Original release date: September 08, 2014
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| arubanetworks — clearpass_policy_manager | The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as demonstrated by the (1) system status-rasession and (2) network ping commands. | 2014-08-29 | 9.0 | CVE-2014-2593 MISC XF BID OSVDB |
| check_mk_project — check_mk | The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL. | 2014-09-02 | 9.3 | CVE-2014-5340 BUGTRAQ MISC |
| cisco — ios_xr | Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing System (CRS), allows remote attackers to cause a denial of service (CPU consumption and IPv6 packet drops) via a malformed IPv6 packet, aka Bug ID CSCuo95165. | 2014-09-04 | 7.1 | CVE-2014-3353 |
| codeaurora — android-msm | The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which allows attackers to gain privileges via a crafted application. | 2014-08-31 | 7.2 | CVE-2013-2595 |
| codeaurora — android-msm | Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that leverages /dev/msm_acdb access and provides a large size value in an ioctl argument. | 2014-08-31 | 7.2 | CVE-2013-2597 |
| gnu — glibc | Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. | 2014-08-29 | 7.5 | CVE-2014-5119 CONFIRM MISC BID MLIST MLIST FULLDISC MISC |
| ibm — db2 | Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code via a crafted ALTER MODULE statement. | 2014-09-04 | 8.5 | CVE-2014-3094 XF AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
| mozilla — firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2014-09-03 | 10.0 | CVE-2014-1553 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| mozilla — firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2014-09-03 | 10.0 | CVE-2014-1554 CONFIRM CONFIRM CONFIRM CONFIRM |
| mozilla — firefox | Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2014-09-03 | 10.0 | CVE-2014-1562 CONFIRM |
| mozilla — firefox | Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incorrect cycle collection. | 2014-09-03 | 10.0 | CVE-2014-1563 CONFIRM |
| mozilla — firefox | Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout. | 2014-09-03 | 9.3 | CVE-2014-1567 CONFIRM |
| novell — groupwise | The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors. | 2014-09-04 | 10.0 | CVE-2014-0610 CONFIRM |
| s3ql_project — s3ql | S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/. | 2014-09-02 | 7.5 | CVE-2014-0485 MLIST DEBIAN |
| solarwinds — log_and_event_manager | SolarWinds Log and Event Manager before 6.0 uses “static” credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL. | 2014-09-04 | 7.5 | CVE-2014-5504 MISC CONFIRM |
| tibco — spotfire_server | Unspecified vulnerability in the Authentication Module in TIBCO Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2, 6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote attackers to gain privileges, and obtain sensitive information or modify data, via unknown vectors. | 2014-09-04 | 7.5 | CVE-2014-5285 |
| vmturbo — operations_manager | vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call. | 2014-08-29 | 7.5 | CVE-2014-5073 XF BID OSVDB EXPLOIT-DB MISC SECUNIA MISC MISC |
| zend — zend_framework | The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | 2014-09-04 | 7.5 | CVE-2014-2685 MANDRIVA MLIST CONFIRM |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| amazon — kindle | The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2014-08-30 | 5.8 | CVE-2014-3908 JVNDB JVN |
| apache — commons-httpclient | http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783. | 2014-09-04 | 4.3 | CVE-2012-6153 CONFIRM BID CONFIRM REDHAT |
| apache — poi | The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2014-09-04 | 4.3 | CVE-2014-3529 CONFIRM SECUNIA CONFIRM |
| apache — poi | Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack. | 2014-09-04 | 4.3 | CVE-2014-3574 SECUNIA CONFIRM |
| check_mk_project — check_mk | Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write check_mk config files (.mk files) to arbitrary locations via vectors related to row selections. | 2014-09-02 | 4.9 | CVE-2014-5339 BUGTRAQ MISC |
| cisco — cloud_portal | Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an “iFrame vulnerability,” aka Bug ID CSCuh84801. | 2014-08-30 | 4.3 | CVE-2014-3352 |
| codeaurora — android-msm | app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory locations within bootloader memory. | 2014-08-31 | 6.6 | CVE-2013-2598 |
| codeaurora — android-msm | A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption passwords via a logcat call. | 2014-08-31 | 5.0 | CVE-2013-2599 |
| exim — exim | The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function. | 2014-09-04 | 6.8 | CVE-2014-2957 CONFIRM |
| exim — exim | expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. | 2014-09-04 | 4.6 | CVE-2014-2972 CONFIRM FEDORA FEDORA CONFIRM |
| freedesktop — poppler | DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file. | 2014-08-29 | 4.3 | CVE-2010-5110 SUSE CONFIRM SECUNIA MLIST |
| google — android_browser | The Android Browser application 4.2.1 on Android allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a u0000 character, as demonstrated by an onclick=”window.open(‘u0000javascript: sequence. | 2014-09-02 | 5.8 | CVE-2014-6041 MISC |
| hl7 — c-cda | Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody element. | 2014-09-02 | 4.3 | CVE-2014-3861 MISC |
| hl7 — c-cda | CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log. | 2014-09-02 | 4.3 | CVE-2014-3862 MISC |
| hl7 — c-cda | CDA.xsl in HL7 C-CDA 1.1 and earlier does not anticipate the possibility of invalid C-CDA documents with crafted XML attributes, which allows remote attackers to conduct XSS attacks via a document containing a table that is improperly handled during unrestricted xsl:copy operations. | 2014-09-02 | 4.3 | CVE-2014-5452 MISC |
| ibm — cognos_tm1 | The client in IBM Cognos TM1 9.5.2.3 before IF5, 10.1.1.2 before IF1, 10.2.0.2 before IF1, and 10.2.2.0 before IF1 stores obfuscated passwords in memory, which allows remote authenticated users to obtain sensitive cleartext information via an unspecified security tool. | 2014-09-04 | 4.0 | CVE-2014-0863 XF |
| ibm — business_process_manager | IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL. | 2014-09-04 | 4.0 | CVE-2014-4758 XF AIXAPAR |
| ibm — business_process_manager | An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in the search results. | 2014-09-04 | 4.0 | CVE-2014-4759 XF |
| iii — encore_discovery_solution | Open redirect vulnerability in Innovative Interfaces Encore Discovery Solution 4.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter. | 2014-08-29 | 5.8 | CVE-2014-5127 BID BUGTRAQ |
| iii — encore_discovery_solution | Innovative Interfaces Encore Discovery Solution 4.3 places a session token in the URI, which might allow remote attackers to obtain sensitive information via unspecified vectors. | 2014-08-29 | 5.0 | CVE-2014-5128 BID BUGTRAQ |
| iii — sierra | Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 2014-09-02 | 4.3 | CVE-2014-5136 BUGTRAQ |
| iii — sierra | Innovative Interfaces Sierra Library Services Platform 1.2_3 provides different responses for login request depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of login requests, possibly related to the Webpac Pro submodule. | 2014-09-02 | 5.0 | CVE-2014-5137 BUGTRAQ |
| labanquepostale — labanquepostale | The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted intents, as demonstrated by the drozer framework. | 2014-09-02 | 4.3 | CVE-2014-5076 MISC |
| linux — linux_kernel | The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages. | 2014-08-31 | 4.3 | CVE-2014-3601 CONFIRM |
| linux — linux_kernel | Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. | 2014-08-31 | 4.0 | CVE-2014-5471 MISC CONFIRM MLIST |
| linux — linux_kernel | The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. | 2014-08-31 | 4.0 | CVE-2014-5472 MISC CONFIRM MLIST |
| lua — lua | Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments. | 2014-09-04 | 5.0 | CVE-2014-5461 BID MLIST DEBIAN DEBIAN |
| manageengine — device_expert | ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user account credentials via a direct request. | 2014-09-04 | 5.0 | CVE-2014-5377 MISC XF BID BUGTRAQ EXPLOIT-DB FULLDISC FULLDISC FULLDISC MISC |
| mcafee — network_security_manager | Cross-site request forgery (CSRF) vulnerability in the User Management module in McAfee Network Security Manager (NSM) before 6.1.15.39 7.1.5.x before 7.1.5.15, 7.1.15.x before 7.1.15.7, 7.5.x before 7.5.5.9, and 8.x before 8.1.7.3 allows remote attackers to hijack the authentication of users for requests that modify user accounts via unspecified vectors. | 2014-08-29 | 6.8 | CVE-2014-2390 SECTRACK |
| mcafee — web_gateway | The Accounts tab in the administrative user interface in McAfee Web Gateway (MWG) before 7.3.2.9 and 7.4.x before 7.4.2 allows remote authenticated users to obtain the hashed user passwords via unspecified vectors. | 2014-09-02 | 4.0 | CVE-2014-6064 SECTRACK |
| mikejolley — download_monitor | Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI. | 2014-09-04 | 4.3 | CVE-2012-4768 CONFIRM SECUNIA MISC OSVDB BUGTRAQ |
| mozilla — firefox | Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image. | 2014-09-03 | 4.3 | CVE-2014-1564 CONFIRM |
| mozilla — firefox | The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted API calls. | 2014-09-03 | 5.0 | CVE-2014-1565 CONFIRM |
| mozilla — firefox | Mozilla Firefox before 31.1 on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1515. | 2014-09-03 | 4.3 | CVE-2014-1566 CONFIRM |
| phorum — phorum | Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter. | 2014-09-04 | 4.3 | CVE-2012-4234 MISC XF BID SECUNIA MISC BUGTRAQ |
| plack_project — plack | Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static. | 2014-09-04 | 5.0 | CVE-2014-5269 OSVDB MLIST FEDORA FEDORA CONFIRM |
| qpw.famvanakkeren — quick_post_widget | Multiple cross-site scripting (XSS) vulnerabilities in Quick Post Widget plugin 1.9.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Title, (2) Content, or (3) New category field to wordpress/ or (4) query string to wordpress/. | 2014-09-03 | 4.3 | CVE-2012-4226 XF BID MISC MISC BUGTRAQ |
| sap — crystal_reports | Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file. | 2014-09-04 | 6.8 | CVE-2014-5505 CONFIRM MISC CONFIRM |
| sap — crystal_reports | Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. | 2014-09-04 | 6.8 | CVE-2014-5506 CONFIRM MISC CONFIRM |
| sap — netweaver | Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors. | 2014-09-05 | 6.5 | CVE-2014-6252 CONFIRM SECUNIA CONFIRM MISC |
| sixapart — movable_type | Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section. | 2014-08-29 | 4.3 | CVE-2012-1503 XF BID EXPLOIT-DB MISC MISC OSVDB |
| torrentflux — torrentflux | TorrentFlux 2.4 allows remote authenticated users to obtain other users’ cookies via the cid parameter in an editCookies action to profile.php. | 2014-09-05 | 4.0 | CVE-2014-6028 MISC SECTRACK MLIST MLIST |
| torrentflux — torrentflux | TorrentFlux 2.4 allows remote authenticated users to delete or modify other users’ cookies via the cid parameter in an editCookies action to profile.php. | 2014-09-05 | 4.9 | CVE-2014-6029 MISC SECTRACK MLIST MLIST |
| werdswords — download_shortcode | Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | 2014-09-03 | 5.0 | CVE-2014-5465 BID EXPLOIT-DB CONFIRM |
| wordpress_mobile_pack_project — wordpress_mobile_pack | The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php. | 2014-08-29 | 5.0 | CVE-2014-5337 MISC BID SECUNIA |
| xen — xen | Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process. | 2014-08-29 | 4.3 | CVE-2014-5147 |
| xrms_crm_project — xrms_crm | plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter. | 2014-09-02 | 6.5 | CVE-2014-5521 MLIST MLIST EXPLOIT-DB FULLDISC MISC |
| zohocorp — manageengine_eventlog_analyzer | Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the (1) width, (2) height, (3) url, (4) helpP, (5) tab, (6) module, (7) completeData, (8) RBBNAME, (9) TC, (10) rtype, (11) eventCriteria, (12) q, (13) flushCache, or (14) product parameter. | 2014-08-29 | 4.3 | CVE-2014-4930 BID FULLDISC |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| codeaurora — android-msm | The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary file via an attack on the sensor-settings file. | 2014-08-31 | 3.3 | CVE-2013-6124 |
| dhcpcd_project — dhcpcd | The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again. | 2014-09-04 | 3.3 | CVE-2014-6060 BID MLIST MLIST MANDRIVA CONFIRM CONFIRM |
| eucalyptus — eucalyptus | The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive information by reading the logs. | 2014-09-05 | 2.1 | CVE-2014-5036 SECUNIA SECUNIA |
| ganeti_project — ganeti | The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other sensitive information by reading the file, related to the upgrade command. | 2014-08-29 | 2.1 | CVE-2014-5247 MISC XF BID BUGTRAQ MLIST MISC |
| ibm — business_process_manager | Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file. | 2014-09-04 | 3.5 | CVE-2014-3075 XF |
| ibm — db2 | The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement. | 2014-09-04 | 3.5 | CVE-2014-3095 XF AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
| ibm — db2 | IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, which allows local users to obtain sensitive information by reading a file while a LOAD is occurring. | 2014-09-04 | 2.1 | CVE-2014-4805 CONFIRM |
| opensuse — srvx | Multiple integer overflows in the HelpServ module (mod-helpserv.c) in srvx 1.3.1 allow remote authenticated IRCops or HelpServ bot managers to cause a denial of service (infinite loop) via a large value in the EmptyInterval parameter or certain other interval configurations. | 2014-09-05 | 3.5 | CVE-2014-5508 BID MLIST MLIST |
This product is provided subject to this Notification and this Privacy & Use policy.