 2014-11-26 7.5 CVE-2014-9028
MISC
CONFIRM
BUGTRAQ
MISC
gogits — gogs SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues. 2014-11-21 7.5 CVE-2014-8681
CONFIRM
XF
EXPLOIT-DB
FULLDISC
MISC
CONFIRM
gogits — gogs Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go. 2014-11-21 7.5 CVE-2014-8682
CONFIRM
XF
BID
BUGTRAQ
EXPLOIT-DB
FULLDISC
MISC
CONFIRM
justsystems — ichitaro Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen; and Ichitaro 2014 Tetsu allows remote attackers to execute arbitrary code via a crafted file. 2014-11-25 10.0 CVE-2014-7247
JVNDB
JVN
manageengine — oputils The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to “disclose” files via a crafted filename, related to “saveFile.” 2014-11-25 7.8 CVE-2014-8678
MISC
mantisbt — mantisbt Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php. 2014-11-28 7.5 CVE-2014-9089
MLIST
MLIST
moodle — moodle The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack. 2014-11-24 7.5 CVE-2014-7845
MLIST
php — php Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding. 2014-11-22 7.5 CVE-2014-8626
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
pligg — pligg_cms Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter. 2014-11-26 7.5 CVE-2014-9096
CONFIRM
CONFIRM
BID
FULLDISC
MISC
raritan — power_iq Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records. 2014-11-26 7.5 CVE-2014-9095
SECUNIA
FULLDISC
MISC
siemens — simatic_pcs7 The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets. 2014-11-26 10.0 CVE-2014-8551
wibu — codemeter_runtime Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file. 2014-11-26 7.2 CVE-2014-8419
BUGTRAQ
MISC
xen — xen The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE. 2014-11-24 7.1 CVE-2014-9030
XF
BID

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cisco — adaptive_security_appliance_software The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888. 2014-11-27 5.0 CVE-2014-3407
cisco — ios_xr Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378. 2014-11-25 5.0 CVE-2014-8004
cisco — ios_xr Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239. 2014-11-25 5.0 CVE-2014-8005
digitalzoomstudio — video_gallery Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter. 2014-11-26 4.3 CVE-2014-9094
MISC
FULLDISC
digium — asterisk The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package. 2014-11-26 4.0 CVE-2014-6609
digium — asterisk Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application. 2014-11-26 4.0 CVE-2014-6610
digium — asterisk The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry. 2014-11-24 5.0 CVE-2014-8412
digium — asterisk ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media. 2014-11-24 5.0 CVE-2014-8414
CONFIRM
digium — asterisk Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing. 2014-11-24 5.0 CVE-2014-8415
digium — asterisk Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up. 2014-11-24 5.0 CVE-2014-8416
digium — asterisk ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action. 2014-11-24 6.5 CVE-2014-8417
directwebremoting — direct_web_remoting The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2014-11-23 5.0 CVE-2014-5325
JVNDB
JVN
directwebremoting — direct_web_remoting Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-11-23 4.3 CVE-2014-5326
JVNDB
JVN
drupal — drupal Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions. 2014-11-24 6.8 CVE-2014-9015
MLIST
MLIST
DEBIAN
SECUNIA
drupal — drupal The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request. 2014-11-24 5.0 CVE-2014-9016
MLIST
MLIST
MLIST
DEBIAN
SECUNIA
dukapress_project — dukapress Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php. 2014-11-28 5.0 CVE-2014-8799
XF
EXPLOIT-DB
MISC
gnu — glibc The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing “$((`…`))”. 2014-11-24 4.3 CVE-2014-7817
CONFIRM
CONFIRM
XF
BID
MLIST
gogits — gogs Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown. 2014-11-21 4.3 CVE-2014-8683
XF
BUGTRAQ
FULLDISC
MISC
CONFIRM
huawei — e3236_firmware Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors. 2014-11-21 6.8 CVE-2014-5395
BID
ibm — sterling_selling_and_fulfillment_foundation Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a ” character. 2014-11-22 4.0 CVE-2014-4807
XF
ibm — qradar_risk_manager Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. 2014-11-27 6.8 CVE-2014-4829
XF
ibm — qradar_risk_manager IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors. 2014-11-27 5.8 CVE-2014-4831
XF
ibm — qradar_risk_manager IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. 2014-11-27 4.3 CVE-2014-4832
XF
ibm — qradar_risk_manager IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, place credentials in URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. 2014-11-27 5.0 CVE-2014-6075
XF
ibm — security_network_protection_xgs_5000 IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors. 2014-11-22 4.0 CVE-2014-6183
CONFIRM
ibm — web_experience_factory Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere Portal configuration, leading to improper construction of a response page by an application. 2014-11-25 4.3 CVE-2014-6196
XF
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
iwip_project — iwip resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets. 2014-11-27 5.0 CVE-2014-4883
CERT-VN
jexperts — channel_platform JExperts Channel Platform 5.0.33_CCB allows remote authenticated users to bypass access restrictions via crafted action and key parameters. 2014-11-25 6.5 CVE-2014-8558
FULLDISC
MISC
jqueryui — jquery_ui Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. 2014-11-24 4.3 CVE-2010-5312
XF
MLIST
MLIST
jqueryui — jquery_ui Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo. 2014-11-24 4.3 CVE-2012-6662
XF
MLIST
MLIST
kunena — kunena Multiple SQL injection vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote authenticated users to execute arbitrary SQL commands via the index value in an array parameter, as demonstrated by the topics[] parameter in an unfavorite action to index.php. 2014-11-26 6.5 CVE-2014-9102
BID
MISC
kunena — kunena Multiple cross-site scripting (XSS) vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) index value of an array parameter or the filename parameter in the Content-Disposition header to the (2) file or (3) profile image upload functionality. 2014-11-26 4.3 CVE-2014-9103
BID
MISC
mantisbt — mantisbt MantisBT before 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a request to the download URL. 2014-11-24 4.0 CVE-2014-8988
XF
BID
MLIST
CONFIRM
MLIST
matrikonopc — dnp3_opc_server MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote attackers to cause a denial of service (unhandled exception and DNP3 process crash) via a crafted message. 2014-11-27 5.0 CVE-2014-5426
MISC
moodle — moodle lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role to access the get_grades web service. 2014-11-24 4.0 CVE-2014-7831
MLIST
CONFIRM
moodle — moodle mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by viewing an activity instance. 2014-11-24 4.0 CVE-2014-7832
MLIST
CONFIRM
moodle — moodle mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by accessing the database after an edit by a teacher. 2014-11-24 4.0 CVE-2014-7833
MLIST
CONFIRM
moodle — moodle mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service. 2014-11-24 4.0 CVE-2014-7834
MLIST
CONFIRM
moodle — moodle Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a (1) mod/lti/request_tool.php or (2) mod/lti/instructor_edit_tool_type.php request. 2014-11-24 6.8 CVE-2014-7836
MLIST
moodle — moodle mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to remove wiki pages by leveraging delete access within a different subwiki. 2014-11-24 5.5 CVE-2014-7837
MLIST
moodle — moodle Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within (1) mod/forum/deprecatedlib.php, (2) mod/forum/forum.js, (3) mod/forum/index.php, or (4) mod/forum/lib.php. 2014-11-24 6.8 CVE-2014-7838
MLIST
moodle — moodle tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access restrictions via an AJAX request. 2014-11-24 4.0 CVE-2014-7846
MLIST
moodle — moodle iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote attackers to cause a denial of service (resource consumption) by triggering the calculation of an estimated latitude and longitude for an IP address. 2014-11-24 5.0 CVE-2014-7847
MLIST
moodle — moodle lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. 2014-11-24 5.0 CVE-2014-7848
MLIST
moodle — moodle lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts. 2014-11-24 4.3 CVE-2014-9059
MLIST
moodle — moodle The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not properly restrict the parameters used in a return URL, which allows remote attackers to trigger the generation of arbitrary messages via a modified URL, related to mod/lti/locallib.php and mod/lti/return.php. 2014-11-24 5.0 CVE-2014-9060
CONFIRM
MLIST
moxi9 — phpfox Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header. 2014-11-21 4.3 CVE-2014-8469
XF
BID
EXPLOIT-DB
FULLDISC
MISC
open-xchange — open-xchange_appsuite SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call. 2014-11-21 6.5 CVE-2014-7871
XF
BID
BUGTRAQ
MISC
openstack — neutron OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration. 2014-11-24 4.0 CVE-2014-7821
XF
SECUNIA
openswan — openswan Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466. 2014-11-26 5.0 CVE-2014-2037
BID
MLIST
MLIST
openvpn — openvpn_access_server Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) disconnecting established VPN sessions, (2) connect to arbitrary VPN servers, or (3) create VPN profiles and execute arbitrary commands via crafted API requests. 2014-11-26 6.8 CVE-2014-9104
MISC
MISC
BUGTRAQ
FULLDISC
oracle — database_server Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, and CVE-2014-6547. NOTE: this issue was originally mapped to CVE-2014-4301, but CVE-2014-4301 is for an unrelated vulnerability. 2014-11-23 6.8 CVE-2014-6477
paidmembershipspro — paid_memberships_pro Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php. 2014-11-28 5.0 CVE-2014-8801
XF
BID
EXPLOIT-DB
MISC
MISC
polarssl — polarssl PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors. 2014-11-24 5.0 CVE-2014-8627
SECUNIA
SUSE
redhat — resteasy DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors. 2014-11-25 6.4 CVE-2014-7839
SECUNIA
redhat — freeipa Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation. 2014-11-28 4.3 CVE-2014-7850
ruby-lang — ruby The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080. 2014-11-21 5.0 CVE-2014-8090
siemens — simatic_pcs7 The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets. 2014-11-26 5.0 CVE-2014-8552
simple_email_form_project — simple_email_form Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the mod_simpleemailform_field2_1 parameter to index.php. 2014-11-21 4.3 CVE-2014-8539
MISC
BID
BUGTRAQ
MISC
skalfa — oxwall Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1.7.0 (build 7907 and 7906) and SkaDate Lite 2.0 (build 7651) allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks or possibly have other unspecified impact via the (1) label parameter to admin/users/roles/, (2) lang[1][base][questions_account_type_5615100a931845eca8da20cfdf7327e0] in an AddAccountType action or (3) qst_name parameter in an addQuestion action to admin/questions/ajax-responder/, or (4) form_name or (5) restrictedUsername parameter to admin/restricted-usernames. 2014-11-26 6.8 CVE-2014-9101
MISC
MISC
BID
EXPLOIT-DB
MISC
MISC
OSVDB
OSVDB
OSVDB
OSVDB
squid-cache — squid The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet. 2014-11-26 6.4 CVE-2014-7141
CONFIRM
MLIST
MLIST
MLIST
squid-cache — squid The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. 2014-11-26 6.4 CVE-2014-7142
CONFIRM
MLIST
MLIST
MLIST
ubuntu — apparmor apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a “miscompilation flaw.” 2014-11-24 6.4 CVE-2014-1424
whydowork_adsense_project — whydowork_adsense Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the whydowork_adsense page in wp-admin/options-general.php. 2014-11-26 6.8 CVE-2014-9099
BID
MISC
whydowork_adsense_project — whydowork_adsense Cross-site scripting (XSS) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the idcode parameter in the whydowork_adsense page to wp-admin/options-general.php. 2014-11-26 4.3 CVE-2014-9100
BID
MISC
wireshark — wireshark The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. 2014-11-22 5.0 CVE-2014-8710
CONFIRM
CONFIRM
wireshark — wireshark Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet. 2014-11-22 5.0 CVE-2014-8711
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2014-11-22 5.0 CVE-2014-8712
CONFIRM
CONFIRM
wireshark — wireshark Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2014-11-22 5.0 CVE-2014-8713
CONFIRM
CONFIRM
wireshark — wireshark The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2014-11-22 5.0 CVE-2014-8714
CONFIRM
CONFIRM
CONFIRM
wordpress — wordpress Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post. 2014-11-25 4.3 CVE-2014-9031
MLIST
MISC
wordpress — wordpress Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-11-25 4.3 CVE-2014-9032
MLIST
wordpress — wordpress Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that reset passwords. 2014-11-25 6.8 CVE-2014-9033
MLIST
wordpress — wordpress wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016. 2014-11-25 5.0 CVE-2014-9034
MLIST
wordpress — wordpress Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-11-25 4.3 CVE-2014-9035
MLIST
wordpress — wordpress Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post. 2014-11-25 4.3 CVE-2014-9036
MLIST
wordpress — wordpress WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash. 2014-11-25 6.8 CVE-2014-9037
MLIST
wordpress — wordpress wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource. 2014-11-25 6.4 CVE-2014-9038
MLIST
wordpress — wordpress wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message. 2014-11-25 4.3 CVE-2014-9039
MLIST
xavoc — xepan_cms Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the owner/users page. 2014-11-28 6.8 CVE-2014-8429
MISC
BUGTRAQ

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apptha — contus_video_gallery Multiple cross-site scripting (XSS) vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly before 2014-07-23, for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the videoadssearchQuery parameter to (1) videoads/videoads.php, (2) video/video.php, or (3) playlist/playlist.php. 2014-11-26 3.5 CVE-2014-9098
BID
MISC
check_diskio_project — check_diskio The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows local users to write to arbitrary files via a symlink attack on a temporary file with a predictable name (tmp/check_diskio_status-*-*). 2014-11-28 3.6 CVE-2014-8994
XF
BID
MLIST
MLIST
ibm — websphere_portal Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2014-11-25 3.5 CVE-2014-6093
XF
liferay — liferay_portal Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parameter in the comment field in an uploaded file. 2014-11-24 3.5 CVE-2014-8349
FULLDISC
MISC
mantisbt — mantisbt Cross-site scripting (XSS) vulnerability in the selection list in the filters in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via a crafted config option, a different vulnerability than CVE-2014-8987. 2014-11-24 3.5 CVE-2014-8986
MLIST
MLIST
MLIST
MLIST
moodle — moodle Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse capability to provide a searchcourse parameter. 2014-11-24 3.5 CVE-2014-7830
MLIST
CONFIRM
moodle — moodle webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross-site scripting (XSS) attacks, by specifying the profile-picture area. 2014-11-24 2.1 CVE-2014-7835
CONFIRM
MLIST
CONFIRM
python — pip pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user. 2014-11-24 2.1 CVE-2014-8991
CONFIRM
CONFIRM
BID
MLIST
MLIST

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Docker Releases Security Advisory

Original release date: November 24, 2014

Docker has released a critical security advisory to address vulnerabilities in Docker versions prior to version 1.3.2, one of which could allow an attacker to escalate privileges and execute remote code on an affected system.  

US-CERT encourages users and administrators to review Docker’s Security Advisory and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT Alerts Users to Holiday Phishing Scams and Malware Campaigns

Original release date: November 24, 2014

US-CERT reminds users to remain vigilant when browsing online this holiday season. E-cards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments. Spoofed e-mail messages and fraudulent posts on social networking sites may request support for phony causes.

To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, US-CERT encourages users to take the following action:

If you believe you are a victim of a Holiday Phishing scam or Malware campaign, consider the following actions:

  • File a complaint with the FBI’s Internet Crime Complaint Center (IC3).
  • Report the attack to the police, and file a report with the Federal Trade Commission.
  • Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
  • Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
     

This product is provided subject to this Notification and this Privacy & Use policy.

SB14-328: Vulnerability Summary for the Week of November 17, 2014

Original release date: November 24, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
advantech — eki-6340 cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi. 2014-11-20 9.0 CVE-2014-8387
BID
BUGTRAQ
MISC
FULLDISC
advantech — advantech_webaccess Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document. 2014-11-20 7.2 CVE-2014-8388
MISC
apache — mod_auth_mellon The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data. 2014-11-14 9.4 CVE-2014-8567
MLIST
CONFIRM
SECUNIA
CONFIRM
apple — iphone_os Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses. 2014-11-18 7.2 CVE-2014-4451
apple — iphone_os The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled. 2014-11-18 7.5 CVE-2014-4457
apple — apple_tv The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application. 2014-11-18 9.3 CVE-2014-4461
arubanetworks — clearpass Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-6627. 2014-11-19 10.0 CVE-2014-5342
SECUNIA
arubanetworks — clearpass The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors. 2014-11-19 9.0 CVE-2014-6625
SECUNIA
arubanetworks — clearpass Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors. 2014-11-19 10.0 CVE-2014-6626
SECUNIA
arubanetworks — clearpass Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342. 2014-11-19 9.0 CVE-2014-6627
SECUNIA
checkpoint — security_gateway Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS request. 2014-11-16 7.1 CVE-2014-8950
CONFIRM
SECUNIA
checkpoint — security_gateway Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) Anti-Bot, or (6) Anti-Virus blade is used, allows remote attackers to cause a denial of service (fwk0 process crash, core dump, and restart) via a redirect to the UserCheck page. 2014-11-16 7.1 CVE-2014-8951
SECUNIA
checkpoint — security_gateway Multiple unspecified vulnerabilities in Check Point Security Gateway R75.40VS, R75.45, R75.46, R75.47, R76, R77, and R77.10, when the (1) IPS blade, (2) IPsec Remote Access, (3) Mobile Access / SSL VPN blade, (4) SSL Network Extender, (5) Identify Awareness blade, (6) HTTPS Inspection, (7) UserCheck, or (8) Data Leak Prevention blade module is enabled, allow remote attackers to cause a denial of service (“stability issue”) via an unspecified “traffic condition.” 2014-11-16 7.1 CVE-2014-8952
SECUNIA
cisco — ios Cisco IOS on Aironet access points, when “dot11 aaa authenticator” debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509. 2014-11-14 7.1 CVE-2014-7998
digitalvidhya — digi_online_examination_system Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/uploads/images/. 2014-11-20 7.5 CVE-2014-8997
XF
EXPLOIT-DB
MISC
faronics — deep_freeze The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, related to the IofCallDriver function. 2014-11-20 7.2 CVE-2014-2382
MISC
FULLDISC
MISC
freerdp_project — freerdp Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated. 2014-11-16 7.5 CVE-2014-0250
CONFIRM
BID
MLIST
SUSE
google — chrome Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. 2014-11-19 7.5 CVE-2014-7900
CONFIRM
CONFIRM
google — chrome Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long segment in a JPEG image. 2014-11-19 7.5 CVE-2014-7901
CONFIRM
CONFIRM
google — chrome Use-after-free vulnerability in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. 2014-11-19 7.5 CVE-2014-7902
CONFIRM
google — chrome Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG image. 2014-11-19 7.5 CVE-2014-7903
CONFIRM
CONFIRM
google — chrome Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2014-11-19 7.5 CVE-2014-7904
CONFIRM
google — chrome Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of the object’s lifetime. 2014-11-19 7.5 CVE-2014-7906
CONFIRM
CONFIRM
google — chrome Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger improper handling of a detached frame, related to the (1) lock and (2) unlock methods. 2014-11-19 7.5 CVE-2014-7907
CONFIRM
CONFIRM
google — chrome Multiple integer overflows in the CheckMov function in media/base/container_names.cc in Google Chrome before 39.0.2171.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a large atom in (1) MPEG-4 or (2) QuickTime .mov data. 2014-11-19 7.5 CVE-2014-7908
CONFIRM
CONFIRM
google — chrome Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2014-11-19 7.5 CVE-2014-7910
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
lantronix — xprintserver Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action. 2014-11-20 10.0 CVE-2014-9002
XF
FULLDISC
MISC
MISC
mantisbt — mantisbt The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier. 2014-11-18 7.5 CVE-2014-7146
XF
BID
CONFIRM
MLIST
microsoft — windows_7 The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka “Kerberos Checksum Vulnerability.” 2014-11-18 9.0 CVE-2014-6324
CONFIRM
netbsd — netbsd The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. 2014-11-17 7.5 CVE-2014-8517
SECUNIA
SECUNIA
MLIST
MLIST
SUSE
php-fusion — php-fusion Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php. 2014-11-17 7.5 CVE-2014-8596
MISC
XF
BID
EXPLOIT-DB
MISC
OSVDB
protected_pages_project — protected_pages The Protected Pages module 7.x-2.x before 7.x-2.4 for Drupal allows remote attackers to bypass the password protection via a crafted path. 2014-11-20 7.5 CVE-2014-9024
samba — ppp Integer overflow in the getword function in options.c in pppd in Paul’s PPP Package (ppp) before 2.4.7 allows attackers to “access privileged options” via a long word in an options file, which triggers a heap-based buffer overflow that “[corrupts] security-relevant variables.” 2014-11-15 7.5 CVE-2014-3158
CONFIRM
MLIST
FEDORA
sap — governance_risk_and_compliance Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request. 2014-11-18 9.0 CVE-2013-3678
MISC
XF
BID
BUGTRAQ
MISC
FULLDISC
MISC
vld_interactive — vldpersonals Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search action to index.php. 2014-11-20 7.5 CVE-2014-9005
XF
EXPLOIT-DB
webfs — webfs The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file. 2014-11-16 7.2 CVE-2013-0347
XF
BID
MLIST
MLIST
MLIST
OSVDB

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — cordova Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL. 2014-11-15 6.4 CVE-2014-3500
BID
apache — cordova Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView. 2014-11-15 4.3 CVE-2014-3501
BID
apache — cordova Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent. 2014-11-15 4.3 CVE-2014-3502
BID
apache — qpid XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message. 2014-11-17 4.3 CVE-2014-3629
XF
BID
BUGTRAQ
SECUNIA
MISC
apple — apple_tv WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462. 2014-11-18 5.4 CVE-2014-4452
apple — iphone_os Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. 2014-11-18 5.0 CVE-2014-4453
apple — mac_os_x The “System Profiler About This Mac” component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors. 2014-11-18 5.0 CVE-2014-4458
apple — mac_os_x Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. 2014-11-18 6.8 CVE-2014-4459
apple — apple_tv WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452. 2014-11-18 5.8 CVE-2014-4462
arubanetworks — clearpass Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting and diagnostics page in production systems, which allows remote attackers to obtain version numbers, module configuration, and other sensitive information by reading the page. 2014-11-19 5.0 CVE-2014-6621
SECUNIA
arubanetworks — clearpass Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to determine the validity of filenames via unspecified vectors. 2014-11-19 5.0 CVE-2014-6622
SECUNIA
arubanetworks — clearpass The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to read arbitrary files via unspecified vectors. 2014-11-19 6.8 CVE-2014-6624
SECUNIA
atlas_systems — aeon Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems Aeon 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) Action or (2) Form parameter to aeon.dll. 2014-11-19 4.3 CVE-2014-7290
XF
MISC
FULLDISC
MISC
bestpractical — rt-extension-mobileui The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and caches via unspecified vectors. 2014-11-15 5.0 CVE-2013-3737
OSVDB
SECUNIA
cisco — ios The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014. 2014-11-17 5.0 CVE-2014-7992
cisco — unified_computing_system Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477. 2014-11-18 6.8 CVE-2014-7996
cisco — ios The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281. 2014-11-14 6.1 CVE-2014-7997
cisco — unified_communications_manager_im_and_presence_service Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497. 2014-11-20 5.0 CVE-2014-8000
codecanyon — phpsound Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Description fields in a playlist or the (3) filter parameter in an explore action to index.php. 2014-11-17 4.3 CVE-2014-8954
EXPLOIT-DB
MISC
commerceguys — commerce The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via unspecified vectors. 2014-11-20 5.0 CVE-2014-9025
docker — docker Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. 2014-11-17 5.0 CVE-2014-5277
CONFIRM
SUSE
dolibarr — dolibarr_erp/crm Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet/tasks/contact.php; (4) lineid parameter in a deletecontact action, (5) ligne parameter in a swapstatut action, or (6) ref parameter to projet/contact.php; (7) id parameter to compta/bank/fiche.php, (8) contact/info.php, (9) holiday/index.php, (10) product/stock/fiche.php, (11) product/stock/info.php, or (12) in an edit action to product/stock/fiche.php; (13) productid parameter in an addline action to product/stock/massstockmove.php; (14) project_ref parameter to projet/tasks/note.php; (15) ref parameter to element.php, (16) ganttview.php, (17) note.php, or (18) tasks.php in projet/; (19) sall or (20) sref parameter to comm/mailing/liste.php; (21) search_bon, (22) search_ligne, (23) search_societ e, or (24) search_code parameter to compta/prelevement/liste.php; (25) search_label parameter to compta/sociales/index.php; (26) search_project parameter to projet/tasks/index.php; (27) search_societe parameter to compta/prelevement/demandes.php; (28) search_statut parameter to user/index.php; (29) socid parameter to compta/recap-compta.php, (30) societe/commerciaux.php, or (31) societe/rib.php; (32) sortorder, (33) sref, (34) sall, or (35) sortfield parameter to product/stock/liste.php; (36) statut parameter to adherents/liste.php or (37) compta/dons/liste.php; (38) tobuy or (39) tosell parameter to product/liste.php; (40) tobuy, (41) tosell, (42) search_categ, or (43) sref parameter to product/reassort.php; (44) type parameter to product/index.php; or the (a) sortorder or (b) sortfield parameter to (45) compta/paiement/cheque/liste.php, (46) compta/prelevement/bons.php, (47) compta/prelevement/rejets.php, (48) product/stats/commande.php, (49) product/stats/commande_fournis seur.php, (50) product/stats/contrat.php, (51) product/stats! /facture.php, (52) product/stats/facture_fournisseur.php, (53) product/stats/propal.php, or (54) product/stock/replenishorders.php. 2014-11-21 6.5 CVE-2014-7137
MISC
BID
BUGTRAQ
FULLDISC
f5 — big-ip_local_traffic_manager Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the “Resource Administrator” or “Administrator” role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form. 2014-11-17 6.2 CVE-2014-8727
CONFIRM
XF
BID
EXPLOIT-DB
MISC
freebsd — freebsd FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and prevention of new connections) by ending multiple connections before authentication is completed. 2014-11-18 4.3 CVE-2014-8475
XF
BID
SECUNIA
MISC
google — chrome Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string. 2014-11-19 5.0 CVE-2014-7899
CONFIRM
CONFIRM
google — chrome Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended access restrictions via a crafted web site. 2014-11-19 5.0 CVE-2014-7905
CONFIRM
google — chrome effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data. 2014-11-19 5.0 CVE-2014-7909
CONFIRM
CONFIRM
haxx — curl cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. 2014-11-18 5.0 CVE-2014-3613
SUSE
haxx — curl cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. 2014-11-18 5.0 CVE-2014-3620
SUSE
haxx — libcurl The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. 2014-11-15 4.3 CVE-2014-3707
UBUNTU
CONFIRM
ibm — security_identity_manager Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors. 2014-11-17 5.0 CVE-2014-6095
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm — security_identity_manager Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2014-11-17 4.3 CVE-2014-6096
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm — security_identity_manager IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request. 2014-11-17 5.0 CVE-2014-6098
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm — security_identity_manager IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors. 2014-11-17 4.3 CVE-2014-6105
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm — security_identity_manager IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. 2014-11-17 4.3 CVE-2014-6107
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
imember360 — imember360 Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that with an unspecified impact via the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to execute arbitrary commands. 2014-11-16 6.8 CVE-2014-8948
EXPLOIT-DB
SECUNIA
FULLDISC
MISC
OSVDB
imember360 — imember360 The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear whether this issue itself crosses privileges. 2014-11-16 6.0 CVE-2014-8949
EXPLOIT-DB
SECUNIA
FULLDISC
MISC
OSVDB
incrediblepbx — incredible_pbx_11 reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5) APPTYR, or (6) APPTPHONE parameters. 2014-11-20 6.5 CVE-2014-9001
FULLDISC
ipa — ilogscanner Cross-site scripting (XSS) vulnerability in IPA iLogScanner 4.0 allows remote attackers to inject arbitrary web script or HTML by triggering a crafted entry in a log file. 2014-11-14 4.3 CVE-2014-7248
JVNDB
JVN
lantronix — xprintserver Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action. 2014-11-20 6.8 CVE-2014-9003
XF
FULLDISC
MISC
maarch — letterbox SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie. 2014-11-20 5.0 CVE-2014-8995
XF
OSVDB
MISC
manageengine — password_manager_pro SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter. 2014-11-17 6.5 CVE-2014-8498
MISC
XF
BID
EXPLOIT-DB
FULLDISC
MISC
OSVDB
manageengine — password_manager_pro Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc. 2014-11-17 6.5 CVE-2014-8499
MISC
XF
XF
BID
EXPLOIT-DB
FULLDISC
MISC
OSVDB
OSVDB
mantisbt — mantisbt The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code. 2014-11-18 6.4 CVE-2014-8598
XF
BID
MLIST
megnicholas — clean_and_simple_contact_form Cross-site scripting (XSS) vulnerability in the Contact Form Clean and Simple (clean-and-simple-contact-form-by-meg-nicholas) plugin 4.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the cscf[name] parameter to contact-us/. 2014-11-17 4.3 CVE-2014-8955
XF
MISC
monstra — monstra Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values. 2014-11-20 5.0 CVE-2014-9006
XF
MISC
mulesoft — mule_enterprise_management_console Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC. 2014-11-20 6.5 CVE-2014-9000
FULLDISC
FULLDISC
MISC
mumble — mumble The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file. 2014-11-16 5.0 CVE-2014-3755
MISC
BID
MLIST
MLIST
mumble — mumble The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip. 2014-11-16 5.0 CVE-2014-3756
BID
MLIST
MLIST
nibbleblog — nibbleblog Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) author_name or (2) content parameter to index.php. 2014-11-20 4.3 CVE-2014-8996
XF
BID
FULLDISC
MISC
pandorafms — pandora_flexible_monitoring_system Cross-site scripting (XSS) vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via the refr parameter to index.php. 2014-11-19 4.3 CVE-2014-8629
XF
FULLDISC
MISC
phpmemcachedadmin_project — phpmemcachedadmin Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-11-17 4.3 CVE-2014-8732
XF
BID
BUGTRAQ
BUGTRAQ
MISC
phpmoneybooks — phpmoneybooks Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. 2014-11-17 4.3 CVE-2012-1669
BID
BUGTRAQ
EXPLOIT-DB
FULLDISC
MISC
OSVDB
phpmoneybooks — phpmoneybooks Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2012-1669. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might have been fixed in 1.0.3. 2014-11-17 4.3 CVE-2012-6665
SECUNIA
OSVDB
phpscriptlerim — php_scriptlerim_who’s_who Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who’s Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php. 2014-11-17 6.8 CVE-2014-8953
XF
EXPLOIT-DB
MISC
pivotal — spring_framework Directory traversal vulnerability in Pivitol Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling. 2014-11-20 5.0 CVE-2014-3625
CONFIRM
puppetlabs — facter Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine. 2014-11-16 6.2 CVE-2014-3248
BID
SECUNIA
SECUNIA
MISC
qemu — qemu Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption. 2014-11-15 4.6 CVE-2014-5388
MLIST
CONFIRM
UBUNTU
MLIST
MLIST
CONFIRM
redhat — openshift Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme. 2014-11-16 6.5 CVE-2014-0233
CONFIRM
redhat — tcpdump Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame. 2014-11-20 5.0 CVE-2014-8767
XF
BID
BUGTRAQ
FULLDISC
MISC
redhat — tcpdump Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame. 2014-11-20 5.0 CVE-2014-8768
XF
BID
BUGTRAQ
FULLDISC
MISC
redhat — tcpdump tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access. 2014-11-20 6.4 CVE-2014-8769
XF
BID
BUGTRAQ
FULLDISC
MISC
rubyonrails — ruby_on_rails The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string. 2014-11-16 5.0 CVE-2014-3916
XF
BID
MLIST
MLIST
rubyonrails — ruby_on_rails Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow. 2014-11-15 5.0 CVE-2014-4975
CONFIRM
XF
UBUNTU
MLIST
rubyonrails — ruby_on_rails Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a (backslash) character, a similar issue to CVE-2014-7818. 2014-11-18 5.0 CVE-2014-7829
MLIST
simple_email_form_project — simple_email_form Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the mod_simpleemailform_field2_1 parameter to index.php. 2014-11-21 4.3 CVE-2014-8539
MISC
BID
BUGTRAQ
MISC
tibco — managed_file_transfer_command_center TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive information or modify data by leveraging agent access. 2014-11-20 6.4 CVE-2014-7194
tibco — silver_fabric_enabler Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6.0.2 and 6.5.x before 6.5.2, Spotfire Deployment Kit 6.0.x before 6.0.2 and 6.5.x before 6.5.2, and Silver Fabric Enabler for Spotfire Web Player before 1.6.1 allows remote authenticated users to obtain sensitive information via unspecified vectors. 2014-11-20 4.0 CVE-2014-7195
twilio_project — twilio The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restirct access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tokens by leveraging the “access administration pages” Drupal permission. 2014-11-20 5.5 CVE-2014-9023
ubercart — ubercart The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the “administer product classes” permission to execute arbitrary PHP code via unspecified vectors. 2014-11-15 6.0 CVE-2012-2301
BID
MLIST
MLIST
SECUNIA
ubercart — ubercart The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the “view own orders” permission to obtain sensitive information via unspecified vectors. 2014-11-20 4.0 CVE-2014-9026
uninett — mod_auth_mellon The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a “session overflow” involving “sessions overlapping in memory.” 2014-11-15 6.4 CVE-2014-8566
SECUNIA
SECUNIA
REDHAT
CONFIRM
vld_interactive — vldpersonals Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a member_profile action to index.php. 2014-11-20 4.3 CVE-2014-9004
XF
EXPLOIT-DB
vtiger — vtiger_crm views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter. 2014-11-15 5.0 CVE-2014-2268
MISC
BID
EXPLOIT-DB
web_component_roles_project — web_component_roles The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x before 7.x-1.8 for Drupal allows remote attackers to bypass the “disabled” restriction and modify read-only components via a crafted form. 2014-11-20 6.4 CVE-2014-9022
x7chat — x7_chat lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch. 2014-11-20 6.5 CVE-2014-8998
XF
BID
EXPLOIT-DB
MISC
xen — xen The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer derference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP). 2014-11-19 5.4 CVE-2014-8594
xoops — xoops SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter. 2014-11-20 6.5 CVE-2014-8999
BID
FULLDISC
MISC
zend — zend_framework Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657. 2014-11-15 6.4 CVE-2014-2681
MANDRIVA
MLIST
CONFIRM
zend — zend_framework Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0, when PHP-FPM is used, does not properly share the libxml_disable_entity_loader setting between threads, which might allow remote attackers to conduct XML External Entity (XXE) attacks via an XML external entity declaration in conjunction with an entity reference. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657. 2014-11-15 6.8 CVE-2014-2682
MANDRIVA
MLIST
CONFIRM
zend — zend_framework Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-6532. 2014-11-15 5.0 CVE-2014-2683
MANDRIVA
MLIST
CONFIRM
zend — zend_framework The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association handle, which allows remote attackers to bypass authentication and spoof arbitrary OpenID identities by using a malicious OpenID Provider that generates OpenID tokens with arbitrary identifier and claimed_id values. 2014-11-15 6.4 CVE-2014-2684
MANDRIVA
MLIST
CONFIRM
zte — zxdsl Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name or (2) conduct cross-site scripting (XSS) attacks via the sysUserName parameter in a save action to adminpasswd.cgi or (3) change the admin user password via the sysPassword parameter in a save action to adminpasswd.cgi. 2014-11-20 6.8 CVE-2014-9019
XF
BID
BUGTRAQ
MISC
zteusa — zxhn_h108l_firmware ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1. 2014-11-20 5.0 CVE-2014-8493
MISC
XF
EXPLOIT-DB
EXPLOIT-DB
FULLDISC
MISC
zteusa — zxdsl_831 Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected products and codebases. 2014-11-20 4.3 CVE-2014-9020
XF
BID
BID
BUGTRAQ
BUGTRAQ
MISC
MISC
zteusa — zxdsl_831 Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 allow remote attackers to inject arbitrary web script or HTML via the (1) tr69cAcsURL, (2) tr69cAcsUser, (3) tr69cAcsPwd, (4) tr69cConnReqPwd, or (5) tr69cDebugEnable parameter to the TR-069 client page (tr69cfg.cgi); the (6) timezone parameter to the Time and date page (sntpcfg.sntp); or the (7) hostname parameter in a save action to the Quick Stats page (psilan.cgi). NOTE: this issue was SPLIT from CVE-2014-9020 per ADT1 due to different affected products and codebases. 2014-11-20 4.3 CVE-2014-9021
XF
BID
BUGTRAQ
MISC
zteusa — zxdsl_831cii Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the (1) enblftp, (2) enblhttp, (3) enblsnmp, (4) enbltelnet, (5) enbltftp, (6) enblicmp, or (7) enblssh parameter to accesslocal.cmd. 2014-11-20 6.8 CVE-2014-9027
XF
MISC

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — hive Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI. 2014-11-16 3.5 CVE-2014-0228
BUGTRAQ
MISC
apple — apple_tv dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file. 2014-11-18 2.1 CVE-2014-4455
apple — iphone_os CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files. 2014-11-18 2.1 CVE-2014-4460
apple — iphone_os Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime “Leave a Message” feature. 2014-11-18 2.1 CVE-2014-4463
d-bus_project — d-bus D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1. 2014-11-18 2.1 CVE-2014-7824
CONFIRM
XF
BID
MLIST
freeipa — freeipa FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind. 2014-11-19 3.5 CVE-2014-7828
MLIST
MLIST
CONFIRM
CONFIRM
XF
BID
FEDORA
ibm — tivoli_storage_manager The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename. 2014-11-18 2.1 CVE-2014-4817
XF
ibm — security_identity_manager IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation. 2014-11-17 2.1 CVE-2014-6110
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
nlnetlabs — ldns The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file. 2014-11-15 2.1 CVE-2014-3209
CONFIRM
CONFIRM
BID
MLIST
MLIST
python — python Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. 2014-11-15 3.3 CVE-2014-2667
MLIST
MLIST
MLIST
SUSE
SUSE
redhat — jboss_enterprise_application_platform JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions audit.log, which allows local users to obtain sensitive information by reading this file. 2014-11-17 2.1 CVE-2014-0059
xen — xen arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction. 2014-11-19 1.9 CVE-2014-8595

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.