Original release date: September 22, 2014
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe — acrobat | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. | 2014-09-17 | 10.0 | CVE-2014-0560 |
| adobe — acrobat | Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0567. | 2014-09-17 | 10.0 | CVE-2014-0561 |
| adobe — acrobat | Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors. | 2014-09-17 | 7.8 | CVE-2014-0563 |
| adobe — acrobat | Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0566. | 2014-09-17 | 10.0 | CVE-2014-0565 |
| adobe — acrobat | Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0565. | 2014-09-17 | 10.0 | CVE-2014-0566 |
| adobe — acrobat | Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0561. | 2014-09-17 | 10.0 | CVE-2014-0567 |
| adobe — acrobat | Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors. | 2014-09-17 | 10.0 | CVE-2014-0568 |
| apple — apple_tv | The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments. | 2014-09-18 | 7.8 | CVE-2014-4369 APPLE APPLE |
| apple — apple_tv | The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application. | 2014-09-18 | 7.8 | CVE-2014-4373 APPLE APPLE |
| apple — apple_tv | Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports. | 2014-09-18 | 7.2 | CVE-2014-4375 APPLE APPLE |
| apple — mac_os_x | IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted API arguments. | 2014-09-19 | 10.0 | CVE-2014-4376 |
| apple — apple_tv | An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application. | 2014-09-18 | 7.1 | CVE-2014-4379 APPLE APPLE |
| apple — apple_tv | The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel’s context via a crafted application. | 2014-09-18 | 9.3 | CVE-2014-4380 APPLE APPLE |
| apple — apple_tv | Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application. | 2014-09-18 | 9.3 | CVE-2014-4381 APPLE APPLE |
| apple — apple_tv | IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418. | 2014-09-18 | 9.3 | CVE-2014-4388 APPLE APPLE |
| apple — apple_tv | Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments. | 2014-09-18 | 9.3 | CVE-2014-4389 APPLE APPLE |
| apple — mac_os_x | Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application. | 2014-09-19 | 9.3 | CVE-2014-4390 |
| apple — mac_os_x | Buffer overflow in the shader compiler in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GLSL shader. | 2014-09-19 | 10.0 | CVE-2014-4393 |
| apple — mac_os_x | An unspecified IOAcceleratorFamily function in Apple OS X before 10.9.5 lacks proper bounds checking on read operations, which allows attackers to execute arbitrary code in a privileged context via a crafted application. | 2014-09-19 | 9.3 | CVE-2014-4402 |
| apple — apple_tv | Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties. | 2014-09-18 | 9.3 | CVE-2014-4404 APPLE APPLE |
| apple — apple_tv | IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties. | 2014-09-18 | 9.3 | CVE-2014-4405 APPLE APPLE |
| apple — apple_tv | IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4388. | 2014-09-18 | 9.3 | CVE-2014-4418 APPLE APPLE |
| apple — os_x_server | SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2014-09-19 | 7.5 | CVE-2014-4424 |
| ecava — integraxor | Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature. | 2014-09-15 | 9.0 | CVE-2014-2375 |
| ecava — integraxor | SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2014-09-15 | 7.5 | CVE-2014-2376 |
| emc — documentum_content_server | EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors. | 2014-09-17 | 8.5 | CVE-2014-4621 BUGTRAQ |
| emc — documentum_content_server | EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. | 2014-09-17 | 7.1 | CVE-2014-4622 BUGTRAQ |
| microsoft — office | Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka “Microsoft Office Control Vulnerability.” | 2014-09-19 | 9.3 | CVE-2006-1318 |
| mpay24_project — mpay24 | SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter. | 2014-09-12 | 7.5 | CVE-2014-2008 XF OSVDB |
| mpexsolutions — mx-smartimer | SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password parameter. | 2014-09-12 | 7.5 | CVE-2014-5440 XF FULLDISC MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe — acrobat | Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka “Universal XSS (UXSS).” | 2014-09-17 | 4.3 | CVE-2014-0562 |
| advantech — advantech_webaccess | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter. | 2014-09-20 | 6.8 | CVE-2014-0985 |
| advantech — advantech_webaccess | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter. | 2014-09-20 | 6.8 | CVE-2014-0986 |
| advantech — advantech_webaccess | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter. | 2014-09-20 | 6.8 | CVE-2014-0987 MISC |
| advantech — advantech_webaccess | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter. | 2014-09-20 | 6.8 | CVE-2014-0988 |
| advantech — advantech_webaccess | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter. | 2014-09-20 | 6.8 | CVE-2014-0989 |
| advantech — advantech_webaccess | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the UserName parameter. | 2014-09-20 | 6.8 | CVE-2014-0990 |
| advantech — advantech_webaccess | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the projectname parameter. | 2014-09-20 | 6.8 | CVE-2014-0991 |
| advantech — advantech_webaccess | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the password parameter. | 2014-09-20 | 6.8 | CVE-2014-0992 |
| apple — mac_os_x | QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding. | 2014-09-19 | 6.8 | CVE-2014-1391 |
| apple — mac_os_x | Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file. | 2014-09-19 | 6.8 | CVE-2014-4350 |
| apple — iphone_os | Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS. | 2014-09-18 | 4.3 | CVE-2014-4353 APPLE |
| apple — iphone_os | Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session. | 2014-09-18 | 5.8 | CVE-2014-4354 APPLE |
| apple — iphone_os | The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app. | 2014-09-18 | 5.0 | CVE-2014-4361 APPLE |
| apple — iphone_os | The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app. | 2014-09-18 | 5.0 | CVE-2014-4362 APPLE |
| apple — iphone_os | Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element. | 2014-09-18 | 5.0 | CVE-2014-4363 APPLE |
| apple — apple_tv | The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash. | 2014-09-18 | 4.3 | CVE-2014-4364 APPLE APPLE |
| apple — iphone_os | Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | 2014-09-18 | 5.0 | CVE-2014-4366 APPLE |
| apple — iphone_os | The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events. | 2014-09-18 | 6.9 | CVE-2014-4368 APPLE |
| apple — iphone_os | NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2014-09-18 | 5.0 | CVE-2014-4374 APPLE |
| apple — apple_tv | Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. | 2014-09-18 | 6.8 | CVE-2014-4377 APPLE APPLE |
| apple — apple_tv | CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document. | 2014-09-18 | 5.8 | CVE-2014-4378 APPLE APPLE |
| apple — apple_tv | The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device’s update status via a crafted Last-Modified HTTP response header. | 2014-09-18 | 4.3 | CVE-2014-4383 APPLE APPLE |
| apple — mac_os_x | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. | 2014-09-19 | 6.9 | CVE-2014-4394 |
| apple — mac_os_x | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. | 2014-09-19 | 6.9 | CVE-2014-4395 |
| apple — mac_os_x | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. | 2014-09-19 | 6.9 | CVE-2014-4396 |
| apple — mac_os_x | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. | 2014-09-19 | 6.9 | CVE-2014-4397 |
| apple — mac_os_x | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. | 2014-09-19 | 6.9 | CVE-2014-4398 |
| apple — mac_os_x | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. | 2014-09-19 | 6.9 | CVE-2014-4399 |
| apple — mac_os_x | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4401, and CVE-2014-4416. | 2014-09-19 | 6.9 | CVE-2014-4400 |
| apple — mac_os_x | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, and CVE-2014-4416. | 2014-09-19 | 6.9 | CVE-2014-4401 |
| apple — os_x_server | Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-09-19 | 4.3 | CVE-2014-4406 |
| apple — apple_tv | IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls. | 2014-09-18 | 4.3 | CVE-2014-4407 APPLE APPLE |
| apple — apple_tv | The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call. | 2014-09-18 | 6.9 | CVE-2014-4408 APPLE APPLE |
| apple — iphone_os | WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing. | 2014-09-18 | 4.3 | CVE-2014-4409 APPLE |
| apple — apple_tv | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. | 2014-09-18 | 6.8 | CVE-2014-4410 APPLE APPLE |
| apple — apple_tv | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. | 2014-09-18 | 6.8 | CVE-2014-4411 APPLE APPLE |
| apple — apple_tv | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. | 2014-09-18 | 6.8 | CVE-2014-4412 APPLE APPLE |
| apple — apple_tv | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. | 2014-09-18 | 6.8 | CVE-2014-4413 APPLE APPLE |
| apple — apple_tv | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. | 2014-09-18 | 6.8 | CVE-2014-4414 APPLE APPLE |
| apple — apple_tv | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. | 2014-09-18 | 6.8 | CVE-2014-4415 APPLE APPLE |
| apple — mac_os_x | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, and CVE-2014-4401. | 2014-09-19 | 6.9 | CVE-2014-4416 |
| apple — apple_tv | The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related to the random numbers. | 2014-09-18 | 6.8 | CVE-2014-4422 APPLE APPLE |
| apple — iphone_os | The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account’s Apple ID and metadata via a crafted application. | 2014-09-18 | 4.3 | CVE-2014-4423 APPLE |
| blackcat-cms — blackcat_cms | Cross-site scripting (XSS) vulnerability in cattranslate.php in the CatTranslate JQuery plugin in BlackCat CMS 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | 2014-09-12 | 4.3 | CVE-2014-5259 MISC XF BUGTRAQ MISC |
| ecava — integraxor | Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. | 2014-09-15 | 5.0 | CVE-2014-2377 |
| embarcadero — embarcadero_c++builder_xe6 | Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file. | 2014-09-15 | 6.8 | CVE-2014-0993 MISC |
| episerver — episerver | Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker module 3.x before 3.4.5 for EPiServer allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2014-09-17 | 4.3 | CVE-2012-1032 XF BID SECUNIA OSVDB |
| facebook — facebook | Cross-site scripting (XSS) vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename extension that is improperly handled during MIME sniffing of chat traffic. | 2014-09-15 | 4.3 | CVE-2014-6392 FULLDISC |
| fatfreecrm — fat_free_crm | Multiple cross-site scripting (XSS) vulnerabilities in app/views/layouts/application.html.haml in Fat Free CRM before 0.13.3 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name in a (a) create or (b) edit user action. | 2014-09-12 | 4.3 | CVE-2014-5441 CONFIRM MISC |
| ibm — integration_bus | The web user interface in IBM WebSphere Message Broker 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.3 allows remote authenticated users to obtain sensitive information by reading the error page. | 2014-09-18 | 4.0 | CVE-2014-4819 XF |
| ibm — integration_bus_manufacturing_pack | Cross-site scripting (XSS) vulnerability in IBM Integration Bus Manufacturing Pack 1.x before 1.0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-09-18 | 4.3 | CVE-2014-4820 XF |
| ibm — qradar_security_information_and_event_manager | SQL injection vulnerability in IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 2014-09-18 | 6.5 | CVE-2014-4824 XF |
| ibm — qradar_security_information_and_event_manager | IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 does not properly handle SSH connections, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | 2014-09-18 | 4.3 | CVE-2014-4826 XF |
| mailenable — mailenable | Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) body in an SMTP e-mail message. | 2014-09-19 | 4.3 | CVE-2012-2588 XF BID EXPLOIT-DB SECUNIA OSVDB |
| mini_mail_dashboard_widget_project — mini_mail_dashboard_widget | Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget plugin 1.42 for WordPress allows remote attackers to inject arbitrary web script or HTML via the body of an email. | 2014-09-17 | 4.3 | CVE-2012-2583 XF BID EXPLOIT-DB OSVDB |
| moodle — moodle | The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, and discover an author’s username, by leveraging the student role and visiting a Q&A forum. | 2014-09-15 | 4.0 | CVE-2014-3617 MLIST CONFIRM |
| mpay24_project — mpay24 | The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log. | 2014-09-12 | 5.0 | CVE-2014-2009 XF EXPLOIT-DB FULLDISC MISC OSVDB |
| mywebsql — mywebsql | Cross-site scripting (XSS) vulnerability in MyWebSQL 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter to index.php. | 2014-09-12 | 4.3 | CVE-2014-4735 MISC XF BUGTRAQ MISC |
| nongnu — gksu | GKSu 2.0.2, when sudo-mode is not enabled, uses ” (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during installation of a VirtualBox extension pack. | 2014-09-18 | 6.8 | CVE-2014-2886 MISC MISC MISC |
| open-xchange — open-xchange_appsuite | Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name. | 2014-09-17 | 4.3 | CVE-2014-5234 BID BUGTRAQ SECUNIA MISC |
| open-xchange — open-xchange_appsuite | Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds. | 2014-09-17 | 4.3 | CVE-2014-5235 BID BUGTRAQ SECUNIA MISC |
| orangehrm — orangehrm | SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from third party information. | 2014-09-17 | 6.5 | CVE-2012-1506 MISC XF BID SECUNIA OSVDB |
| orangehrm — orangehrm | Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index.php. | 2014-09-17 | 4.3 | CVE-2012-1507 MISC XF BID SECUNIA OSVDB OSVDB OSVDB |
| phorum — phorum | Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2014-09-19 | 4.3 | CVE-2012-6659 SECUNIA |
| php365 — 365_links | Cross-site scripting (XSS) vulnerability in php365.com 365 Links 3.11 and earlier, 365 Links2 3.11 and earlier, 365 Links+ 2.10 and earlier, and 365 Links2+ 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-09-18 | 4.3 | CVE-2014-5317 CONFIRM JVNDB |
| powerdns — powerdns_recursor | Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6.x before 3.6.1 allows remote attackers to cause a denial of service (crash) via an unknown sequence of malformed packets. | 2014-09-19 | 5.0 | CVE-2014-3614 XF SECUNIA CONFIRM |
| schneider-electric — vampset | Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file. | 2014-09-15 | 4.4 | CVE-2014-5407 |
| schneider-electric — clearscada | Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. | 2014-09-18 | 5.0 | CVE-2014-5412 |
| schneider-electric — clearscada | Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. | 2014-09-18 | 5.0 | CVE-2014-5413 |
| spiceworks — spiceworks | SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. NOTE: this entry was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6658 is for the XSS. | 2014-09-17 | 6.5 | CVE-2012-2956 XF BID EXPLOIT-DB OSVDB |
| spiceworks — spiceworks | Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName configuration in snmpd.conf. NOTE: this entry was SPLIT from CVE-2012-2956 per ADT2 due to different vulnerability types. | 2014-09-17 | 4.3 | CVE-2012-6658 EXPLOIT-DB SECUNIA OSVDB |
| synology — diskstation_manager | Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php. | 2014-09-12 | 4.3 | CVE-2012-1556 XF BID SECUNIA OSVDB BUGTRAQ |
| vmware — nsx | VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors. | 2014-09-15 | 5.0 | CVE-2014-3796 |
| wireshark — wireshark | Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors. | 2014-09-20 | 5.0 | CVE-2014-6421 CONFIRM CONFIRM |
| wireshark — wireshark | The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector. | 2014-09-20 | 5.0 | CVE-2014-6422 CONFIRM CONFIRM |
| wireshark — wireshark | The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line. | 2014-09-20 | 5.0 | CVE-2014-6423 CONFIRM CONFIRM |
| wireshark — wireshark | The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet. | 2014-09-20 | 5.0 | CVE-2014-6424 CONFIRM CONFIRM |
| wireshark — wireshark | The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing ” character. | 2014-09-20 | 5.0 | CVE-2014-6425 CONFIRM CONFIRM |
| wireshark — wireshark | The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | 2014-09-20 | 5.0 | CVE-2014-6426 CONFIRM |
| wireshark — wireshark | Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position. | 2014-09-20 | 5.0 | CVE-2014-6427 CONFIRM CONFIRM |
| wireshark — wireshark | The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2014-09-20 | 5.0 | CVE-2014-6428 CONFIRM CONFIRM |
| wireshark — wireshark | The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | 2014-09-20 | 5.0 | CVE-2014-6429 CONFIRM CONFIRM |
| wireshark — wireshark | The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | 2014-09-20 | 5.0 | CVE-2014-6430 CONFIRM CONFIRM |
| wireshark — wireshark | Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer. | 2014-09-20 | 5.0 | CVE-2014-6431 CONFIRM CONFIRM |
| wireshark — wireshark | The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | 2014-09-20 | 5.0 | CVE-2014-6432 CONFIRM CONFIRM |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple — iphone_os | Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. | 2014-09-18 | 2.1 | CVE-2014-4352 APPLE |
| apple — iphone_os | Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen. | 2014-09-18 | 2.1 | CVE-2014-4356 APPLE |
| apple — apple_tv | Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log. | 2014-09-18 | 2.1 | CVE-2014-4357 APPLE APPLE |
| apple — iphone_os | Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number. | 2014-09-18 | 2.1 | CVE-2014-4367 APPLE |
| apple — apple_tv | The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421. | 2014-09-18 | 1.9 | CVE-2014-4371 APPLE APPLE |
| apple — apple_tv | syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file. | 2014-09-18 | 3.6 | CVE-2014-4372 APPLE APPLE |
| apple — iphone_os | Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle. | 2014-09-18 | 1.9 | CVE-2014-4384 APPLE |
| apple — iphone_os | Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access. | 2014-09-18 | 1.9 | CVE-2014-4386 APPLE |
| apple — mac_os_x | The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table. | 2014-09-19 | 2.1 | CVE-2014-4403 |
| apple — apple_tv | The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4420, and CVE-2014-4421. | 2014-09-18 | 1.9 | CVE-2014-4419 APPLE APPLE |
| apple — apple_tv | The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4421. | 2014-09-18 | 1.9 | CVE-2014-4420 APPLE APPLE |
| apple — apple_tv | The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4420. | 2014-09-18 | 1.9 | CVE-2014-4421 APPLE APPLE |
| ibm — storwize_v7000_unified_software | IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file. | 2014-09-15 | 2.1 | CVE-2014-3077 XF |
| ibm — filenet_content_foundation | Cross-site scripting (XSS) vulnerability in Content Navigator in Content Engine in IBM FileNet Content Manager 5.2.x before 5.2.0.3-P8CPE-IF003 and Content Foundation 5.2.x before 5.2.0.3-P8CPE-IF003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2014-09-15 | 3.5 | CVE-2014-4763 XF |
| schneider-electric — clearscada | Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2014-09-18 | 3.5 | CVE-2014-5411 |
| yealink — gigabit_color_ip_phone_sip-t32g | Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com. | 2014-09-17 | 3.5 | CVE-2012-1417 XF BID OSVDB EXPLOIT-DB SECUNIA MISC BUGTRAQ |
Â
This product is provided subject to this Notification and this Privacy & Use policy.