Original release date: November 03, 2014
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| allplayer — allplayer | Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file. | 2014-10-30 | 7.5 | CVE-2013-7409 EXPLOIT-DB EXPLOIT-DB EXPLOIT-DB EXPLOIT-DB EXPLOIT-DB MISC MISC MISC MISC OSVDB |
| bss — continuity_cms | SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter. | 2014-10-30 | 7.5 | CVE-2014-3446 MISC XF FULLDISC |
| django_piston_project — django_piston | emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method. | 2014-10-26 | 7.5 | CVE-2011-4103 MISC CONFIRM MLIST DEBIAN |
| django_tastypie_project — django_tastypie | The from_yaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method. | 2014-10-26 | 7.5 | CVE-2011-4104 MISC CONFIRM MLIST |
| egroupware — egroupware | EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the call_user_func PHP function, as demonstrated using the newsettings[system] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2987. | 2014-10-26 | 8.5 | CVE-2014-2988 MISC BUGTRAQ |
| etiko — etiko_cms | Multiple SQL injection vulnerabilities in Etiko CMS allow remote attackers to execute arbitrary SQL commands via the (1) page_id parameter to loja/index.php or (2) article_id parameter to index.php. | 2014-10-28 | 7.5 | CVE-2014-8506 XF MISC |
| f5 — big-ip_analytics | F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value. | 2014-10-26 | 7.5 | CVE-2013-7408 BID |
| freebsd — freebsd | Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted DNS parameters in a router advertisement message. | 2014-10-27 | 10.0 | CVE-2014-3954 SECTRACK |
| gnu — wget | Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink. | 2014-10-29 | 9.3 | CVE-2014-4877 MISC MISC CONFIRM |
| ioquake3 — ioquake3_engine | server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, OpenArena, Tremulous, and other products, allows remote attackers to cause a denial of service (network traffic amplification) via a spoofed (1) getstatus or (2) rcon request. | 2014-10-27 | 7.8 | CVE-2010-5077 MISC MISC BUGTRAQ MLIST MISC DEBIAN MISC MISC |
| libproxy_project — libproxy | Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the http_proxy environment variable or a PAC file. | 2014-10-27 | 7.5 | CVE-2012-5580 CONFIRM CONFIRM CONFIRM XF BID |
| mcafee — network_data_loss_prevention | The MySQL database in McAfee Network Data Loss Prevention (NDLP) before 9.3 does not require a password, which makes it easier for remote attackers to obtain access. | 2014-10-29 | 7.5 | CVE-2014-8522 |
| mcafee — network_data_loss_prevention | Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information, affect integrity, or cause a denial of service via unknown vectors, related to simultaneous logins. | 2014-10-29 | 7.5 | CVE-2014-8530 |
| mcafee — network_data_loss_prevention | McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to execute arbitrary code via vectors related to ICMP redirection. | 2014-10-29 | 7.5 | CVE-2014-8533 |
| php — php | Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value. | 2014-10-29 | 7.5 | CVE-2014-3669 CONFIRM CONFIRM CONFIRM |
| python-gnupg_project — python-gnupg | The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using “$(” command-substitution sequences, a different vulnerability than CVE-2014-1928. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323. | 2014-10-25 | 7.5 | CVE-2014-1927 CONFIRM CONFIRM DEBIAN SECUNIA SECUNIA MLIST MLIST |
| quixplorer — quixplorer | Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the selitems[] parameter in a download_selected action to index.php. | 2014-10-26 | 7.8 | CVE-2013-1641 MISC CONFIRM CONFIRM MISC XF SECUNIA |
| wordpress — wordpress | PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable. | 2014-10-27 | 7.5 | CVE-2003-1599 XF BID OSVDB MLIST |
| xrms_crm_project — xrms_crm | SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php. | 2014-10-26 | 7.5 | CVE-2014-5520 BID MLIST MLIST EXPLOIT-DB FULLDISC MISC |
| zohocorp — manageengine_eventlog_analyzer | Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. | 2014-10-26 | 7.5 | CVE-2014-6037 MISC BID EXPLOIT-DB FULLDISC FULLDISC FULLDISC MISC OSVDB |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adaptivecomputing — torque_resource_manager | The tm_adopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 5.0.x, 4.5.x, 4.2.x, and earlier does not validate that the owner of the process also owns the adopted session id, which allows remote authenticated users to kill arbitrary processes via a crafted executable. | 2014-10-30 | 6.8 | CVE-2014-3684 DEBIAN SECUNIA SECUNIA MLIST MLIST |
| apache — cxf | The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service. | 2014-10-30 | 5.0 | CVE-2014-3584 XF BID SECUNIA MLIST |
| apache — cxf | Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors. | 2014-10-30 | 5.0 | CVE-2014-3623 CONFIRM XF BID SECUNIA MLIST |
| avamar_virtual_edition — 6.0 | EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call. | 2014-10-25 | 5.0 | CVE-2014-4624 XF CONFIRM SECTRACK SECTRACK BID BUGTRAQ SECUNIA SECUNIA MISC MISC BUGTRAQ |
| bottle_project — bottle | Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code. | 2014-10-25 | 6.8 | CVE-2014-3137 CONFIRM MLIST DEBIAN |
| cisco — asr901 | Cisco IOS 15.4(3)S0b on ASR901 devices makes incorrect decisions to use the CPU for IPv4 packet processing, which allows remote attackers to cause a denial of service (BGP neighbor flapping) by sending many crafted IPv4 packets, aka Bug ID CSCuo29736. | 2014-10-28 | 5.0 | CVE-2014-3293 |
| cisco — unified_communications_manager | SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089. | 2014-10-31 | 6.5 | CVE-2014-3366 |
| cisco — unified_communications_manager | Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589. | 2014-10-31 | 4.3 | CVE-2014-3372 |
| cisco — unified_communications_manager | Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550. | 2014-10-31 | 4.3 | CVE-2014-3373 |
| cisco — unified_communications_manager | Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582. | 2014-10-31 | 4.3 | CVE-2014-3374 |
| cisco — unified_communications_manager | Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597. | 2014-10-31 | 4.3 | CVE-2014-3375 |
| cisco — ios | The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406. | 2014-10-25 | 6.1 | CVE-2014-3409 |
| cobbler_project — cobbler | The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet. | 2014-10-26 | 6.8 | CVE-2011-4953 CONFIRM CONFIRM SUSE |
| cpuminer_project — cpuminer | Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overflow with a mining.notify request. | 2014-10-24 | 6.0 | CVE-2014-6251 FULLDISC |
| deeproot_linux — deepofix | The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind. | 2014-10-26 | 5.0 | CVE-2013-6796 XF BID OSVDB EXPLOIT-DB MISC |
| dell — equallogic_ps4000_firmware | Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI. | 2014-10-30 | 5.0 | CVE-2013-3304 MISC BID EXPLOIT-DB |
| egroupware — egroupware | Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an admin.uiaccounts.add_user action to index.php or (2) modify settings via the newsettings parameter in an admin.uiconfig.index action to index.php. NOTE: vector 2 can be used to execute arbitrary PHP code by leveraging CVE-2014-2988. | 2014-10-26 | 6.8 | CVE-2014-2987 MISC BUGTRAQ CONFIRM SECUNIA |
| electric_cloud — electriccommander | Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files. | 2014-10-24 | 4.6 | CVE-2014-7180 XF BID MISC MISC FULLDISC MISC |
| emc — avamar | EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. | 2014-10-25 | 5.0 | CVE-2014-4623 XF SECTRACK BID MISC BUGTRAQ |
| etiko — etiko_cms | Multiple cross-site scripting (XSS) vulnerabilities in Etiko CMS allow remote attackers to inject arbitrary web script or HTML via the (1) page_id parameter to loja/index.php or (2) article_id parameter to index.php. | 2014-10-28 | 4.3 | CVE-2014-8505 XF MISC |
| exponentcms — exponent_cms | Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php. | 2014-10-26 | 4.3 | CVE-2014-6635 XF MISC |
| f5 — big-ip_access_policy_manager | Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM, APM, ASM, GTM, and Link Controller 11.0.0 before 11.6.0 and 10.1.0 through 10.2.4, AAM 11.4.0 before 11.6.0, AFM and PEM 11.3.0 before 11.6.0, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0 and 10.1.0 through 10.2.4, and PSM 11.0.0 through 11.4.1 and 10.1.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-10-28 | 4.3 | CVE-2014-4023 |
| fal_sftp_project — fal_sftp | The fal_sftp extension before 0.2.6 for TYPO3 uses weak permissions for sFTP driver files and folders, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 2014-10-27 | 4.0 | CVE-2014-8327 XF |
| freebsd — freebsd | namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names. | 2014-10-27 | 5.0 | CVE-2014-3711 SECTRACK |
| freebsd — freebsd | routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RIP request from a source not on a directly connected network. | 2014-10-27 | 5.0 | CVE-2014-3955 SECTRACK SECUNIA |
| ghostscript — ghostscript | Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055. | 2014-10-26 | 4.4 | CVE-2010-4820 CONFIRM MISC BID BUGTRAQ MLIST MISC |
| gnu — eglibc | Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function. | 2014-10-27 | 6.8 | CVE-2011-2702 CONFIRM MISC MISC OSVDB MISC CONFIRM MLIST MLIST |
| hp — hp-ux | Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors. | 2014-10-30 | 4.9 | CVE-2014-7877 |
| ibm — tivoli_composite_application_manager_for_transactions | The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain credential information via a crafted certificate. | 2014-10-29 | 4.3 | CVE-2014-3051 XF |
| ibm — websphere_portal | Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to execute arbitrary code via unknown vectors. | 2014-10-28 | 6.5 | CVE-2014-4808 XF |
| ibm — websphere_portal | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 provides different web-server error codes depending on whether a requested file exists, which allows remote attackers to determine the validity of filenames via a series of requests. | 2014-10-28 | 5.0 | CVE-2014-4821 XF |
| ibm — tririga_application_platform | Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 2014-10-29 | 6.0 | CVE-2014-4839 XF |
| ibm — sterling_b2b_integrator | The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests, which makes it easier for remote attackers to obtain admin access via a brute-force approach. | 2014-10-26 | 5.0 | CVE-2014-6099 XF AIXAPAR AIXAPAR |
| ibm — business_process_manager | Cross-site scripting (XSS) vulnerability in the redirect-login feature in IBM Business Process Manager (BPM) Advanced 7.5 through 8.5.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2014-10-31 | 4.3 | CVE-2014-6101 XF |
| ibm — websphere_portal | Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 2014-10-28 | 6.8 | CVE-2014-6125 XF AIXAPAR |
| ibm — websphere_portal | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-10-28 | 4.3 | CVE-2014-6126 XF |
| ibm — tivoli_application_dependency_discovery_manager | Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors. | 2014-10-29 | 5.0 | CVE-2014-6149 XF |
| ignite_realtime — smack_api | The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2014-10-25 | 6.8 | CVE-2014-5075 SECUNIA CONFIRM |
| mcafee — network_data_loss_prevention | McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information via vectors related to open network ports. | 2014-10-29 | 5.0 | CVE-2014-8520 |
| mcafee — network_data_loss_prevention | Cross-site request forgery (CSRF) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2014-10-29 | 6.8 | CVE-2014-8523 |
| mcafee — network_data_loss_prevention | McAfee Network Data Loss Prevention (NDLP) before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote attackers to obtain sensitive information via unspecified vectors. | 2014-10-29 | 5.0 | CVE-2014-8524 |
| mcafee — network_data_loss_prevention | McAfee Network Data Loss Prevention (NDLP) before 9.3 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 2014-10-29 | 5.0 | CVE-2014-8525 |
| mcafee — network_data_loss_prevention | The TLS/SSL Server in McAfee Network Data Loss Prevention (NDLP) before 9.3 uses weak cipher algorithms, which makes it easier for remote authenticated users to execute arbitrary code via unspecified vectors. | 2014-10-29 | 6.5 | CVE-2014-8531 |
| mcafee — network_data_loss_prevention | McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to bypass intended restriction on unspecified functionality via unknown vectors. | 2014-10-29 | 4.6 | CVE-2014-8535 |
| not_yet_commons_ssl_project — not_yet_commons_ssl | Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject’s Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2014-10-24 | 6.8 | CVE-2014-3604 MISC MISC XF |
| openstack — juno | OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request. | 2014-10-26 | 6.0 | CVE-2014-3520 CONFIRM SECUNIA |
| payment_for_webform_project — payment_for_webform | The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment. | 2014-10-25 | 4.3 | CVE-2013-4594 SECUNIA MLIST |
| php — php | Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation. | 2014-10-29 | 5.0 | CVE-2014-3668 CONFIRM CONFIRM CONFIRM |
| php — php | The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function. | 2014-10-29 | 6.8 | CVE-2014-3670 CONFIRM CONFIRM CONFIRM |
| pidgin — pidgin | The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2014-10-29 | 6.4 | CVE-2014-3694 |
| pidgin — pidgin | markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response. | 2014-10-29 | 5.0 | CVE-2014-3695 |
| pidgin — pidgin | nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation. | 2014-10-29 | 5.0 | CVE-2014-3696 |
| pidgin — pidgin | Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme. | 2014-10-29 | 6.4 | CVE-2014-3697 |
| pidgin — pidgin | The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message. | 2014-10-29 | 5.0 | CVE-2014-3698 |
| process-one — ejabberd | ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption. | 2014-10-24 | 5.0 | CVE-2014-8760 MISC BID MLIST MLIST |
| python-gnupg_project — python-gnupg | The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using “” (backslash) characters to form multi-command sequences, a different vulnerability than CVE-2014-1927. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323. | 2014-10-25 | 4.6 | CVE-2014-1928 CONFIRM DEBIAN SECUNIA SECUNIA MLIST MLIST |
| python-gnupg_project — python-gnupg | python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to “option injection through positional arguments.” NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323. | 2014-10-25 | 4.4 | CVE-2014-1929 DEBIAN SECUNIA MLIST MLIST |
| redhat — cloudforms_3.0_management_engine | The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors. | 2014-10-26 | 5.0 | CVE-2014-0136 BID |
| robert_ancell — lightdm | lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact. | 2014-10-27 | 4.6 | CVE-2012-1111 CONFIRM CONFIRM MLIST MLIST SUSE |
| wp-football_project — wp-football | Multiple cross-site scripting (XSS) vulnerabilities in the wp-football plugin 1.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the league parameter to (1) football_classification.php, (2) football_criteria.php, (3) templates/template_default_preview.php, or (4) templates/template_worldCup_preview.php; the (5) f parameter to football-functions.php; the id parameter in an “action” action to (6) football_groups_list.php, (7) football_matches_list.php, (8) football_matches_phase.php, or (9) football_phases_list.php; or the (10) id_league parameter in a delete action to football_matches_load.php. | 2014-10-27 | 4.3 | CVE-2014-4586 MISC |
| wp_ban_project — wp_ban | WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header. | 2014-10-24 | 4.3 | CVE-2014-6230 MISC FULLDISC |
| xen — xen | Xen 4.4.x, when running on an ARM system and “handling an unknown system register access from 64-bit userspace,” returns to an instruction of the trap handler for kernel space faults instead of an instruction that is associated with faults in 64-bit userspace, which allows local guest users to cause a denial of service (crash) and possibly gain privileges via a crafted process. | 2014-10-26 | 4.4 | CVE-2014-5148 XF SECTRACK BID SECUNIA |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| blackberry — blackberry_os | The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle attackers to spoof servers and trigger the download of a crafted app by modifying the client-server data stream. | 2014-10-25 | 3.5 | CVE-2014-6611 SECUNIA |
| chkrootkit_project — chkrootkit | The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option. | 2014-10-25 | 3.7 | CVE-2014-0476 UBUNTU MLIST DEBIAN |
| d-bus_project — d-bus | D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call. | 2014-10-25 | 1.9 | CVE-2014-3636 MLIST DEBIAN SECUNIA |
| emc — networker | The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files. | 2014-10-25 | 2.1 | CVE-2014-4620 XF SECTRACK BID SECUNIA MISC BUGTRAQ |
| ibm — security_appscan_source | The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to this port. | 2014-10-26 | 1.8 | CVE-2014-4812 XF |
| ibm — websphere_portal | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 2014-10-28 | 3.5 | CVE-2014-4814 XF |
| ibm — api_management | IBM API Management 3.x before 3.0.1.0 allows local users to obtain sensitive ciphertext information via unspecified vectors. | 2014-10-26 | 2.1 | CVE-2014-6133 XF AIXAPAR |
| ibm — tivoli_application_dependency_discovery_manager | IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL. | 2014-10-31 | 3.5 | CVE-2014-6148 XF |
| ibm — tivoli_application_dependency_discovery_manager | Cross-site scripting (XSS) vulnerability in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.0 through 7.2.1.6 and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2014-10-31 | 3.5 | CVE-2014-6150 XF |
| ibm — tivoli_integrated_portal | CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 2014-10-25 | 3.5 | CVE-2014-6151 XF BID SECUNIA |
| ibm — tivoli_integrated_portal | Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Integrated Portal (TIP) 2.2.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2014-10-25 | 3.5 | CVE-2014-6152 XF BID SECUNIA |
| mcafee — endpoint_encryption_for_files_and_folders | The (1) Removable Media or (2) CD and DVD encryption offsite access options (formerly Endpoint Encryption for Removable Media or EERM) in McAfee File and Removable Media Protection (FRP) 4.3.0.x and Endpoint Encryption for Files and Folders (EEFF) 3.2.x through 4.2.x uses weak entropy, which make it easier fo local users to obtain passwords via a brute force attack. | 2014-10-29 | 2.1 | CVE-2014-8518 |
| mcafee — network_data_loss_prevention | Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to read arbitrary files via unknown vectors. | 2014-10-29 | 2.1 | CVE-2014-8519 |
| mcafee — network_data_loss_prevention | Cross-site scripting (XSS) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2014-10-29 | 3.5 | CVE-2014-8521 |
| mcafee — network_data_loss_prevention | McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information by reading a Java stack trace. | 2014-10-29 | 2.1 | CVE-2014-8526 |
| mcafee — network_data_loss_prevention | McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information and affect integrity via vectors related to a “plain text password.” | 2014-10-29 | 3.6 | CVE-2014-8527 |
| mcafee — network_data_loss_prevention | McAfee Network Data Loss Prevention (NDLP) before 9.3 logs session IDs, which allows local users to obtain sensitive information by reading the audit log. | 2014-10-29 | 2.1 | CVE-2014-8528 |
| mcafee — network_data_loss_prevention | McAfee Network Data Loss Prevention (NDLP) before 9.3 stores the SSH key in cleartext, which allows local users to obtain sensitive information via unspecified vectors. | 2014-10-29 | 2.1 | CVE-2014-8529 |
| mcafee — network_data_loss_prevention | Unspecified vulnerability in McAfee Network Data Loss Prevention before (NDLP) before 9.3 allows local users to obtain sensitive information and impact integrity via unknown vectors, related to partition mounting. | 2014-10-29 | 3.6 | CVE-2014-8532 |
| mcafee — network_data_loss_prevention | Unspecified vulnerability in the login form in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to cause a denial of service via a crafted value in the domain field. | 2014-10-29 | 2.1 | CVE-2014-8534 |
| mcafee — network_data_loss_prevention | McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading unspecified error messages. | 2014-10-29 | 2.1 | CVE-2014-8536 |
| mcafee — network_data_loss_prevention | McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading the logs. | 2014-10-29 | 2.1 | CVE-2014-8537 |
| vbulletin — vbulletin | Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.4.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name. | 2014-10-24 | 3.5 | CVE-2014-2021 MISC XF SECTRACK BID FULLDISC FULLDISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.