US-CERT Alerts – Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
Original release date: December 09, 2014
Adobe has released security updates to address multiple vulnerabilities in Flash, Reader, Acrobat, and ColdFusion. Exploitation of these vulnerabilities may allow a remote attacker to take over an affected system.
US-CERT recommends users and administrators review Adobe Security Bulletins APSB14-27, APSB14-28, and APSB14-29 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: December 09, 2014
Microsoft has released updates to address vulnerabilities in Exchange, Windows, Internet Explorer, and Office as part of the Microsoft Security Bulletin Summary for December 2014. Some of these vulnerabilities could allow elevation of privilege, remote code execution, or disclosure of information.
US-CERT encourages users and administrators to review Microsoft Security Bulletin MS14-DEC and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: December 08, 2014
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| canto — canto_curses | canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed. | 2014-12-03 | 7.5 | CVE-2013-7416 CONFIRM CONFIRM XF BID MLIST MLIST |
| cchgroup — prosystem_fx_engagement | CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4) P2EWinService service files in PFX Engagement, which allows local users to obtain LocalSystem privileges via a Trojan horse file. | 2014-12-02 | 7.2 | CVE-2014-9113 MISC EXPLOIT-DB MISC |
| creative_minds — cm_download_manager | The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function. | 2014-12-05 | 10.0 | CVE-2014-8877 CONFIRM BID BUGTRAQ MISC MISC |
| fujitsu — arrows_kiss_f-03d | FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors. | 2014-12-05 | 7.2 | CVE-2014-7253 |
| google_doc_embedder_project — google_doc_embedder | SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter. | 2014-12-02 | 7.5 | CVE-2014-9173 CONFIRM XF EXPLOIT-DB MISC OSVDB |
| graphviz — graphviz | Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string. | 2014-12-03 | 7.5 | CVE-2014-9157 CONFIRM XF BID SECUNIA MLIST MLIST |
| hikvision — dvr_ds-7204_firmware | Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization header. | 2014-12-08 | 7.5 | CVE-2014-4880 EXPLOIT-DB MISC |
| huawei — p2-6011_firmware | The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors. | 2014-12-05 | 7.2 | CVE-2014-2273 MISC XF BID |
| huawei — honor_cube_wireless_router_ws860s | Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C02B222 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | 2014-12-03 | 10.0 | CVE-2014-9134 BID |
| internet_initiative_japan — seil_b1_firmware | The (1) PPP Access Concentrator (PPPAC) and (2) Dial-Up Networking Internet Initiative Japan Inc. SEIL series routers SEIL/x86 Fuji 1.00 through 3.22; SEIL/X1, SEIL/X2, and SEIL/B1 1.00 through 4.62; SEIL/Turbo 1.82 through 2.18; and SEIL/neu 2FE Plus 1.82 through 2.18 allow remote attackers to cause a denial of service (restart) via crafted (a) GRE or (b) MPPE packets. | 2014-12-05 | 7.8 | CVE-2014-7256 JVNDB JVN |
| invisionpower — invision_power_board | SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter. | 2014-12-03 | 7.5 | CVE-2014-9239 FULLDISC |
| lsyncd_project — lsyncd | default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. | 2014-12-05 | 7.5 | CVE-2014-8990 CONFIRM CONFIRM CONFIRM BID MLIST MLIST FEDORA FEDORA |
| manageengine — desktop_central | SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to LinkViewFetchServlet.dat. | 2014-12-05 | 7.5 | CVE-2014-3996 MISC MISC FULLDISC |
| manageengine — it360 | SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat. | 2014-12-05 | 7.5 | CVE-2014-3997 MISC MISC FULLDISC |
| mybb — mybb | SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register action. | 2014-12-03 | 7.5 | CVE-2014-9240 MISC |
| openvas — openvas_manager | SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. | 2014-12-02 | 7.5 | CVE-2014-9220 MLIST |
| ossec — ossec | host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed. | 2014-12-01 | 7.2 | CVE-2014-5284 EXPLOIT-DB MISC |
| pbboard — pbboard | SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email parameter in the register page to index.php. NOTE: the email parameter in the forget page vector is already covered by CVE-2012-4034.2. | 2014-12-05 | 7.5 | CVE-2014-9215 MISC BUGTRAQ MISC |
| proticaret — proticaret | SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request. | 2014-12-03 | 7.5 | CVE-2014-9237 FULLDISC MISC |
| services_project — services | The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password. | 2014-12-01 | 7.5 | CVE-2014-9151 |
| services_project — services | The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess the password via a brute force attack. | 2014-12-01 | 7.5 | CVE-2014-9152 |
| smartypantsplugins — sp_project_&_document_manager | Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) vendor_email[] parameter in the email_vendor function or id parameter in the (2) download_project, (3) download_archive, or (4) remove_cat function. | 2014-12-02 | 7.5 | CVE-2014-9178 XF BUGTRAQ MISC EXPLOIT-DB MISC |
| subex — roc_fraud_management_system | SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ranger_user[name] parameter. | 2014-12-02 | 7.5 | CVE-2014-8728 EXPLOIT-DB |
| technicolor — td5130_router_firmware | Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter). | 2014-12-05 | 7.5 | CVE-2014-9144 BUGTRAQ EXPLOIT-DB MISC |
| thomsonreuters — fixed_assets_cs | The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program. | 2014-12-02 | 7.2 | CVE-2014-9141 MISC |
| websitebaker — websitebaker | SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | 2014-12-03 | 7.5 | CVE-2014-9242 FULLDISC MISC |
| wpdatatables — wpdatatables | SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a get_wdtable action to wp-admin/admin-ajax.php. | 2014-12-02 | 7.5 | CVE-2014-9175 XF BID MISC EXPLOIT-DB MISC |
| zohocorp — manageengine_opmanager | Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter. | 2014-12-04 | 7.5 | CVE-2014-6035 MISC FULLDISC |
| zohocorp — manageengine_it360 | SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeName parameter. | 2014-12-04 | 7.5 | CVE-2014-7867 |
| zohocorp — manageengine_it360 | Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet. | 2014-12-04 | 7.5 | CVE-2014-7868 MISC FULLDISC |
| zte — zxdsl | ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges. | 2014-12-02 | 10.0 | CVE-2014-9183 MISC |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| ad-manager_project — ad-manager | Open redirect vulnerability in track-click.php in the Ad-Manager plugin 1.1.2 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the out parameter. | 2014-12-02 | 4.3 | CVE-2014-8754 XF MISC FULLDISC MISC |
| adobe — acrobat | Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568. | 2014-11-29 | 6.4 | CVE-2014-9150 MISC |
| ait-pro — bulletproof_security | Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter. | 2014-12-01 | 5.0 | CVE-2014-8749 FULLDISC |
| altitude — altitude_unified_customer_interaction | Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent in Altitude uCI (Unified Customer Interaction) 7.5 allow remote attackers to inject arbitrary web script or HTML via (1) an email hyperlink or the (2) style parameter in the image attribute section. | 2014-12-05 | 4.3 | CVE-2014-9212 MISC |
| anchorcms — anchor_cms | models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header. | 2014-12-02 | 4.3 | CVE-2014-9182 MISC |
| antiword_project — antiword | Buffer overflow in the bGetPPS function in wordole.c in Antiword 0.37 allows remote attackers to cause a denial of service (crash) via a crafted document. | 2014-12-05 | 5.0 | CVE-2014-8123 BID MLIST MLIST |
| apache — hadoop | The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache. | 2014-12-05 | 5.0 | CVE-2014-3627 SECUNIA SECUNIA |
| avatar_uploader_project — avatar_uploader | Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (dot dot) in the path of a cropped picture in the uploader panel. | 2014-12-01 | 4.0 | CVE-2014-9155 |
| clamav — clamav | Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.95.4 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file. | 2014-12-01 | 5.0 | CVE-2014-9050 CONFIRM BID MLIST SECUNIA SECUNIA FEDORA |
| creative_minds — cm_download_manager | Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_title parameter in the CMDM_admin_settings page to wp-admin/admin.php. | 2014-12-05 | 6.8 | CVE-2014-9129 BID BUGTRAQ MISC |
| d-link — dcs-2103_hd_cube_network_camera_firmware | Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | 2014-12-03 | 5.0 | CVE-2014-9234 FULLDISC MISC |
| d-link — dcs-2103_hd_cube_network_camera_firmware | D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character. | 2014-12-03 | 5.0 | CVE-2014-9238 FULLDISC MISC |
| eleanor-cms — eleanor_cms | Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERY_STRING. | 2014-12-02 | 5.0 | CVE-2014-9180 MISC |
| emc — rsa_adaptive_authentication_on-premise | RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication. | 2014-12-08 | 5.0 | CVE-2014-4631 XF SECTRACK BID BUGTRAQ |
| f5 — big-ip | Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Security Manager (ASM) in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation. | 2014-12-08 | 4.3 | CVE-2014-9342 BUGTRAQ |
| fasttoggle_project — fasttoggle | The Fasttoggle module 7.x-1.3 and 7.x-1.4 for Drupal allows remote attackers to block or unblock an account via a crafted user status link. | 2014-12-01 | 5.8 | CVE-2014-5268 |
| filefield_project — filefield | The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file. | 2014-12-01 | 4.0 | CVE-2014-9156 |
| fujitsu — arrows_tab_lte_f-01d | Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets 102SH allow local users to execute arbitrary code or read kernel memory via unknown vectors related to userland data and “improper data validation.” | 2014-12-05 | 4.6 | CVE-2014-7252 JVNDB JVN MISC MISC |
| fujitsu — arrows_me_f-11d | Unspecified vulnerability in ARROWS Me F-11D allows physically proximate attackers to read or modify flash memory via unknown vectors. | 2014-12-05 | 4.6 | CVE-2014-7254 JVNDB JVN MISC |
| gleamtech — filevista | GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message. | 2014-12-02 | 4.0 | CVE-2014-8788 CONFIRM FULLDISC MISC |
| gleamtech — filevista | GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled during extraction. | 2014-12-02 | 6.5 | CVE-2014-8789 CONFIRM FULLDISC MISC |
| gnu — glibc | iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of “0xffff” to the iconv function when converting IBM930 encoded data to UTF-8. | 2014-12-05 | 5.0 | CVE-2012-6656 CONFIRM CONFIRM BID MLIST MLIST MANDRIVA |
| gnu — glibc | GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of “0xffff” to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8. | 2014-12-05 | 5.0 | CVE-2014-6040 CONFIRM CONFIRM BID MLIST MLIST MANDRIVA |
| gnu — cpio | Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. | 2014-12-02 | 5.0 | CVE-2014-9112 MISC MLIST MLIST MLIST SECUNIA FULLDISC |
| ibm — java | Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache. | 2014-12-01 | 6.9 | CVE-2014-3065 CONFIRM BID REDHAT REDHAT REDHAT REDHAT REDHAT |
| ibm — java | IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack. | 2014-12-01 | 6.4 | CVE-2014-3068 CONFIRM XF |
| icecast — icecast | Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors. | 2014-12-03 | 5.0 | CVE-2014-9018 CONFIRM CONFIRM XF BID MLIST MLIST MANDRIVA CONFIRM |
| infoware — mapsuite | Absolute path traversal vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to read arbitrary files via unspecified vectors. | 2014-12-01 | 5.0 | CVE-2014-2232 MISC |
| infoware — mapsuite | Server-side request forgery (SSRF) vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via unspecified vectors. | 2014-12-01 | 5.0 | CVE-2014-2233 MISC |
| instasqueeze — sexy_squeeze_pages | Cross-site scripting (XSS) vulnerability in the InstaSqueeze Sexy Squeeze Pages plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php. | 2014-12-02 | 4.3 | CVE-2014-9176 XF MISC MISC |
| internet_initiative_japan — seil_b1_firmware | Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 through 4.62, SEIL/X2 2.50 through 4.62, SEIL/B1 2.50 through 4.62, and SEIL/x86 Fuji 1.70 through 3.22 allow remote attackers to cause a denial of service (CPU and traffic consumption) via a large number of NTP requests within a short time, which causes unnecessary NTP responses to be sent. | 2014-12-05 | 5.0 | CVE-2014-7255 JVNDB JVN |
| kde — kde-runtime | Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message. | 2014-12-08 | 4.3 | CVE-2014-8600 MISC BID FULLDISC |
| kennziffer — ke_questionnaire | The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request. | 2014-12-02 | 5.0 | CVE-2014-8874 MISC BUGTRAQ FULLDISC |
| kent-web — clip_board | Cross-site scripting (XSS) vulnerability in KENT-WEB Clip Board 2.91 and earlier, when running certain versions of Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-12-05 | 4.3 | CVE-2014-7258 CONFIRM JVNDB JVN |
| lg_electronics — l-03e | LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors. | 2014-12-05 | 5.0 | CVE-2014-7243 JVNDB JVN MISC |
| libksba_project — libskba | Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow. | 2014-12-01 | 5.0 | CVE-2014-9087 MISC SECUNIA SECUNIA SECUNIA MLIST |
| linux — linux_kernel | Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service (L1 guest OS crash) via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842. | 2014-11-29 | 4.9 | CVE-2010-5313 CONFIRM |
| linux — linux_kernel | The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association’s output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c. | 2014-11-29 | 5.0 | CVE-2014-3688 CONFIRM CONFIRM UBUNTU UBUNTU MLIST CONFIRM DEBIAN CONFIRM |
| linux — linux_kernel | The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk. | 2014-11-29 | 5.0 | CVE-2014-7841 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313. | 2014-11-29 | 4.9 | CVE-2014-7842 MLIST |
| linux — linux_kernel | The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary. | 2014-11-29 | 4.9 | CVE-2014-7843 MLIST |
| linux — linux_kernel | Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call. | 2014-11-29 | 6.1 | CVE-2014-8884 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a “negative groups” issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c. | 2014-11-29 | 4.6 | CVE-2014-8989 MLIST CONFIRM |
| linux — linux_kernel | The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite. | 2014-11-29 | 4.9 | CVE-2014-9090 MLIST |
| modx — modx_revolution | MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter. | 2014-12-03 | 6.8 | CVE-2014-8773 MISC CONFIRM |
| modx — modx_revolution | Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x before 2.2.15 allows remote attackers to inject arbitrary web script or HTML via the context_key parameter. | 2014-12-03 | 4.3 | CVE-2014-8774 MISC CONFIRM |
| modx — modx_revolution | MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 2014-12-03 | 5.0 | CVE-2014-8775 MISC CONFIRM |
| mutt — mutt | The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function. | 2014-12-02 | 5.0 | CVE-2014-9116 CONFIRM CONFIRM SECTRACK BID MLIST MLIST CONFIRM |
| mybb — mybb | Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to report.php, (2) signature parameter in a do_editsig action to usercp.php, or (3) title parameter in the style-templates module in an edit_template action or (4) file parameter in the config-languages module in an edit action to admin/index.php. | 2014-12-03 | 4.3 | CVE-2014-9241 MISC |
| nextendweb — nextend_facebook_connect | Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fb_login_button parameter in a newfb_update_options action. | 2014-12-05 | 4.3 | CVE-2014-8800 EXPLOIT-DB MISC OSVDB |
| notify_project — notify | The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email. | 2014-12-01 | 4.0 | CVE-2014-9154 |
| open-xchange — open-xchange_appsuite | Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview. | 2014-12-01 | 4.3 | CVE-2014-5237 BUGTRAQ CONFIRM MISC |
| openvpn — openvpn | OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. | 2014-12-03 | 6.8 | CVE-2014-8104 CONFIRM UBUNTU |
| phpmyadmin — phpmyadmin | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is improperly handled during rendering of the table browse page; a crafted ENUM value that is improperly handled during rendering of the (4) table print view or (5) zoom search page; or (6) a crafted pma_fontsize cookie that is improperly handled during rendering of the home page. | 2014-11-30 | 4.3 | CVE-2014-8958 |
| phpmyadmin — phpmyadmin | Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter. | 2014-11-30 | 6.5 | CVE-2014-8959 CONFIRM |
| phpmyadmin — phpmyadmin | Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file’s line count via a crafted parameter. | 2014-11-30 | 4.0 | CVE-2014-8961 |
| phpmyadmin — phpmyadmin | libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password. | 2014-12-08 | 5.0 | CVE-2014-9218 CONFIRM CONFIRM CONFIRM XF CONFIRM |
| phpmyadmin — phpmyadmin | Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 2014-12-08 | 4.3 | CVE-2014-9219 CONFIRM XF |
| plex — plex_media_server | Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to resources/. | 2014-12-02 | 5.0 | CVE-2014-9181 MISC BUGTRAQ |
| redhat — packstack | OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic plug-in is not used, does not properly set the libvirt_vif_driver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass intended access restrictions. | 2014-12-01 | 5.0 | CVE-2014-3703 |
| redhat — tcpdump | Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet. | 2014-12-05 | 5.0 | CVE-2014-9140 CONFIRM MLIST |
| services_project — services | Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter in a JSONP response. | 2014-12-01 | 4.3 | CVE-2014-9153 |
| springshare — libcal | Multiple cross-site scripting (XSS) vulnerabilities in api_events.php in Springshare LibCal 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) m or (2) cid parameter. | 2014-12-01 | 4.3 | CVE-2014-7291 XF MISC FULLDISC |
| square_enix_co_ltd — kaku_san_sei_million_aruthur | SQUARE ENIX Co., Ltd. Kaku-San-Sei Million Arthur before 2.25 for Android stores “product credentials” on the SD card, which allows attackers to gain privileges via a crafted application. | 2014-12-05 | 5.0 | CVE-2014-7259 JVNDB JVN |
| sunhater — kcfinder | Cross-site scripting (XSS) vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) file or (2) directory (folder) name of an uploaded file. | 2014-12-02 | 4.3 | CVE-2014-3988 CONFIRM |
| supportezzy_ticket_system_project — supportezzy_ticket_system | Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket System plugin 1.2.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the “URL (optional)” field in a new ticket. | 2014-12-02 | 4.0 | CVE-2014-9179 MISC |
| svnlabs — html5_mp3_player_with_playlist_free | The HTML5 MP3 Player with Playlist Free plugin before 2.7 for WordPress allows remote attackers to obtain the installation path via a request to html5plus/playlist.php. | 2014-12-02 | 5.0 | CVE-2014-9177 XF MISC MISC |
| technicolor — td5130_router_firmware | Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter. | 2014-12-05 | 4.3 | CVE-2014-9142 BUGTRAQ EXPLOIT-DB MISC |
| technicolor — td5130_router_firmware | Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer parameter. | 2014-12-05 | 4.3 | CVE-2014-9143 BUGTRAQ EXPLOIT-DB MISC |
| torch_gmbh — graylog2 | Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards. | 2014-12-08 | 5.0 | CVE-2014-9217 |
| tuleap — tuleap | project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter. | 2014-12-01 | 6.0 | CVE-2014-8791 BID BUGTRAQ FULLDISC MISC MISC |
| undertow_project — undertow | Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI. | 2014-12-01 | 5.0 | CVE-2014-7816 BID MLIST |
| vmware — vcenter_server_appliance | Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-12-08 | 4.3 | CVE-2014-3797 BUGTRAQ FULLDISC |
| vmware — vcenter_server_appliance | VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate. | 2014-12-08 | 4.3 | CVE-2014-8371 BUGTRAQ FULLDISC |
| websitebaker — websitebaker | Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to wb/admin/admintools/tool.php or (2) section_id parameter to edit_module_files.php, (3) news/add_post.php, (4) news/modify_group.php, (5) news/modify_post.php, or (6) news/modify_settings.php in wb/modules/. | 2014-12-03 | 4.3 | CVE-2014-9243 FULLDISC MISC |
| x3cms — x3_cms | Multiple cross-site request forgery (CSRF) vulnerabilities in the admin area in X3 CMS 0.5.1 and 0.5.1.1 allow remote attackers to hijack the authentication of administrators via unspecified vectors. | 2014-12-03 | 6.8 | CVE-2014-8771 MISC |
| xen — xen | The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode. | 2014-12-01 | 4.9 | CVE-2014-8866 BID SECUNIA |
| xen — xen | The acceleration support for the “REP MOVS” instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors. | 2014-12-01 | 4.9 | CVE-2014-8867 BID SECUNIA |
| yoast — google_analytics | Cross-site scripting (XSS) vulnerability in the Google Analytics by Yoast (google-analytics-for-wordpress) plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the “Manually enter your UA code” (manual_ua_code_field) field in the General Settings. | 2014-12-02 | 4.3 | CVE-2014-9174 MISC CONFIRM BID |
| zohocorp — manageengine_it360 | Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet. | 2014-12-04 | 5.0 | CVE-2014-5445 CONFIRM MISC MISC XF BID BUGTRAQ BUGTRAQ FULLDISC |
| zohocorp — manageengine_it360 | Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter. | 2014-12-04 | 5.0 | CVE-2014-5446 MISC XF BID BUGTRAQ BUGTRAQ FULLDISC MISC |
| zohocorp — manageengine_it360 | Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter. | 2014-12-04 | 5.0 | CVE-2014-6034 MISC FULLDISC |
| zohocorp — manageengine_it360 | Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the fileName parameter. | 2014-12-04 | 6.4 | CVE-2014-6036 MISC FULLDISC |
| zoph — zoph | Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/. | 2014-12-03 | 6.5 | CVE-2014-9235 FULLDISC MISC |
| zoph — zoph | Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) photographer_id or (2) _crumb parameter. | 2014-12-03 | 4.3 | CVE-2014-9236 FULLDISC MISC |
| zte — zxdsl | ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi. | 2014-12-02 | 5.0 | CVE-2014-9184 MISC |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| clamav — clamav | clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file. | 2014-12-01 | 2.1 | CVE-2013-6497 CONFIRM XF UBUNTU BID MLIST MLIST MANDRIVA SECUNIA SECUNIA FEDORA FEDORA |
| fedup_project — fedup | fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a static name for its download cache, which allows local users to cause a denial of service (prevention of system updates). | 2014-12-01 | 2.1 | CVE-2013-6494 BID FEDORA |
| nagios — nagios | The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702. | 2014-12-05 | 2.1 | CVE-2014-4701 SUSE MLIST EXPLOIT-DB SECUNIA SECUNIA FULLDISC MISC |
| nagios — nagios | The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701. | 2014-12-05 | 2.1 | CVE-2014-4702 SUSE MLIST SECUNIA SECUNIA |
| nagios — nagios | lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701. | 2014-12-05 | 2.1 | CVE-2014-4703 MLIST FULLDISC |
| phpmyadmin — phpmyadmin | Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. | 2014-11-30 | 3.5 | CVE-2014-8960 CONFIRM |
| redhat — enterprise_virtualization | The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes. | 2014-12-05 | 2.1 | CVE-2014-3561 XF SECTRACK |
| x3cms — x3_cms | Cross-site scripting (XSS) vulnerability in the search_controller in X3 CMS 0.5.1 and 0.5.1.1 allows remote authenticated users to inject arbitrary web script or HTML via the search parameter. | 2014-12-03 | 3.5 | CVE-2014-8772 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: December 05, 2014
VMware has released a security advisory to address multiple vulnerabilities in vCenter Server, vCenter Server Appliance, and ESXi. Exploitation of these vulnerabilities may allow a remote attacker to perform man-in-the-middle or cross-site scripting attacks.
US-CERT encourages users and administrators to review VMware Security Advisory VSMA-2014-0012 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: December 04, 2014 | Last revised: December 05, 2014
Apple has released security updates for Safari to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial of service or execute arbitrary code on an affected system.
Updates include:
US-CERT encourages users and administrators to review Apple security update HT6596 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: December 04, 2014
IBM has released Tivoli Endpoint Manager Mobile Device Management (MDM) version 9.0.60100 to address a vulnerability which may allow a remote attacker to gain control of an affected system.
Users and administrators are encouraged to review the IBM Security Bulletin and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: December 01, 2014
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe — air | Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors. | 2014-11-25 | 7.5 | CVE-2014-8439 |
| apptha — contus_video_gallery | Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow (1) remote attackers to execute arbitrary SQL commands via the vid parameter in a myextract action to wp-admin/admin-ajax.php or (2) remote authenticated users to execute arbitrary SQL commands via the playlistId parameter in the newplaylist page or (3) videoId parameter in a newvideo page to wp-admin/admin.php. | 2014-11-26 | 7.5 | CVE-2014-9097 BID MISC |
| arris — vap2500_firmware | Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors. | 2014-11-28 | 10.0 | CVE-2014-8423 MISC |
| arris — vap2500_firmware | ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication. | 2014-11-28 | 7.8 | CVE-2014-8424 MISC |
| arris — vap2500_firmware | The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files. | 2014-11-28 | 7.8 | CVE-2014-8425 MISC |
| arubanetworks — clearpass_policy_manager | SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2014-11-25 | 7.5 | CVE-2014-8367 XF SECUNIA |
| arubanetworks — airwave | The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors. | 2014-11-25 | 9.0 | CVE-2014-8368 XF SECUNIA |
| cisco — openh264 | Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. | 2014-11-25 | 7.5 | CVE-2014-8001 |
| cisco — openh264 | Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. | 2014-11-25 | 7.5 | CVE-2014-8002 |
| cononical — ubuntu | mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors. | 2014-11-25 | 7.2 | CVE-2014-1421 |
| cybozu — dezie | Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages. | 2014-11-23 | 9.0 | CVE-2014-5314 JVNDB JVN |
| dell — sonicwall_analyzer | The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors. | 2014-11-25 | 9.0 | CVE-2014-8420 MISC |
| digium — asterisk | The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules. | 2014-11-24 | 7.5 | CVE-2014-8413 |
| digium — asterisk | The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol. | 2014-11-24 | 9.0 | CVE-2014-8418 |
| documentfoundation — libreoffice | LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file. | 2014-11-26 | 7.5 | CVE-2014-9093 CONFIRM MLIST MLIST |
| enalean — tuleap | Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function. | 2014-11-28 | 9.3 | CVE-2014-7178 MISC FULLDISC |
| flac — libflac | Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. | 2014-11-26 | 7.5 | CVE-2014-8962 MISC CONFIRM BUGTRAQ MISC |
| flac — libflac | Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. | 2014-11-26 | 7.5 | CVE-2014-9028 MISC CONFIRM BUGTRAQ MISC |
| gogits — gogs | SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues. | 2014-11-21 | 7.5 | CVE-2014-8681 CONFIRM XF EXPLOIT-DB FULLDISC MISC CONFIRM |
| gogits — gogs | Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go. | 2014-11-21 | 7.5 | CVE-2014-8682 CONFIRM XF BID BUGTRAQ EXPLOIT-DB FULLDISC MISC CONFIRM |
| justsystems — ichitaro | Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen; and Ichitaro 2014 Tetsu allows remote attackers to execute arbitrary code via a crafted file. | 2014-11-25 | 10.0 | CVE-2014-7247 JVNDB JVN |
| manageengine — oputils | The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to “disclose” files via a crafted filename, related to “saveFile.” | 2014-11-25 | 7.8 | CVE-2014-8678 MISC |
| mantisbt — mantisbt | Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php. | 2014-11-28 | 7.5 | CVE-2014-9089 MLIST MLIST |
| moodle — moodle | The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack. | 2014-11-24 | 7.5 | CVE-2014-7845 MLIST |
| php — php | Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding. | 2014-11-22 | 7.5 | CVE-2014-8626 CONFIRM CONFIRM CONFIRM MLIST CONFIRM |
| pligg — pligg_cms | Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter. | 2014-11-26 | 7.5 | CVE-2014-9096 CONFIRM CONFIRM BID FULLDISC MISC |
| raritan — power_iq | Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records. | 2014-11-26 | 7.5 | CVE-2014-9095 SECUNIA FULLDISC MISC |
| siemens — simatic_pcs7 | The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets. | 2014-11-26 | 10.0 | CVE-2014-8551 |
| wibu — codemeter_runtime | Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file. | 2014-11-26 | 7.2 | CVE-2014-8419 BUGTRAQ MISC |
| xen — xen | The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE. | 2014-11-24 | 7.1 | CVE-2014-9030 XF BID |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cisco — adaptive_security_appliance_software | The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888. | 2014-11-27 | 5.0 | CVE-2014-3407 |
| cisco — ios_xr | Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378. | 2014-11-25 | 5.0 | CVE-2014-8004 |
| cisco — ios_xr | Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239. | 2014-11-25 | 5.0 | CVE-2014-8005 |
| digitalzoomstudio — video_gallery | Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter. | 2014-11-26 | 4.3 | CVE-2014-9094 MISC FULLDISC |
| digium — asterisk | The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package. | 2014-11-26 | 4.0 | CVE-2014-6609 |
| digium — asterisk | Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application. | 2014-11-26 | 4.0 | CVE-2014-6610 |
| digium — asterisk | The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry. | 2014-11-24 | 5.0 | CVE-2014-8412 |
| digium — asterisk | ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media. | 2014-11-24 | 5.0 | CVE-2014-8414 CONFIRM |
| digium — asterisk | Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing. | 2014-11-24 | 5.0 | CVE-2014-8415 |
| digium — asterisk | Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up. | 2014-11-24 | 5.0 | CVE-2014-8416 |
| digium — asterisk | ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action. | 2014-11-24 | 6.5 | CVE-2014-8417 |
| directwebremoting — direct_web_remoting | The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2014-11-23 | 5.0 | CVE-2014-5325 JVNDB JVN |
| directwebremoting — direct_web_remoting | Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-11-23 | 4.3 | CVE-2014-5326 JVNDB JVN |
| drupal — drupal | Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions. | 2014-11-24 | 6.8 | CVE-2014-9015 MLIST MLIST DEBIAN SECUNIA |
| drupal — drupal | The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request. | 2014-11-24 | 5.0 | CVE-2014-9016 MLIST MLIST MLIST DEBIAN SECUNIA |
| dukapress_project — dukapress | Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php. | 2014-11-28 | 5.0 | CVE-2014-8799 XF EXPLOIT-DB MISC |
| gnu — glibc | The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing “$((`…`))”. | 2014-11-24 | 4.3 | CVE-2014-7817 CONFIRM CONFIRM XF BID MLIST |
| gogits — gogs | Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown. | 2014-11-21 | 4.3 | CVE-2014-8683 XF BUGTRAQ FULLDISC MISC CONFIRM |
| huawei — e3236_firmware | Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors. | 2014-11-21 | 6.8 | CVE-2014-5395 BID |
| ibm — sterling_selling_and_fulfillment_foundation | Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a ” character. | 2014-11-22 | 4.0 | CVE-2014-4807 XF |
| ibm — qradar_risk_manager | Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 2014-11-27 | 6.8 | CVE-2014-4829 XF |
| ibm — qradar_risk_manager | IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors. | 2014-11-27 | 5.8 | CVE-2014-4831 XF |
| ibm — qradar_risk_manager | IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. | 2014-11-27 | 4.3 | CVE-2014-4832 XF |
| ibm — qradar_risk_manager | IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, place credentials in URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | 2014-11-27 | 5.0 | CVE-2014-6075 XF |
| ibm — security_network_protection_xgs_5000 | IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors. | 2014-11-22 | 4.0 | CVE-2014-6183 CONFIRM |
| ibm — web_experience_factory | Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere Portal configuration, leading to improper construction of a response page by an application. | 2014-11-25 | 4.3 | CVE-2014-6196 XF AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
| iwip_project — iwip | resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets. | 2014-11-27 | 5.0 | CVE-2014-4883 CERT-VN |
| jexperts — channel_platform | JExperts Channel Platform 5.0.33_CCB allows remote authenticated users to bypass access restrictions via crafted action and key parameters. | 2014-11-25 | 6.5 | CVE-2014-8558 FULLDISC MISC |
| jqueryui — jquery_ui | Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. | 2014-11-24 | 4.3 | CVE-2010-5312 XF MLIST MLIST |
| jqueryui — jquery_ui | Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo. | 2014-11-24 | 4.3 | CVE-2012-6662 XF MLIST MLIST |
| kunena — kunena | Multiple SQL injection vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote authenticated users to execute arbitrary SQL commands via the index value in an array parameter, as demonstrated by the topics[] parameter in an unfavorite action to index.php. | 2014-11-26 | 6.5 | CVE-2014-9102 BID MISC |
| kunena — kunena | Multiple cross-site scripting (XSS) vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) index value of an array parameter or the filename parameter in the Content-Disposition header to the (2) file or (3) profile image upload functionality. | 2014-11-26 | 4.3 | CVE-2014-9103 BID MISC |
| mantisbt — mantisbt | MantisBT before 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a request to the download URL. | 2014-11-24 | 4.0 | CVE-2014-8988 XF BID MLIST CONFIRM MLIST |
| matrikonopc — dnp3_opc_server | MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote attackers to cause a denial of service (unhandled exception and DNP3 process crash) via a crafted message. | 2014-11-27 | 5.0 | CVE-2014-5426 MISC |
| moodle — moodle | lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role to access the get_grades web service. | 2014-11-24 | 4.0 | CVE-2014-7831 MLIST CONFIRM |
| moodle — moodle | mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by viewing an activity instance. | 2014-11-24 | 4.0 | CVE-2014-7832 MLIST CONFIRM |
| moodle — moodle | mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by accessing the database after an edit by a teacher. | 2014-11-24 | 4.0 | CVE-2014-7833 MLIST CONFIRM |
| moodle — moodle | mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service. | 2014-11-24 | 4.0 | CVE-2014-7834 MLIST CONFIRM |
| moodle — moodle | Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a (1) mod/lti/request_tool.php or (2) mod/lti/instructor_edit_tool_type.php request. | 2014-11-24 | 6.8 | CVE-2014-7836 MLIST |
| moodle — moodle | mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to remove wiki pages by leveraging delete access within a different subwiki. | 2014-11-24 | 5.5 | CVE-2014-7837 MLIST |
| moodle — moodle | Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within (1) mod/forum/deprecatedlib.php, (2) mod/forum/forum.js, (3) mod/forum/index.php, or (4) mod/forum/lib.php. | 2014-11-24 | 6.8 | CVE-2014-7838 MLIST |
| moodle — moodle | tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access restrictions via an AJAX request. | 2014-11-24 | 4.0 | CVE-2014-7846 MLIST |
| moodle — moodle | iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote attackers to cause a denial of service (resource consumption) by triggering the calculation of an estimated latitude and longitude for an IP address. | 2014-11-24 | 5.0 | CVE-2014-7847 MLIST |
| moodle — moodle | lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. | 2014-11-24 | 5.0 | CVE-2014-7848 MLIST |
| moodle — moodle | lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts. | 2014-11-24 | 4.3 | CVE-2014-9059 MLIST |
| moodle — moodle | The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not properly restrict the parameters used in a return URL, which allows remote attackers to trigger the generation of arbitrary messages via a modified URL, related to mod/lti/locallib.php and mod/lti/return.php. | 2014-11-24 | 5.0 | CVE-2014-9060 CONFIRM MLIST |
| moxi9 — phpfox | Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header. | 2014-11-21 | 4.3 | CVE-2014-8469 XF BID EXPLOIT-DB FULLDISC MISC |
| open-xchange — open-xchange_appsuite | SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call. | 2014-11-21 | 6.5 | CVE-2014-7871 XF BID BUGTRAQ MISC |
| openstack — neutron | OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration. | 2014-11-24 | 4.0 | CVE-2014-7821 XF SECUNIA |
| openswan — openswan | Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466. | 2014-11-26 | 5.0 | CVE-2014-2037 BID MLIST MLIST |
| openvpn — openvpn_access_server | Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) disconnecting established VPN sessions, (2) connect to arbitrary VPN servers, or (3) create VPN profiles and execute arbitrary commands via crafted API requests. | 2014-11-26 | 6.8 | CVE-2014-9104 MISC MISC BUGTRAQ FULLDISC |
| oracle — database_server | Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, and CVE-2014-6547. NOTE: this issue was originally mapped to CVE-2014-4301, but CVE-2014-4301 is for an unrelated vulnerability. | 2014-11-23 | 6.8 | CVE-2014-6477 |
| paidmembershipspro — paid_memberships_pro | Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php. | 2014-11-28 | 5.0 | CVE-2014-8801 XF BID EXPLOIT-DB MISC MISC |
| polarssl — polarssl | PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors. | 2014-11-24 | 5.0 | CVE-2014-8627 SECUNIA SUSE |
| redhat — resteasy | DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors. | 2014-11-25 | 6.4 | CVE-2014-7839 SECUNIA |
| redhat — freeipa | Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation. | 2014-11-28 | 4.3 | CVE-2014-7850 |
| ruby-lang — ruby | The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080. | 2014-11-21 | 5.0 | CVE-2014-8090 |
| siemens — simatic_pcs7 | The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets. | 2014-11-26 | 5.0 | CVE-2014-8552 |
| simple_email_form_project — simple_email_form | Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the mod_simpleemailform_field2_1 parameter to index.php. | 2014-11-21 | 4.3 | CVE-2014-8539 MISC BID BUGTRAQ MISC |
| skalfa — oxwall | Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1.7.0 (build 7907 and 7906) and SkaDate Lite 2.0 (build 7651) allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks or possibly have other unspecified impact via the (1) label parameter to admin/users/roles/, (2) lang[1][base][questions_account_type_5615100a931845eca8da20cfdf7327e0] in an AddAccountType action or (3) qst_name parameter in an addQuestion action to admin/questions/ajax-responder/, or (4) form_name or (5) restrictedUsername parameter to admin/restricted-usernames. | 2014-11-26 | 6.8 | CVE-2014-9101 MISC MISC BID EXPLOIT-DB MISC MISC OSVDB OSVDB OSVDB OSVDB |
| squid-cache — squid | The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet. | 2014-11-26 | 6.4 | CVE-2014-7141 CONFIRM MLIST MLIST MLIST |
| squid-cache — squid | The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. | 2014-11-26 | 6.4 | CVE-2014-7142 CONFIRM MLIST MLIST MLIST |
| ubuntu — apparmor | apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a “miscompilation flaw.” | 2014-11-24 | 6.4 | CVE-2014-1424 |
| whydowork_adsense_project — whydowork_adsense | Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the whydowork_adsense page in wp-admin/options-general.php. | 2014-11-26 | 6.8 | CVE-2014-9099 BID MISC |
| whydowork_adsense_project — whydowork_adsense | Cross-site scripting (XSS) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the idcode parameter in the whydowork_adsense page to wp-admin/options-general.php. | 2014-11-26 | 4.3 | CVE-2014-9100 BID MISC |
| wireshark — wireshark | The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. | 2014-11-22 | 5.0 | CVE-2014-8710 CONFIRM CONFIRM |
| wireshark — wireshark | Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet. | 2014-11-22 | 5.0 | CVE-2014-8711 CONFIRM CONFIRM CONFIRM |
| wireshark — wireshark | The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2014-11-22 | 5.0 | CVE-2014-8712 CONFIRM CONFIRM |
| wireshark — wireshark | Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2014-11-22 | 5.0 | CVE-2014-8713 CONFIRM CONFIRM |
| wireshark — wireshark | The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | 2014-11-22 | 5.0 | CVE-2014-8714 CONFIRM CONFIRM CONFIRM |
| wordpress — wordpress | Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post. | 2014-11-25 | 4.3 | CVE-2014-9031 MLIST MISC |
| wordpress — wordpress | Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-11-25 | 4.3 | CVE-2014-9032 MLIST |
| wordpress — wordpress | Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that reset passwords. | 2014-11-25 | 6.8 | CVE-2014-9033 MLIST |
| wordpress — wordpress | wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016. | 2014-11-25 | 5.0 | CVE-2014-9034 MLIST |
| wordpress — wordpress | Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-11-25 | 4.3 | CVE-2014-9035 MLIST |
| wordpress — wordpress | Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post. | 2014-11-25 | 4.3 | CVE-2014-9036 MLIST |
| wordpress — wordpress | WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash. | 2014-11-25 | 6.8 | CVE-2014-9037 MLIST |
| wordpress — wordpress | wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource. | 2014-11-25 | 6.4 | CVE-2014-9038 MLIST |
| wordpress — wordpress | wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message. | 2014-11-25 | 4.3 | CVE-2014-9039 MLIST |
| xavoc — xepan_cms | Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the owner/users page. | 2014-11-28 | 6.8 | CVE-2014-8429 MISC BUGTRAQ |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apptha — contus_video_gallery | Multiple cross-site scripting (XSS) vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly before 2014-07-23, for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the videoadssearchQuery parameter to (1) videoads/videoads.php, (2) video/video.php, or (3) playlist/playlist.php. | 2014-11-26 | 3.5 | CVE-2014-9098 BID MISC |
| check_diskio_project — check_diskio | The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows local users to write to arbitrary files via a symlink attack on a temporary file with a predictable name (tmp/check_diskio_status-*-*). | 2014-11-28 | 3.6 | CVE-2014-8994 XF BID MLIST MLIST |
| ibm — websphere_portal | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2014-11-25 | 3.5 | CVE-2014-6093 XF |
| liferay — liferay_portal | Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parameter in the comment field in an uploaded file. | 2014-11-24 | 3.5 | CVE-2014-8349 FULLDISC MISC |
| mantisbt — mantisbt | Cross-site scripting (XSS) vulnerability in the selection list in the filters in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via a crafted config option, a different vulnerability than CVE-2014-8987. | 2014-11-24 | 3.5 | CVE-2014-8986 MLIST MLIST MLIST MLIST |
| moodle — moodle | Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse capability to provide a searchcourse parameter. | 2014-11-24 | 3.5 | CVE-2014-7830 MLIST CONFIRM |
| moodle — moodle | webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross-site scripting (XSS) attacks, by specifying the profile-picture area. | 2014-11-24 | 2.1 | CVE-2014-7835 CONFIRM MLIST CONFIRM |
| python — pip | pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user. | 2014-11-24 | 2.1 | CVE-2014-8991 CONFIRM CONFIRM BID MLIST MLIST |
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: November 24, 2014
Docker has released a critical security advisory to address vulnerabilities in Docker versions prior to version 1.3.2, one of which could allow an attacker to escalate privileges and execute remote code on an affected system. Â
US-CERT encourages users and administrators to review Docker’s Security Advisory and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: November 24, 2014
US-CERT reminds users to remain vigilant when browsing online this holiday season. E-cards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments. Spoofed e-mail messages and fraudulent posts on social networking sites may request support for phony causes.
To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, US-CERT encourages users to take the following action:
If you believe you are a victim of a Holiday Phishing scam or Malware campaign, consider the following actions:
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: November 24, 2014
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| advantech — eki-6340 | cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi. | 2014-11-20 | 9.0 | CVE-2014-8387 BID BUGTRAQ MISC FULLDISC |
| advantech — advantech_webaccess | Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document. | 2014-11-20 | 7.2 | CVE-2014-8388 MISC |
| apache — mod_auth_mellon | The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data. | 2014-11-14 | 9.4 | CVE-2014-8567 MLIST CONFIRM SECUNIA CONFIRM |
| apple — iphone_os | Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses. | 2014-11-18 | 7.2 | CVE-2014-4451 |
| apple — iphone_os | The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled. | 2014-11-18 | 7.5 | CVE-2014-4457 |
| apple — apple_tv | The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application. | 2014-11-18 | 9.3 | CVE-2014-4461 |
| arubanetworks — clearpass | Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-6627. | 2014-11-19 | 10.0 | CVE-2014-5342 SECUNIA |
| arubanetworks — clearpass | The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors. | 2014-11-19 | 9.0 | CVE-2014-6625 SECUNIA |
| arubanetworks — clearpass | Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors. | 2014-11-19 | 10.0 | CVE-2014-6626 SECUNIA |
| arubanetworks — clearpass | Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342. | 2014-11-19 | 9.0 | CVE-2014-6627 SECUNIA |
| checkpoint — security_gateway | Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS request. | 2014-11-16 | 7.1 | CVE-2014-8950 CONFIRM SECUNIA |
| checkpoint — security_gateway | Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) Anti-Bot, or (6) Anti-Virus blade is used, allows remote attackers to cause a denial of service (fwk0 process crash, core dump, and restart) via a redirect to the UserCheck page. | 2014-11-16 | 7.1 | CVE-2014-8951 SECUNIA |
| checkpoint — security_gateway | Multiple unspecified vulnerabilities in Check Point Security Gateway R75.40VS, R75.45, R75.46, R75.47, R76, R77, and R77.10, when the (1) IPS blade, (2) IPsec Remote Access, (3) Mobile Access / SSL VPN blade, (4) SSL Network Extender, (5) Identify Awareness blade, (6) HTTPS Inspection, (7) UserCheck, or (8) Data Leak Prevention blade module is enabled, allow remote attackers to cause a denial of service (“stability issue”) via an unspecified “traffic condition.” | 2014-11-16 | 7.1 | CVE-2014-8952 SECUNIA |
| cisco — ios | Cisco IOS on Aironet access points, when “dot11 aaa authenticator” debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509. | 2014-11-14 | 7.1 | CVE-2014-7998 |
| digitalvidhya — digi_online_examination_system | Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/uploads/images/. | 2014-11-20 | 7.5 | CVE-2014-8997 XF EXPLOIT-DB MISC |
| faronics — deep_freeze | The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, related to the IofCallDriver function. | 2014-11-20 | 7.2 | CVE-2014-2382 MISC FULLDISC MISC |
| freerdp_project — freerdp | Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated. | 2014-11-16 | 7.5 | CVE-2014-0250 CONFIRM BID MLIST SUSE |
| google — chrome | Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. | 2014-11-19 | 7.5 | CVE-2014-7900 CONFIRM CONFIRM |
| google — chrome | Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long segment in a JPEG image. | 2014-11-19 | 7.5 | CVE-2014-7901 CONFIRM CONFIRM |
| google — chrome | Use-after-free vulnerability in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. | 2014-11-19 | 7.5 | CVE-2014-7902 CONFIRM |
| google — chrome | Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG image. | 2014-11-19 | 7.5 | CVE-2014-7903 CONFIRM CONFIRM |
| google — chrome | Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2014-11-19 | 7.5 | CVE-2014-7904 CONFIRM |
| google — chrome | Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of the object’s lifetime. | 2014-11-19 | 7.5 | CVE-2014-7906 CONFIRM CONFIRM |
| google — chrome | Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger improper handling of a detached frame, related to the (1) lock and (2) unlock methods. | 2014-11-19 | 7.5 | CVE-2014-7907 CONFIRM CONFIRM |
| google — chrome | Multiple integer overflows in the CheckMov function in media/base/container_names.cc in Google Chrome before 39.0.2171.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a large atom in (1) MPEG-4 or (2) QuickTime .mov data. | 2014-11-19 | 7.5 | CVE-2014-7908 CONFIRM CONFIRM |
| google — chrome | Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 2014-11-19 | 7.5 | CVE-2014-7910 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| lantronix — xprintserver | Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action. | 2014-11-20 | 10.0 | CVE-2014-9002 XF FULLDISC MISC MISC |
| mantisbt — mantisbt | The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier. | 2014-11-18 | 7.5 | CVE-2014-7146 XF BID CONFIRM MLIST |
| microsoft — windows_7 | The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka “Kerberos Checksum Vulnerability.” | 2014-11-18 | 9.0 | CVE-2014-6324 CONFIRM |
| netbsd — netbsd | The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. | 2014-11-17 | 7.5 | CVE-2014-8517 SECUNIA SECUNIA MLIST MLIST SUSE |
| php-fusion — php-fusion | Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php. | 2014-11-17 | 7.5 | CVE-2014-8596 MISC XF BID EXPLOIT-DB MISC OSVDB |
| protected_pages_project — protected_pages | The Protected Pages module 7.x-2.x before 7.x-2.4 for Drupal allows remote attackers to bypass the password protection via a crafted path. | 2014-11-20 | 7.5 | CVE-2014-9024 |
| samba — ppp | Integer overflow in the getword function in options.c in pppd in Paul’s PPP Package (ppp) before 2.4.7 allows attackers to “access privileged options” via a long word in an options file, which triggers a heap-based buffer overflow that “[corrupts] security-relevant variables.” | 2014-11-15 | 7.5 | CVE-2014-3158 CONFIRM MLIST FEDORA |
| sap — governance_risk_and_compliance | Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request. | 2014-11-18 | 9.0 | CVE-2013-3678 MISC XF BID BUGTRAQ MISC FULLDISC MISC |
| vld_interactive — vldpersonals | Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search action to index.php. | 2014-11-20 | 7.5 | CVE-2014-9005 XF EXPLOIT-DB |
| webfs — webfs | The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file. | 2014-11-16 | 7.2 | CVE-2013-0347 XF BID MLIST MLIST MLIST OSVDB |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — cordova | Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL. | 2014-11-15 | 6.4 | CVE-2014-3500 BID |
| apache — cordova | Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView. | 2014-11-15 | 4.3 | CVE-2014-3501 BID |
| apache — cordova | Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent. | 2014-11-15 | 4.3 | CVE-2014-3502 BID |
| apache — qpid | XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message. | 2014-11-17 | 4.3 | CVE-2014-3629 XF BID BUGTRAQ SECUNIA MISC |
| apple — apple_tv | WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462. | 2014-11-18 | 5.4 | CVE-2014-4452 |
| apple — iphone_os | Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. | 2014-11-18 | 5.0 | CVE-2014-4453 |
| apple — mac_os_x | The “System Profiler About This Mac” component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors. | 2014-11-18 | 5.0 | CVE-2014-4458 |
| apple — mac_os_x | Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. | 2014-11-18 | 6.8 | CVE-2014-4459 |
| apple — apple_tv | WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452. | 2014-11-18 | 5.8 | CVE-2014-4462 |
| arubanetworks — clearpass | Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting and diagnostics page in production systems, which allows remote attackers to obtain version numbers, module configuration, and other sensitive information by reading the page. | 2014-11-19 | 5.0 | CVE-2014-6621 SECUNIA |
| arubanetworks — clearpass | Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to determine the validity of filenames via unspecified vectors. | 2014-11-19 | 5.0 | CVE-2014-6622 SECUNIA |
| arubanetworks — clearpass | The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to read arbitrary files via unspecified vectors. | 2014-11-19 | 6.8 | CVE-2014-6624 SECUNIA |
| atlas_systems — aeon | Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems Aeon 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) Action or (2) Form parameter to aeon.dll. | 2014-11-19 | 4.3 | CVE-2014-7290 XF MISC FULLDISC MISC |
| bestpractical — rt-extension-mobileui | The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and caches via unspecified vectors. | 2014-11-15 | 5.0 | CVE-2013-3737 OSVDB SECUNIA |
| cisco — ios | The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014. | 2014-11-17 | 5.0 | CVE-2014-7992 |
| cisco — unified_computing_system | Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477. | 2014-11-18 | 6.8 | CVE-2014-7996 |
| cisco — ios | The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281. | 2014-11-14 | 6.1 | CVE-2014-7997 |
| cisco — unified_communications_manager_im_and_presence_service | Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497. | 2014-11-20 | 5.0 | CVE-2014-8000 |
| codecanyon — phpsound | Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Description fields in a playlist or the (3) filter parameter in an explore action to index.php. | 2014-11-17 | 4.3 | CVE-2014-8954 EXPLOIT-DB MISC |
| commerceguys — commerce | The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via unspecified vectors. | 2014-11-20 | 5.0 | CVE-2014-9025 |
| docker — docker | Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. | 2014-11-17 | 5.0 | CVE-2014-5277 CONFIRM SUSE |
| dolibarr — dolibarr_erp/crm | Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet/tasks/contact.php; (4) lineid parameter in a deletecontact action, (5) ligne parameter in a swapstatut action, or (6) ref parameter to projet/contact.php; (7) id parameter to compta/bank/fiche.php, (8) contact/info.php, (9) holiday/index.php, (10) product/stock/fiche.php, (11) product/stock/info.php, or (12) in an edit action to product/stock/fiche.php; (13) productid parameter in an addline action to product/stock/massstockmove.php; (14) project_ref parameter to projet/tasks/note.php; (15) ref parameter to element.php, (16) ganttview.php, (17) note.php, or (18) tasks.php in projet/; (19) sall or (20) sref parameter to comm/mailing/liste.php; (21) search_bon, (22) search_ligne, (23) search_societ e, or (24) search_code parameter to compta/prelevement/liste.php; (25) search_label parameter to compta/sociales/index.php; (26) search_project parameter to projet/tasks/index.php; (27) search_societe parameter to compta/prelevement/demandes.php; (28) search_statut parameter to user/index.php; (29) socid parameter to compta/recap-compta.php, (30) societe/commerciaux.php, or (31) societe/rib.php; (32) sortorder, (33) sref, (34) sall, or (35) sortfield parameter to product/stock/liste.php; (36) statut parameter to adherents/liste.php or (37) compta/dons/liste.php; (38) tobuy or (39) tosell parameter to product/liste.php; (40) tobuy, (41) tosell, (42) search_categ, or (43) sref parameter to product/reassort.php; (44) type parameter to product/index.php; or the (a) sortorder or (b) sortfield parameter to (45) compta/paiement/cheque/liste.php, (46) compta/prelevement/bons.php, (47) compta/prelevement/rejets.php, (48) product/stats/commande.php, (49) product/stats/commande_fournis seur.php, (50) product/stats/contrat.php, (51) product/stats! /facture.php, (52) product/stats/facture_fournisseur.php, (53) product/stats/propal.php, or (54) product/stock/replenishorders.php. | 2014-11-21 | 6.5 | CVE-2014-7137 MISC BID BUGTRAQ FULLDISC |
| f5 — big-ip_local_traffic_manager | Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the “Resource Administrator” or “Administrator” role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form. | 2014-11-17 | 6.2 | CVE-2014-8727 CONFIRM XF BID EXPLOIT-DB MISC |
| freebsd — freebsd | FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and prevention of new connections) by ending multiple connections before authentication is completed. | 2014-11-18 | 4.3 | CVE-2014-8475 XF BID SECUNIA MISC |
| google — chrome | Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string. | 2014-11-19 | 5.0 | CVE-2014-7899 CONFIRM CONFIRM |
| google — chrome | Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended access restrictions via a crafted web site. | 2014-11-19 | 5.0 | CVE-2014-7905 CONFIRM |
| google — chrome | effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data. | 2014-11-19 | 5.0 | CVE-2014-7909 CONFIRM CONFIRM |
| haxx — curl | cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. | 2014-11-18 | 5.0 | CVE-2014-3613 SUSE |
| haxx — curl | cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. | 2014-11-18 | 5.0 | CVE-2014-3620 SUSE |
| haxx — libcurl | The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. | 2014-11-15 | 4.3 | CVE-2014-3707 UBUNTU CONFIRM |
| ibm — security_identity_manager | Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors. | 2014-11-17 | 5.0 | CVE-2014-6095 AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
| ibm — security_identity_manager | Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2014-11-17 | 4.3 | CVE-2014-6096 AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
| ibm — security_identity_manager | IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request. | 2014-11-17 | 5.0 | CVE-2014-6098 AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
| ibm — security_identity_manager | IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 2014-11-17 | 4.3 | CVE-2014-6105 AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
| ibm — security_identity_manager | IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. | 2014-11-17 | 4.3 | CVE-2014-6107 AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
| imember360 — imember360 | Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that with an unspecified impact via the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to execute arbitrary commands. | 2014-11-16 | 6.8 | CVE-2014-8948 EXPLOIT-DB SECUNIA FULLDISC MISC OSVDB |
| imember360 — imember360 | The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear whether this issue itself crosses privileges. | 2014-11-16 | 6.0 | CVE-2014-8949 EXPLOIT-DB SECUNIA FULLDISC MISC OSVDB |
| incrediblepbx — incredible_pbx_11 | reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5) APPTYR, or (6) APPTPHONE parameters. | 2014-11-20 | 6.5 | CVE-2014-9001 FULLDISC |
| ipa — ilogscanner | Cross-site scripting (XSS) vulnerability in IPA iLogScanner 4.0 allows remote attackers to inject arbitrary web script or HTML by triggering a crafted entry in a log file. | 2014-11-14 | 4.3 | CVE-2014-7248 JVNDB JVN |
| lantronix — xprintserver | Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action. | 2014-11-20 | 6.8 | CVE-2014-9003 XF FULLDISC MISC |
| maarch — letterbox | SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie. | 2014-11-20 | 5.0 | CVE-2014-8995 XF OSVDB MISC |
| manageengine — password_manager_pro | SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter. | 2014-11-17 | 6.5 | CVE-2014-8498 MISC XF BID EXPLOIT-DB FULLDISC MISC OSVDB |
| manageengine — password_manager_pro | Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc. | 2014-11-17 | 6.5 | CVE-2014-8499 MISC XF XF BID EXPLOIT-DB FULLDISC MISC OSVDB OSVDB |
| mantisbt — mantisbt | The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code. | 2014-11-18 | 6.4 | CVE-2014-8598 XF BID MLIST |
| megnicholas — clean_and_simple_contact_form | Cross-site scripting (XSS) vulnerability in the Contact Form Clean and Simple (clean-and-simple-contact-form-by-meg-nicholas) plugin 4.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the cscf[name] parameter to contact-us/. | 2014-11-17 | 4.3 | CVE-2014-8955 XF MISC |
| monstra — monstra | Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values. | 2014-11-20 | 5.0 | CVE-2014-9006 XF MISC |
| mulesoft — mule_enterprise_management_console | Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC. | 2014-11-20 | 6.5 | CVE-2014-9000 FULLDISC FULLDISC MISC |
| mumble — mumble | The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file. | 2014-11-16 | 5.0 | CVE-2014-3755 MISC BID MLIST MLIST |
| mumble — mumble | The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip. | 2014-11-16 | 5.0 | CVE-2014-3756 BID MLIST MLIST |
| nibbleblog — nibbleblog | Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) author_name or (2) content parameter to index.php. | 2014-11-20 | 4.3 | CVE-2014-8996 XF BID FULLDISC MISC |
| pandorafms — pandora_flexible_monitoring_system | Cross-site scripting (XSS) vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via the refr parameter to index.php. | 2014-11-19 | 4.3 | CVE-2014-8629 XF FULLDISC MISC |
| phpmemcachedadmin_project — phpmemcachedadmin | Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-11-17 | 4.3 | CVE-2014-8732 XF BID BUGTRAQ BUGTRAQ MISC |
| phpmoneybooks — phpmoneybooks | Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | 2014-11-17 | 4.3 | CVE-2012-1669 BID BUGTRAQ EXPLOIT-DB FULLDISC MISC OSVDB |
| phpmoneybooks — phpmoneybooks | Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2012-1669. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might have been fixed in 1.0.3. | 2014-11-17 | 4.3 | CVE-2012-6665 SECUNIA OSVDB |
| phpscriptlerim — php_scriptlerim_who’s_who | Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who’s Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php. | 2014-11-17 | 6.8 | CVE-2014-8953 XF EXPLOIT-DB MISC |
| pivotal — spring_framework | Directory traversal vulnerability in Pivitol Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling. | 2014-11-20 | 5.0 | CVE-2014-3625 CONFIRM |
| puppetlabs — facter | Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine. | 2014-11-16 | 6.2 | CVE-2014-3248 BID SECUNIA SECUNIA MISC |
| qemu — qemu | Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption. | 2014-11-15 | 4.6 | CVE-2014-5388 MLIST CONFIRM UBUNTU MLIST MLIST CONFIRM |
| redhat — openshift | Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme. | 2014-11-16 | 6.5 | CVE-2014-0233 CONFIRM |
| redhat — tcpdump | Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame. | 2014-11-20 | 5.0 | CVE-2014-8767 XF BID BUGTRAQ FULLDISC MISC |
| redhat — tcpdump | Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame. | 2014-11-20 | 5.0 | CVE-2014-8768 XF BID BUGTRAQ FULLDISC MISC |
| redhat — tcpdump | tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access. | 2014-11-20 | 6.4 | CVE-2014-8769 XF BID BUGTRAQ FULLDISC MISC |
| rubyonrails — ruby_on_rails | The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string. | 2014-11-16 | 5.0 | CVE-2014-3916 XF BID MLIST MLIST |
| rubyonrails — ruby_on_rails | Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow. | 2014-11-15 | 5.0 | CVE-2014-4975 CONFIRM XF UBUNTU MLIST |
| rubyonrails — ruby_on_rails | Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a (backslash) character, a similar issue to CVE-2014-7818. | 2014-11-18 | 5.0 | CVE-2014-7829 MLIST |
| simple_email_form_project — simple_email_form | Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the mod_simpleemailform_field2_1 parameter to index.php. | 2014-11-21 | 4.3 | CVE-2014-8539 MISC BID BUGTRAQ MISC |
| tibco — managed_file_transfer_command_center | TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive information or modify data by leveraging agent access. | 2014-11-20 | 6.4 | CVE-2014-7194 |
| tibco — silver_fabric_enabler | Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6.0.2 and 6.5.x before 6.5.2, Spotfire Deployment Kit 6.0.x before 6.0.2 and 6.5.x before 6.5.2, and Silver Fabric Enabler for Spotfire Web Player before 1.6.1 allows remote authenticated users to obtain sensitive information via unspecified vectors. | 2014-11-20 | 4.0 | CVE-2014-7195 |
| twilio_project — twilio | The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restirct access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tokens by leveraging the “access administration pages” Drupal permission. | 2014-11-20 | 5.5 | CVE-2014-9023 |
| ubercart — ubercart | The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the “administer product classes” permission to execute arbitrary PHP code via unspecified vectors. | 2014-11-15 | 6.0 | CVE-2012-2301 BID MLIST MLIST SECUNIA |
| ubercart — ubercart | The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the “view own orders” permission to obtain sensitive information via unspecified vectors. | 2014-11-20 | 4.0 | CVE-2014-9026 |
| uninett — mod_auth_mellon | The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a “session overflow” involving “sessions overlapping in memory.” | 2014-11-15 | 6.4 | CVE-2014-8566 SECUNIA SECUNIA REDHAT CONFIRM |
| vld_interactive — vldpersonals | Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a member_profile action to index.php. | 2014-11-20 | 4.3 | CVE-2014-9004 XF EXPLOIT-DB |
| vtiger — vtiger_crm | views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter. | 2014-11-15 | 5.0 | CVE-2014-2268 MISC BID EXPLOIT-DB |
| web_component_roles_project — web_component_roles | The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x before 7.x-1.8 for Drupal allows remote attackers to bypass the “disabled” restriction and modify read-only components via a crafted form. | 2014-11-20 | 6.4 | CVE-2014-9022 |
| x7chat — x7_chat | lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch. | 2014-11-20 | 6.5 | CVE-2014-8998 XF BID EXPLOIT-DB MISC |
| xen — xen | The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer derference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP). | 2014-11-19 | 5.4 | CVE-2014-8594 |
| xoops — xoops | SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter. | 2014-11-20 | 6.5 | CVE-2014-8999 BID FULLDISC MISC |
| zend — zend_framework | Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657. | 2014-11-15 | 6.4 | CVE-2014-2681 MANDRIVA MLIST CONFIRM |
| zend — zend_framework | Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0, when PHP-FPM is used, does not properly share the libxml_disable_entity_loader setting between threads, which might allow remote attackers to conduct XML External Entity (XXE) attacks via an XML external entity declaration in conjunction with an entity reference. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657. | 2014-11-15 | 6.8 | CVE-2014-2682 MANDRIVA MLIST CONFIRM |
| zend — zend_framework | Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-6532. | 2014-11-15 | 5.0 | CVE-2014-2683 MANDRIVA MLIST CONFIRM |
| zend — zend_framework | The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association handle, which allows remote attackers to bypass authentication and spoof arbitrary OpenID identities by using a malicious OpenID Provider that generates OpenID tokens with arbitrary identifier and claimed_id values. | 2014-11-15 | 6.4 | CVE-2014-2684 MANDRIVA MLIST CONFIRM |
| zte — zxdsl | Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name or (2) conduct cross-site scripting (XSS) attacks via the sysUserName parameter in a save action to adminpasswd.cgi or (3) change the admin user password via the sysPassword parameter in a save action to adminpasswd.cgi. | 2014-11-20 | 6.8 | CVE-2014-9019 XF BID BUGTRAQ MISC |
| zteusa — zxhn_h108l_firmware | ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1. | 2014-11-20 | 5.0 | CVE-2014-8493 MISC XF EXPLOIT-DB EXPLOIT-DB FULLDISC MISC |
| zteusa — zxdsl_831 | Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected products and codebases. | 2014-11-20 | 4.3 | CVE-2014-9020 XF BID BID BUGTRAQ BUGTRAQ MISC MISC |
| zteusa — zxdsl_831 | Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 allow remote attackers to inject arbitrary web script or HTML via the (1) tr69cAcsURL, (2) tr69cAcsUser, (3) tr69cAcsPwd, (4) tr69cConnReqPwd, or (5) tr69cDebugEnable parameter to the TR-069 client page (tr69cfg.cgi); the (6) timezone parameter to the Time and date page (sntpcfg.sntp); or the (7) hostname parameter in a save action to the Quick Stats page (psilan.cgi). NOTE: this issue was SPLIT from CVE-2014-9020 per ADT1 due to different affected products and codebases. | 2014-11-20 | 4.3 | CVE-2014-9021 XF BID BUGTRAQ MISC |
| zteusa — zxdsl_831cii | Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the (1) enblftp, (2) enblhttp, (3) enblsnmp, (4) enbltelnet, (5) enbltftp, (6) enblicmp, or (7) enblssh parameter to accesslocal.cmd. | 2014-11-20 | 6.8 | CVE-2014-9027 XF MISC |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — hive | Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI. | 2014-11-16 | 3.5 | CVE-2014-0228 BUGTRAQ MISC |
| apple — apple_tv | dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file. | 2014-11-18 | 2.1 | CVE-2014-4455 |
| apple — iphone_os | CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files. | 2014-11-18 | 2.1 | CVE-2014-4460 |
| apple — iphone_os | Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime “Leave a Message” feature. | 2014-11-18 | 2.1 | CVE-2014-4463 |
| d-bus_project — d-bus | D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1. | 2014-11-18 | 2.1 | CVE-2014-7824 CONFIRM XF BID MLIST |
| freeipa — freeipa | FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind. | 2014-11-19 | 3.5 | CVE-2014-7828 MLIST MLIST CONFIRM CONFIRM XF BID FEDORA |
| ibm — tivoli_storage_manager | The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename. | 2014-11-18 | 2.1 | CVE-2014-4817 XF |
| ibm — security_identity_manager | IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation. | 2014-11-17 | 2.1 | CVE-2014-6110 AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
| nlnetlabs — ldns | The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file. | 2014-11-15 | 2.1 | CVE-2014-3209 CONFIRM CONFIRM BID MLIST MLIST |
| python — python | Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. | 2014-11-15 | 3.3 | CVE-2014-2667 MLIST MLIST MLIST SUSE SUSE |
| redhat — jboss_enterprise_application_platform | JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions audit.log, which allows local users to obtain sensitive information by reading this file. | 2014-11-17 | 2.1 | CVE-2014-0059 |
| xen — xen | arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction. | 2014-11-19 | 1.9 | CVE-2014-8595 |
This product is provided subject to this Notification and this Privacy & Use policy.