Original release date: December 22, 2014
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| alliedtelesis — ar440s | Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 9924SP, CentreCOM 9924T/4SP, Rapier 48i, and SwitchBlade4000 with firmware before 2.9.1-21 allows remote attackers to execute arbitrary code via a crafted HTTP POST request. | 2014-12-19 | 10.0 | CVE-2014-7249 |
| arris — touchstone_tg862g/ct_firmware | ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access via a request to home_loggedout.php. | 2014-12-18 | 10.0 | CVE-2014-9406 FULLDISC |
| docker — docker | Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation. | 2014-12-12 | 7.5 | CVE-2014-6407 MLIST SECUNIA SECUNIA SUSE FEDORA |
| docker — docker | Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction. | 2014-12-16 | 10.0 | CVE-2014-9357 CONFIRM BUGTRAQ |
| emc — documentum_content_server | EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object’s owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515. | 2014-12-16 | 9.0 | CVE-2014-4626 MISC |
| ettercap_project — ettercap | Heap-based buffer overflow in the dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual length of the password. | 2014-12-19 | 7.5 | CVE-2014-6395 MISC CONFIRM BUGTRAQ |
| ettercap_project — ettercap | The dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 8.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted password length, which triggers a 0 character to be written to an arbitrary memory location. | 2014-12-19 | 7.5 | CVE-2014-6396 MISC CONFIRM BUGTRAQ |
| ettercap_project — ettercap | Integer underflow in Ettercap 8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the dissector_dhcp function in dissectors/ec_dhcp.c, (2) length value to the dissector_gg function in dissectors/ec_gg.c, or (3) string length to the get_decode_len function in ec_utils.c or a request without a (4) username or (5) password to the dissector_TN3270 function in dissectors/ec_TN3270.c. | 2014-12-19 | 7.5 | CVE-2014-9376 MISC CONFIRM CONFIRM CONFIRM CONFIRM BUGTRAQ |
| ettercap_project — ettercap | Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet. | 2014-12-19 | 7.5 | CVE-2014-9377 MISC CONFIRM BUGTRAQ |
| ettercap_project — ettercap | Ettercap 8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted (1) name to the parse_line function in mdns_spoof/mdns_spoof.c or (2) base64 encoded password to the dissector_imap function in dissectors/ec_imap.c. | 2014-12-19 | 7.5 | CVE-2014-9378 MISC CONFIRM CONFIRM BUGTRAQ |
| ettercap_project — ettercap | The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which triggers a stack-based buffer overflow. | 2014-12-19 | 7.5 | CVE-2014-9379 MISC CONFIRM BUGTRAQ |
| google — android | luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291. | 2014-12-15 | 7.2 | CVE-2014-7911 FULLDISC |
| google — android | Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135. | 2014-12-15 | 7.5 | CVE-2014-8507 MISC FULLDISC MISC |
| google — android | The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category information via a third-party authenticator in a crafted application, aka Bug 17356824. | 2014-12-15 | 7.2 | CVE-2014-8609 MISC FULLDISC MISC |
| gparted — gparted | GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label. | 2014-12-19 | 7.2 | CVE-2014-7208 FULLDISC |
| honeywell — opos_suite | Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx in Honeywell OPOS Suite before 1.13.4.15 allow remote attackers to execute arbitrary code via a crafted file that is improperly handled by the Open method. | 2014-12-12 | 7.5 | CVE-2014-8269 MISC MISC |
| k7computing — k7firewall_packet_driver | Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver (aka K7Firewall Packet Driver) before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call. | 2014-12-12 | 7.2 | CVE-2014-7136 MISC FULLDISC MISC |
| k7computing — k7av_sentry_device_driver | Stack-based buffer overflow in the K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via unspecified vectors. | 2014-12-12 | 7.2 | CVE-2014-8956 MISC FULLDISC MISC |
| libvncserver — libvncserver | The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message. | 2014-12-15 | 7.5 | CVE-2014-6052 MISC CONFIRM MLIST SECUNIA SECUNIA MLIST |
| linux — linux_kernel | arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. | 2014-12-17 | 7.2 | CVE-2014-9322 CONFIRM CONFIRM MLIST CONFIRM |
| malwarebytes — malwarebytes_anti-exploit | The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable. | 2014-12-16 | 9.3 | CVE-2014-4936 MISC |
| manageengine — desktop_central | The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object. | 2014-12-16 | 10.0 | CVE-2014-9371 MISC |
| manageengine — netflow_analyzer | Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. (dot dot) in the filename. | 2014-12-16 | 10.0 | CVE-2014-9373 MISC |
| mozilla — network_security_services | The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function’s improper handling of an arbitrary-length encoding of 0x00. | 2014-12-15 | 7.5 | CVE-2014-1569 MISC MISC CONFIRM MISC |
| qemu — qemu | The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data. | 2014-12-12 | 7.5 | CVE-2014-7840 CONFIRM XF MLIST |
| rpm — rpm | Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. | 2014-12-16 | 7.5 | CVE-2013-6435 CONFIRM CONFIRM REDHAT REDHAT REDHAT |
| rpm — rpm | Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow. | 2014-12-16 | 10.0 | CVE-2014-8118 REDHAT |
| safenet-inc — safenet_authentication_service_outlook_web_access_agent | Directory traversal vulnerability in SafeNet Authentication Service (SAS) Outlook Web Access Agent (formerly CRYPTOCard) before 1.03.30109 allows remote attackers to read arbitrary files via a .. (dot dot) in the GetFile parameter to owa/owa. | 2014-12-16 | 7.8 | CVE-2014-5359 MISC |
| sap — businessobjects | SAP BussinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905. | 2014-12-17 | 10.0 | CVE-2014-9387 BUGTRAQ MISC FULLDISC |
| sixapart — movabletype | SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2014-12-16 | 7.5 | CVE-2014-9057 SECUNIA |
| zenoss — zenoss_core | Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions and place files in a directory with public (1) read or (2) execute access via a move action, aka ZEN-15386. | 2014-12-15 | 7.5 | CVE-2014-6256 CERT-VN CONFIRM |
| zenoss — zenoss_core | Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome server or (2) deploying a crafted web site that is visited during a login session, aka ZEN-12657. | 2014-12-15 | 9.3 | CVE-2014-6261 |
| zenoss — zenoss_core | The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408. | 2014-12-15 | 7.5 | CVE-2014-9249 |
| zoneo-soft — phptraffica | SQL injection vulnerability in Php/Functions/log_function.php in phpTrafficA 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via a User-Agent HTTP header. | 2014-12-16 | 7.5 | CVE-2014-8340 BUGTRAQ MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — subversion | The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist. | 2014-12-18 | 5.0 | CVE-2014-3580 SECUNIA |
| apache — http_server | The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers. | 2014-12-15 | 5.0 | CVE-2014-3583 CONFIRM |
| apache — subversion | The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist. | 2014-12-18 | 5.0 | CVE-2014-8108 SECUNIA |
| arris — touchstone_tg862g/ct_firmware | Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php, (2) add a port forwarding rule via a request to port_forwarding_add.php, (3) change the wireless network to open via a request to wireless_network_configuration_edit.php, or (4) conduct cross-site scripting (XSS) attacks via the keyword parameter to managed_sites_add_keyword.php. | 2014-12-17 | 6.8 | CVE-2014-5437 FULLDISC FULLDISC |
| bittorrent — bittorrent | The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000. | 2014-12-12 | 6.8 | CVE-2014-8515 MISC |
| c-icap_project — c-icap | Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request. | 2014-12-17 | 5.0 | CVE-2013-7402 DEBIAN CONFIRM SECUNIA SECUNIA MLIST |
| ca — release_automation | Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2014-12-16 | 6.8 | CVE-2014-8246 BUGTRAQ SECTRACK FULLDISC |
| ca — release_automation | Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-12-16 | 4.3 | CVE-2014-8247 BUGTRAQ SECTRACK FULLDISC |
| ca — release_automation | SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query. | 2014-12-16 | 6.5 | CVE-2014-8248 BUGTRAQ SECTRACK FULLDISC |
| cisco — prime_security_manager | Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Prime Security Manager (aka PRSM) 9.2.1-2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) Access Policies or (2) Device Summary Dashboard parameter, aka Bug ID CSCuq80661. | 2014-12-12 | 4.3 | CVE-2014-3364 |
| cisco — isb8320-e_high-definition_ip-only_dvr | The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID CSCup85422. | 2014-12-16 | 4.3 | CVE-2014-8006 |
| cisco — adaptive_security_appliance_software | Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via crafted attributes in a cookie, aka Bug ID CSCuh24695. | 2014-12-18 | 4.3 | CVE-2014-8012 |
| cisco — ios_xr | Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710. | 2014-12-18 | 5.0 | CVE-2014-8014 |
| cisco — ironport_email_security_appliances | The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages, aka Bug ID CSCzv93864. | 2014-12-18 | 5.0 | CVE-2014-8016 |
| dell — idrac6_modular | The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack. | 2014-12-19 | 5.0 | CVE-2014-8272 |
| digium — asterisk | Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame. | 2014-12-12 | 5.0 | CVE-2014-9374 SECTRACK BID BUGTRAQ SECUNIA FULLDISC MISC |
| docker — docker | Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image. | 2014-12-12 | 5.0 | CVE-2014-6408 MLIST SECUNIA SECUNIA SUSE FEDORA |
| docker — docker | Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) “docker load” operation or (2) “registry communications.” | 2014-12-16 | 6.4 | CVE-2014-9358 CONFIRM BUGTRAQ |
| dokuwiki — dokuwiki | The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php. | 2014-12-17 | 4.3 | CVE-2014-9253 CONFIRM CONFIRM XF SECTRACK BID MISC MLIST |
| ekahau — activator | Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts. | 2014-12-19 | 4.3 | CVE-2014-2716 BID BUGTRAQ MISC MISC |
| ekahau — activator | Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack. | 2014-12-19 | 5.0 | CVE-2014-9408 BID BUGTRAQ MISC MISC |
| emc — rsa_authentication_manager | Open redirect vulnerability in EMC RSA Authentication Manager 8.x before 8.1 Patch 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2014-12-12 | 5.8 | CVE-2014-2516 BUGTRAQ |
| emc — isilon_insightiq | Cross-site scripting (XSS) vulnerability in EMC Isilon InsightIQ 2.x and 3.x before 3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-12-12 | 4.3 | CVE-2014-4628 BUGTRAQ |
| emc — rsa_archer_egrc | Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-12-12 | 4.3 | CVE-2014-4633 BUGTRAQ |
| ettercap_project — ettercap | The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature. | 2014-12-19 | 5.0 | CVE-2014-9380 MISC CONFIRM BUGTRAQ |
| ettercap_project — ettercap | Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a large memory allocation. | 2014-12-19 | 5.0 | CVE-2014-9381 MISC CONFIRM BUGTRAQ |
| file_project — file | The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. | 2014-12-17 | 5.0 | CVE-2014-8116 CONFIRM CONFIRM CONFIRM SECTRACK MLIST |
| file_project — file | softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. | 2014-12-17 | 5.0 | CVE-2014-8117 CONFIRM CONFIRM SECTRACK MLIST |
| firebirdsql — firebird | The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status. | 2014-12-16 | 5.0 | CVE-2014-9323 SUSE |
| glpi-project — glpi | SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter. | 2014-12-19 | 6.5 | CVE-2014-9258 EXPLOIT-DB MISC SECUNIA OSVDB |
| goywp — webpress | Multiple cross-site scripting (XSS) vulnerabilities in goYWP WebPress 13.00.06 allow remote attackers to inject arbitrary web script or HTML via the (1) search_param parameter to search.php or (2) name, (3) address, or (4) comment parameter to forms.php. | 2014-12-16 | 4.3 | CVE-2014-8751 FULLDISC MISC |
| hp — tcp_ip_services_openvms | Multiple unspecified vulnerabilities in the POP implementation in HP OpenVMS TCP/IP 5.7 before ECO5 allow remote attackers to cause a denial of service via unspecified vectors. | 2014-12-17 | 5.0 | CVE-2014-7880 |
| ibm — business_process_manager | The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a (1) process application or (2) toolkit. | 2014-12-16 | 6.5 | CVE-2014-4844 XF |
| ibm — security_access_manager_for_mobile | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site. | 2014-12-18 | 4.3 | CVE-2014-6076 XF |
| ibm — security_access_manager_for_mobile | Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 2014-12-18 | 6.8 | CVE-2014-6077 XF |
| ibm — security_access_manager_for_mobile | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack. | 2014-12-18 | 5.0 | CVE-2014-6078 XF |
| ibm — security_access_manager_for_mobile | SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 2014-12-18 | 6.5 | CVE-2014-6080 XF |
| ibm — security_access_manager_for_mobile | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (administration UI outage) via unspecified vectors. | 2014-12-18 | 4.0 | CVE-2014-6082 XF |
| ibm — security_access_manager_for_mobile | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. | 2014-12-18 | 5.0 | CVE-2014-6083 XF |
| ibm — security_access_manager_for_mobile | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive information by sniffing the network during use of a weak SSL cipher. | 2014-12-18 | 5.0 | CVE-2014-6084 XF |
| ibm — security_access_manager_for_mobile | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers to obtain sensitive information by sniffing the network during an HTTP session. | 2014-12-18 | 5.0 | CVE-2014-6086 XF |
| ibm — security_access_manager_for_mobile | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive information by sniffing the network during use of a weak algorithm in an SSL cipher suite. | 2014-12-18 | 5.0 | CVE-2014-6087 XF |
| ibm — security_access_manager_for_mobile | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive information by sniffing the network during use of the null SSL cipher. | 2014-12-18 | 5.0 | CVE-2014-6088 XF |
| ibm — security_access_manager_for_mobile | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (disrupted system operations) by uploading a file to a protected area. | 2014-12-18 | 4.0 | CVE-2014-6089 XF CONFIRM |
| ibm — websphere_application_server | IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4 allows remote attackers to spoof OpenID and OpenID Connect cookies, and consequently obtain sensitive information, via a crafted URL. | 2014-12-18 | 5.0 | CVE-2014-6164 XF |
| ibm — websphere_application_server | The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4, and Feature Pack for CEA 1.x before 1.0.0.15, allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2014-12-18 | 4.3 | CVE-2014-6166 XF |
| ibm — websphere_application_server | Cross-site scripting (XSS) vulnerability in the URL rewriting feature in IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2014-12-18 | 4.3 | CVE-2014-6167 XF |
| ibm — websphere_portal | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2014-12-18 | 4.3 | CVE-2014-6171 XF |
| ibm — websphere_application_server | IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to conduct clickjacking attacks via a crafted web site. | 2014-12-18 | 4.3 | CVE-2014-6174 XF |
| ibm — business_process_manager | IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher. | 2014-12-16 | 4.3 | CVE-2014-6176 XF |
| ibm — business_process_manager | Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL. | 2014-12-16 | 4.0 | CVE-2014-6182 XF |
| ibm — websphere_portal | IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages setting is enabled, allows remote authenticated users to write to pages via an XML injection attack. | 2014-12-18 | 4.9 | CVE-2014-6193 XF AIXAPAR |
| ibm — db2 | IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying an identity column within a crafted ALTER TABLE statement. | 2014-12-12 | 4.0 | CVE-2014-6209 XF AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
| ibm — db2 | IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements. | 2014-12-12 | 4.0 | CVE-2014-6210 XF CONFIRM AIXAPAR AIXAPAR AIXAPAR |
| ibm — websphere_application_server | IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet’s deployment descriptor security constraints and ServletSecurity annotations. | 2014-12-18 | 5.1 | CVE-2014-8890 XF |
| ibm — db2 | IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted XML query. | 2014-12-18 | 4.0 | CVE-2014-8901 XF CONFIRM AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
| ibm — websphere_portal | Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2014-12-18 | 4.3 | CVE-2014-8902 XF AIXAPAR |
| k7computing — k7av_sentry_device_driver | The K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to cause a denial of service (NULL pointer dereference) as demonstrated by a filename containing “crashme{1}quot;. | 2014-12-12 | 4.9 | CVE-2014-8608 MISC BID FULLDISC MISC |
| libvncserver — libvncserver | The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc. | 2014-12-15 | 5.0 | CVE-2014-6053 MLIST UBUNTU SECUNIA SECUNIA MLIST |
| manageengine — password_manager_pro | Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. (dot dot) in a filename. | 2014-12-16 | 6.4 | CVE-2014-9372 MISC |
| mantisbt — mantisbt | The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_issues SOAP request. | 2014-12-17 | 5.0 | CVE-2014-8553 CONFIRM CONFIRM CONFIRM XF MLIST |
| mantisbt — mantisbt | bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter. | 2014-12-17 | 5.0 | CVE-2014-9388 CONFIRM MLIST |
| microsoft — internet_explorer | Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted HTML document in conjunction with a Cascading Style Sheets (CSS) token sequence specifying the run-in value for the display property, leading to improper CElement reference counting. | 2014-12-15 | 6.8 | CVE-2014-8967 MISC |
| modwsgi — mod_wsgi | mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors. | 2014-12-16 | 6.9 | CVE-2014-8583 CONFIRM UBUNTU MLIST MLIST SUSE |
| novell — edirectory | Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter. | 2014-12-19 | 4.3 | CVE-2014-5212 CONFIRM BUGTRAQ |
| novell — edirectory | nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request. | 2014-12-19 | 4.0 | CVE-2014-5213 CONFIRM BUGTRAQ |
| openstack — horizon | OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page. | 2014-12-12 | 4.3 | CVE-2014-8124 SECUNIA |
| pcre — perl-compatible_regular_expression_library | Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. | 2014-12-16 | 5.0 | CVE-2014-8964 CONFIRM MLIST FEDORA |
| pingidentity — pingfederate | Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter. | 2014-12-12 | 6.4 | CVE-2014-8489 MISC FULLDISC MISC |
| pwgen_project — pwgen | Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. | 2014-12-19 | 5.0 | CVE-2013-4440 MLIST MLIST FEDORA FEDORA FEDORA |
| pwgen_project — pwgen | Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers. | 2014-12-19 | 5.0 | CVE-2013-4442 MISC MLIST MLIST FEDORA FEDORA FEDORA |
| redhat — libvirt | The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection. | 2014-12-12 | 4.3 | CVE-2013-4399 BID GENTOO SECUNIA |
| revive-adserver — revive_adserver | Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php. | 2014-12-19 | 4.3 | CVE-2014-8793 MISC CONFIRM BID BUGTRAQ BUGTRAQ MISC MISC |
| revive-adserver — revive_adserver | The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack. | 2014-12-19 | 5.0 | CVE-2014-8875 BID BUGTRAQ MISC |
| revive-adserver — revive_adserver | Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-delete.php in admin/ or (4) unlink accounts via a request to admin-user-unlink.php. (5) advertiser-user-unlink.php, or (6) affiliate-user-unlink.php in admin/. | 2014-12-19 | 6.8 | CVE-2014-9407 |
| ricksoft — wbs_gantt-chart | Cross-site scripting (XSS) vulnerability in the data-export feature in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7267. | 2014-12-19 | 4.3 | CVE-2014-7268 |
| splunk — splunk | Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.7, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-12-16 | 4.3 | CVE-2014-5466 |
| symantec — web_gateway | The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts. | 2014-12-17 | 6.5 | CVE-2014-7285 BID |
| thermostat_project — thermostat | The agent in Thermostat before 1.0.6, when using unspecified configurations, allows local users to obtain the JMX management URLs of all local Java virtual machines and gain privileges via unknown vectors. | 2014-12-18 | 4.4 | CVE-2014-8120 REDHAT |
| tsutaya — tsutaya | The TSUTAYA application 5.3 and earlier for Android allows remote attackers to execute arbitrary Java methods via a crafted HTML document. | 2014-12-19 | 6.8 | CVE-2014-7241 CONFIRM |
| unitedplanet — intrexx_professional | Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter. | 2014-12-19 | 4.3 | CVE-2014-2026 BID BUGTRAQ MISC MISC |
| w3edge — total_cache | Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the “Cache key” in the HTML-Comments, as demonstrated by the PATH_INFO to the default URI. | 2014-12-19 | 4.3 | CVE-2014-8724 MISC BUGTRAQ MISC |
| zenoss — zenoss_core | Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to hijack the authentication of arbitrary users, aka ZEN-12653. | 2014-12-15 | 6.8 | CVE-2014-6253 CONFIRM |
| zenoss — zenoss_core | Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script or HTML via an attribute in a (1) device name, (2) device detail, (3) report name, (4) report detail, or (5) portlet name, or (6) a string to a helper method, aka ZEN-15381 and ZEN-15410. | 2014-12-15 | 4.3 | CVE-2014-6254 |
| zenoss — zenoss_core | Open redirect vulnerability in the login form in Zenoss Core before 4.2.5 SP161 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the came_from parameter, aka ZEN-11998. | 2014-12-15 | 6.4 | CVE-2014-6255 |
| zenoss — zenoss_core | Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions by using a web-endpoint URL to invoke an object helper method, aka ZEN-15407. | 2014-12-15 | 5.0 | CVE-2014-6257 |
| zenoss — zenoss_core | An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote attackers to cause a denial of service (CPU consumption) by triggering an arbitrary regular-expression match attempt, aka ZEN-15411. | 2014-12-15 | 5.0 | CVE-2014-6258 |
| zenoss — zenoss_core | Zenoss Core through 5 Beta 3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka ZEN-15414, a similar issue to CVE-2003-1564. | 2014-12-15 | 5.0 | CVE-2014-6259 |
| zenoss — zenoss_core | Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of service (paging outage) by leveraging an unattended workstation, aka ZEN-15412. | 2014-12-15 | 6.8 | CVE-2014-6260 |
| zenoss — zenoss_core | Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by internal URL information, aka ZEN-15382. | 2014-12-15 | 5.0 | CVE-2014-9245 |
| zenoss — zenoss_core | Zenoss Core through 5 Beta 3 allows remote authenticated users to obtain sensitive (1) user account, (2) e-mail address, and (3) role information by visiting the ZenUsers (aka User Manager) page, aka ZEN-15389. | 2014-12-15 | 4.0 | CVE-2014-9247 |
| zenoss — zenoss_core | Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406. | 2014-12-15 | 5.0 | CVE-2014-9248 |
| zenoss — zenoss_core | Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain credential information via script access to this cookie, aka ZEN-10418. | 2014-12-15 | 5.0 | CVE-2014-9250 |
| zenoss — zenoss_core | Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack on hash values in the database, aka ZEN-15413. | 2014-12-15 | 5.0 | CVE-2014-9251 |
| zenoss — zenoss_core | Cross-site request forgery (CSRF) vulnerability in Zenoss Core through 5 Beta 3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger arbitrary code execution via a ZenPack upload, aka ZEN-15388. | 2014-12-15 | 6.8 | CVE-2014-9385 CONFIRM |
| zenoss — zenoss_core | Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the session ID cookie, which makes it easier for remote attackers to hijack sessions by leveraging an unattended workstation, aka ZEN-12691. | 2014-12-15 | 6.8 | CVE-2014-9386 |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| arris — touchstone_tg862g/ct_firmware | Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php. | 2014-12-17 | 3.5 | CVE-2014-5438 FULLDISC |
| google — android | AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795. | 2014-12-15 | 3.3 | CVE-2014-8610 MISC MISC FULLDISC FULLDISC MISC |
| ibm — rational_quality_manager | Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x through 2.0.1.1, 3.x before 3.0.1.6 iFix 4, 4.x before 4.0.7 iFix 2, and 5.x before 5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2014-12-18 | 3.5 | CVE-2014-4801 XF |
| ibm — cognos_business_intelligence | Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence 10.1 before IF10, 10.1.1 before IF9, 10.2 before IF11, 10.2.1 before IF8, and 10.2.1.1 before IF7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2014-12-12 | 3.5 | CVE-2014-6145 XF |
| ibm — business_process_manager | Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2014-12-18 | 3.5 | CVE-2014-6173 XF |
| juniper — mobile_system_software | Juniper WLC devices with WLAN Software releases 8.0.x before 8.0.4, 9.0.x before 9.0.2.11, 9.0.3.x before 9.0.3.5, and 9.1.x before 9.1.1, when “Proxy ARP” or “No Broadcast” features are enabled in a clustered setup, allows remote attackers to cause a denial of service (device disconnect) via unspecified vectors. | 2014-12-12 | 2.9 | CVE-2014-6381 SECTRACK BID |
| linux — linux_kernel | arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value. | 2014-12-17 | 2.1 | CVE-2014-8133 CONFIRM CONFIRM MLIST CONFIRM |
| linux — linux_kernel | The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. | 2014-12-12 | 2.1 | CVE-2014-8134 CONFIRM |
| mit — kerberos | The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy. | 2014-12-16 | 3.5 | CVE-2014-5353 |
| mit — kerberos | plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin “add_principal -nokey” or “purgekeys -all” command. | 2014-12-16 | 3.5 | CVE-2014-5354 CONFIRM |
| puppetlabs — puppet_server | Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service. | 2014-12-17 | 1.9 | CVE-2014-7170 |
| ricksoft — wbs_gantt-chart | Cross-site scripting (XSS) vulnerability in the output-page generator in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7268. | 2014-12-19 | 3.5 | CVE-2014-7267 |
| zenoss — zenoss_core | Zenoss Core through 5 Beta 3 stores cleartext passwords in the session database, which might allow local users to obtain sensitive information by reading database entries, aka ZEN-15416. | 2014-12-15 | 2.1 | CVE-2014-9252 |
This product is provided subject to this Notification and this Privacy & Use policy.