Original release date: October 13, 2014
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| alex_kellner — powermail | Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted extension, then accessing it via unspecified vectors. | 2014-10-03 | 7.5 | CVE-2014-3947 CONFIRM CONFIRM |
| alex_kellner — powermail | The powermail extension 2.x before 2.0.11 for TYPO3 allows remote attackers to bypass the CAPTCHA protection mechanism via unspecified vectors. | 2014-10-03 | 7.5 | CVE-2014-6288 CONFIRM |
| apache — shiro | Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password. | 2014-10-06 | 7.5 | CVE-2014-0074 FULLDISC REDHAT |
| apple — mac_os_x | The IOHIDSecurePromptClient function in Apple OS X does not properly validate pointer values, which allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted web site. | 2014-10-05 | 9.3 | CVE-2014-7861 MISC BID |
| arubanetworks — arubaos | Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain potentially sensitive information or add guest accounts, via an SSH session. | 2014-10-07 | 7.5 | CVE-2014-7299 |
| bassmaster_plugin_project — bassmaster_plugin | Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors. | 2014-10-08 | 10.0 | CVE-2014-7205 MISC CONFIRM XF BID MLIST |
| brocade — vyatta_5400_vrouter_software | The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command. | 2014-10-07 | 9.0 | CVE-2014-4868 |
| brocade — vyatta_5400_vrouter_software | /opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parameters, which allows local users to gain privileges by leveraging the sudo configuration. | 2014-10-07 | 7.2 | CVE-2014-4870 |
| chneider-electric — modicon_plc_ethernet_module | Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request. | 2014-10-03 | 10.0 | CVE-2014-0754 |
| cisco — asa | The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted SQL REDIRECT packets, aka Bug ID CSCum46027. | 2014-10-10 | 7.8 | CVE-2014-3382 |
| cisco — asa | The IKE implementation in the VPN component in Cisco ASA Software 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted UDP packets, aka Bug ID CSCul36176. | 2014-10-10 | 7.8 | CVE-2014-3383 |
| cisco — asa | The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted packet that is sent during tunnel creation, aka Bug ID CSCum96401. | 2014-10-10 | 7.8 | CVE-2014-3384 |
| cisco — asa | Race condition in the Health and Performance Monitoring (HPM) for ASDM feature in Cisco ASA Software 8.3 before 8.3(2.42), 8.4 before 8.4(7.11), 8.5 before 8.5(1.19), 8.6 before 8.6(1.13), 8.7 before 8.7(1.11), 9.0 before 9.0(4.8), and 9.1 before 9.1(4.5) allows remote attackers to cause a denial of service (device reload) via TCP traffic that triggers many half-open connections at the same time, aka Bug ID CSCum00556. | 2014-10-10 | 7.8 | CVE-2014-3385 |
| cisco — asa | The GPRS Tunneling Protocol (GTP) inspection engine in Cisco ASA Software 8.2 before 8.2(5.51), 8.4 before 8.4(7.15), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted series of GTP packets, aka Bug ID CSCum56399. | 2014-10-10 | 7.8 | CVE-2014-3386 |
| cisco — asa | The SunRPC inspection engine in Cisco ASA Software 7.2 before 7.2(5.14), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.3) allows remote attackers to cause a denial of service (device reload) via crafted SunRPC packets, aka Bug ID CSCun11074. | 2014-10-10 | 7.8 | CVE-2014-3387 |
| cisco — asa | The DNS inspection engine in Cisco ASA Software 9.0 before 9.0(4.13), 9.1 before 9.1(5.7), and 9.2 before 9.2(2) allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCuo68327. | 2014-10-10 | 7.8 | CVE-2014-3388 |
| cisco — asa | The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.6), and 9.3 before 9.3(1.1) does not properly implement a tunnel filter, which allows remote authenticated users to obtain failover-unit access via crafted packets, aka Bug ID CSCuq28582. | 2014-10-10 | 9.0 | CVE-2014-3389 |
| cisco — asr_9000_rsp440_router | Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133. | 2014-10-04 | 7.5 | CVE-2014-3396 |
| content_audit_project — content_audit | SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the “Audited content types” option in the content-audit page to wp-admin/options-general.php. | 2014-10-06 | 7.5 | CVE-2014-5389 CONFIRM MISC FULLDISC MISC |
| cyberoam — cyberoam_os | Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary code via a crafted webpage or file. | 2014-10-07 | 9.3 | CVE-2014-5501 MISC |
| cyberoam — cyberoam_os | The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode. | 2014-10-07 | 9.0 | CVE-2014-5502 MISC MISC MISC MISC |
| cyberoam — cyberoam_os | SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode. | 2014-10-07 | 10.0 | CVE-2014-5503 MISC |
| daniel_lienert — yet_another_gallery | The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) extension before 3.0.1 and Tools for Extbase development (pt_extbase) extension before 1.5.1 allows remote attackers to bypass access restrictions and execute arbitrary controller actions via unspecified vectors. | 2014-10-03 | 7.5 | CVE-2014-6289 CONFIRM CONFIRM |
| freepbx — freepbx | htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth coockie, related to the PHP unserialize function, as exploited in the wild in September 2014. | 2014-10-07 | 10.0 | CVE-2014-7235 CONFIRM XF BID SECUNIA MISC CONFIRM |
| gnu — glibc | The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. | 2014-10-06 | 7.5 | CVE-2014-4043 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM XF BID |
| google — chrome | Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h. | 2014-10-08 | 10.0 | CVE-2014-3188 CONFIRM CONFIRM |
| google — chrome | The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via unknown vectors. | 2014-10-08 | 7.5 | CVE-2014-3189 CONFIRM |
| google — chrome | Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that accesses the path property of an Event object. | 2014-10-08 | 7.5 | CVE-2014-3190 CONFIRM CONFIRM |
| google — chrome | Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers a widget-position update that improperly interacts with the render tree, related to the FrameView::updateLayoutAndStyleForPainting function in core/frame/FrameView.cpp and the RenderLayerScrollableArea::setScrollOffset function in core/rendering/RenderLayerScrollableArea.cpp. | 2014-10-08 | 7.5 | CVE-2014-3191 CONFIRM CONFIRM |
| google — chrome | Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2014-10-08 | 7.5 | CVE-2014-3192 CONFIRM CONFIRM |
| google — chrome | The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors that leverage “type confusion” for callback processing. | 2014-10-08 | 7.5 | CVE-2014-3193 CONFIRM |
| google — chrome | Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2014-10-08 | 7.5 | CVE-2014-3194 CONFIRM |
| google — chrome | base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors. | 2014-10-08 | 7.5 | CVE-2014-3196 CONFIRM CONFIRM CONFIRM |
| google — chrome | Multiple unspecified vulnerabilities in Google Chrome before 38.0.2125.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 2014-10-08 | 7.5 | CVE-2014-3200 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| google — chrome | Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, as used in Google Chrome before 38.0.2125.101, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 2014-10-08 | 7.5 | CVE-2014-7967 |
| gopro — gopro_hero | gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action. | 2014-10-07 | 10.0 | CVE-2014-6433 MISC |
| gopro — gopro_hero | gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action. | 2014-10-07 | 10.0 | CVE-2014-6434 MISC |
| hp — sprinter | Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2343. | 2014-10-09 | 7.5 | CVE-2014-2635 |
| hp — sprinter | Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2336. | 2014-10-09 | 7.5 | CVE-2014-2636 |
| hp — sprinter | Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2342. | 2014-10-09 | 7.5 | CVE-2014-2637 |
| hp — sprinter | Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2344. | 2014-10-09 | 7.5 | CVE-2014-2638 |
| hp — network_automation | Unspecified vulnerability in HP Network Automation 9.10 and 9.20 allows local users to bypass intended access restrictions via unknown vectors. | 2014-10-09 | 7.2 | CVE-2014-2646 |
| hp — operations_manager | Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors. | 2014-10-09 | 10.0 | CVE-2014-2648 |
| hp — operations_manager | Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors. | 2014-10-09 | 7.5 | CVE-2014-2649 |
| joomla — joomla! | Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication. | 2014-10-08 | 7.5 | CVE-2014-6632 SECUNIA SECUNIA CONFIRM |
| joomla — joomla! | SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2014-10-08 | 7.5 | CVE-2014-7981 |
| joomla — joomla! | Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication. | 2014-10-08 | 7.5 | CVE-2014-7984 CONFIRM |
| joyent — node.js | visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using “public-restricted” under a “public” directory. | 2014-10-08 | 7.5 | CVE-2014-6394 MISC MISC CONFIRM CONFIRM XF BID MLIST MLIST FEDORA FEDORA FEDORA |
| kennziffer — statistics | SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014. | 2014-10-03 | 7.5 | CVE-2014-6293 CONFIRM |
| mm_forum_project — mm_forum | Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | 2014-10-03 | 7.5 | CVE-2014-6298 |
| mmonit — m/monit | M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409. | 2014-10-06 | 7.5 | CVE-2014-6607 EXPLOIT-DB FULLDISC MISC |
| news_project — news | The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an “insecure unserialize” issue. | 2014-10-03 | 7.5 | CVE-2014-6290 |
| openstack — neutron | The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression. | 2014-10-07 | 7.6 | CVE-2014-3632 |
| oracle — solaris | Multiple unspecified vulnerabilities in libXtsol in Oracle Solaris 10 and 11.1 have unspecified impact and attack vectors related to “Buffer errors.” | 2014-10-06 | 10.0 | CVE-2014-0397 CONFIRM XF BID |
| owncloud — owncloud | Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program. | 2014-10-06 | 7.5 | CVE-2014-2044 MISC XF BID BUGTRAQ OSVDB EXPLOIT-DB SECUNIA FULLDISC MISC |
| phpcompta — phpcompta/noalyss | backup.php in PHPCompta/NOALYSS before 6.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the d parameter. | 2014-10-06 | 7.5 | CVE-2014-6389 XF EXPLOIT-DB FULLDISC MISC |
| rejetto — http_file_server | The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action. | 2014-10-07 | 7.5 | CVE-2014-6287 CERT-VN MISC MISC |
| rejetto — http_file_server | The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols. | 2014-10-09 | 7.5 | CVE-2014-7226 BID EXPLOIT-DB MISC |
| rockwellautomation — ab_micrologix_controller | The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 1766-Lxxxxx A FRN controllers 7 and earlier and 1400 1766-Lxxxxx B FRN controllers before 15.001 allows remote attackers to cause a denial of service (process disruption) via malformed packets over (1) an Ethernet network or (2) a serial line. | 2014-10-03 | 7.1 | CVE-2014-5410 |
| testlink — testlink | Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php. | 2014-10-08 | 9.0 | CVE-2014-5308 MISC CONFIRM BID EXPLOIT-DB FULLDISC FULLDISC MISC OSVDB |
| tp-link — firmware | Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for requests that (1) enable FTP access (aka “FTP directory traversal”) to /tmp via the shareEntire parameter to userRpm/NasFtpCfgRpm.htm, (2) change the FTP administrative password via the nas_admin_pwd parameter to userRpm/NasUserAdvRpm.htm, (3) enable FTP on the WAN interface via the internetA parameter to userRpm/NasFtpCfgRpm.htm, (4) launch the FTP service via the startFtp parameter to userRpm/NasFtpCfgRpm.htm, or (5) enable or disable bandwidth limits via the QoSCtrl parameter to userRpm/QoSCfgRpm.htm. | 2014-10-05 | 9.3 | CVE-2013-2645 MISC |
| wec_map_project — wec_map | SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2014-10-03 | 7.5 | CVE-2014-6295 |
| x2engine — x2engine | The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery (SSRF) attacks via crafted serialized data in the report parameter. | 2014-10-09 | 7.5 | CVE-2014-5297 BUGTRAQ FULLDISC MISC MISC |
| xmonad — xmonad-contrab | The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 allows remote attackers to execute arbitrary commands via a web page title, which activates the commands when the user clicks on the xmobar window title, as demonstrated using an action tag. | 2014-10-06 | 7.5 | CVE-2013-1436 BID MLIST GENTOO |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adaptivecomputing — moab | Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote attackers to bypass the signature check, impersonate arbitrary users, and execute commands via a message without a signature. | 2014-10-08 | 5.0 | CVE-2014-5300 XF BID BUGTRAQ EXPLOIT-DB MISC |
| adaptivecomputing — moab | The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 does not properly validate the message owner matches the submitting user, which allows remote authenticated users to impersonate arbitrary users via the UserId and Owner tags. | 2014-10-08 | 4.0 | CVE-2014-5375 XF BID BUGTRAQ MISC |
| adaptivecomputing — moab | Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a pre-generated key is used, does not validate that the requesting user matches the actor in the message, which allows remote authenticated users to impersonate arbitrary users via the actor field in a message. | 2014-10-08 | 4.0 | CVE-2014-5376 XF BID BUGTRAQ MISC |
| adobe — digital_editions | Adobe Digital Editions (DE) 4 does not use encryption for transmission of data to adelogs.adobe.com, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by book-navigation information. | 2014-10-09 | 5.0 | CVE-2014-8068 CONFIRM CONFIRM |
| alphabetic_sitemap_project — alphabetic_sitemap | Cross-site scripting (XSS) vulnerability in the Alphabetic Sitemap (alpha_sitemap) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-10-03 | 4.3 | CVE-2014-6291 |
| bmc — bmc_track-it! | BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page. | 2014-10-10 | 4.0 | CVE-2014-4874 |
| brocade — vyatta_5400_vrouter_software | The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group. | 2014-10-07 | 5.0 | CVE-2014-4869 |
| cisco — adaptive_security_appliance_software | The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain potentially sensitive software-version information by reading the verbose response data that is provided for a request to an unspecified URL, aka Bug ID CSCuq65542. | 2014-10-04 | 5.0 | CVE-2014-3398 |
| cisco — adaptive_security_appliance_software | The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information during creation of a SharePoint handler, which allows remote authenticated users to overwrite arbitrary RAMFS cache files or inject Lua programs, and consequently cause a denial of service (portal outage or system reload), via crafted HTTP requests, aka Bug ID CSCup54208. | 2014-10-07 | 5.5 | CVE-2014-3399 |
| cisco — webex_meetings_server | Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344. | 2014-10-04 | 4.0 | CVE-2014-3400 |
| cisco — ios_xe | The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647. | 2014-10-09 | 5.0 | CVE-2014-3403 |
| cisco — ios_xe | The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to trigger acceptance of an invalid message via crafted messages, aka Bug ID CSCuq22677. | 2014-10-09 | 4.3 | CVE-2014-3404 |
| cisco — ios_xe | Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces, which allows remote attackers to conduct route-injection attacks via crafted RPL advertisements on an ANI interface, aka Bug ID CSCuq22673. | 2014-10-09 | 4.8 | CVE-2014-3405 |
| debian — apt-cacher | Cross-site scripting (XSS) vulnerability in job.cc in apt-cacher-ng 0.7.26 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2014-10-06 | 4.3 | CVE-2014-4510 CONFIRM BID MISC MLIST MLIST MISC |
| debian — exuberant_ctags | jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file. | 2014-10-07 | 5.0 | CVE-2014-7204 CONFIRM MLIST DEBIAN MISC |
| drupal — mayo | Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the “administer themes” permission to inject arbitrary web script or HTML via vectors related to header background setting. | 2014-10-09 | 4.0 | CVE-2014-8079 XF BID SECUNIA OSVDB |
| elasticsearch — elasticsearch | Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-10-09 | 4.3 | CVE-2014-6439 BID BUGTRAQ MISC |
| embarcadero — embarcadero_c++builder_xe6 | Heap-based buffer overflow in the ReadDIB function in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows context-dependent attackers to execute arbitrary code via the BITMAPINFOHEADER.biClrUsed field in a BMP file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0993. | 2014-10-06 | 6.8 | CVE-2014-0994 MISC FULLDISC |
| eng — spagobi | The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL document. | 2014-10-08 | 6.8 | CVE-2014-7296 BID |
| external_links_click_statistics_project — external_links_click_statistics | Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-10-03 | 4.3 | CVE-2014-6294 |
| femanager_project — femanager | The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors. | 2014-10-03 | 6.4 | CVE-2014-6292 |
| getmail — getmail | The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate. | 2014-10-07 | 6.8 | CVE-2014-7273 CONFIRM MLIST |
| getmail — getmail | The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority. | 2014-10-07 | 6.8 | CVE-2014-7274 CONFIRM MLIST |
| getmail — getmail | The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate. | 2014-10-07 | 6.8 | CVE-2014-7275 CONFIRM MLIST |
| golang — go | crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors. | 2014-10-07 | 4.3 | CVE-2014-7189 CONFIRM XF BID MLIST |
| google — chrome | Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site. | 2014-10-08 | 6.8 | CVE-2014-3187 MISC CONFIRM MISC |
| google — chrome | Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_ArrayConcat function in runtime.cc. | 2014-10-08 | 5.0 | CVE-2014-3195 CONFIRM CONFIRM CONFIRM |
| google — chrome | The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site. | 2014-10-08 | 5.0 | CVE-2014-3197 CONFIRM CONFIRM |
| google — chrome | The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 2014-10-08 | 5.0 | CVE-2014-3198 CONFIRM |
| google — chrome | The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 38.0.2125.101, has an erroneous fallback outcome for wrapper-selection failures, which allows remote attackers to cause a denial of service via vectors that trigger stopping a worker process that had been handling an Event object. | 2014-10-08 | 5.0 | CVE-2014-3199 CONFIRM CONFIRM |
| google — chrome | core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar. | 2014-10-09 | 5.0 | CVE-2014-3201 CONFIRM CONFIRM |
| hp — systems_insight_manager | Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote authenticated users to gain privileges via unknown vectors. | 2014-10-04 | 6.5 | CVE-2014-2643 |
| hp — systems_insight_manager | Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 2014-10-05 | 4.3 | CVE-2014-2644 |
| hp — systems_insight_manager | HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to conduct clickjacking attacks via unknown vectors. | 2014-10-04 | 4.3 | CVE-2014-2645 |
| hp — records_manager | Cross-site scripting (XSS) vulnerability in HP Records Manager before 7.3.5 and 8.x before 8.1 Patch 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-10-09 | 4.3 | CVE-2014-4661 |
| ibm — tivoli_service_automation_manager | Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Service Automation Manager 7.2.2.2 before 7.2.2.2-TIV-TSAM-LA0041 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) REST API or (2) Self Service UI. | 2014-10-07 | 4.3 | CVE-2014-0940 XF |
| ibm — business_process_manager | The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 through 8.5.5 does not properly restrict task and instance listings in result sets, which allows remote authenticated users to bypass authorization checks and obtain sensitive information by executing a saved search. | 2014-10-07 | 4.0 | CVE-2014-4802 XF |
| jolokia — jolokia | Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page. | 2014-10-06 | 6.8 | CVE-2014-0168 CONFIRM |
| joomla — joomla! | Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-10-08 | 4.3 | CVE-2014-6631 SECUNIA |
| joomla — joomla! | Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors. | 2014-10-08 | 5.0 | CVE-2014-7229 |
| joomla — joomla! | Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-10-08 | 4.3 | CVE-2014-7982 |
| joomla — joomla! | Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-10-08 | 4.3 | CVE-2014-7983 |
| libgadu — libgadu | libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. | 2014-10-09 | 4.3 | CVE-2013-4488 FEDORA CONFIRM BID MLIST MANDRIVA MLIST |
| libvirt — libvirt | The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read. | 2014-10-06 | 5.8 | CVE-2014-3633 REDHAT CONFIRM |
| libvirt — libvirt | The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command. | 2014-10-06 | 5.0 | CVE-2014-3657 REDHAT CONFIRM |
| libvncserver — libvncserver | The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message. | 2014-10-06 | 4.3 | CVE-2014-6054 MISC CONFIRM UBUNTU MLIST SECUNIA SECUNIA MLIST |
| mm_forum_project — mm_forum | Cross-site scripting (XSS) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-10-03 | 4.3 | CVE-2014-6297 |
| mm_forum_project — mm_forum | Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspecified vectors. | 2014-10-03 | 6.8 | CVE-2014-6299 |
| mmonit — m/monit | Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update. | 2014-10-06 | 6.8 | CVE-2014-6409 XF EXPLOIT-DB FULLDISC MISC |
| net-snmp — net-snmp | snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message. | 2014-10-07 | 5.0 | CVE-2014-3565 CONFIRM CONFIRM SUSE |
| netcommwireless — nb604n | Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter. | 2014-10-07 | 4.3 | CVE-2014-4871 |
| openinfosecfoundation — suricata | The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service (crash), or possibly have unspecified other impact via a crafted banner, which triggers a large memory allocation or an out-of-bounds write. | 2014-10-07 | 5.0 | CVE-2014-6603 XF BID BUGTRAQ FULLDISC MISC FEDORA FEDORA |
| openstack — cinder | The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header. | 2014-10-08 | 4.0 | CVE-2014-3641 CONFIRM BID MLIST |
| perl — cgi_application_module | The CGI::Application module 4.50 and earlier for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function. | 2014-10-06 | 5.0 | CVE-2013-7329 MISC CONFIRM CONFIRM CONFIRM XF BID MLIST FEDORA FEDORA |
| python — python | Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a “buffer” function. | 2014-10-08 | 6.4 | CVE-2014-7185 CONFIRM XF BID MLIST MLIST FEDORA CONFIRM |
| redhat — conga | Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension. | 2014-10-06 | 5.0 | CVE-2013-6496 CONFIRM |
| redhat — cloudforms_3.0.1_management_engine | Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request. | 2014-10-06 | 4.0 | CVE-2014-0140 CONFIRM |
| redhat — conga | The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL. | 2014-10-06 | 5.5 | CVE-2014-3521 CONFIRM |
| redhat — cloudforms_3.0.1_management_engine | vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an “insecure send method.” | 2014-10-06 | 6.5 | CVE-2014-3642 CONFIRM |
| restlet — restlet_framework | Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack. | 2014-10-06 | 5.0 | CVE-2014-1868 CONFIRM XF SECUNIA |
| rexx-systems — recruitment | Incomplete blacklist vulnerability in the user registration feature in rexx Recruitment R6.1 and R7 without “fixes from 2014-01-15” allows remote attackers to conduct cross-site scripting (XSS) attacks via the oninput event handler in the fname parameter to the default URI in /reg. | 2014-10-06 | 4.3 | CVE-2014-1224 MISC BUGTRAQ SECUNIA FULLDISC |
| wec_map_project — wec_map | Cross-site scripting (XSS) vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-10-03 | 4.3 | CVE-2014-6296 |
| x2engine — x2engine | FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated using a PHP program. | 2014-10-09 | 5.0 | CVE-2014-5298 CONFIRM BUGTRAQ FULLDISC MISC MISC |
| zeromq — zeromq | stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request. | 2014-10-08 | 4.3 | CVE-2014-7202 CONFIRM XF BID MLIST MLIST |
| zeromq — zeromq | libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors. | 2014-10-08 | 4.3 | CVE-2014-7203 CONFIRM XF BID MLIST MLIST |
| zyxel — sbg3300-n | Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified “welcome message” form data that is improperly handled during rendering of the loginMessage list item, a different vulnerability than CVE-2014-7278. | 2014-10-04 | 4.3 | CVE-2014-7277 BUGTRAQ |
| zyxel — sbg3300-n | The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified “welcome message” form data that is improperly handled during use for the loginMsg variable’s value, a different vulnerability than CVE-2014-7277. | 2014-10-04 | 5.0 | CVE-2014-7278 BUGTRAQ |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cspan — capture-tiny | The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file. | 2014-10-06 | 3.6 | CVE-2014-1875 CONFIRM CONFIRM CONFIRM CONFIRM XF BID SECUNIA MLIST MLIST OSVDB FEDORA FEDORA CONFIRM |
| drupal — context_form_alteration_module | Cross-site scripting (XSS) vulnerability in the configuration UI in the Context Form Alteration module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the “administer contexts” permission to inject arbitrary web script or HTML via unspecified vectors. | 2014-10-06 | 3.5 | CVE-2014-7869 BID SECUNIA |
| drupal — custom_search_module | Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with the “administer custom search” permission to inject arbitrary web script or HTML via the “Label text” field to admin/config/search/custom_search/results. | 2014-10-06 | 3.5 | CVE-2014-7870 FULLDISC |
| drupal — bluemasters | Cross-site scripting (XSS) vulnerability in the BlueMasters theme 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the “administer themes” permission to inject arbitrary web script or HTML via vectors related to theme settings. | 2014-10-08 | 3.5 | CVE-2014-7978 XF BID SECUNIA |
| drupal — simplecorp | Cross-site scripting (XSS) vulnerability in the SimpleCorp theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the “administer themes” permission to inject arbitrary web script or HTML via vectors related to theme settings. | 2014-10-08 | 3.5 | CVE-2014-7979 XF BID SECUNIA |
| drupal — zen | Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the “administer themes” permission to inject arbitrary web script or HTML via the skip_link_text setting and unspecified other theme settings. | 2014-10-08 | 3.5 | CVE-2014-7980 BID SECUNIA |
| drupal — tribune | Cross-site scripting (XSS) vulnerability in the Tribune module 6.x-1.x and 7.x-3.x for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title. | 2014-10-09 | 3.5 | CVE-2014-8075 XF BID OSVDB |
| drupal — professional_theme | Cross-site scripting (XSS) vulnerability in the Professional theme 7.x before 7.x-2.04 for Drupal allows remote authenticated users with the “administer themes” permission to inject arbitrary web script or HTML via vectors related to custom copyright information. | 2014-10-09 | 3.5 | CVE-2014-8076 XF SECUNIA |
| drupal — newsflash | Cross-site scripting (XSS) vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the “administer themes” permission to inject arbitrary web script or HTML via vectors related to font family CSS property. | 2014-10-09 | 3.5 | CVE-2014-8077 XF BID SECUNIA |
| drupal — print | Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 6.x-1.x before 6.x-1.19, 7.x-1.x before 7.x-1.3, and 7.x-2.x before 7.x-2.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes. | 2014-10-09 | 3.5 | CVE-2014-8078 XF SECUNIA |
| gnupg — libgcrypt | Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576. | 2014-10-09 | 2.1 | CVE-2014-5270 MISC MLIST |
| mediawiki — mediawiki | The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css. | 2014-10-07 | 3.5 | CVE-2014-7295 MLIST DEBIAN MLIST |
| openstack — compute | The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2573. | 2014-10-06 | 2.7 | CVE-2014-3608 CONFIRM MLIST |
| openstack — cinder | The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log. | 2014-10-08 | 2.1 | CVE-2014-7230 CONFIRM XF BID MLIST |
| openstack — cinder | The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log. | 2014-10-08 | 2.1 | CVE-2014-7231 CONFIRM XF BID MLIST |
| splunk — splunk | Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file. | 2014-10-09 | 3.5 | CVE-2014-3147 SECTRACK |
This product is provided subject to this Notification and this Privacy & Use policy.