SB14-013: Vulnerability Summary for the Week of January 6, 2014

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Title: SB14-013: Vulnerability Summary for the Week of January 6, 2014

NCCIC / US-CERT

National Cyber Awareness System:

SB14-013: Vulnerability Summary for the Week of January 6, 2014
01/13/2014 06:13 AM EST

Original release date: January 13, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
conceptronic -- c54apm The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks. 2014-01-10 7.8 CVE-2014-1408
cru-inc -- ditto_forensic_fieldstation CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the forensic imaging task. 2014-01-07 10.0 CVE-2013-6881
cru-inc -- ditto_forensic_fieldstation The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges. 2014-01-07 10.0 CVE-2013-6884
cynthia_fridsma -- horizon_quick_content_management_system SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter. 2014-01-09 7.5 CVE-2013-7139
devscripts_devel_team -- devscripts Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball. 2014-01-07 7.5 CVE-2013-6888
google -- picasa Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a crafted JPEG tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a large JPEG tag value and a small size. 2014-01-08 7.5 CVE-2013-5349
google -- picasa Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a long TIFF tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a long TIFF StripByteCounts tag. 2014-01-08 7.5 CVE-2013-5357
google -- picasa Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to trigger memory corruption via a crafted TIFF tag, as demonstrated using a KDC file with a DSLR-A100 model and certain sequences of tags. 2014-01-08 7.5 CVE-2013-5358
google -- picasa Stack-based buffer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 might allow remote attackers to execute arbitrary code via a crafted RAW file, as demonstrated using a KDC file with a certain size. 2014-01-08 7.5 CVE-2013-5359
graphviz -- graphviz Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file. 2014-01-10 9.3 CVE-2014-0978
graphviz -- graphviz Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list." 2014-01-10 10.0 CVE-2014-1236
hp -- storage_data_protector Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1866. 2014-01-03 10.0 CVE-2013-2344
hp -- storage_data_protector Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1869. 2014-01-03 10.0 CVE-2013-2345
hp -- storage_data_protector Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1870. 2014-01-03 10.0 CVE-2013-2346
hp -- storage_data_protector Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1885. 2014-01-03 10.0 CVE-2013-2347
hp -- storage_data_protector Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1892. 2014-01-03 10.0 CVE-2013-2348
hp -- storage_data_protector Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1896. 2014-01-03 10.0 CVE-2013-2349
hp -- storage_data_protector Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1897. 2014-01-03 10.0 CVE-2013-2350
hp -- storage_data_protector Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905. 2014-01-03 10.0 CVE-2013-6194
hp -- storage_data_protector Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-2008. 2014-01-03 10.0 CVE-2013-6195
ibm -- atlas_ediscovery_process_management SQL injection vulnerability in IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite (aka Atlas Policy Suite) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2014-01-10 7.5 CVE-2013-6321
libreswan -- libreswan Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages in libreswan 3.6 has unspecified impact and attack vectors, involving the /var/tmp/libreswan-nss-pwd temporary file. 2014-01-09 9.3 CVE-2013-7283
mini-stream -- castripper Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long URL in the [playlist] section in a .pls file, a different vector than CVE-2009-1667. 2014-01-03 7.5 CVE-2009-5137
naxtech -- cms_afroditi SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to default.asp. 2014-01-08 7.5 CVE-2013-7278
nisuta -- ns-wir150ne The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WIR300N router with firmware 5.07.36_NIS01 allows remote attackers to bypass authentication via a "Cookie: :language=en" HTTP header. 2014-01-10 10.0 CVE-2013-7282
qnap -- qts Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS before 4.1.0 allows remote attackers to read arbitrary files via a full pathname in the f parameter. 2014-01-09 7.8 CVE-2013-7174
real -- realplayer Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877. 2014-01-03 7.5 CVE-2013-7260
symantec -- endpoint_protection The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authenticated users to gain privileges by leveraging access to a limited-admin account. 2014-01-10 7.4 CVE-2013-5009
symantec -- endpoint_protection Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 allows local users to gain privileges via a crafted program in the %SYSTEMDRIVE% directory. 2014-01-10 7.2 CVE-2013-5011
synology -- diskstation_manager webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header. 2014-01-09 10.0 CVE-2013-6955
x -- libxfont Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file. 2014-01-09 9.3 CVE-2013-6462
xen -- xen The get_free_port function in Xen allows local authenticated DomU users to cause a denial of service or possibly gain privileges via unspecified vectors involving a new event channel port. 2014-01-07 7.7 CVE-2011-1763
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
7mediaws -- edutrac Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the showmask parameter to installer/overview.php. 2014-01-08 5.0 CVE-2013-7097
ad-minister_project -- ad-minister Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the key parameter in a delete action to wp-admin/tools.php. 2014-01-03 4.3 CVE-2013-6993
amberdms -- amberdms_billing_system Amberdms Billing System (ABS) before 1.4.1 does not properly implement blacklisting after detection of invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. 2014-01-10 6.4 CVE-2010-5291
anthony_mills -- s3_video Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video plugin before 0.983 for WordPress allows remote attackers to inject arbitrary web script or HTML via the base parameter. 2014-01-08 4.3 CVE-2013-7279
aphpkb -- aphpkb Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to saa.php, (2) username parameter to login.php, or (3) keyword_list parameter to keysearch.php. 2014-01-08 4.3 CVE-2013-7277
aphpkb -- aphpkb Multiple cross-site scripting (XSS) vulnerabilities in register.php in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, (3) email, or (4) username parameter. 2014-01-10 4.3 CVE-2013-7289
askapache -- firefox_adsense Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Firefox Adsense plugin 3.0 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the aafireadcode parameter to wp-admin/options-general.php. 2014-01-03 6.8 CVE-2013-6992
cisco -- secure_access_control_system Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud89431. 2014-01-10 4.3 CVE-2013-6974
cisco -- nx-os The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote attackers to cause a denial of service (peer reset) via a crafted message, aka Bug ID CSCuj03174. 2014-01-08 4.3 CVE-2013-6982
cisco -- context_directory_agent The administrative interface in Cisco Context Directory Agent (CDA) does not properly enforce authorization requirements, which allows remote authenticated users to obtain administrative access by hijacking a session, aka Bug ID CSCuj45347. 2014-01-08 4.9 CVE-2014-0651
cisco -- context_directory_agent Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuj45358. 2014-01-08 4.3 CVE-2014-0652
cisco -- adaptive_security_appliance The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340. 2014-01-08 4.3 CVE-2014-0653
cisco -- context_directory_agent Cisco Context Directory Agent (CDA) allows remote attackers to modify the cache via a replay attack involving crafted RADIUS accounting messages, aka Bug ID CSCuj45383. 2014-01-08 4.3 CVE-2014-0654
cisco -- adaptive_security_appliance The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID CSCuj45332. 2014-01-08 4.3 CVE-2014-0655
cisco -- context_directory_agent Cisco Context Directory Agent (CDA) allows remote authenticated users to trigger the omission of certain user-interface data via crafted field values, aka Bug ID CSCuj45353. 2014-01-08 4.0 CVE-2014-0656
cisco -- unified_communications_manager The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540. 2014-01-08 4.0 CVE-2014-0657
cisco -- unified_ip_phone_9951 Cisco 9900 Unified IP phones allow remote attackers to cause a denial of service (unregistration) via a crafted SIP header, aka Bug ID CSCul24898. 2014-01-10 5.4 CVE-2014-0658
cisco -- secure_access_control_system Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum03625. 2014-01-10 4.3 CVE-2014-0663
cisco -- unity_connection The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service (CPU consumption) via unspecified IMAP commands, aka Bug ID CSCul49976. 2014-01-10 6.8 CVE-2014-0664
codiad -- codiad Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the Project Name field. 2014-01-03 4.3 CVE-2013-7257
conceptronic -- c54apm Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup. 2014-01-10 5.8 CVE-2014-1405
conceptronic -- c54apm CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action. 2014-01-10 4.3 CVE-2014-1406
conceptronic -- c54apm Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup. 2014-01-10 4.3 CVE-2014-1407
cynthia_fridsma -- horizon_quick_content_management_system Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter. 2014-01-09 5.0 CVE-2013-7138
dotnetblogengine -- blogengine.net BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file. 2014-01-03 5.0 CVE-2013-6953
ecava -- integraxor The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL. 2014-01-09 5.0 CVE-2014-0752
foliovision -- foliopress_wysiwyg Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-01-08 4.3 CVE-2014-1232
freerdp_project -- freerdp Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet. 2014-01-03 6.8 CVE-2014-0791
google -- chrome Google Chrome before 21.0.1180.82 on iOS on iPad devices allows remote attackers to spoof the Omnibox URL via vectors involving SSL error messages, a related issue to CVE-2012-0674. 2014-01-05 5.0 CVE-2012-2898
google -- chrome Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors involving the document.write method. 2014-01-05 4.3 CVE-2012-2899
hansotools -- hanso_playerools Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier allows remote attackers to cause a denial of service (crash) via a long string in a .m3u file. 2014-01-08 5.0 CVE-2013-7280
ibm -- atlas_ediscovery_process_management IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite (aka Atlas Policy Suite) do not properly validate sessions, which allows remote attackers to bypass intended access restrictions, and visit PolicyAtlas/ResponseDraftServlet (aka the Compliance Questionnaire Save Draft servlet), via unspecified vectors. 2014-01-10 6.4 CVE-2013-6334
libreswan -- libreswan Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet. 2014-01-07 5.0 CVE-2013-4564
linux -- linux_kernel The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. 2014-01-06 4.9 CVE-2013-7263
linux -- linux_kernel The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. 2014-01-06 4.9 CVE-2013-7264
linux -- linux_kernel The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. 2014-01-06 4.9 CVE-2013-7265
linux -- linux_kernel The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. 2014-01-06 4.9 CVE-2013-7266
linux -- linux_kernel The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. 2014-01-06 4.9 CVE-2013-7267
linux -- linux_kernel The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. 2014-01-06 4.9 CVE-2013-7268
linux -- linux_kernel The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. 2014-01-06 4.9 CVE-2013-7269
linux -- linux_kernel The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. 2014-01-06 4.9 CVE-2013-7270
linux -- linux_kernel The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. 2014-01-06 4.9 CVE-2013-7271
linux -- linux_kernel The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. 2014-01-08 4.9 CVE-2013-7281
mybb -- mybb Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup. 2014-01-08 4.3 CVE-2013-7275
mybb -- mybb Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs. 2014-01-10 4.3 CVE-2013-7288
open-xchange -- open-xchange_appsuite Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing "crafted hyperlinks with script URL handlers." 2014-01-08 4.3 CVE-2013-6997
openssl -- openssl The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. 2014-01-08 4.3 CVE-2013-4353
openstack -- havana Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron. 2014-01-07 5.0 CVE-2013-6419
opsview -- opsview Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-01-03 4.3 CVE-2013-7254
opsview -- opsview Open redirect vulnerability in Opsview before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2014-01-03 5.8 CVE-2013-7255
opsview -- opsview Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. 2014-01-03 6.8 CVE-2013-7256
phusion -- passenger Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem. 2014-01-03 4.6 CVE-2013-2119
recommend_to_a_friend_project -- recommend_to_a_friend Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the current_url parameter. 2014-01-08 4.3 CVE-2013-7276
seagate -- blackarmor_nas_220 Multiple cross-site scripting (XSS) vulnerabilities in Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname parameter to admin/access_control_user_edit.php or (2) workname parameter to admin/network_workgroup_domain.php. 2014-01-09 4.3 CVE-2013-6923
sixapart -- movabletype Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Movable Type 5.0x, 5.1x before 5.161, 5.2.x before 5.2.9, and 6.0.x before 6.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-01-10 4.3 CVE-2014-0977
symantec -- endpoint_protection The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended policy restrictions and access files or directories via unspecified vectors. 2014-01-10 4.6 CVE-2013-5010
technicolor -- tc7200 Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route. 2014-01-08 4.3 CVE-2014-0620
technicolor -- tc7200 Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall. 2014-01-08 6.8 CVE-2014-0621
umn -- mapserver SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter. 2014-01-05 6.8 CVE-2013-7262
wallpaperscript -- wallpaperscript Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated users to inject arbitrary web script or HTML via the title field in a wallpaper file upload. 2014-01-08 4.3 CVE-2013-7274
web2ldap -- web2ldap Cross-site scripting (XSS) vulnerability in web2ldap 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "displaying group DN and entry data in group administration UI." 2014-01-03 4.3 CVE-2013-7258
westerndeal -- advanced_dewplayer Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter. 2014-01-03 5.0 CVE-2013-7240
wokamoto -- wp-cron_dashboard Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the procname parameter to wp-admin/tools.php. 2014-01-03 4.3 CVE-2013-6991
xen -- xen Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables. 2014-01-07 5.5 CVE-2011-1166
xen -- xen The instruction emulation in Xen 3.0.3 allows local SMP guest users to cause a denial of service (host crash) by replacing the instruction that causes the VM to exit in one thread with a different instruction in a different thread. 2014-01-07 6.1 CVE-2011-1780
xen -- xen Xen, when using x86 Intel processors and the VMX virtualization extension is enabled, does not properly handle cpuid instruction emulation when exiting the VM, which allows local guest users to cause a denial of service (guest crash) via unspecified vectors. 2014-01-07 4.9 CVE-2011-1936
Back to top

Low Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
amberdms -- amberdms_billing_system Amberdms Billing System (ABS) before 1.4.1, when a multi-instance installation is configured, might allow local users to obtain sensitive information by reading the cache in between runs of the include/cron/services_usage.php cron job. 2014-01-10 1.9 CVE-2010-5292
apache -- libcloud Libcloud 012.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM. 2014-01-07 2.1 CVE-2013-6480
hp -- linux_imaging_and_printing_project base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file. 2014-01-05 2.1 CVE-2013-6402
mantisbt -- mantisbt Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name. 2014-01-10 3.5 CVE-2013-4460
paratrooper-newrelic_project -- paratrooper-newrelic The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process. 2014-01-10 2.1 CVE-2014-1234
puppetlabs -- puppet Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files. 2014-01-07 2.1 CVE-2013-4969
redhat -- libvirt The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the "virsh memtune" command. 2014-01-07 2.1 CVE-2013-6436
tobias_maier -- paratrooper-pingdom The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process. 2014-01-10 2.1 CVE-2014-1233
Back to top

 

This product is provided subject to this Notification and this Privacy & Use policy.

This email was sent to linux-security@xxxxxxxxxxx using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (703) 235-5110 Powered by GovDelivery
[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux