Original release date: December 08, 2014
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| canto — canto_curses | canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed. | 2014-12-03 | 7.5 | CVE-2013-7416 CONFIRM CONFIRM XF BID MLIST MLIST |
| cchgroup — prosystem_fx_engagement | CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4) P2EWinService service files in PFX Engagement, which allows local users to obtain LocalSystem privileges via a Trojan horse file. | 2014-12-02 | 7.2 | CVE-2014-9113 MISC EXPLOIT-DB MISC |
| creative_minds — cm_download_manager | The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function. | 2014-12-05 | 10.0 | CVE-2014-8877 CONFIRM BID BUGTRAQ MISC MISC |
| fujitsu — arrows_kiss_f-03d | FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors. | 2014-12-05 | 7.2 | CVE-2014-7253 |
| google_doc_embedder_project — google_doc_embedder | SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter. | 2014-12-02 | 7.5 | CVE-2014-9173 CONFIRM XF EXPLOIT-DB MISC OSVDB |
| graphviz — graphviz | Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string. | 2014-12-03 | 7.5 | CVE-2014-9157 CONFIRM XF BID SECUNIA MLIST MLIST |
| hikvision — dvr_ds-7204_firmware | Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization header. | 2014-12-08 | 7.5 | CVE-2014-4880 EXPLOIT-DB MISC |
| huawei — p2-6011_firmware | The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors. | 2014-12-05 | 7.2 | CVE-2014-2273 MISC XF BID |
| huawei — honor_cube_wireless_router_ws860s | Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C02B222 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | 2014-12-03 | 10.0 | CVE-2014-9134 BID |
| internet_initiative_japan — seil_b1_firmware | The (1) PPP Access Concentrator (PPPAC) and (2) Dial-Up Networking Internet Initiative Japan Inc. SEIL series routers SEIL/x86 Fuji 1.00 through 3.22; SEIL/X1, SEIL/X2, and SEIL/B1 1.00 through 4.62; SEIL/Turbo 1.82 through 2.18; and SEIL/neu 2FE Plus 1.82 through 2.18 allow remote attackers to cause a denial of service (restart) via crafted (a) GRE or (b) MPPE packets. | 2014-12-05 | 7.8 | CVE-2014-7256 JVNDB JVN |
| invisionpower — invision_power_board | SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter. | 2014-12-03 | 7.5 | CVE-2014-9239 FULLDISC |
| lsyncd_project — lsyncd | default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. | 2014-12-05 | 7.5 | CVE-2014-8990 CONFIRM CONFIRM CONFIRM BID MLIST MLIST FEDORA FEDORA |
| manageengine — desktop_central | SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to LinkViewFetchServlet.dat. | 2014-12-05 | 7.5 | CVE-2014-3996 MISC MISC FULLDISC |
| manageengine — it360 | SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat. | 2014-12-05 | 7.5 | CVE-2014-3997 MISC MISC FULLDISC |
| mybb — mybb | SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register action. | 2014-12-03 | 7.5 | CVE-2014-9240 MISC |
| openvas — openvas_manager | SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. | 2014-12-02 | 7.5 | CVE-2014-9220 MLIST |
| ossec — ossec | host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed. | 2014-12-01 | 7.2 | CVE-2014-5284 EXPLOIT-DB MISC |
| pbboard — pbboard | SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email parameter in the register page to index.php. NOTE: the email parameter in the forget page vector is already covered by CVE-2012-4034.2. | 2014-12-05 | 7.5 | CVE-2014-9215 MISC BUGTRAQ MISC |
| proticaret — proticaret | SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request. | 2014-12-03 | 7.5 | CVE-2014-9237 FULLDISC MISC |
| services_project — services | The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password. | 2014-12-01 | 7.5 | CVE-2014-9151 |
| services_project — services | The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess the password via a brute force attack. | 2014-12-01 | 7.5 | CVE-2014-9152 |
| smartypantsplugins — sp_project_&_document_manager | Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) vendor_email[] parameter in the email_vendor function or id parameter in the (2) download_project, (3) download_archive, or (4) remove_cat function. | 2014-12-02 | 7.5 | CVE-2014-9178 XF BUGTRAQ MISC EXPLOIT-DB MISC |
| subex — roc_fraud_management_system | SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ranger_user[name] parameter. | 2014-12-02 | 7.5 | CVE-2014-8728 EXPLOIT-DB |
| technicolor — td5130_router_firmware | Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter). | 2014-12-05 | 7.5 | CVE-2014-9144 BUGTRAQ EXPLOIT-DB MISC |
| thomsonreuters — fixed_assets_cs | The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program. | 2014-12-02 | 7.2 | CVE-2014-9141 MISC |
| websitebaker — websitebaker | SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | 2014-12-03 | 7.5 | CVE-2014-9242 FULLDISC MISC |
| wpdatatables — wpdatatables | SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a get_wdtable action to wp-admin/admin-ajax.php. | 2014-12-02 | 7.5 | CVE-2014-9175 XF BID MISC EXPLOIT-DB MISC |
| zohocorp — manageengine_opmanager | Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter. | 2014-12-04 | 7.5 | CVE-2014-6035 MISC FULLDISC |
| zohocorp — manageengine_it360 | SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeName parameter. | 2014-12-04 | 7.5 | CVE-2014-7867 |
| zohocorp — manageengine_it360 | Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet. | 2014-12-04 | 7.5 | CVE-2014-7868 MISC FULLDISC |
| zte — zxdsl | ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges. | 2014-12-02 | 10.0 | CVE-2014-9183 MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| ad-manager_project — ad-manager | Open redirect vulnerability in track-click.php in the Ad-Manager plugin 1.1.2 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the out parameter. | 2014-12-02 | 4.3 | CVE-2014-8754 XF MISC FULLDISC MISC |
| adobe — acrobat | Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568. | 2014-11-29 | 6.4 | CVE-2014-9150 MISC |
| ait-pro — bulletproof_security | Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter. | 2014-12-01 | 5.0 | CVE-2014-8749 FULLDISC |
| altitude — altitude_unified_customer_interaction | Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent in Altitude uCI (Unified Customer Interaction) 7.5 allow remote attackers to inject arbitrary web script or HTML via (1) an email hyperlink or the (2) style parameter in the image attribute section. | 2014-12-05 | 4.3 | CVE-2014-9212 MISC |
| anchorcms — anchor_cms | models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header. | 2014-12-02 | 4.3 | CVE-2014-9182 MISC |
| antiword_project — antiword | Buffer overflow in the bGetPPS function in wordole.c in Antiword 0.37 allows remote attackers to cause a denial of service (crash) via a crafted document. | 2014-12-05 | 5.0 | CVE-2014-8123 BID MLIST MLIST |
| apache — hadoop | The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache. | 2014-12-05 | 5.0 | CVE-2014-3627 SECUNIA SECUNIA |
| avatar_uploader_project — avatar_uploader | Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (dot dot) in the path of a cropped picture in the uploader panel. | 2014-12-01 | 4.0 | CVE-2014-9155 |
| clamav — clamav | Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.95.4 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file. | 2014-12-01 | 5.0 | CVE-2014-9050 CONFIRM BID MLIST SECUNIA SECUNIA FEDORA |
| creative_minds — cm_download_manager | Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_title parameter in the CMDM_admin_settings page to wp-admin/admin.php. | 2014-12-05 | 6.8 | CVE-2014-9129 BID BUGTRAQ MISC |
| d-link — dcs-2103_hd_cube_network_camera_firmware | Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | 2014-12-03 | 5.0 | CVE-2014-9234 FULLDISC MISC |
| d-link — dcs-2103_hd_cube_network_camera_firmware | D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character. | 2014-12-03 | 5.0 | CVE-2014-9238 FULLDISC MISC |
| eleanor-cms — eleanor_cms | Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERY_STRING. | 2014-12-02 | 5.0 | CVE-2014-9180 MISC |
| emc — rsa_adaptive_authentication_on-premise | RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication. | 2014-12-08 | 5.0 | CVE-2014-4631 XF SECTRACK BID BUGTRAQ |
| f5 — big-ip | Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Security Manager (ASM) in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation. | 2014-12-08 | 4.3 | CVE-2014-9342 BUGTRAQ |
| fasttoggle_project — fasttoggle | The Fasttoggle module 7.x-1.3 and 7.x-1.4 for Drupal allows remote attackers to block or unblock an account via a crafted user status link. | 2014-12-01 | 5.8 | CVE-2014-5268 |
| filefield_project — filefield | The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file. | 2014-12-01 | 4.0 | CVE-2014-9156 |
| fujitsu — arrows_tab_lte_f-01d | Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets 102SH allow local users to execute arbitrary code or read kernel memory via unknown vectors related to userland data and “improper data validation.” | 2014-12-05 | 4.6 | CVE-2014-7252 JVNDB JVN MISC MISC |
| fujitsu — arrows_me_f-11d | Unspecified vulnerability in ARROWS Me F-11D allows physically proximate attackers to read or modify flash memory via unknown vectors. | 2014-12-05 | 4.6 | CVE-2014-7254 JVNDB JVN MISC |
| gleamtech — filevista | GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message. | 2014-12-02 | 4.0 | CVE-2014-8788 CONFIRM FULLDISC MISC |
| gleamtech — filevista | GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled during extraction. | 2014-12-02 | 6.5 | CVE-2014-8789 CONFIRM FULLDISC MISC |
| gnu — glibc | iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of “0xffff” to the iconv function when converting IBM930 encoded data to UTF-8. | 2014-12-05 | 5.0 | CVE-2012-6656 CONFIRM CONFIRM BID MLIST MLIST MANDRIVA |
| gnu — glibc | GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of “0xffff” to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8. | 2014-12-05 | 5.0 | CVE-2014-6040 CONFIRM CONFIRM BID MLIST MLIST MANDRIVA |
| gnu — cpio | Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. | 2014-12-02 | 5.0 | CVE-2014-9112 MISC MLIST MLIST MLIST SECUNIA FULLDISC |
| ibm — java | Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache. | 2014-12-01 | 6.9 | CVE-2014-3065 CONFIRM BID REDHAT REDHAT REDHAT REDHAT REDHAT |
| ibm — java | IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack. | 2014-12-01 | 6.4 | CVE-2014-3068 CONFIRM XF |
| icecast — icecast | Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors. | 2014-12-03 | 5.0 | CVE-2014-9018 CONFIRM CONFIRM XF BID MLIST MLIST MANDRIVA CONFIRM |
| infoware — mapsuite | Absolute path traversal vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to read arbitrary files via unspecified vectors. | 2014-12-01 | 5.0 | CVE-2014-2232 MISC |
| infoware — mapsuite | Server-side request forgery (SSRF) vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via unspecified vectors. | 2014-12-01 | 5.0 | CVE-2014-2233 MISC |
| instasqueeze — sexy_squeeze_pages | Cross-site scripting (XSS) vulnerability in the InstaSqueeze Sexy Squeeze Pages plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php. | 2014-12-02 | 4.3 | CVE-2014-9176 XF MISC MISC |
| internet_initiative_japan — seil_b1_firmware | Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 through 4.62, SEIL/X2 2.50 through 4.62, SEIL/B1 2.50 through 4.62, and SEIL/x86 Fuji 1.70 through 3.22 allow remote attackers to cause a denial of service (CPU and traffic consumption) via a large number of NTP requests within a short time, which causes unnecessary NTP responses to be sent. | 2014-12-05 | 5.0 | CVE-2014-7255 JVNDB JVN |
| kde — kde-runtime | Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message. | 2014-12-08 | 4.3 | CVE-2014-8600 MISC BID FULLDISC |
| kennziffer — ke_questionnaire | The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request. | 2014-12-02 | 5.0 | CVE-2014-8874 MISC BUGTRAQ FULLDISC |
| kent-web — clip_board | Cross-site scripting (XSS) vulnerability in KENT-WEB Clip Board 2.91 and earlier, when running certain versions of Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-12-05 | 4.3 | CVE-2014-7258 CONFIRM JVNDB JVN |
| lg_electronics — l-03e | LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors. | 2014-12-05 | 5.0 | CVE-2014-7243 JVNDB JVN MISC |
| libksba_project — libskba | Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow. | 2014-12-01 | 5.0 | CVE-2014-9087 MISC SECUNIA SECUNIA SECUNIA MLIST |
| linux — linux_kernel | Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service (L1 guest OS crash) via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842. | 2014-11-29 | 4.9 | CVE-2010-5313 CONFIRM |
| linux — linux_kernel | The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association’s output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c. | 2014-11-29 | 5.0 | CVE-2014-3688 CONFIRM CONFIRM UBUNTU UBUNTU MLIST CONFIRM DEBIAN CONFIRM |
| linux — linux_kernel | The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk. | 2014-11-29 | 5.0 | CVE-2014-7841 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313. | 2014-11-29 | 4.9 | CVE-2014-7842 MLIST |
| linux — linux_kernel | The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary. | 2014-11-29 | 4.9 | CVE-2014-7843 MLIST |
| linux — linux_kernel | Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call. | 2014-11-29 | 6.1 | CVE-2014-8884 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a “negative groups” issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c. | 2014-11-29 | 4.6 | CVE-2014-8989 MLIST CONFIRM |
| linux — linux_kernel | The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite. | 2014-11-29 | 4.9 | CVE-2014-9090 MLIST |
| modx — modx_revolution | MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter. | 2014-12-03 | 6.8 | CVE-2014-8773 MISC CONFIRM |
| modx — modx_revolution | Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x before 2.2.15 allows remote attackers to inject arbitrary web script or HTML via the context_key parameter. | 2014-12-03 | 4.3 | CVE-2014-8774 MISC CONFIRM |
| modx — modx_revolution | MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 2014-12-03 | 5.0 | CVE-2014-8775 MISC CONFIRM |
| mutt — mutt | The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function. | 2014-12-02 | 5.0 | CVE-2014-9116 CONFIRM CONFIRM SECTRACK BID MLIST MLIST CONFIRM |
| mybb — mybb | Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to report.php, (2) signature parameter in a do_editsig action to usercp.php, or (3) title parameter in the style-templates module in an edit_template action or (4) file parameter in the config-languages module in an edit action to admin/index.php. | 2014-12-03 | 4.3 | CVE-2014-9241 MISC |
| nextendweb — nextend_facebook_connect | Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fb_login_button parameter in a newfb_update_options action. | 2014-12-05 | 4.3 | CVE-2014-8800 EXPLOIT-DB MISC OSVDB |
| notify_project — notify | The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email. | 2014-12-01 | 4.0 | CVE-2014-9154 |
| open-xchange — open-xchange_appsuite | Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview. | 2014-12-01 | 4.3 | CVE-2014-5237 BUGTRAQ CONFIRM MISC |
| openvpn — openvpn | OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. | 2014-12-03 | 6.8 | CVE-2014-8104 CONFIRM UBUNTU |
| phpmyadmin — phpmyadmin | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is improperly handled during rendering of the table browse page; a crafted ENUM value that is improperly handled during rendering of the (4) table print view or (5) zoom search page; or (6) a crafted pma_fontsize cookie that is improperly handled during rendering of the home page. | 2014-11-30 | 4.3 | CVE-2014-8958 |
| phpmyadmin — phpmyadmin | Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter. | 2014-11-30 | 6.5 | CVE-2014-8959 CONFIRM |
| phpmyadmin — phpmyadmin | Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file’s line count via a crafted parameter. | 2014-11-30 | 4.0 | CVE-2014-8961 |
| phpmyadmin — phpmyadmin | libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password. | 2014-12-08 | 5.0 | CVE-2014-9218 CONFIRM CONFIRM CONFIRM XF CONFIRM |
| phpmyadmin — phpmyadmin | Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 2014-12-08 | 4.3 | CVE-2014-9219 CONFIRM XF |
| plex — plex_media_server | Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to resources/. | 2014-12-02 | 5.0 | CVE-2014-9181 MISC BUGTRAQ |
| redhat — packstack | OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic plug-in is not used, does not properly set the libvirt_vif_driver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass intended access restrictions. | 2014-12-01 | 5.0 | CVE-2014-3703 |
| redhat — tcpdump | Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet. | 2014-12-05 | 5.0 | CVE-2014-9140 CONFIRM MLIST |
| services_project — services | Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter in a JSONP response. | 2014-12-01 | 4.3 | CVE-2014-9153 |
| springshare — libcal | Multiple cross-site scripting (XSS) vulnerabilities in api_events.php in Springshare LibCal 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) m or (2) cid parameter. | 2014-12-01 | 4.3 | CVE-2014-7291 XF MISC FULLDISC |
| square_enix_co_ltd — kaku_san_sei_million_aruthur | SQUARE ENIX Co., Ltd. Kaku-San-Sei Million Arthur before 2.25 for Android stores “product credentials” on the SD card, which allows attackers to gain privileges via a crafted application. | 2014-12-05 | 5.0 | CVE-2014-7259 JVNDB JVN |
| sunhater — kcfinder | Cross-site scripting (XSS) vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) file or (2) directory (folder) name of an uploaded file. | 2014-12-02 | 4.3 | CVE-2014-3988 CONFIRM |
| supportezzy_ticket_system_project — supportezzy_ticket_system | Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket System plugin 1.2.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the “URL (optional)” field in a new ticket. | 2014-12-02 | 4.0 | CVE-2014-9179 MISC |
| svnlabs — html5_mp3_player_with_playlist_free | The HTML5 MP3 Player with Playlist Free plugin before 2.7 for WordPress allows remote attackers to obtain the installation path via a request to html5plus/playlist.php. | 2014-12-02 | 5.0 | CVE-2014-9177 XF MISC MISC |
| technicolor — td5130_router_firmware | Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter. | 2014-12-05 | 4.3 | CVE-2014-9142 BUGTRAQ EXPLOIT-DB MISC |
| technicolor — td5130_router_firmware | Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer parameter. | 2014-12-05 | 4.3 | CVE-2014-9143 BUGTRAQ EXPLOIT-DB MISC |
| torch_gmbh — graylog2 | Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards. | 2014-12-08 | 5.0 | CVE-2014-9217 |
| tuleap — tuleap | project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter. | 2014-12-01 | 6.0 | CVE-2014-8791 BID BUGTRAQ FULLDISC MISC MISC |
| undertow_project — undertow | Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI. | 2014-12-01 | 5.0 | CVE-2014-7816 BID MLIST |
| vmware — vcenter_server_appliance | Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-12-08 | 4.3 | CVE-2014-3797 BUGTRAQ FULLDISC |
| vmware — vcenter_server_appliance | VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate. | 2014-12-08 | 4.3 | CVE-2014-8371 BUGTRAQ FULLDISC |
| websitebaker — websitebaker | Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to wb/admin/admintools/tool.php or (2) section_id parameter to edit_module_files.php, (3) news/add_post.php, (4) news/modify_group.php, (5) news/modify_post.php, or (6) news/modify_settings.php in wb/modules/. | 2014-12-03 | 4.3 | CVE-2014-9243 FULLDISC MISC |
| x3cms — x3_cms | Multiple cross-site request forgery (CSRF) vulnerabilities in the admin area in X3 CMS 0.5.1 and 0.5.1.1 allow remote attackers to hijack the authentication of administrators via unspecified vectors. | 2014-12-03 | 6.8 | CVE-2014-8771 MISC |
| xen — xen | The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode. | 2014-12-01 | 4.9 | CVE-2014-8866 BID SECUNIA |
| xen — xen | The acceleration support for the “REP MOVS” instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors. | 2014-12-01 | 4.9 | CVE-2014-8867 BID SECUNIA |
| yoast — google_analytics | Cross-site scripting (XSS) vulnerability in the Google Analytics by Yoast (google-analytics-for-wordpress) plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the “Manually enter your UA code” (manual_ua_code_field) field in the General Settings. | 2014-12-02 | 4.3 | CVE-2014-9174 MISC CONFIRM BID |
| zohocorp — manageengine_it360 | Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet. | 2014-12-04 | 5.0 | CVE-2014-5445 CONFIRM MISC MISC XF BID BUGTRAQ BUGTRAQ FULLDISC |
| zohocorp — manageengine_it360 | Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter. | 2014-12-04 | 5.0 | CVE-2014-5446 MISC XF BID BUGTRAQ BUGTRAQ FULLDISC MISC |
| zohocorp — manageengine_it360 | Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter. | 2014-12-04 | 5.0 | CVE-2014-6034 MISC FULLDISC |
| zohocorp — manageengine_it360 | Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the fileName parameter. | 2014-12-04 | 6.4 | CVE-2014-6036 MISC FULLDISC |
| zoph — zoph | Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/. | 2014-12-03 | 6.5 | CVE-2014-9235 FULLDISC MISC |
| zoph — zoph | Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) photographer_id or (2) _crumb parameter. | 2014-12-03 | 4.3 | CVE-2014-9236 FULLDISC MISC |
| zte — zxdsl | ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi. | 2014-12-02 | 5.0 | CVE-2014-9184 MISC |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| clamav — clamav | clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file. | 2014-12-01 | 2.1 | CVE-2013-6497 CONFIRM XF UBUNTU BID MLIST MLIST MANDRIVA SECUNIA SECUNIA FEDORA FEDORA |
| fedup_project — fedup | fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a static name for its download cache, which allows local users to cause a denial of service (prevention of system updates). | 2014-12-01 | 2.1 | CVE-2013-6494 BID FEDORA |
| nagios — nagios | The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702. | 2014-12-05 | 2.1 | CVE-2014-4701 SUSE MLIST EXPLOIT-DB SECUNIA SECUNIA FULLDISC MISC |
| nagios — nagios | The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701. | 2014-12-05 | 2.1 | CVE-2014-4702 SUSE MLIST SECUNIA SECUNIA |
| nagios — nagios | lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701. | 2014-12-05 | 2.1 | CVE-2014-4703 MLIST FULLDISC |
| phpmyadmin — phpmyadmin | Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. | 2014-11-30 | 3.5 | CVE-2014-8960 CONFIRM |
| redhat — enterprise_virtualization | The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes. | 2014-12-05 | 2.1 | CVE-2014-3561 XF SECTRACK |
| x3cms — x3_cms | Cross-site scripting (XSS) vulnerability in the search_controller in X3 CMS 0.5.1 and 0.5.1.1 allows remote authenticated users to inject arbitrary web script or HTML via the search parameter. | 2014-12-03 | 3.5 | CVE-2014-8772 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.