Original release date: December 01, 2014
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe — air | Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors. | 2014-11-25 | 7.5 | CVE-2014-8439 |
apptha — contus_video_gallery | Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow (1) remote attackers to execute arbitrary SQL commands via the vid parameter in a myextract action to wp-admin/admin-ajax.php or (2) remote authenticated users to execute arbitrary SQL commands via the playlistId parameter in the newplaylist page or (3) videoId parameter in a newvideo page to wp-admin/admin.php. | 2014-11-26 | 7.5 | CVE-2014-9097 BID MISC |
arris — vap2500_firmware | Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors. | 2014-11-28 | 10.0 | CVE-2014-8423 MISC |
arris — vap2500_firmware | ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication. | 2014-11-28 | 7.8 | CVE-2014-8424 MISC |
arris — vap2500_firmware | The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files. | 2014-11-28 | 7.8 | CVE-2014-8425 MISC |
arubanetworks — clearpass_policy_manager | SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2014-11-25 | 7.5 | CVE-2014-8367 XF SECUNIA |
arubanetworks — airwave | The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors. | 2014-11-25 | 9.0 | CVE-2014-8368 XF SECUNIA |
cisco — openh264 | Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. | 2014-11-25 | 7.5 | CVE-2014-8001 |
cisco — openh264 | Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. | 2014-11-25 | 7.5 | CVE-2014-8002 |
cononical — ubuntu | mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors. | 2014-11-25 | 7.2 | CVE-2014-1421 |
cybozu — dezie | Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages. | 2014-11-23 | 9.0 | CVE-2014-5314 JVNDB JVN |
dell — sonicwall_analyzer | The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors. | 2014-11-25 | 9.0 | CVE-2014-8420 MISC |
digium — asterisk | The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules. | 2014-11-24 | 7.5 | CVE-2014-8413 |
digium — asterisk | The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol. | 2014-11-24 | 9.0 | CVE-2014-8418 |
documentfoundation — libreoffice | LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file. | 2014-11-26 | 7.5 | CVE-2014-9093 CONFIRM MLIST MLIST |
enalean — tuleap | Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function. | 2014-11-28 | 9.3 | CVE-2014-7178 MISC FULLDISC |
flac — libflac | Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. | 2014-11-26 | 7.5 | CVE-2014-8962 MISC CONFIRM BUGTRAQ MISC |
flac — libflac | Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. | 2014-11-26 | 7.5 | CVE-2014-9028 MISC CONFIRM BUGTRAQ MISC |
gogits — gogs | SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues. | 2014-11-21 | 7.5 | CVE-2014-8681 CONFIRM XF EXPLOIT-DB FULLDISC MISC CONFIRM |
gogits — gogs | Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go. | 2014-11-21 | 7.5 | CVE-2014-8682 CONFIRM XF BID BUGTRAQ EXPLOIT-DB FULLDISC MISC CONFIRM |
justsystems — ichitaro | Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen; and Ichitaro 2014 Tetsu allows remote attackers to execute arbitrary code via a crafted file. | 2014-11-25 | 10.0 | CVE-2014-7247 JVNDB JVN |
manageengine — oputils | The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to “disclose” files via a crafted filename, related to “saveFile.” | 2014-11-25 | 7.8 | CVE-2014-8678 MISC |
mantisbt — mantisbt | Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php. | 2014-11-28 | 7.5 | CVE-2014-9089 MLIST MLIST |
moodle — moodle | The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack. | 2014-11-24 | 7.5 | CVE-2014-7845 MLIST |
php — php | Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding. | 2014-11-22 | 7.5 | CVE-2014-8626 CONFIRM CONFIRM CONFIRM MLIST CONFIRM |
pligg — pligg_cms | Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter. | 2014-11-26 | 7.5 | CVE-2014-9096 CONFIRM CONFIRM BID FULLDISC MISC |
raritan — power_iq | Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records. | 2014-11-26 | 7.5 | CVE-2014-9095 SECUNIA FULLDISC MISC |
siemens — simatic_pcs7 | The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets. | 2014-11-26 | 10.0 | CVE-2014-8551 |
wibu — codemeter_runtime | Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file. | 2014-11-26 | 7.2 | CVE-2014-8419 BUGTRAQ MISC |
xen — xen | The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE. | 2014-11-24 | 7.1 | CVE-2014-9030 XF BID |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
cisco — adaptive_security_appliance_software | The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888. | 2014-11-27 | 5.0 | CVE-2014-3407 |
cisco — ios_xr | Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378. | 2014-11-25 | 5.0 | CVE-2014-8004 |
cisco — ios_xr | Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239. | 2014-11-25 | 5.0 | CVE-2014-8005 |
digitalzoomstudio — video_gallery | Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter. | 2014-11-26 | 4.3 | CVE-2014-9094 MISC FULLDISC |
digium — asterisk | The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package. | 2014-11-26 | 4.0 | CVE-2014-6609 |
digium — asterisk | Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application. | 2014-11-26 | 4.0 | CVE-2014-6610 |
digium — asterisk | The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry. | 2014-11-24 | 5.0 | CVE-2014-8412 |
digium — asterisk | ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media. | 2014-11-24 | 5.0 | CVE-2014-8414 CONFIRM |
digium — asterisk | Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing. | 2014-11-24 | 5.0 | CVE-2014-8415 |
digium — asterisk | Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up. | 2014-11-24 | 5.0 | CVE-2014-8416 |
digium — asterisk | ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action. | 2014-11-24 | 6.5 | CVE-2014-8417 |
directwebremoting — direct_web_remoting | The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2014-11-23 | 5.0 | CVE-2014-5325 JVNDB JVN |
directwebremoting — direct_web_remoting | Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-11-23 | 4.3 | CVE-2014-5326 JVNDB JVN |
drupal — drupal | Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions. | 2014-11-24 | 6.8 | CVE-2014-9015 MLIST MLIST DEBIAN SECUNIA |
drupal — drupal | The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request. | 2014-11-24 | 5.0 | CVE-2014-9016 MLIST MLIST MLIST DEBIAN SECUNIA |
dukapress_project — dukapress | Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php. | 2014-11-28 | 5.0 | CVE-2014-8799 XF EXPLOIT-DB MISC |
gnu — glibc | The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing “$((`…`))”. | 2014-11-24 | 4.3 | CVE-2014-7817 CONFIRM CONFIRM XF BID MLIST |
gogits — gogs | Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown. | 2014-11-21 | 4.3 | CVE-2014-8683 XF BUGTRAQ FULLDISC MISC CONFIRM |
huawei — e3236_firmware | Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors. | 2014-11-21 | 6.8 | CVE-2014-5395 BID |
ibm — sterling_selling_and_fulfillment_foundation | Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a ” character. | 2014-11-22 | 4.0 | CVE-2014-4807 XF |
ibm — qradar_risk_manager | Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 2014-11-27 | 6.8 | CVE-2014-4829 XF |
ibm — qradar_risk_manager | IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors. | 2014-11-27 | 5.8 | CVE-2014-4831 XF |
ibm — qradar_risk_manager | IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. | 2014-11-27 | 4.3 | CVE-2014-4832 XF |
ibm — qradar_risk_manager | IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, place credentials in URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | 2014-11-27 | 5.0 | CVE-2014-6075 XF |
ibm — security_network_protection_xgs_5000 | IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors. | 2014-11-22 | 4.0 | CVE-2014-6183 CONFIRM |
ibm — web_experience_factory | Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere Portal configuration, leading to improper construction of a response page by an application. | 2014-11-25 | 4.3 | CVE-2014-6196 XF AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
iwip_project — iwip | resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets. | 2014-11-27 | 5.0 | CVE-2014-4883 CERT-VN |
jexperts — channel_platform | JExperts Channel Platform 5.0.33_CCB allows remote authenticated users to bypass access restrictions via crafted action and key parameters. | 2014-11-25 | 6.5 | CVE-2014-8558 FULLDISC MISC |
jqueryui — jquery_ui | Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. | 2014-11-24 | 4.3 | CVE-2010-5312 XF MLIST MLIST |
jqueryui — jquery_ui | Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo. | 2014-11-24 | 4.3 | CVE-2012-6662 XF MLIST MLIST |
kunena — kunena | Multiple SQL injection vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote authenticated users to execute arbitrary SQL commands via the index value in an array parameter, as demonstrated by the topics[] parameter in an unfavorite action to index.php. | 2014-11-26 | 6.5 | CVE-2014-9102 BID MISC |
kunena — kunena | Multiple cross-site scripting (XSS) vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) index value of an array parameter or the filename parameter in the Content-Disposition header to the (2) file or (3) profile image upload functionality. | 2014-11-26 | 4.3 | CVE-2014-9103 BID MISC |
mantisbt — mantisbt | MantisBT before 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a request to the download URL. | 2014-11-24 | 4.0 | CVE-2014-8988 XF BID MLIST CONFIRM MLIST |
matrikonopc — dnp3_opc_server | MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote attackers to cause a denial of service (unhandled exception and DNP3 process crash) via a crafted message. | 2014-11-27 | 5.0 | CVE-2014-5426 MISC |
moodle — moodle | lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role to access the get_grades web service. | 2014-11-24 | 4.0 | CVE-2014-7831 MLIST CONFIRM |
moodle — moodle | mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by viewing an activity instance. | 2014-11-24 | 4.0 | CVE-2014-7832 MLIST CONFIRM |
moodle — moodle | mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by accessing the database after an edit by a teacher. | 2014-11-24 | 4.0 | CVE-2014-7833 MLIST CONFIRM |
moodle — moodle | mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service. | 2014-11-24 | 4.0 | CVE-2014-7834 MLIST CONFIRM |
moodle — moodle | Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a (1) mod/lti/request_tool.php or (2) mod/lti/instructor_edit_tool_type.php request. | 2014-11-24 | 6.8 | CVE-2014-7836 MLIST |
moodle — moodle | mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to remove wiki pages by leveraging delete access within a different subwiki. | 2014-11-24 | 5.5 | CVE-2014-7837 MLIST |
moodle — moodle | Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within (1) mod/forum/deprecatedlib.php, (2) mod/forum/forum.js, (3) mod/forum/index.php, or (4) mod/forum/lib.php. | 2014-11-24 | 6.8 | CVE-2014-7838 MLIST |
moodle — moodle | tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access restrictions via an AJAX request. | 2014-11-24 | 4.0 | CVE-2014-7846 MLIST |
moodle — moodle | iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote attackers to cause a denial of service (resource consumption) by triggering the calculation of an estimated latitude and longitude for an IP address. | 2014-11-24 | 5.0 | CVE-2014-7847 MLIST |
moodle — moodle | lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. | 2014-11-24 | 5.0 | CVE-2014-7848 MLIST |
moodle — moodle | lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts. | 2014-11-24 | 4.3 | CVE-2014-9059 MLIST |
moodle — moodle | The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not properly restrict the parameters used in a return URL, which allows remote attackers to trigger the generation of arbitrary messages via a modified URL, related to mod/lti/locallib.php and mod/lti/return.php. | 2014-11-24 | 5.0 | CVE-2014-9060 CONFIRM MLIST |
moxi9 — phpfox | Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header. | 2014-11-21 | 4.3 | CVE-2014-8469 XF BID EXPLOIT-DB FULLDISC MISC |
open-xchange — open-xchange_appsuite | SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call. | 2014-11-21 | 6.5 | CVE-2014-7871 XF BID BUGTRAQ MISC |
openstack — neutron | OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration. | 2014-11-24 | 4.0 | CVE-2014-7821 XF SECUNIA |
openswan — openswan | Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466. | 2014-11-26 | 5.0 | CVE-2014-2037 BID MLIST MLIST |
openvpn — openvpn_access_server | Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) disconnecting established VPN sessions, (2) connect to arbitrary VPN servers, or (3) create VPN profiles and execute arbitrary commands via crafted API requests. | 2014-11-26 | 6.8 | CVE-2014-9104 MISC MISC BUGTRAQ FULLDISC |
oracle — database_server | Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, and CVE-2014-6547. NOTE: this issue was originally mapped to CVE-2014-4301, but CVE-2014-4301 is for an unrelated vulnerability. | 2014-11-23 | 6.8 | CVE-2014-6477 |
paidmembershipspro — paid_memberships_pro | Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php. | 2014-11-28 | 5.0 | CVE-2014-8801 XF BID EXPLOIT-DB MISC MISC |
polarssl — polarssl | PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors. | 2014-11-24 | 5.0 | CVE-2014-8627 SECUNIA SUSE |
redhat — resteasy | DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors. | 2014-11-25 | 6.4 | CVE-2014-7839 SECUNIA |
redhat — freeipa | Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation. | 2014-11-28 | 4.3 | CVE-2014-7850 |
ruby-lang — ruby | The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080. | 2014-11-21 | 5.0 | CVE-2014-8090 |
siemens — simatic_pcs7 | The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets. | 2014-11-26 | 5.0 | CVE-2014-8552 |
simple_email_form_project — simple_email_form | Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the mod_simpleemailform_field2_1 parameter to index.php. | 2014-11-21 | 4.3 | CVE-2014-8539 MISC BID BUGTRAQ MISC |
skalfa — oxwall | Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1.7.0 (build 7907 and 7906) and SkaDate Lite 2.0 (build 7651) allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks or possibly have other unspecified impact via the (1) label parameter to admin/users/roles/, (2) lang[1][base][questions_account_type_5615100a931845eca8da20cfdf7327e0] in an AddAccountType action or (3) qst_name parameter in an addQuestion action to admin/questions/ajax-responder/, or (4) form_name or (5) restrictedUsername parameter to admin/restricted-usernames. | 2014-11-26 | 6.8 | CVE-2014-9101 MISC MISC BID EXPLOIT-DB MISC MISC OSVDB OSVDB OSVDB OSVDB |
squid-cache — squid | The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet. | 2014-11-26 | 6.4 | CVE-2014-7141 CONFIRM MLIST MLIST MLIST |
squid-cache — squid | The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. | 2014-11-26 | 6.4 | CVE-2014-7142 CONFIRM MLIST MLIST MLIST |
ubuntu — apparmor | apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a “miscompilation flaw.” | 2014-11-24 | 6.4 | CVE-2014-1424 |
whydowork_adsense_project — whydowork_adsense | Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the whydowork_adsense page in wp-admin/options-general.php. | 2014-11-26 | 6.8 | CVE-2014-9099 BID MISC |
whydowork_adsense_project — whydowork_adsense | Cross-site scripting (XSS) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the idcode parameter in the whydowork_adsense page to wp-admin/options-general.php. | 2014-11-26 | 4.3 | CVE-2014-9100 BID MISC |
wireshark — wireshark | The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. | 2014-11-22 | 5.0 | CVE-2014-8710 CONFIRM CONFIRM |
wireshark — wireshark | Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet. | 2014-11-22 | 5.0 | CVE-2014-8711 CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2014-11-22 | 5.0 | CVE-2014-8712 CONFIRM CONFIRM |
wireshark — wireshark | Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2014-11-22 | 5.0 | CVE-2014-8713 CONFIRM CONFIRM |
wireshark — wireshark | The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | 2014-11-22 | 5.0 | CVE-2014-8714 CONFIRM CONFIRM CONFIRM |
wordpress — wordpress | Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post. | 2014-11-25 | 4.3 | CVE-2014-9031 MLIST MISC |
wordpress — wordpress | Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-11-25 | 4.3 | CVE-2014-9032 MLIST |
wordpress — wordpress | Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that reset passwords. | 2014-11-25 | 6.8 | CVE-2014-9033 MLIST |
wordpress — wordpress | wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016. | 2014-11-25 | 5.0 | CVE-2014-9034 MLIST |
wordpress — wordpress | Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-11-25 | 4.3 | CVE-2014-9035 MLIST |
wordpress — wordpress | Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post. | 2014-11-25 | 4.3 | CVE-2014-9036 MLIST |
wordpress — wordpress | WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash. | 2014-11-25 | 6.8 | CVE-2014-9037 MLIST |
wordpress — wordpress | wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource. | 2014-11-25 | 6.4 | CVE-2014-9038 MLIST |
wordpress — wordpress | wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message. | 2014-11-25 | 4.3 | CVE-2014-9039 MLIST |
xavoc — xepan_cms | Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the owner/users page. | 2014-11-28 | 6.8 | CVE-2014-8429 MISC BUGTRAQ |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apptha — contus_video_gallery | Multiple cross-site scripting (XSS) vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly before 2014-07-23, for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the videoadssearchQuery parameter to (1) videoads/videoads.php, (2) video/video.php, or (3) playlist/playlist.php. | 2014-11-26 | 3.5 | CVE-2014-9098 BID MISC |
check_diskio_project — check_diskio | The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows local users to write to arbitrary files via a symlink attack on a temporary file with a predictable name (tmp/check_diskio_status-*-*). | 2014-11-28 | 3.6 | CVE-2014-8994 XF BID MLIST MLIST |
ibm — websphere_portal | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2014-11-25 | 3.5 | CVE-2014-6093 XF |
liferay — liferay_portal | Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parameter in the comment field in an uploaded file. | 2014-11-24 | 3.5 | CVE-2014-8349 FULLDISC MISC |
mantisbt — mantisbt | Cross-site scripting (XSS) vulnerability in the selection list in the filters in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via a crafted config option, a different vulnerability than CVE-2014-8987. | 2014-11-24 | 3.5 | CVE-2014-8986 MLIST MLIST MLIST MLIST |
moodle — moodle | Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse capability to provide a searchcourse parameter. | 2014-11-24 | 3.5 | CVE-2014-7830 MLIST CONFIRM |
moodle — moodle | webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross-site scripting (XSS) attacks, by specifying the profile-picture area. | 2014-11-24 | 2.1 | CVE-2014-7835 CONFIRM MLIST CONFIRM |
python — pip | pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user. | 2014-11-24 | 2.1 | CVE-2014-8991 CONFIRM CONFIRM BID MLIST MLIST |
This product is provided subject to this Notification and this Privacy & Use policy.