US-CERT Alerts – Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
Original release date: November 21, 2014
WordPress 4.0.1 has been released to address multiple vulnerabilities, one of which could allow a site to be compromised by a remote attacker. WordPress 3.9.2 and earlier are affected by this vulnerability.Â
US-CERT recommends users and administrators review the WordPress Maintenance and Security Release and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: November 20, 2014
Drupal has released an advisory to address multiple vulnerabilities in Drupal core 6.x versions prior to 6.34 and Drupal core 7.x versions prior to 7.34, one of which could allow a remote attacker to cause a denial of service.
US-CERT encourages users and administrators to review Drupal’s Security Advisory and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: November 19, 2014
A remote escalation of privilege vulnerability exists in implementations of Kerberos Key Distribution Center (KDC) in Microsoft Windows which could allow a remote attacker to take control of a vulnerable system. [1]
The Microsoft Windows Kerberos KDC fails to properly check service tickets for valid signatures, which can allow aspects of the service ticket to be forged. The improper check allows an attacker to escalate valid domain user account privileges to those of a domain administrator account, which renders the entire domain vulnerable to compromise.
At the time this release was issued, Microsoft was aware of limited, targeted attacks attempting to exploit this vulnerability.
A valid domain user can pass invalid domain administrator credentials, gain access and compromise any system on the domain, including the domain controller. [2]
An update is available from Microsoft. Please see Microsoft Security Bulletin MS14-068 and Microsoft Research Security and Defense Blog for more details, and apply the necessary updates.[1, 3]Â
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: November 19, 2014
Google has released Chrome 39.0.2171.65 for Windows, Mac and Linux. This update addresses multiple vulnerabilities, one of which could cause a denial of service condition.
Users and administrators are encouraged to review the Google Chrome blog and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: November 18, 2014
Microsoft has released an out-of-band patch for vulnerability MS14-068. This vulnerability is rated as critical and could allow for escalation of privileges. It affects only Windows Server systems and not client systems.
US-CERT encourages users and administrators to review Microsoft’s Security Bulletin and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: November 18, 2014
The Internet Crime Complaint Center (IC3) released a Scam Alert regarding fraudulent ads for normally expensive items, such as cars and boats, at discounted prices. Scam operators often use false contact information linked to reputable online marketplaces to imply that the transaction is legitimate. Consumers fall victim to the scam when they are enticed into pursuing financial transactions with scammers.
Users are encouraged to review the IC3 Scam Alert for details, refer to the Avoiding Social Engineering and Phishing Attacks Cyber Security Tip for information on social engineering attacks, and refer to the Shopping Safely Online Cyber Security Tip for information on online shopping safety.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: November 13, 2014
iOS devices running iOS 7.1.1, 7.1.2, 8.0, 8.1, and 8.1.1 beta.
A technique labeled “Masque Attack†allows an attacker to substitute malware for a legitimate iOS app under a limited set of circumstances.
Masque Attack was discovered and described by FireEye mobile security researchers.[1] This attack works by luring users to install an app from a source other than the iOS App Store or their organizations’ provisioning system. In order for the attack to succeed, a user must install an untrusted app, such as one delivered through a phishing link. Â
This technique takes advantage of a security weakness that allows an untrusted app—with the same “bundle identifier†as that of a legitimate app—to replace the legitimate app on an affected device, while keeping all of the user’s data. This vulnerability exists because iOS does not enforce matching certificates for apps with the same bundle identifier. Apple’s own iOS platform apps, such as Mobile Safari, are not vulnerable.
An app installed on an iOS device using this technique may:
iOS users can protect themselves from Masque Attacks by following three steps:
Further details on Masque Attack and mitigation guidance can be found on FireEye’s blog [1]. US-CERT does not endorse or support any particular product or vendor.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: November 11, 2014
Google has released Chrome 38.0.2125.122 for Windows, Mac and Linux. This update addresses a vulnerability which could potentially allow an attacker to take over an affected system.
US-CERT encourages users and administrators to review the Google Chrome release blog and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: November 10, 2014
Microsoft Windows Server 2003 operating system
Microsoft is ending support for the Windows Server 2003 operating system on July 14, 2015.[1] After this date, this product will no longer receive:
All software products have a lifecycle. End of support refers to the date when Microsoft will no longer provide automatic fixes, updates, or online technical assistance.[2] As of July 2014, there were 12 million physical servers worldwide still running Windows Server 2003.[3]
Computer systems running unsupported software are exposed to an elevated risk to cybersecurity dangers, such as malicious attacks or electronic data loss.
Users may also encounter problems with software and hardware compatibility since new software applications and hardware devices may not be built for Windows Server 2003.
Organizations that are governed by regulatory obligations may find they are no longer able to satisfy compliance requirements while running Windows Server 2003.
Computers running the Windows Server 2003 operating system will continue to work after support ends. However, using unsupported software may increase the risks of viruses and other security threats. Negative consequences could include loss of confidentiality, integrity, and or availability of data, system resources and business assets.
The Microsoft “Microsoft Support Lifecycle Policy FAQ” page offers additional details.[2]
Users have the option to upgrade to a currently supported operating system or other cloud-based services. There are software vendors and service providers in the marketplace who offer assistance in migrating from Windows Server 2003 to a currently supported operating system or SaaS (software as a service) / IaaS (infrastructure as a service) products and services.[4,5] US-CERT does not endorse or support any particular product or vendor.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: November 10, 2014
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| accuenergy — acuvim_ii | The web server on the AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to bypass authentication and modify settings via a direct request to an unspecified URL. | 2014-11-05 | 7.5 | CVE-2014-2373 |
| accuenergy — acuvim_ii | The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript. | 2014-11-05 | 7.5 | CVE-2014-2374 |
| asus — rt_firmware | ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image. | 2014-11-04 | 7.8 | CVE-2014-2718 XF BID FULLDISC MISC MISC |
| bittorrent — bootstrap-dht | The lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap) allows remote attackers to execute arbitrary code via a crafted packet, which triggers an out-of-bounds read, related to “Improper Indexing.” | 2014-10-31 | 7.5 | CVE-2014-8509 CONFIRM MISC BID |
| ca — cloud_service_management | CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2014-11-04 | 7.5 | CVE-2014-8474 |
| cisco — rv120w | The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126. | 2014-11-07 | 9.0 | CVE-2014-2177 |
| cisco — rv120w | Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145. | 2014-11-07 | 7.5 | CVE-2014-2178 |
| clip-share — clipshare | SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ClipShare 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ch parameter. | 2014-11-04 | 7.5 | CVE-2014-8339 XF MISC MISC |
| compal_broadband_networks — firmware | The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors. | 2014-11-06 | 10.0 | CVE-2014-8656 MISC EXPLOIT-DB MISC OSVDB |
| cp_multi_view_event_calendar_project — cp_multi_view_event_calendar | SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter. | 2014-11-04 | 7.5 | CVE-2014-8586 XF BID EXPLOIT-DB MISC OSVDB |
| debian — apt | APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors. | 2014-11-03 | 7.5 | CVE-2014-0487 SECUNIA SECUNIA |
| debian — apt | APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package. | 2014-11-03 | 7.5 | CVE-2014-0489 SECUNIA SECUNIA |
| debian — apt | The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package. | 2014-11-03 | 7.5 | CVE-2014-0490 SECUNIA SECUNIA |
| emc — rsa_web_threat_detection | SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 2014-11-07 | 9.0 | CVE-2014-4627 BUGTRAQ |
| espocrm — espocrm | Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php. | 2014-10-31 | 10.0 | CVE-2014-7985 MISC BID BUGTRAQ MISC |
| ffmpeg — ffmpeg | Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors. | 2014-11-03 | 7.5 | CVE-2014-5271 CONFIRM OSVDB CONFIRM |
| ffmpeg — ffmpeg | libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data. | 2014-11-05 | 7.5 | CVE-2014-8541 CONFIRM CONFIRM |
| ffmpeg — ffmpeg | libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data. | 2014-11-05 | 7.5 | CVE-2014-8542 CONFIRM CONFIRM |
| ffmpeg — ffmpeg | libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data. | 2014-11-05 | 7.5 | CVE-2014-8543 CONFIRM CONFIRM |
| ffmpeg — ffmpeg | libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data. | 2014-11-05 | 7.5 | CVE-2014-8544 CONFIRM CONFIRM |
| ffmpeg — ffmpeg | libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data. | 2014-11-05 | 7.5 | CVE-2014-8545 CONFIRM CONFIRM |
| ffmpeg — ffmpeg | Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data. | 2014-11-05 | 7.5 | CVE-2014-8546 CONFIRM CONFIRM |
| ffmpeg — ffmpeg | libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data. | 2014-11-05 | 7.5 | CVE-2014-8547 CONFIRM CONFIRM |
| ffmpeg — ffmpeg | Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data. | 2014-11-05 | 7.5 | CVE-2014-8548 CONFIRM CONFIRM |
| ffmpeg — ffmpeg | libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data. | 2014-11-05 | 7.5 | CVE-2014-8549 CONFIRM CONFIRM |
| fortinet — coyote_point_equalizer | FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors. | 2014-11-01 | 7.5 | CVE-2014-8582 XF CONFIRM |
| freeradius — freeradius | Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash. | 2014-11-01 | 7.5 | CVE-2014-2015 CONFIRM UBUNTU MLIST MLIST MLIST |
| french_national_commission_on_informatics_and_liberty — cookieviz | SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the domain parameter. | 2014-11-06 | 7.5 | CVE-2014-8351 XF FULLDISC |
| hp — laserjet_cm3530_multifunction_printer_firmware | Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Printer CC519A and CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. | 2014-11-04 | 9.0 | CVE-2014-7875 |
| joomla — joomla! | Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive. | 2014-11-03 | 7.5 | CVE-2014-7228 MISC |
| linksys — e4200v2 | Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain sensitive information or modify data via a JNAP action in a JNAP/ HTTP request. | 2014-11-01 | 7.5 | CVE-2014-8244 |
| pro_softnet_corporation — ibackup | iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Control) for ib_service.exe, which allows local users to gain privileges via a Trojan horse file. | 2014-11-03 | 7.2 | CVE-2014-5507 XF BID EXPLOIT-DB MISC |
| qemu — qemu | Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow. | 2014-11-04 | 7.5 | CVE-2013-4148 FEDORA CONFIRM |
| qemu — qemu | Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table. | 2014-11-04 | 7.5 | CVE-2013-4149 FEDORA CONFIRM |
| qemu — qemu | The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an out-of-bounds write. | 2014-11-04 | 7.5 | CVE-2013-4150 FEDORA CONFIRM |
| qemu — qemu | The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write. | 2014-11-04 | 7.5 | CVE-2013-4151 FEDORA CONFIRM |
| qemu — qemu | Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports. | 2014-11-04 | 7.5 | CVE-2013-4526 MLIST FEDORA CONFIRM |
| qemu — qemu | Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers. | 2014-11-04 | 7.5 | CVE-2013-4527 MLIST FEDORA CONFIRM |
| qemu — qemu | Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image. | 2014-11-04 | 7.5 | CVE-2013-4529 MLIST FEDORA |
| qemu — qemu | Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image. | 2014-11-04 | 7.5 | CVE-2013-4530 MLIST FEDORA CONFIRM |
| qemu — qemu | Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len in a savevm image. | 2014-11-04 | 7.5 | CVE-2013-4531 MLIST FEDORA CONFIRM |
| qemu — qemu | Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image. | 2014-11-04 | 7.5 | CVE-2013-4533 MLIST FEDORA CONFIRM |
| qemu — qemu | Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements. | 2014-11-04 | 7.5 | CVE-2013-4534 MLIST FEDORA CONFIRM |
| qemu — qemu | The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image. | 2014-11-04 | 7.5 | CVE-2013-4537 MLIST FEDORA CONFIRM |
| qemu — qemu | Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image. | 2014-11-04 | 7.5 | CVE-2013-4538 MLIST FEDORA CONFIRM |
| qemu — qemu | Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image. | 2014-11-04 | 7.5 | CVE-2013-4539 MLIST FEDORA CONFIRM |
| qemu — qemu | Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image. | 2014-11-04 | 7.5 | CVE-2013-4540 MLIST FEDORA CONFIRM |
| qemu — qemu | The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value. | 2014-11-04 | 7.5 | CVE-2013-4541 FEDORA CONFIRM |
| qemu — qemu | The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access. | 2014-11-04 | 7.5 | CVE-2013-4542 FEDORA CONFIRM |
| qemu — qemu | Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image. | 2014-11-04 | 7.5 | CVE-2013-6399 FEDORA CONFIRM |
| qemu — qemu | Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image. | 2014-11-04 | 7.5 | CVE-2014-0182 FEDORA CONFIRM |
| qemu — qemu | Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. | 2014-11-04 | 7.5 | CVE-2014-0222 MLIST FEDORA FEDORA |
| rsyslog — rsyslog | rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access. | 2014-11-01 | 7.5 | CVE-2014-3634 MLIST DEBIAN SECUNIA SECUNIA |
| sap — commoncryptolib | SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. | 2014-11-04 | 7.5 | CVE-2014-8587 CONFIRM CONFIRM SECUNIA MISC |
| sap — hana | SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2014-11-04 | 7.5 | CVE-2014-8588 MISC MISC MISC |
| sap — document_management_services | SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors. | 2014-11-06 | 7.2 | CVE-2014-8660 MISC MISC MISC |
| sap — customer_relationship_management_internet_sales | The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors. | 2014-11-06 | 10.0 | CVE-2014-8661 MISC MISC |
| sap — payroll_process | Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling. | 2014-11-06 | 7.8 | CVE-2014-8662 MISC MISC |
| sap — netweaver_business_warehouse | SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2014-11-06 | 7.5 | CVE-2014-8663 MISC MISC |
| sap — environment_health_and_safety | SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2014-11-06 | 7.5 | CVE-2014-8664 MISC MISC |
| sap — contract_accounting | SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2014-11-06 | 7.5 | CVE-2014-8668 MISC MISC |
| sap — customer_relationship_management | The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors. | 2014-11-06 | 10.0 | CVE-2014-8669 MISC MISC MISC |
| smarty — smarty | Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by “{literal}<{/literal}script language=php>” in a template. | 2014-11-03 | 7.5 | CVE-2014-8350 CONFIRM CONFIRM XF BID MLIST MLIST |
| symantec — endpoint_protection_manager | The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2014-11-07 | 7.5 | CVE-2014-3437 BID |
| testlink — testlink | lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter. | 2014-10-31 | 7.5 | CVE-2014-8081 CONFIRM XF BID BUGTRAQ |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| abb — robotstudio | Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.61.02 and Test Signal Viewer 1.5 allows local users to gain privileges via a Trojan horse DLL that is accessed as a result of incorrect DLL configuration by an optional installation program. | 2014-11-07 | 6.9 | CVE-2014-5430 MISC |
| ait-pro — bulletproof-security | Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter. | 2014-11-06 | 4.3 | CVE-2014-7958 BUGTRAQ MISC |
| ait-pro — bulletproof-security | SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter. | 2014-11-06 | 6.5 | CVE-2014-7959 BUGTRAQ MISC |
| allomani — allomani_weblinks | Multiple cross-site scripting (XSS) vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default URI to admin.php or the (2) id parameter to admin.php or (3) go.php. | 2014-11-04 | 4.3 | CVE-2014-8593 XF BID MISC |
| axway — securetransport | Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/. | 2014-11-04 | 6.8 | CVE-2013-7057 XF EXPLOIT-DB OSVDB |
| bundler — bundler | Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source. | 2014-10-31 | 5.0 | CVE-2013-0334 FEDORA FEDORA FEDORA |
| ca — cloud_service_management | CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to conduct replay attacks via unspecified vectors. | 2014-11-04 | 4.3 | CVE-2014-8471 |
| ca — cloud_service_management | CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors. | 2014-11-04 | 6.8 | CVE-2014-8472 |
| ca — cloud_service_management | Cross-site request forgery (CSRF) vulnerability in CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2014-11-04 | 6.8 | CVE-2014-8473 |
| cisco — rv120w | The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998. | 2014-11-07 | 5.0 | CVE-2014-2179 |
| cisco — unity_connection | The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCur06493. | 2014-11-07 | 4.0 | CVE-2014-7988 |
| cisco — b200_m3 | Cisco Unified Computing System on B-Series blade servers allows local users to gain shell privileges via a crafted (1) ping6 or (2) traceroute6 command, aka Bug ID CSCuq38176. | 2014-11-07 | 6.8 | CVE-2014-7989 |
| cisco — air-ct5760 | Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the “request system shell” challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815. | 2014-11-07 | 6.8 | CVE-2014-7990 |
| citrix — xenmobile | Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 applications, does not properly encrypt cached application data, which allows context-dependent attackers to obtain sensitive information by reading the cache. | 2014-10-31 | 5.0 | CVE-2014-8495 XF BID |
| classapps — selectsurvey.net | Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx. | 2014-11-06 | 6.5 | CVE-2014-6030 FULLDISC MISC |
| compal_broadband_networks — firmware | Cross-site scripting (XSS) vulnerability in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to inject arbitrary web script or HTML via the userData cookie. | 2014-11-06 | 4.3 | CVE-2014-8653 XF MISC BID EXPLOIT-DB MISC OSVDB |
| compal_broadband_networks — firmware | Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attackers to hijack the authentication of administrators for requests that (1) have unspecified impact on DDNS configuration via a request to basicDDNS.html, (2) change the wifi password via the psKey parameter to setWirelessSecurity.html, (3) add a static MAC address via the MacAddress parameter in an add_static action to setBasicDHCP1.html, or (4) enable or disable UPnP via the UPnP parameter in an apply action to setAdvancedOptions.html. | 2014-11-06 | 6.8 | CVE-2014-8654 XF MISC BID EXPLOIT-DB MISC OSVDB OSVDB OSVDB OSVDB |
| compal_broadband_networks — firmware | The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via an (a) admin or a (b) root value in the userData cookie in a request to (1) CmgwWirelessSecurity.xml, (2) DocsisConfigFile.xml, or (3) CmgwBasicSetup.xml in xml/ or (4) basicDDNS.html, (5) basicLanUsers.html, or (6) rootDesc.xml. | 2014-11-06 | 5.0 | CVE-2014-8655 XF BID EXPLOIT-DB MISC OSVDB |
| compal_broadband_networks — firmware | The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to cause a denial of service (disconnect all wifi clients) via a request to wirelessChannelStatus.html. | 2014-11-06 | 5.0 | CVE-2014-8657 XF MISC EXPLOIT-DB MISC OSVDB |
| croogo — croogo | Multiple cross-site scripting (XSS) vulnerabilities in Croogo before 2.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to admin/contacts/contacts/add page; (2) data[Block][title] or (3) data[Block][alias] parameter to admin/blocks/blocks/edit page; (4) data[Region][title] parameter to admin/blocks/regions/add page; (5) data[Menu][title] or (6) data[Menu][alias] parameter to admin/menus/menus/add page; or (7) data[Link][title] parameter to admin/menus/links/add/menu page. | 2014-10-31 | 4.3 | CVE-2014-8577 MISC XF OSVDB OSVDB OSVDB OSVDB EXPLOIT-DB MISC |
| debian — apt | APT before 1.0.9 does not “invalidate repository data” when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data. | 2014-11-03 | 6.8 | CVE-2014-0488 SECUNIA SECUNIA |
| denon — avr-3313ci | Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname. | 2014-11-06 | 4.3 | CVE-2014-8508 MISC |
| download_manager_project — download_manager | Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php. | 2014-11-04 | 5.0 | CVE-2014-8585 XF BID MISC |
| ellislab — expressionengine | Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php. | 2014-11-04 | 6.5 | CVE-2014-5387 MISC MISC FULLDISC |
| enalean — tuleap | SQL injection vulnerability in Enalean Tuleap before 7.5 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman. | 2014-11-04 | 6.5 | CVE-2014-7176 MISC XF BID EXPLOIT-DB FULLDISC MISC |
| enalean — tuleap | XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/. | 2014-10-31 | 4.0 | CVE-2014-7177 MISC CONFIRM XF BID OSVDB FULLDISC |
| epicor — epicor_enterprise | Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection and email settings page. | 2014-11-03 | 5.0 | CVE-2014-4311 EXPLOIT-DB FULLDISC MISC |
| espocrm — espocrm | install/index.php in EspoCRM before 2.6.0 allows remote attackers to re-install the application via a 1 value in the installProcess parameter. | 2014-10-31 | 5.0 | CVE-2014-7986 MISC BID BUGTRAQ MISC |
| espocrm — espocrm | Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php. | 2014-10-31 | 4.3 | CVE-2014-7987 MISC BID BUGTRAQ MISC |
| estsoft — alupdate | ESTsoft ALUpdate 8.5.1.0.0 uses weak permissions (Users: Full Control) for the (1) AlUpdate folder and (2) AlUpdate.exe, which allows local users to gain privileges via a Trojan horse file. | 2014-11-03 | 4.6 | CVE-2014-8494 XF BID MISC |
| f5 — big-ip_advanced_firewall_manager | Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.0, ARM 11.3.0 through 11.6.0, Analytics 11.0.0 through 11.6.0, APM and Edge Gateway 11.0.0 through 11.6.0 and 10.1.0 through 10.2.4, PEM 11.3.0 through 11.6.0, PSM 11.0.0 through 11.4.1 and 10.0.0 through 10.2.4, and WOM 11.0.0 through 11.3.0 and 10.0.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allow remote authenticated users to read arbitrary files and cause a denial of service via a crafted request, as demonstrated using (1) viewList or (2) deal elements. | 2014-11-01 | 5.5 | CVE-2014-6032 MISC MISC FULLDISC FULLDISC FULLDISC |
| ffmpeg — ffmpeg | libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats. | 2014-11-03 | 6.8 | CVE-2014-5272 CONFIRM MLIST |
| formalms_project — formalms | Multiple cross-site scripting (XSS) vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the (1) id_custom parameter in an amanmenu request or (2) id_game parameter in an alms/games/edit request to appCore/index.php. | 2014-11-06 | 4.3 | CVE-2014-5257 MISC BUGTRAQ MISC |
| fortinet — fortianalyzer_firmware | Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336. | 2014-10-31 | 4.3 | CVE-2014-2334 |
| fortinet — fortianalyzer_firmware | Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336. | 2014-10-31 | 4.3 | CVE-2014-2335 |
| fortinet — fortimanager | Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335. | 2014-10-31 | 4.3 | CVE-2014-2336 |
| french_national_commission_on_informatics_and_liberty — cookieviz | Cross-site scripting (XSS) vulnerability in json.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz allows remote we servers to inject arbitrary web script or HTML via the max_date parameter. | 2014-11-06 | 4.3 | CVE-2014-8352 XF FULLDISC |
| gwt_mobile_phonegap_showcase_project — gwt_mobile_phonegap_showcase | Cross-site scripting (XSS) vulnerability in the GWT Mobile PhoneGap Showcase application for Android allows remote attackers to inject arbitrary web script or HTML via a crafted Bluetooth Device Name field. | 2014-11-07 | 4.3 | CVE-2014-8671 MISC MISC |
| ibm — websphere_commerce | IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2014-11-05 | 4.0 | CVE-2014-4769 XF |
| ibm — cognos_mobile | IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and 10.2.1 before FP4 IF1 preserves a session between the Cognos Mobile server and the Cognos Business Intelligence server after a logoff action on a mobile device, which makes it easier for remote attackers to bypass intended Business Intelligence restrictions by leveraging access to authentication data that was captured before this logoff. | 2014-11-05 | 4.3 | CVE-2014-4810 XF |
| ibm — websphere_commerce | IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application crash) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 2014-11-05 | 4.3 | CVE-2014-4834 XF |
| ibm — notes_traveler | The IBM Notes Traveler application before 9.0.1.3 for Android lacks a warning message during selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which the user had intended to use HTTPS. | 2014-11-04 | 5.0 | CVE-2014-6130 XF |
| katello — katello | Katello allows remote attackers to cause a denial foser service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/controllers/katello/, which is passed to the to_sym method. | 2014-11-03 | 5.0 | CVE-2014-3712 MISC XF BID MLIST |
| meinberg — lantime_m100 | Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-11-05 | 4.3 | CVE-2014-5417 |
| modx — modx_revolution | Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the “a” parameter to manager/. NOTE: this issue exists because of a CVE-2014-2080 regression. | 2014-11-06 | 4.3 | CVE-2014-5451 MISC CONFIRM BID BUGTRAQ MISC |
| nordex — nordex_control_2_scada | Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. | 2014-11-05 | 4.3 | CVE-2014-5408 |
| openstack — keystone | OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID. | 2014-11-03 | 6.5 | CVE-2014-0204 CONFIRM CONFIRM |
| openstack — horizon | Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template. | 2014-10-31 | 4.3 | CVE-2014-3473 CONFIRM BID |
| openstack — horizon | Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578. | 2014-10-31 | 4.3 | CVE-2014-3475 CONFIRM BID |
| openstack — compute | OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request. | 2014-10-31 | 4.0 | CVE-2014-3708 CONFIRM |
| openstack — compute | The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state. | 2014-10-31 | 4.0 | CVE-2014-8333 CONFIRM SECUNIA |
| openstack — horizon | Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475. | 2014-10-31 | 4.3 | CVE-2014-8578 CONFIRM BID |
| php — php | The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. | 2014-11-05 | 5.0 | CVE-2014-3710 CONFIRM CONFIRM CONFIRM |
| plone — plone | The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request. | 2014-11-03 | 4.3 | CVE-2012-5500 CONFIRM MLIST REDHAT |
| plone — plone | The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope. | 2014-11-03 | 5.0 | CVE-2012-5508 CONFIRM CONFIRM CONFIRM MLIST |
| plone — plone | Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2). | 2014-11-03 | 5.0 | CVE-2012-6661 CONFIRM CONFIRM CONFIRM MLIST |
| qemu — qemu | Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read. | 2014-11-04 | 4.6 | CVE-2014-0223 MLIST FEDORA |
| qemu — qemu | hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to “USB post load checks.” | 2014-11-04 | 6.8 | CVE-2014-3461 REDHAT REDHAT FEDORA MLIST |
| quassel-irc — quassel_irc | The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string. | 2014-11-06 | 5.0 | CVE-2014-8483 DEBIAN SECUNIA SECUNIA |
| redhat — freeipa | The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server. | 2014-11-03 | 5.0 | CVE-2013-0336 CONFIRM XF BID SECUNIA |
| redhat — network_satellite | Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do. | 2014-11-03 | 4.3 | CVE-2014-3654 |
| refinedwiki — refinedwiki_original_theme | Cross-site scripting (XSS) vulnerability in RefinedWiki Original Theme 3.x before 3.5.13 and 4.x before 4.0.12 for Confluence allows remote authenticated users with permissions to create or edit content to inject arbitrary web script or HTML via the versionComment parameter to pages/doeditpage.action. | 2014-11-06 | 4.0 | CVE-2014-8658 MISC XF BID BUGTRAQ FULLDISC MISC |
| rewardingyourself — rewardingyourself | Cross-site scripting (XSS) vulnerability in the RewardingYourself application for Android and BlackBerry OS allows remote attackers to inject arbitrary web script or HTML via a crafted QR code. | 2014-11-07 | 4.3 | CVE-2014-8672 MISC MISC |
| rsyslog — rsyslog | Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634. | 2014-11-01 | 5.0 | CVE-2014-3683 MLIST SECUNIA |
| ruby-lang — ruby | The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack. | 2014-11-03 | 5.0 | CVE-2014-8080 SECUNIA |
| sap — netweaver | The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern. | 2014-11-06 | 5.0 | CVE-2014-0995 CONFIRM XF BUGTRAQ MISC FULLDISC MISC MISC |
| sap — network_interface_router | Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests. | 2014-11-04 | 5.0 | CVE-2014-8589 CONFIRM CONFIRM MISC MISC |
| sap — netweaver_java_application_server | XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. | 2014-11-04 | 4.3 | CVE-2014-8590 MISC MISC MISC |
| sap — netweaver | Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors. | 2014-11-04 | 5.0 | CVE-2014-8591 CONFIRM CONFIRM MISC MISC |
| sap — netweaver | Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. | 2014-11-04 | 5.0 | CVE-2014-8592 CONFIRM CONFIRM MISC MISC MISC MISC MISC MISC |
| sap — environment_health_and_safety | Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors. | 2014-11-06 | 5.0 | CVE-2014-8659 MISC MISC MISC |
| sap — business_intelligence_development_workbench | The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files. | 2014-11-06 | 5.0 | CVE-2014-8665 MISC MISC |
| sap — business_intelligence_development_workbench | The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors. | 2014-11-06 | 5.0 | CVE-2014-8666 MISC MISC |
| sap — hana_web-based_development_workbench | Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-11-06 | 4.3 | CVE-2014-8667 MISC MISC |
| symantec — endpoint_protection_manager | Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-11-07 | 4.3 | CVE-2014-3438 CONFIRM BID |
| symantec — endpoint_protection_manager | ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors. | 2014-11-07 | 6.1 | CVE-2014-3439 CONFIRM BID |
| testlink — testlink | lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message. | 2014-10-31 | 5.0 | CVE-2014-8082 CONFIRM XF BID |
| vbulletin — vbulletin | Open redirect vulnerability in go.php in vBulletin 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | 2014-11-06 | 5.8 | CVE-2014-8670 BID MISC |
| web_dorado_spider_video_player_project — web_dorado_spider_video_player | Cross-site scripting (XSS) vulnerability in the Web Dorado Spider Video Player (aka WordPress Video Player) plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-11-04 | 4.3 | CVE-2014-8584 |
| webedition — webedition_cms | Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. | 2014-11-06 | 4.0 | CVE-2014-5258 MISC BUGTRAQ MISC |
| wordfence_security_project — wordfence_security | Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the whoisval parameter on the WordfenceWhois page to wp-admin/admin.php. | 2014-11-06 | 4.3 | CVE-2014-4664 MISC |
| wp-dbmanager_project — wp-dbmanager | The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup[‘filepath’] (aka “Path to Backup:” field) or (2) $backup[‘mysqldumppath’] variable. | 2014-10-31 | 6.5 | CVE-2014-8334 XF MISC BID BUGTRAQ MLIST MLIST FULLDISC MISC OSVDB |
| xmlsoft — libxml2 | parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the “billion laughs” attack. | 2014-11-04 | 5.0 | CVE-2014-3660 MISC CONFIRM MISC BID DEBIAN REDHAT SUSE |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| compfight_project — compfight | Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter. | 2014-11-05 | 3.5 | CVE-2014-8622 MISC |
| eset — personal_firewall_ndis_filter | The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls. | 2014-11-04 | 2.1 | CVE-2014-4974 MISC XF BID FULLDISC MISC |
| linksys — e4200v2 | Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain the administrator’s MD5 password hash via a direct request for the /.htpasswd URI. | 2014-11-01 | 3.3 | CVE-2014-8243 |
| openstack — horizon | Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name. | 2014-10-31 | 3.5 | CVE-2014-3474 CONFIRM BID |
| phpmyadmin — phpmyadmin | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page. | 2014-11-05 | 3.5 | CVE-2014-8326 CONFIRM CONFIRM |
| qemu — qemu | The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. | 2014-11-01 | 2.1 | CVE-2014-3615 REDHAT REDHAT CONFIRM CONFIRM |
| shim_project — shim | The default configuration in systemd-shim 8 enables the Abandon debugging clause, which allows local users to cause a denial of service via unspecified vectors. | 2014-10-31 | 2.1 | CVE-2014-8399 CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.