Blog

SB14-322: Vulnerability Summary for the Week of November 10, 2014

Original release date: November 18, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — air Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0588 and CVE-2014-8438. 2014-11-11 10.0 CVE-2014-0573
adobe — air Double free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors. 2014-11-11 10.0 CVE-2014-0574
adobe — air Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0581, CVE-2014-8440, and CVE-2014-8441. 2014-11-11 10.0 CVE-2014-0576
adobe — air Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified “type confusion,” a different vulnerability than CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, and CVE-2014-0590. 2014-11-11 10.0 CVE-2014-0577
adobe — air Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-8440, and CVE-2014-8441. 2014-11-11 10.0 CVE-2014-0581
adobe — air Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0589. 2014-11-11 10.0 CVE-2014-0582
adobe — air Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to complete a transition from Low Integrity to Medium Integrity via unspecified vectors. 2014-11-11 7.5 CVE-2014-0583
adobe — air Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified “type confusion,” a different vulnerability than CVE-2014-0577, CVE-2014-0585, CVE-2014-0586, and CVE-2014-0590. 2014-11-11 10.0 CVE-2014-0584
adobe — air Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified “type confusion,” a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0586, and CVE-2014-0590. 2014-11-11 10.0 CVE-2014-0585
adobe — air Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified “type confusion,” a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, and CVE-2014-0590. 2014-11-11 10.0 CVE-2014-0586
adobe — air Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0573 and CVE-2014-8438. 2014-11-11 10.0 CVE-2014-0588
adobe — air Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0582. 2014-11-11 10.0 CVE-2014-0589
adobe — air Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified “type confusion,” a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, and CVE-2014-0586. 2014-11-11 10.0 CVE-2014-0590
adobe — air Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0573 and CVE-2014-0588. 2014-11-11 10.0 CVE-2014-8438
adobe — air Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8441. 2014-11-11 10.0 CVE-2014-8440
adobe — air Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8440. 2014-11-11 10.0 CVE-2014-8441
adobe — air Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to complete a transition from Low Integrity to Medium Integrity by leveraging incorrect permissions. 2014-11-11 7.5 CVE-2014-8442
apache — mod_auth_mellon The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request. 2014-11-14 9.4 CVE-2014-8567
MLIST
CONFIRM
belkin — n750_wireless_router Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long sting in the jump parameter. 2014-11-12 10.0 CVE-2014-1635
MISC
MISC
BID
EXPLOIT-DB
OSVDB
checkpoint — security_gateway Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS request. 2014-11-16 7.1 CVE-2014-8950
CONFIRM
SECUNIA
checkpoint — security_gateway Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) Anti-Bot, or (6) Anti-Virus blade is used, allows remote attackers to cause a denial of service (fwk0 process crash, core dump, and restart) via a redirect to the UserCheck page. 2014-11-16 7.1 CVE-2014-8951
SECUNIA
checkpoint — security_gateway Multiple unspecified vulnerabilities in Check Point Security Gateway R75.40VS, R75.45, R75.46, R75.47, R76, R77, and R77.10, when the (1) IPS blade, (2) IPsec Remote Access, (3) Mobile Access / SSL VPN blade, (4) SSL Network Extender, (5) Identify Awareness blade, (6) HTTPS Inspection, (7) UserCheck, or (8) Data Leak Prevention blade module is enabled, allow remote attackers to cause a denial of service (“stability issue”) via an unspecified “traffic condition.” 2014-11-16 7.1 CVE-2014-8952
SECUNIA
cisco — ios Cisco IOS on Aironet access points, when “dot11 aaa authenticator” debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509. 2014-11-14 7.1 CVE-2014-7998
freerdp_project — freerdp Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated. 2014-11-16 10.0 CVE-2014-0250
CONFIRM
BID
MLIST
SUSE
hp — helion_cloud_development_platform The Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers’ installations, which allows remote attackers to execute arbitrary code by leveraging these keys for a connection. 2014-11-13 10.0 CVE-2014-7878
huawei — ec156 Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll in the Mobile Partner directory. 2014-11-13 7.2 CVE-2014-8359
XF
BID
MISC
MISC
libreoffice — libreoffice Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599. 2014-11-07 7.5 CVE-2014-3693
SECUNIA
SECUNIA
linux — linux_kernel The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. 2014-11-10 7.8 CVE-2014-3673
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. 2014-11-10 7.8 CVE-2014-3687
CONFIRM
CONFIRM
CONFIRM
magentocommerce — magmi Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/. 2014-11-13 9.0 CVE-2014-8770
EXPLOIT-DB
OSVDB
mantisbt — mantisbt SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1609. 2014-11-13 7.5 CVE-2014-8554
XF
BID
CONFIRM
MLIST
MLIST
microsoft — windows_server_2003 Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka “TCP/IP Elevation of Privilege Vulnerability.” 2014-11-11 7.2 CVE-2014-4076
microsoft — office Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka “Microsoft IME (Japanese) Elevation of Privilege Vulnerability,” as exploited in the wild in 2014. 2014-11-11 9.3 CVE-2014-4077
microsoft — xml_core_services XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (system-state corruption) via crafted XML content, aka “MSXML Remote Code Execution Vulnerability.” 2014-11-11 9.3 CVE-2014-4118
microsoft — internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2014-6341. 2014-11-11 9.3 CVE-2014-4143
microsoft — .net_framework Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka “TypeFilterLevel Vulnerability.” 2014-11-11 9.3 CVE-2014-4149
microsoft — windows_7 Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font, aka “Denial of Service in Windows Kernel Mode Driver Vulnerability.” 2014-11-11 7.1 CVE-2014-6317
MS
CONFIRM
microsoft — windows_7 Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka “Microsoft Schannel Remote Code Execution Vulnerability.” 2014-11-11 10.0 CVE-2014-6321
microsoft — windows_7 OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, aka “Windows OLE Automation Array Remote Code Execution Vulnerability.” 2014-11-11 9.3 CVE-2014-6332
microsoft — office_compatibility_pack Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Double Delete Remote Code Execution Vulnerability.” 2014-11-11 9.3 CVE-2014-6333
microsoft — office_compatibility_pack Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka “Microsoft Office Bad Index Remote Code Execution Vulnerability.” 2014-11-11 9.3 CVE-2014-6334
microsoft — office_compatibility_pack Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka “Microsoft Office Invalid Pointer Remote Code Execution Vulnerability.” 2014-11-11 9.3 CVE-2014-6335
microsoft — internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2014-11-11 9.3 CVE-2014-6337
microsoft — internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2014-4143. 2014-11-11 9.3 CVE-2014-6341
microsoft — internet_explorer Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2014-6348. 2014-11-11 9.3 CVE-2014-6342
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2014-11-11 9.3 CVE-2014-6343
microsoft — internet_explorer Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2014-11-11 9.3 CVE-2014-6344
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2014-11-11 9.3 CVE-2014-6347
microsoft — internet_explorer Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2014-6342. 2014-11-11 9.3 CVE-2014-6348
microsoft — internet_explorer Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2014-11-11 9.3 CVE-2014-6351
microsoft — internet_explorer Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2014-11-11 9.3 CVE-2014-6353
netbsd — netbsd The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. 2014-11-17 7.5 CVE-2014-8517
SECUNIA
SECUNIA
MLIST
MLIST
SUSE
php-fusion — php-fusion Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php. 2014-11-17 7.5 CVE-2014-8596
MISC
XF
BID
EXPLOIT-DB
MISC
OSVDB
qemu — qemu The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling. 2014-11-14 7.2 CVE-2014-3689
MLIST
UBUNTU
OSVDB
DEBIAN
DEBIAN
SECUNIA
SECUNIA
SECUNIA
redhat — openshift Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors. 2014-11-13 7.5 CVE-2014-3674
rockwellautomation — connected_components_workbench Rockwell Automation Connected Components Workbench (CCW) before 7.00.00 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an invalid property value to an ActiveX control that was built with an outdated compiler. 2014-11-13 7.5 CVE-2014-5424
samba — ppp Integer overflow in the getword function in options.c in pppd in Paul’s PPP Package (ppp) before 2.4.7 allows attackers to “access privileged options” via a long word in an options file, which triggers a heap-based buffer overflow that “[corrupts] security-relevant variables.” 2014-11-15 7.5 CVE-2014-3158
CONFIRM
MLIST
FEDORA
webfs — webfs The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file. 2014-11-16 7.2 CVE-2013-0347
XF
BID
MLIST
MLIST
MLIST
OSVDB

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — air Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow remote attackers to discover session tokens via unspecified vectors. 2014-11-11 5.0 CVE-2014-8437
apache — cordova Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL. 2014-11-15 6.4 CVE-2014-3500
BID
apache — cordova Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView. 2014-11-15 4.3 CVE-2014-3501
BID
apache — cordova Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent. 2014-11-15 4.3 CVE-2014-3502
BID
apache — qpid XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message. 2014-11-17 4.3 CVE-2014-3629
XF
BID
BUGTRAQ
SECUNIA
MISC
arubanetworks — clearpass Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-11-07 4.3 CVE-2014-6620
SECUNIA
arubanetworks — clearpass Cross-site request forgery (CSRF) vulnerability in the Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to hijack the authentication of a logged in user via unspecified vectors. 2014-11-07 4.3 CVE-2014-6623
SECUNIA
bad_behavior_project — bad_behavior The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the “administer bad behavior” permission to obtain sensitive information by reading a log file. 2014-11-12 4.0 CVE-2014-8735
bestpractical — rt-extension-mobileui The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and caches via unspecified vectors. 2014-11-15 5.0 CVE-2013-3737
OSVDB
SECUNIA
cisco — unified_communications_manager The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376. 2014-11-13 4.3 CVE-2014-7991
cisco — ios The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014. 2014-11-17 5.0 CVE-2014-7992
cisco — ios The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281. 2014-11-14 6.1 CVE-2014-7997
citrix — netscaler_application_delivery_controller_firmware Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316.e before 10.1-129.1105.e, when using unspecified configurations, allows remote authenticated users to access “network resources” of other users via unknown vectors. 2014-11-07 4.9 CVE-2014-8580
codecanyon — phpsound Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Description fields in a playlist or the (3) filter parameter in an explore action to index.php. 2014-11-17 4.3 CVE-2014-8954
EXPLOIT-DB
MISC
docker — docker Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. 2014-11-17 5.0 CVE-2014-5277
CONFIRM
SUSE
drupal — ubercart The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the “administer product classes” permission to execute arbitrary PHP code via unspecified vectors. 2014-11-15 6.0 CVE-2012-2301
BID
MLIST
MLIST
SECUNIA
elipse — e3 Elipse E3 3.x and earlier allows remote attackers to cause a denial of service (application crash and plant outage) via a rapid series of HTTP requests to index.html on TCP port 1681. 2014-11-10 5.0 CVE-2014-8652
FULLDISC
MISC
f5 — big-ip_local_traffic_manager Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the “Resource Administrator” or “Administrator” role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form. 2014-11-17 6.2 CVE-2014-8727
CONFIRM
BID
EXPLOIT-DB
MISC
gnu — gnutls The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs. 2014-11-13 5.0 CVE-2014-8564
CONFIRM
SECUNIA
SECUNIA
haxx — libcurl The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. 2014-11-15 4.3 CVE-2014-3707
UBUNTU
CONFIRM
ibm — security_identity_manager Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors. 2014-11-17 5.0 CVE-2014-6095
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm — security_identity_manager Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2014-11-17 4.3 CVE-2014-6096
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm — db2 IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement. 2014-11-08 4.0 CVE-2014-6097
AIXAPAR
ibm — security_identity_manager IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request. 2014-11-17 5.0 CVE-2014-6098
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm — security_identity_manager IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors. 2014-11-17 4.3 CVE-2014-6105
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm — security_identity_manager IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. 2014-11-17 4.3 CVE-2014-6107
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm — netcool/impact Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool/Impact 6.1.1 before 6.1.1.1-TIV-NCI-IF0001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2014-11-08 4.3 CVE-2014-6161
XF
imember360 — imember360 Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that with an unspecified impact via the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to execute arbitrary commands. 2014-11-16 6.8 CVE-2014-8948
EXPLOIT-DB
SECUNIA
FULLDISC
MISC
OSVDB
imember360 — imember360 The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear whether this issue itself crosses privileges. 2014-11-16 6.0 CVE-2014-8949
EXPLOIT-DB
SECUNIA
FULLDISC
MISC
OSVDB
ipa — ilogscanner Cross-site scripting (XSS) vulnerability in IPA iLogScanner 4.0 allows remote attackers to inject arbitrary web script or HTML by triggering a crafted entry in a log file. 2014-11-14 4.3 CVE-2014-7248
JVNDB
JVN
jexperts — channel_platform Multiple cross-site scripting (XSS) vulnerabilities in JExperts Channel Platform 5.0.33_CCB allow remote attackers to inject arbitrary web script or HTML via the (1) usuario.nome variable in an editarUsuario action to usuario.do or (2) titulo.form variable in a novoChamado action to ticket.do. 2014-11-13 4.3 CVE-2014-8557
XF
BID
FULLDISC
MISC
linux — linux_kernel The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c. 2014-11-10 4.9 CVE-2014-3610
CONFIRM
CONFIRM
UBUNTU
MLIST
CONFIRM
linux — linux_kernel Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation. 2014-11-10 4.9 CVE-2014-3611
CONFIRM
UBUNTU
MLIST
CONFIRM
linux — linux_kernel arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU. 2014-11-10 4.9 CVE-2014-3690
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
linux — linux_kernel A certain Debian patch to the IPv6 implementation in the Linux kernel 3.2.x through 3.2.63 does not properly validate arguments in ipv6_select_ident function calls, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging (1) tun or (2) macvtap device access. 2014-11-10 4.9 CVE-2014-7207
CONFIRM
MLIST
linux — linux_kernel kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application. 2014-11-10 4.9 CVE-2014-7825
CONFIRM
CONFIRM
MLIST
CONFIRM
linux — linux_kernel kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. 2014-11-10 4.6 CVE-2014-7826
CONFIRM
CONFIRM
MLIST
CONFIRM
linux — linux_kernel The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601. 2014-11-10 4.6 CVE-2014-8369
MLIST
CONFIRM
CONFIRM
MLIST
CONFIRM
linux — linux_kernel The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 lacks intended decoder-table flags for certain RIP-relative instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application. 2014-11-10 4.9 CVE-2014-8480
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
linux — linux_kernel The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 does not properly handle invalid instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application that triggers (1) an improperly fetched instruction or (2) an instruction that occupies too many bytes. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8480. 2014-11-10 4.9 CVE-2014-8481
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
linux — linux_kernel The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application. 2014-11-10 4.9 CVE-2014-8559
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
CONFIRM
MLIST
linux — linux_kernel The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext information by reading packets. 2014-11-10 5.0 CVE-2014-8709
CONFIRM
MLIST
CONFIRM
CONFIRM
manageengine — password_manager_pro SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter. 2014-11-17 6.5 CVE-2014-8498
MISC
XF
BID
EXPLOIT-DB
FULLDISC
MISC
OSVDB
manageengine — password_manager_pro Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc. 2014-11-17 6.5 CVE-2014-8499
MISC
XF
XF
BID
EXPLOIT-DB
FULLDISC
MISC
OSVDB
OSVDB
megnicholas — clean_and_simple_contact_form Cross-site scripting (XSS) vulnerability in the Contact Form Clean and Simple (clean-and-simple-contact-form-by-meg-nicholas) plugin 4.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the cscf[name] parameter to contact-us/. 2014-11-17 4.3 CVE-2014-8955
XF
MISC
microsoft — internet_information_services The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the “IP Address and Domain Restrictions” list, which makes it easier for remote attackers to bypass an intended rule set via an HTTP request, aka “IIS Security Feature Bypass Vulnerability.” 2014-11-11 5.0 CVE-2014-4078
microsoft — sharepoint_foundation Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka “SharePoint Elevation of Privilege Vulnerability.” 2014-11-11 4.3 CVE-2014-4116
microsoft — windows_7 The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly log unauthorized login attempts supplying valid credentials, which makes it easier for remote attackers to bypass intended access restrictions via a series of attempts, aka “Remote Desktop Protocol (RDP) Failure to Audit Vulnerability.” 2014-11-11 5.0 CVE-2014-6318
microsoft — windows_7 The Windows Audio service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted web site, as demonstrated by execution of web script in Internet Explorer, aka “Windows Audio Service Vulnerability.” 2014-11-11 4.3 CVE-2014-6322
microsoft — internet_explorer Microsoft Internet Explorer 7 through 11 allows remote attackers to obtain sensitive clipboard information via a crafted web site, aka “Internet Explorer Clipboard Information Disclosure Vulnerability.” 2014-11-11 4.3 CVE-2014-6323
microsoft — active_directory_federation_services Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka “Active Directory Federation Services Information Disclosure Vulnerability.” 2014-11-11 5.0 CVE-2014-6331
microsoft — internet_explorer Microsoft Internet Explorer 8 and 9 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka “Internet Explorer ASLR Bypass Vulnerability.” 2014-11-11 5.0 CVE-2014-6339
microsoft — internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka “Internet Explorer Cross-domain Information Disclosure Vulnerability.” 2014-11-11 4.3 CVE-2014-6340
microsoft — internet_explorer Microsoft Internet Explorer 9 and 10 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka “Internet Explorer Cross-domain Information Disclosure Vulnerability.” 2014-11-11 4.3 CVE-2014-6345
microsoft — internet_explorer Microsoft Internet Explorer 8 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka “Internet Explorer Cross-domain Information Disclosure Vulnerability.” 2014-11-11 4.3 CVE-2014-6346
microsoft — internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka “Internet Explorer Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2014-6350. 2014-11-11 4.3 CVE-2014-6349
microsoft — internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka “Internet Explorer Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2014-6349. 2014-11-11 4.3 CVE-2014-6350
mumble — mumble The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file. 2014-11-16 5.0 CVE-2014-3755
MISC
BID
MLIST
MLIST
mumble — mumble The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip. 2014-11-16 5.0 CVE-2014-3756
BID
MLIST
MLIST
open_atrium_project — open_atrium The Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revision of the node. 2014-11-12 5.0 CVE-2014-8736
phpmemcachedadmin_project — phpmemcachedadmin Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-11-17 4.3 CVE-2014-8732
XF
BID
BUGTRAQ
BUGTRAQ
MISC
phpmoneybooks — phpmoneybooks Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. 2014-11-17 4.3 CVE-2012-1669
BID
BUGTRAQ
EXPLOIT-DB
FULLDISC
MISC
OSVDB
phpmoneybooks — phpmoneybooks Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2012-1669. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might have been fixed in 1.0.3. 2014-11-17 4.3 CVE-2012-6665
SECUNIA
OSVDB
phpmyadmin — phpmyadmin Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js. 2014-11-08 4.3 CVE-2014-6300
CONFIRM
SUSE
phpscriptlerim — php_scriptlerim_who’s_who Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who’s Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php. 2014-11-17 6.8 CVE-2014-8953
XF
EXPLOIT-DB
MISC
progress — openedge Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the selection parameter. 2014-11-12 5.0 CVE-2014-8555
MISC
EXPLOIT-DB
puppetlabs — facter Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine. 2014-11-16 6.2 CVE-2014-3248
BID
SECUNIA
SECUNIA
MISC
qemu — qemu Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption. 2014-11-15 4.6 CVE-2014-5388
MLIST
CONFIRM
UBUNTU
MLIST
MLIST
CONFIRM
qemu — qemu The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. 2014-11-14 5.0 CVE-2014-7815
CONFIRM
SECUNIA
SECUNIA
SECUNIA
CONFIRM
redhat — openshift Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme. 2014-11-16 6.5 CVE-2014-0233
CONFIRM
redhat — libvirt The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE, which triggers the use of the VIR_DOMAIN_XML_SECURE flag. 2014-11-13 5.0 CVE-2014-7823
SECUNIA
rubyonrails — ruby_on_rails The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string. 2014-11-16 5.0 CVE-2014-3916
XF
BID
MLIST
MLIST
rubyonrails — ruby_on_rails Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow. 2014-11-15 5.0 CVE-2014-4975
CONFIRM
XF
UBUNTU
MLIST
rubyonrails — ruby_on_rails Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence. 2014-11-08 4.3 CVE-2014-7818
MLIST
rubyonrails — ruby_on_rails Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding. 2014-11-08 5.0 CVE-2014-7819
MLIST
MLIST
trendmicro — interscan_web_security_virtual_appliance The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration input when saving filters. 2014-11-07 4.0 CVE-2014-8510
MISC
uninett — mod_auth_mellon The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a “session overflow” involving “sessions overlapping in memory.” 2014-11-15 6.4 CVE-2014-8566
SECUNIA
REDHAT
vtiger — vtiger_crm views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter. 2014-11-15 5.0 CVE-2014-2268
MISC
BID
EXPLOIT-DB
zend — zend_framework Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657. 2014-11-15 6.4 CVE-2014-2681
MANDRIVA
MLIST
CONFIRM
zend — zend_framework Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0, when PHP-FPM is used, does not properly share the libxml_disable_entity_loader setting between threads, which might allow remote attackers to conduct XML External Entity (XXE) attacks via an XML external entity declaration in conjunction with an entity reference. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657. 2014-11-15 6.8 CVE-2014-2682
MANDRIVA
MLIST
CONFIRM
zend — zend_framework Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-6532. 2014-11-15 5.0 CVE-2014-2683
MANDRIVA
MLIST
CONFIRM
zend — zend_framework The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association handle, which allows remote attackers to bypass authentication and spoof arbitrary OpenID identities by using a malicious OpenID Provider that generates OpenID tokens with arbitrary identifier and claimed_id values. 2014-11-15 6.4 CVE-2014-2684
MANDRIVA
MLIST
CONFIRM

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — hive Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI. 2014-11-16 3.5 CVE-2014-0228
BUGTRAQ
MISC
drupal — organic_groups_menu The Organic Groups Menu (aka OG Menu) module before 7.x-2.2 for Drupal allows remote authenticated users with the “access administration pages” permission to change module settings via unspecified vectors. 2014-11-12 3.5 CVE-2014-8734
XF
eucalyptus — eucalyptus Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obtain sensitive information by reading cloud-requests.log. 2014-11-07 2.1 CVE-2014-5037
SECUNIA
eucalyptus — eucalyptus Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or lower, logs user and system passwords, which allows local users to obtain sensitive information by reading the cloud log files. 2014-11-07 2.1 CVE-2014-5038
forgerock — openam The Core Server in OpenAM 9.5.3 through 9.5.5, 10.0.0 through 10.0.2, 10.1.0-Xpress, and 11.0.0 through 11.0.2, when deployed on a multi-server network, allows remote authenticated users to cause a denial of service (infinite loop) via a crafted cookie in a request. 2014-11-13 3.5 CVE-2014-7246
JVNDB
JVN
freebsd — freebsd The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer. 2014-11-13 2.1 CVE-2014-8476
FREEBSD
SECUNIA
SECUNIA
ibm — security_identity_manager IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation. 2014-11-17 3.3 CVE-2014-6110
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm — sterling_b2b_integrator IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the Connect:Direct Server Adapter is configured, does not properly process the logging configuration, which allows local users to obtain sensitive information by reading log files. 2014-11-08 1.9 CVE-2014-6146
XF
AIXAPAR
ibm — db2 IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement. 2014-11-08 3.5 CVE-2014-6159
XF
AIXAPAR
AIXAPAR
AIXAPAR
linux — linux_kernel arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. 2014-11-10 2.1 CVE-2014-3645
CONFIRM
MLIST
CONFIRM
linux — linux_kernel arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. 2014-11-10 2.1 CVE-2014-3646
CONFIRM
CONFIRM
UBUNTU
MLIST
linux — linux_kernel arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. 2014-11-10 2.1 CVE-2014-3647
CONFIRM
CONFIRM
UBUNTU
MLIST
CONFIRM
nlnetlabs — ldns The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file. 2014-11-15 2.1 CVE-2014-3209
CONFIRM
CONFIRM
BID
MLIST
MLIST
python — python Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. 2014-11-15 3.3 CVE-2014-2667
MLIST
MLIST
MLIST
SUSE
SUSE
qemu — qemu The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket. 2014-11-07 2.1 CVE-2014-3640
DEBIAN
MLIST
MLIST
MLIST
redhat — jboss_enterprise_application_platform JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions audit.log, which allows local users to obtain sensitive information by reading this file. 2014-11-17 2.1 CVE-2014-0059
redhat — openshift Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp. 2014-11-13 2.1 CVE-2014-3602

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Reposted from US-CERT. Click here to read the original posting.

Posted in: US-CERT All

Leave a Comment (0) ↓