SB14-307: Vulnerability Summary for the Week of October 27, 2014

Original release date: November 03, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
allplayer — allplayer Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file. 2014-10-30 7.5 CVE-2013-7409
EXPLOIT-DB
EXPLOIT-DB
EXPLOIT-DB
EXPLOIT-DB
EXPLOIT-DB
MISC
MISC
MISC
MISC
OSVDB
bss — continuity_cms SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter. 2014-10-30 7.5 CVE-2014-3446
MISC
XF
FULLDISC
django_piston_project — django_piston emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method. 2014-10-26 7.5 CVE-2011-4103
MISC
CONFIRM
MLIST
DEBIAN
django_tastypie_project — django_tastypie The from_yaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method. 2014-10-26 7.5 CVE-2011-4104
MISC
CONFIRM
MLIST
egroupware — egroupware EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the call_user_func PHP function, as demonstrated using the newsettings[system] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2987. 2014-10-26 8.5 CVE-2014-2988
MISC
BUGTRAQ
etiko — etiko_cms Multiple SQL injection vulnerabilities in Etiko CMS allow remote attackers to execute arbitrary SQL commands via the (1) page_id parameter to loja/index.php or (2) article_id parameter to index.php. 2014-10-28 7.5 CVE-2014-8506
XF
MISC
f5 — big-ip_analytics F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value. 2014-10-26 7.5 CVE-2013-7408
BID
freebsd — freebsd Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted DNS parameters in a router advertisement message. 2014-10-27 10.0 CVE-2014-3954
SECTRACK
gnu — wget Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink. 2014-10-29 9.3 CVE-2014-4877
MISC
MISC
CONFIRM
ioquake3 — ioquake3_engine server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, OpenArena, Tremulous, and other products, allows remote attackers to cause a denial of service (network traffic amplification) via a spoofed (1) getstatus or (2) rcon request. 2014-10-27 7.8 CVE-2010-5077
MISC
MISC
BUGTRAQ
MLIST
MISC
DEBIAN
MISC
MISC
libproxy_project — libproxy Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the http_proxy environment variable or a PAC file. 2014-10-27 7.5 CVE-2012-5580
CONFIRM
CONFIRM
CONFIRM
XF
BID
mcafee — network_data_loss_prevention The MySQL database in McAfee Network Data Loss Prevention (NDLP) before 9.3 does not require a password, which makes it easier for remote attackers to obtain access. 2014-10-29 7.5 CVE-2014-8522
mcafee — network_data_loss_prevention Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information, affect integrity, or cause a denial of service via unknown vectors, related to simultaneous logins. 2014-10-29 7.5 CVE-2014-8530
mcafee — network_data_loss_prevention McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to execute arbitrary code via vectors related to ICMP redirection. 2014-10-29 7.5 CVE-2014-8533
php — php Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value. 2014-10-29 7.5 CVE-2014-3669
CONFIRM
CONFIRM
CONFIRM
python-gnupg_project — python-gnupg The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using “$(” command-substitution sequences, a different vulnerability than CVE-2014-1928. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323. 2014-10-25 7.5 CVE-2014-1927
CONFIRM
CONFIRM
DEBIAN
SECUNIA
SECUNIA
MLIST
MLIST
quixplorer — quixplorer Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the selitems[] parameter in a download_selected action to index.php. 2014-10-26 7.8 CVE-2013-1641
MISC
CONFIRM
CONFIRM
MISC
XF
SECUNIA
wordpress — wordpress PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable. 2014-10-27 7.5 CVE-2003-1599
XF
BID
OSVDB
MLIST
xrms_crm_project — xrms_crm SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php. 2014-10-26 7.5 CVE-2014-5520
BID
MLIST
MLIST
EXPLOIT-DB
FULLDISC
MISC
zohocorp — manageengine_eventlog_analyzer Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. 2014-10-26 7.5 CVE-2014-6037
MISC
BID
EXPLOIT-DB
FULLDISC
FULLDISC
FULLDISC
MISC
OSVDB

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adaptivecomputing — torque_resource_manager The tm_adopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 5.0.x, 4.5.x, 4.2.x, and earlier does not validate that the owner of the process also owns the adopted session id, which allows remote authenticated users to kill arbitrary processes via a crafted executable. 2014-10-30 6.8 CVE-2014-3684
DEBIAN
SECUNIA
SECUNIA
MLIST
MLIST
apache — cxf The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service. 2014-10-30 5.0 CVE-2014-3584
XF
BID
SECUNIA
MLIST
apache — cxf Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors. 2014-10-30 5.0 CVE-2014-3623
CONFIRM
XF
BID
SECUNIA
MLIST
avamar_virtual_edition — 6.0 EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call. 2014-10-25 5.0 CVE-2014-4624
XF
CONFIRM
SECTRACK
SECTRACK
BID
BUGTRAQ
SECUNIA
SECUNIA
MISC
MISC
BUGTRAQ
bottle_project — bottle Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code. 2014-10-25 6.8 CVE-2014-3137
CONFIRM
MLIST
DEBIAN
cisco — asr901 Cisco IOS 15.4(3)S0b on ASR901 devices makes incorrect decisions to use the CPU for IPv4 packet processing, which allows remote attackers to cause a denial of service (BGP neighbor flapping) by sending many crafted IPv4 packets, aka Bug ID CSCuo29736. 2014-10-28 5.0 CVE-2014-3293
cisco — unified_communications_manager SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089. 2014-10-31 6.5 CVE-2014-3366
cisco — unified_communications_manager Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589. 2014-10-31 4.3 CVE-2014-3372
cisco — unified_communications_manager Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550. 2014-10-31 4.3 CVE-2014-3373
cisco — unified_communications_manager Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582. 2014-10-31 4.3 CVE-2014-3374
cisco — unified_communications_manager Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597. 2014-10-31 4.3 CVE-2014-3375
cisco — ios The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406. 2014-10-25 6.1 CVE-2014-3409
cobbler_project — cobbler The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet. 2014-10-26 6.8 CVE-2011-4953
CONFIRM
CONFIRM
SUSE
cpuminer_project — cpuminer Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overflow with a mining.notify request. 2014-10-24 6.0 CVE-2014-6251
FULLDISC
deeproot_linux — deepofix The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind. 2014-10-26 5.0 CVE-2013-6796
XF
BID
OSVDB
EXPLOIT-DB
MISC
dell — equallogic_ps4000_firmware Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI. 2014-10-30 5.0 CVE-2013-3304
MISC
BID
EXPLOIT-DB
egroupware — egroupware Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an admin.uiaccounts.add_user action to index.php or (2) modify settings via the newsettings parameter in an admin.uiconfig.index action to index.php. NOTE: vector 2 can be used to execute arbitrary PHP code by leveraging CVE-2014-2988. 2014-10-26 6.8 CVE-2014-2987
MISC
BUGTRAQ
CONFIRM
SECUNIA
electric_cloud — electriccommander Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files. 2014-10-24 4.6 CVE-2014-7180
XF
BID
MISC
MISC
FULLDISC
MISC
emc — avamar EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. 2014-10-25 5.0 CVE-2014-4623
XF
SECTRACK
BID
MISC
BUGTRAQ
etiko — etiko_cms Multiple cross-site scripting (XSS) vulnerabilities in Etiko CMS allow remote attackers to inject arbitrary web script or HTML via the (1) page_id parameter to loja/index.php or (2) article_id parameter to index.php. 2014-10-28 4.3 CVE-2014-8505
XF
MISC
exponentcms — exponent_cms Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php. 2014-10-26 4.3 CVE-2014-6635
XF
MISC
f5 — big-ip_access_policy_manager Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM, APM, ASM, GTM, and Link Controller 11.0.0 before 11.6.0 and 10.1.0 through 10.2.4, AAM 11.4.0 before 11.6.0, AFM and PEM 11.3.0 before 11.6.0, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0 and 10.1.0 through 10.2.4, and PSM 11.0.0 through 11.4.1 and 10.1.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-10-28 4.3 CVE-2014-4023
fal_sftp_project — fal_sftp The fal_sftp extension before 0.2.6 for TYPO3 uses weak permissions for sFTP driver files and folders, which allows remote authenticated users to obtain sensitive information via unspecified vectors. 2014-10-27 4.0 CVE-2014-8327
XF
freebsd — freebsd namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names. 2014-10-27 5.0 CVE-2014-3711
SECTRACK
freebsd — freebsd routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RIP request from a source not on a directly connected network. 2014-10-27 5.0 CVE-2014-3955
SECTRACK
SECUNIA
ghostscript — ghostscript Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055. 2014-10-26 4.4 CVE-2010-4820
CONFIRM
MISC
BID
BUGTRAQ
MLIST
MISC
gnu — eglibc Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function. 2014-10-27 6.8 CVE-2011-2702
CONFIRM
MISC
MISC
OSVDB
MISC
CONFIRM
MLIST
MLIST
hp — hp-ux Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors. 2014-10-30 4.9 CVE-2014-7877
ibm — tivoli_composite_application_manager_for_transactions The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain credential information via a crafted certificate. 2014-10-29 4.3 CVE-2014-3051
XF
ibm — websphere_portal Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to execute arbitrary code via unknown vectors. 2014-10-28 6.5 CVE-2014-4808
XF
ibm — websphere_portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 provides different web-server error codes depending on whether a requested file exists, which allows remote attackers to determine the validity of filenames via a series of requests. 2014-10-28 5.0 CVE-2014-4821
XF
ibm — tririga_application_platform Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. 2014-10-29 6.0 CVE-2014-4839
XF
ibm — sterling_b2b_integrator The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests, which makes it easier for remote attackers to obtain admin access via a brute-force approach. 2014-10-26 5.0 CVE-2014-6099
XF
AIXAPAR
AIXAPAR
ibm — business_process_manager Cross-site scripting (XSS) vulnerability in the redirect-login feature in IBM Business Process Manager (BPM) Advanced 7.5 through 8.5.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2014-10-31 4.3 CVE-2014-6101
XF
ibm — websphere_portal Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. 2014-10-28 6.8 CVE-2014-6125
XF
AIXAPAR
ibm — websphere_portal Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-10-28 4.3 CVE-2014-6126
XF
ibm — tivoli_application_dependency_discovery_manager Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors. 2014-10-29 5.0 CVE-2014-6149
XF
ignite_realtime — smack_api The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. 2014-10-25 6.8 CVE-2014-5075
SECUNIA
CONFIRM
mcafee — network_data_loss_prevention McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information via vectors related to open network ports. 2014-10-29 5.0 CVE-2014-8520
mcafee — network_data_loss_prevention Cross-site request forgery (CSRF) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. 2014-10-29 6.8 CVE-2014-8523
mcafee — network_data_loss_prevention McAfee Network Data Loss Prevention (NDLP) before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote attackers to obtain sensitive information via unspecified vectors. 2014-10-29 5.0 CVE-2014-8524
mcafee — network_data_loss_prevention McAfee Network Data Loss Prevention (NDLP) before 9.3 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. 2014-10-29 5.0 CVE-2014-8525
mcafee — network_data_loss_prevention The TLS/SSL Server in McAfee Network Data Loss Prevention (NDLP) before 9.3 uses weak cipher algorithms, which makes it easier for remote authenticated users to execute arbitrary code via unspecified vectors. 2014-10-29 6.5 CVE-2014-8531
mcafee — network_data_loss_prevention McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to bypass intended restriction on unspecified functionality via unknown vectors. 2014-10-29 4.6 CVE-2014-8535
not_yet_commons_ssl_project — not_yet_commons_ssl Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject’s Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. 2014-10-24 6.8 CVE-2014-3604
MISC
MISC
XF
openstack — juno OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request. 2014-10-26 6.0 CVE-2014-3520
CONFIRM
SECUNIA
payment_for_webform_project — payment_for_webform The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment. 2014-10-25 4.3 CVE-2013-4594
SECUNIA
MLIST
php — php Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation. 2014-10-29 5.0 CVE-2014-3668
CONFIRM
CONFIRM
CONFIRM
php — php The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function. 2014-10-29 6.8 CVE-2014-3670
CONFIRM
CONFIRM
CONFIRM
pidgin — pidgin The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2014-10-29 6.4 CVE-2014-3694
pidgin — pidgin markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response. 2014-10-29 5.0 CVE-2014-3695
pidgin — pidgin nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation. 2014-10-29 5.0 CVE-2014-3696
pidgin — pidgin Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme. 2014-10-29 6.4 CVE-2014-3697
pidgin — pidgin The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message. 2014-10-29 5.0 CVE-2014-3698
process-one — ejabberd ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption. 2014-10-24 5.0 CVE-2014-8760
MISC
BID
MLIST
MLIST
python-gnupg_project — python-gnupg The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using “” (backslash) characters to form multi-command sequences, a different vulnerability than CVE-2014-1927. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323. 2014-10-25 4.6 CVE-2014-1928
CONFIRM
DEBIAN
SECUNIA
SECUNIA
MLIST
MLIST
python-gnupg_project — python-gnupg python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to “option injection through positional arguments.” NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323. 2014-10-25 4.4 CVE-2014-1929
DEBIAN
SECUNIA
MLIST
MLIST
redhat — cloudforms_3.0_management_engine The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors. 2014-10-26 5.0 CVE-2014-0136
BID
robert_ancell — lightdm lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact. 2014-10-27 4.6 CVE-2012-1111
CONFIRM
CONFIRM
MLIST
MLIST
SUSE
wp-football_project — wp-football Multiple cross-site scripting (XSS) vulnerabilities in the wp-football plugin 1.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the league parameter to (1) football_classification.php, (2) football_criteria.php, (3) templates/template_default_preview.php, or (4) templates/template_worldCup_preview.php; the (5) f parameter to football-functions.php; the id parameter in an “action” action to (6) football_groups_list.php, (7) football_matches_list.php, (8) football_matches_phase.php, or (9) football_phases_list.php; or the (10) id_league parameter in a delete action to football_matches_load.php. 2014-10-27 4.3 CVE-2014-4586
MISC
wp_ban_project — wp_ban WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header. 2014-10-24 4.3 CVE-2014-6230
MISC
FULLDISC
xen — xen Xen 4.4.x, when running on an ARM system and “handling an unknown system register access from 64-bit userspace,” returns to an instruction of the trap handler for kernel space faults instead of an instruction that is associated with faults in 64-bit userspace, which allows local guest users to cause a denial of service (crash) and possibly gain privileges via a crafted process. 2014-10-26 4.4 CVE-2014-5148
XF
SECTRACK
BID
SECUNIA

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
blackberry — blackberry_os The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle attackers to spoof servers and trigger the download of a crafted app by modifying the client-server data stream. 2014-10-25 3.5 CVE-2014-6611
SECUNIA
chkrootkit_project — chkrootkit The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option. 2014-10-25 3.7 CVE-2014-0476
UBUNTU
MLIST
DEBIAN
d-bus_project — d-bus D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call. 2014-10-25 1.9 CVE-2014-3636
MLIST
DEBIAN
SECUNIA
emc — networker The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files. 2014-10-25 2.1 CVE-2014-4620
XF
SECTRACK
BID
SECUNIA
MISC
BUGTRAQ
ibm — security_appscan_source The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to this port. 2014-10-26 1.8 CVE-2014-4812
XF
ibm — websphere_portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. 2014-10-28 3.5 CVE-2014-4814
XF
ibm — api_management IBM API Management 3.x before 3.0.1.0 allows local users to obtain sensitive ciphertext information via unspecified vectors. 2014-10-26 2.1 CVE-2014-6133
XF
AIXAPAR
ibm — tivoli_application_dependency_discovery_manager IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL. 2014-10-31 3.5 CVE-2014-6148
XF
ibm — tivoli_application_dependency_discovery_manager Cross-site scripting (XSS) vulnerability in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.0 through 7.2.1.6 and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2014-10-31 3.5 CVE-2014-6150
XF
ibm — tivoli_integrated_portal CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. 2014-10-25 3.5 CVE-2014-6151
XF
BID
SECUNIA
ibm — tivoli_integrated_portal Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Integrated Portal (TIP) 2.2.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2014-10-25 3.5 CVE-2014-6152
XF
BID
SECUNIA
mcafee — endpoint_encryption_for_files_and_folders The (1) Removable Media or (2) CD and DVD encryption offsite access options (formerly Endpoint Encryption for Removable Media or EERM) in McAfee File and Removable Media Protection (FRP) 4.3.0.x and Endpoint Encryption for Files and Folders (EEFF) 3.2.x through 4.2.x uses weak entropy, which make it easier fo local users to obtain passwords via a brute force attack. 2014-10-29 2.1 CVE-2014-8518
mcafee — network_data_loss_prevention Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to read arbitrary files via unknown vectors. 2014-10-29 2.1 CVE-2014-8519
mcafee — network_data_loss_prevention Cross-site scripting (XSS) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2014-10-29 3.5 CVE-2014-8521
mcafee — network_data_loss_prevention McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information by reading a Java stack trace. 2014-10-29 2.1 CVE-2014-8526
mcafee — network_data_loss_prevention McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information and affect integrity via vectors related to a “plain text password.” 2014-10-29 3.6 CVE-2014-8527
mcafee — network_data_loss_prevention McAfee Network Data Loss Prevention (NDLP) before 9.3 logs session IDs, which allows local users to obtain sensitive information by reading the audit log. 2014-10-29 2.1 CVE-2014-8528
mcafee — network_data_loss_prevention McAfee Network Data Loss Prevention (NDLP) before 9.3 stores the SSH key in cleartext, which allows local users to obtain sensitive information via unspecified vectors. 2014-10-29 2.1 CVE-2014-8529
mcafee — network_data_loss_prevention Unspecified vulnerability in McAfee Network Data Loss Prevention before (NDLP) before 9.3 allows local users to obtain sensitive information and impact integrity via unknown vectors, related to partition mounting. 2014-10-29 3.6 CVE-2014-8532
mcafee — network_data_loss_prevention Unspecified vulnerability in the login form in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to cause a denial of service via a crafted value in the domain field. 2014-10-29 2.1 CVE-2014-8534
mcafee — network_data_loss_prevention McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading unspecified error messages. 2014-10-29 2.1 CVE-2014-8536
mcafee — network_data_loss_prevention McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading the logs. 2014-10-29 2.1 CVE-2014-8537
vbulletin — vbulletin Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.4.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name. 2014-10-24 3.5 CVE-2014-2021
MISC
XF
SECTRACK
BID
FULLDISC
FULLDISC
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Leave a Reply