SB14-314: Vulnerability Summary for the Week of November 3, 2014

"US-CERT" <US-CERT@xxxxxxxxxxxxxxxx> · Mon, 10 Nov 2014 07:16:15 -0600

Title:     SB14-314: Vulnerability Summary for the Week of November 3, 2014

  National Cyber Awareness System:

SB14-314: Vulnerability Summary for the Week of November 3, 2014
11/10/2014 06:37 AM EST

Original release date: November 10, 2014 

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info

accuenergy -- acuvim_ii
The web server on the AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to bypass authentication and modify settings via a direct request to an unspecified URL.
2014-11-05
7.5
CVE-2014-2373

accuenergy -- acuvim_ii
The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving _javascript_.
2014-11-05
7.5
CVE-2014-2374

asus -- rt_firmware
ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image.
2014-11-04
7.8
CVE-2014-2718
XF
BID
FULLDISC
MISC
MISC

bittorrent -- bootstrap-dht
The lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap) allows remote attackers to execute arbitrary code via a crafted packet, which triggers an out-of-bounds read, related to "Improper Indexing."
2014-10-31
7.5
CVE-2014-8509
CONFIRM
MISC
BID

ca -- cloud_service_management
CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
2014-11-04
7.5
CVE-2014-8474

cisco -- rv120w
The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126.
2014-11-07
9.0
CVE-2014-2177

cisco -- rv120w
Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145.
2014-11-07
7.5
CVE-2014-2178

clip-share -- clipshare
SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ClipShare 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ch parameter.
2014-11-04
7.5
CVE-2014-8339
XF
MISC
MISC

compal_broadband_networks -- firmware
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors.
2014-11-06
10.0
CVE-2014-8656
MISC
EXPLOIT-DB
MISC
OSVDB

cp_multi_view_event_calendar_project -- cp_multi_view_event_calendar
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter.
2014-11-04
7.5
CVE-2014-8586
XF
BID
EXPLOIT-DB
MISC
OSVDB

debian -- apt
APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.
2014-11-03
7.5
CVE-2014-0487
SECUNIA
SECUNIA

debian -- apt
APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.
2014-11-03
7.5
CVE-2014-0489
SECUNIA
SECUNIA

debian -- apt
The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.
2014-11-03
7.5
CVE-2014-0490
SECUNIA
SECUNIA

emc -- rsa_web_threat_detection
SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
2014-11-07
9.0
CVE-2014-4627
BUGTRAQ

espocrm -- espocrm
Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php.
2014-10-31
10.0
CVE-2014-7985
MISC
BID
BUGTRAQ
MISC

ffmpeg -- ffmpeg
Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.
2014-11-03
7.5
CVE-2014-5271
CONFIRM
OSVDB
CONFIRM

ffmpeg -- ffmpeg
libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data.
2014-11-05
7.5
CVE-2014-8541
CONFIRM
CONFIRM

ffmpeg -- ffmpeg
libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.
2014-11-05
7.5
CVE-2014-8542
CONFIRM
CONFIRM

ffmpeg -- ffmpeg
libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data.
2014-11-05
7.5
CVE-2014-8543
CONFIRM
CONFIRM

ffmpeg -- ffmpeg
libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.
2014-11-05
7.5
CVE-2014-8544
CONFIRM
CONFIRM

ffmpeg -- ffmpeg
libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data.
2014-11-05
7.5
CVE-2014-8545
CONFIRM
CONFIRM

ffmpeg -- ffmpeg
Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data.
2014-11-05
7.5
CVE-2014-8546
CONFIRM
CONFIRM

ffmpeg -- ffmpeg
libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data.
2014-11-05
7.5
CVE-2014-8547
CONFIRM
CONFIRM

ffmpeg -- ffmpeg
Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data.
2014-11-05
7.5
CVE-2014-8548
CONFIRM
CONFIRM

ffmpeg -- ffmpeg
libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data.
2014-11-05
7.5
CVE-2014-8549
CONFIRM
CONFIRM

fortinet -- coyote_point_equalizer
FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors.
2014-11-01
7.5
CVE-2014-8582
XF
CONFIRM

freeradius -- freeradius
Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.
2014-11-01
7.5
CVE-2014-2015
CONFIRM
UBUNTU
MLIST
MLIST
MLIST

french_national_commission_on_informatics_and_liberty -- cookieviz
SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the domain parameter.
2014-11-06
7.5
CVE-2014-8351
XF
FULLDISC

hp -- laserjet_cm3530_multifunction_printer_firmware
Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Printer CC519A and CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.
2014-11-04
9.0
CVE-2014-7875

joomla -- joomla!
Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive.
2014-11-03
7.5
CVE-2014-7228
MISC

linksys -- e4200v2
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain sensitive information or modify data via a JNAP action in a JNAP/ HTTP request.
2014-11-01
7.5
CVE-2014-8244

pro_softnet_corporation -- ibackup
iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Control) for ib_service.exe, which allows local users to gain privileges via a Trojan horse file.
2014-11-03
7.2
CVE-2014-5507
XF
BID
EXPLOIT-DB
MISC

qemu -- qemu
Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow.
2014-11-04
7.5
CVE-2013-4148
FEDORA
CONFIRM

qemu -- qemu
Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table.
2014-11-04
7.5
CVE-2013-4149
FEDORA
CONFIRM

qemu -- qemu
The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an out-of-bounds write.
2014-11-04
7.5
CVE-2013-4150
FEDORA
CONFIRM

qemu -- qemu
The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write.
2014-11-04
7.5
CVE-2013-4151
FEDORA
CONFIRM

qemu -- qemu
Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports.
2014-11-04
7.5
CVE-2013-4526
MLIST
FEDORA
CONFIRM

qemu -- qemu
Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers.
2014-11-04
7.5
CVE-2013-4527
MLIST
FEDORA
CONFIRM

qemu -- qemu
Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image.
2014-11-04
7.5
CVE-2013-4529
MLIST
FEDORA

qemu -- qemu
Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image.
2014-11-04
7.5
CVE-2013-4530
MLIST
FEDORA
CONFIRM

qemu -- qemu
Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len in a savevm image.
2014-11-04
7.5
CVE-2013-4531
MLIST
FEDORA
CONFIRM

qemu -- qemu
Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image.
2014-11-04
7.5
CVE-2013-4533
MLIST
FEDORA
CONFIRM

qemu -- qemu
Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements.
2014-11-04
7.5
CVE-2013-4534
MLIST
FEDORA
CONFIRM

qemu -- qemu
The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image.
2014-11-04
7.5
CVE-2013-4537
MLIST
FEDORA
CONFIRM

qemu -- qemu
Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image.
2014-11-04
7.5
CVE-2013-4538
MLIST
FEDORA
CONFIRM

qemu -- qemu
Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image.
2014-11-04
7.5
CVE-2013-4539
MLIST
FEDORA
CONFIRM

qemu -- qemu
Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image.
2014-11-04
7.5
CVE-2013-4540
MLIST
FEDORA
CONFIRM

qemu -- qemu
The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value.
2014-11-04
7.5
CVE-2013-4541
FEDORA
CONFIRM

qemu -- qemu
The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access.
2014-11-04
7.5
CVE-2013-4542
FEDORA
CONFIRM

qemu -- qemu
Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image.
2014-11-04
7.5
CVE-2013-6399
FEDORA
CONFIRM

qemu -- qemu
Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image.
2014-11-04
7.5
CVE-2014-0182
FEDORA
CONFIRM

qemu -- qemu
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.
2014-11-04
7.5
CVE-2014-0222
MLIST
FEDORA
FEDORA

rsyslog -- rsyslog
rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.
2014-11-01
7.5
CVE-2014-3634
MLIST
DEBIAN
SECUNIA
SECUNIA

sap -- commoncryptolib
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.
2014-11-04
7.5
CVE-2014-8587
CONFIRM
CONFIRM
SECUNIA
MISC

sap -- hana
SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
2014-11-04
7.5
CVE-2014-8588
MISC
MISC
MISC

sap -- document_management_services
SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors.
2014-11-06
7.2
CVE-2014-8660
MISC
MISC
MISC

sap -- customer_relationship_management_internet_sales
The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors.
2014-11-06
10.0
CVE-2014-8661
MISC
MISC

sap -- payroll_process
Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling.
2014-11-06
7.8
CVE-2014-8662
MISC
MISC

sap -- netweaver_business_warehouse
SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
2014-11-06
7.5
CVE-2014-8663
MISC
MISC

sap -- environment_health_and_safety
SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
2014-11-06
7.5
CVE-2014-8664
MISC
MISC

sap -- contract_accounting
SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
2014-11-06
7.5
CVE-2014-8668
MISC
MISC

sap -- customer_relationship_management
The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors.
2014-11-06
10.0
CVE-2014-8669
MISC
MISC
MISC

smarty -- smarty
Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.
2014-11-03
7.5
CVE-2014-8350
CONFIRM
CONFIRM
XF
BID
MLIST
MLIST

symantec -- endpoint_protection_manager
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
2014-11-07
7.5
CVE-2014-3437
BID

testlink -- testlink
lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter.
2014-10-31
7.5
CVE-2014-8081
CONFIRM
XF
BID
BUGTRAQ

Back to top

Medium Vulnerabilities

Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info

abb -- robotstudio
Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.61.02 and Test Signal Viewer 1.5 allows local users to gain privileges via a Trojan horse DLL that is accessed as a result of incorrect DLL configuration by an optional installation program.
2014-11-07
6.9
CVE-2014-5430
MISC

ait-pro -- bulletproof-security
Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter.
2014-11-06
4.3
CVE-2014-7958
BUGTRAQ
MISC

ait-pro -- bulletproof-security
SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter.
2014-11-06
6.5
CVE-2014-7959
BUGTRAQ
MISC

allomani -- allomani_weblinks
Multiple cross-site scripting (XSS) vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default URI to admin.php or the (2) id parameter to admin.php or (3) go.php.
2014-11-04
4.3
CVE-2014-8593
XF
BID
MISC

axway -- securetransport
Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/.
2014-11-04
6.8
CVE-2013-7057
XF
EXPLOIT-DB
OSVDB

bundler -- bundler
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.
2014-10-31
5.0
CVE-2013-0334
FEDORA
FEDORA
FEDORA

ca -- cloud_service_management
CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to conduct replay attacks via unspecified vectors.
2014-11-04
4.3
CVE-2014-8471

ca -- cloud_service_management
CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.
2014-11-04
6.8
CVE-2014-8472

ca -- cloud_service_management
Cross-site request forgery (CSRF) vulnerability in CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
2014-11-04
6.8
CVE-2014-8473

cisco -- rv120w
The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998.
2014-11-07
5.0
CVE-2014-2179

cisco -- unity_connection
The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCur06493.
2014-11-07
4.0
CVE-2014-7988

cisco -- b200_m3
Cisco Unified Computing System on B-Series blade servers allows local users to gain shell privileges via a crafted (1) ping6 or (2) traceroute6 command, aka Bug ID CSCuq38176.
2014-11-07
6.8
CVE-2014-7989

cisco -- air-ct5760
Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the "request system shell" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815.
2014-11-07
6.8
CVE-2014-7990

citrix -- xenmobile
Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 applications, does not properly encrypt cached application data, which allows context-dependent attackers to obtain sensitive information by reading the cache.
2014-10-31
5.0
CVE-2014-8495
XF
BID

classapps -- selectsurvey.net
Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx.
2014-11-06
6.5
CVE-2014-6030
FULLDISC
MISC

compal_broadband_networks -- firmware
Cross-site scripting (XSS) vulnerability in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to inject arbitrary web script or HTML via the userData cookie.
2014-11-06
4.3
CVE-2014-8653
XF
MISC
BID
EXPLOIT-DB
MISC
OSVDB

compal_broadband_networks -- firmware
Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attackers to hijack the authentication of administrators for requests that (1) have unspecified impact on DDNS configuration via a request to basicDDNS.html, (2) change the wifi password via the psKey parameter to setWirelessSecurity.html, (3) add a static MAC address via the MacAddress parameter in an add_static action to setBasicDHCP1.html, or (4) enable or disable UPnP via the UPnP parameter in an apply action to setAdvancedOptions.html.
2014-11-06
6.8
CVE-2014-8654
XF
MISC
BID
EXPLOIT-DB
MISC
OSVDB
OSVDB
OSVDB
OSVDB

compal_broadband_networks -- firmware
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via an (a) admin or a (b) root value in the userData cookie in a request to (1) CmgwWirelessSecurity.xml, (2) DocsisConfigFile.xml, or (3) CmgwBasicSetup.xml in xml/ or (4) basicDDNS.html, (5) basicLanUsers.html, or (6) rootDesc.xml.
2014-11-06
5.0
CVE-2014-8655
XF
BID
EXPLOIT-DB
MISC
OSVDB

compal_broadband_networks -- firmware
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to cause a denial of service (disconnect all wifi clients) via a request to wirelessChannelStatus.html.
2014-11-06
5.0
CVE-2014-8657
XF
MISC
EXPLOIT-DB
MISC
OSVDB

croogo -- croogo
Multiple cross-site scripting (XSS) vulnerabilities in Croogo before 2.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to admin/contacts/contacts/add page; (2) data[Block][title] or (3) data[Block][alias] parameter to admin/blocks/blocks/edit page; (4) data[Region][title] parameter to admin/blocks/regions/add page; (5) data[Menu][title] or (6) data[Menu][alias] parameter to admin/menus/menus/add page; or (7) data[Link][title] parameter to admin/menus/links/add/menu page.
2014-10-31
4.3
CVE-2014-8577
MISC
XF
OSVDB
OSVDB
OSVDB
OSVDB
EXPLOIT-DB
MISC

debian -- apt
APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.
2014-11-03
6.8
CVE-2014-0488
SECUNIA
SECUNIA

denon -- avr-3313ci
Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname.
2014-11-06
4.3
CVE-2014-8508
MISC

download_manager_project -- download_manager
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
2014-11-04
5.0
CVE-2014-8585
XF
BID
MISC

ellislab -- expressionengine
Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php.
2014-11-04
6.5
CVE-2014-5387
MISC
MISC
FULLDISC

enalean -- tuleap
SQL injection vulnerability in Enalean Tuleap before 7.5 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman.
2014-11-04
6.5
CVE-2014-7176
MISC
XF
BID
EXPLOIT-DB
FULLDISC
MISC

enalean -- tuleap
XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.
2014-10-31
4.0
CVE-2014-7177
MISC
CONFIRM
XF
BID
OSVDB
FULLDISC

epicor -- epicor_enterprise
Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection and email settings page.
2014-11-03
5.0
CVE-2014-4311
EXPLOIT-DB
FULLDISC
MISC

espocrm -- espocrm
install/index.php in EspoCRM before 2.6.0 allows remote attackers to re-install the application via a 1 value in the installProcess parameter.
2014-10-31
5.0
CVE-2014-7986
MISC
BID
BUGTRAQ
MISC

espocrm -- espocrm
Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php.
2014-10-31
4.3
CVE-2014-7987
MISC
BID
BUGTRAQ
MISC

estsoft -- alupdate
ESTsoft ALUpdate 8.5.1.0.0 uses weak permissions (Users: Full Control) for the (1) AlUpdate folder and (2) AlUpdate.exe, which allows local users to gain privileges via a Trojan horse file.
2014-11-03
4.6
CVE-2014-8494
XF
BID
MISC

f5 -- big-ip_advanced_firewall_manager
Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.0, ARM 11.3.0 through 11.6.0, Analytics 11.0.0 through 11.6.0, APM and Edge Gateway 11.0.0 through 11.6.0 and 10.1.0 through 10.2.4, PEM 11.3.0 through 11.6.0, PSM 11.0.0 through 11.4.1 and 10.0.0 through 10.2.4, and WOM 11.0.0 through 11.3.0 and 10.0.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allow remote authenticated users to read arbitrary files and cause a denial of service via a crafted request, as demonstrated using (1) viewList or (2) deal elements.
2014-11-01
5.5
CVE-2014-6032
MISC
MISC
FULLDISC
FULLDISC
FULLDISC

ffmpeg -- ffmpeg
libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats.
2014-11-03
6.8
CVE-2014-5272
CONFIRM
MLIST

formalms_project -- formalms
Multiple cross-site scripting (XSS) vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the (1) id_custom parameter in an amanmenu request or (2) id_game parameter in an alms/games/edit request to appCore/index.php.
2014-11-06
4.3
CVE-2014-5257
MISC
BUGTRAQ
MISC

fortinet -- fortianalyzer_firmware
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.
2014-10-31
4.3
CVE-2014-2334

fortinet -- fortianalyzer_firmware
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.
2014-10-31
4.3
CVE-2014-2335

fortinet -- fortimanager
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.
2014-10-31
4.3
CVE-2014-2336

french_national_commission_on_informatics_and_liberty -- cookieviz
Cross-site scripting (XSS) vulnerability in json.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz allows remote we servers to inject arbitrary web script or HTML via the max_date parameter.
2014-11-06
4.3
CVE-2014-8352
XF
FULLDISC

gwt_mobile_phonegap_showcase_project -- gwt_mobile_phonegap_showcase
Cross-site scripting (XSS) vulnerability in the GWT Mobile PhoneGap Showcase application for Android allows remote attackers to inject arbitrary web script or HTML via a crafted Bluetooth Device Name field.
2014-11-07
4.3
CVE-2014-8671
MISC
MISC

ibm -- websphere_commerce
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
2014-11-05
4.0
CVE-2014-4769
XF

ibm -- cognos_mobile
IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and 10.2.1 before FP4 IF1 preserves a session between the Cognos Mobile server and the Cognos Business Intelligence server after a logoff action on a mobile device, which makes it easier for remote attackers to bypass intended Business Intelligence restrictions by leveraging access to authentication data that was captured before this logoff.
2014-11-05
4.3
CVE-2014-4810
XF

ibm -- websphere_commerce
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application crash) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
2014-11-05
4.3
CVE-2014-4834
XF

ibm -- notes_traveler
The IBM Notes Traveler application before 9.0.1.3 for Android lacks a warning message during selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which the user had intended to use HTTPS.
2014-11-04
5.0
CVE-2014-6130
XF

katello -- katello
Katello allows remote attackers to cause a denial foser service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/controllers/katello/, which is passed to the to_sym method.
2014-11-03
5.0
CVE-2014-3712
MISC
XF
BID
MLIST

meinberg -- lantime_m100
Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2014-11-05
4.3
CVE-2014-5417

modx -- modx_revolution
Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the "a" parameter to manager/. NOTE: this issue exists because of a CVE-2014-2080 regression.
2014-11-06
4.3
CVE-2014-5451
MISC
CONFIRM
BID
BUGTRAQ
MISC

nordex -- nordex_control_2_scada
Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.
2014-11-05
4.3
CVE-2014-5408

openstack -- keystone
OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.
2014-11-03
6.5
CVE-2014-0204
CONFIRM
CONFIRM

openstack -- horizon
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template.
2014-10-31
4.3
CVE-2014-3473
CONFIRM
BID

openstack -- horizon
Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578.
2014-10-31
4.3
CVE-2014-3475
CONFIRM
BID

openstack -- compute
OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request.
2014-10-31
4.0
CVE-2014-3708
CONFIRM

openstack -- compute
The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.
2014-10-31
4.0
CVE-2014-8333
CONFIRM
SECUNIA

openstack -- horizon
Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475.
2014-10-31
4.3
CVE-2014-8578
CONFIRM
BID

php -- php
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
2014-11-05
5.0
CVE-2014-3710
CONFIRM
CONFIRM
CONFIRM

plone -- plone
The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request.
2014-11-03
4.3
CVE-2012-5500
CONFIRM
MLIST
REDHAT

plone -- plone
The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope.
2014-11-03
5.0
CVE-2012-5508
CONFIRM
CONFIRM
CONFIRM
MLIST

plone -- plone
Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2).
2014-11-03
5.0
CVE-2012-6661
CONFIRM
CONFIRM
CONFIRM
MLIST

qemu -- qemu
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.
2014-11-04
4.6
CVE-2014-0223
MLIST
FEDORA

qemu -- qemu
hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."
2014-11-04
6.8
CVE-2014-3461
REDHAT
REDHAT
FEDORA
MLIST

quassel-irc -- quassel_irc
The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.
2014-11-06
5.0
CVE-2014-8483
DEBIAN
SECUNIA
SECUNIA

redhat -- freeipa
The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server.
2014-11-03
5.0
CVE-2013-0336
CONFIRM
XF
BID
SECUNIA

redhat -- network_satellite
Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do.
2014-11-03
4.3
CVE-2014-3654

refinedwiki -- refinedwiki_original_theme
Cross-site scripting (XSS) vulnerability in RefinedWiki Original Theme 3.x before 3.5.13 and 4.x before 4.0.12 for Confluence allows remote authenticated users with permissions to create or edit content to inject arbitrary web script or HTML via the versionComment parameter to pages/doeditpage.action.
2014-11-06
4.0
CVE-2014-8658
MISC
XF
BID
BUGTRAQ
FULLDISC
MISC

rewardingyourself -- rewardingyourself
Cross-site scripting (XSS) vulnerability in the RewardingYourself application for Android and BlackBerry OS allows remote attackers to inject arbitrary web script or HTML via a crafted QR code.
2014-11-07
4.3
CVE-2014-8672
MISC
MISC

rsyslog -- rsyslog
Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.
2014-11-01
5.0
CVE-2014-3683
MLIST
SECUNIA

ruby-lang -- ruby
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.
2014-11-03
5.0
CVE-2014-8080
SECUNIA

sap -- netweaver
The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern.
2014-11-06
5.0
CVE-2014-0995
CONFIRM
XF
BUGTRAQ
MISC
FULLDISC
MISC
MISC

sap -- network_interface_router
Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests.
2014-11-04
5.0
CVE-2014-8589
CONFIRM
CONFIRM
MISC
MISC

sap -- netweaver_java_application_server
XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request.
2014-11-04
4.3
CVE-2014-8590
MISC
MISC
MISC

sap -- netweaver
Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors.
2014-11-04
5.0
CVE-2014-8591
CONFIRM
CONFIRM
MISC
MISC

sap -- netweaver
Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request.
2014-11-04
5.0
CVE-2014-8592
CONFIRM
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC

sap -- environment_health_and_safety
Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors.
2014-11-06
5.0
CVE-2014-8659
MISC
MISC
MISC

sap -- business_intelligence_development_workbench
The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files.
2014-11-06
5.0
CVE-2014-8665
MISC
MISC

sap -- business_intelligence_development_workbench
The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors.
2014-11-06
5.0
CVE-2014-8666
MISC
MISC

sap -- hana_web-based_development_workbench
Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2014-11-06
4.3
CVE-2014-8667
MISC
MISC

symantec -- endpoint_protection_manager
Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2014-11-07
4.3
CVE-2014-3438
CONFIRM
BID

symantec -- endpoint_protection_manager
ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors.
2014-11-07
6.1
CVE-2014-3439
CONFIRM
BID

testlink -- testlink
lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message.
2014-10-31
5.0
CVE-2014-8082
CONFIRM
XF
BID

vbulletin -- vbulletin
Open redirect vulnerability in go.php in vBulletin 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
2014-11-06
5.8
CVE-2014-8670
BID
MISC

web_dorado_spider_video_player_project -- web_dorado_spider_video_player
Cross-site scripting (XSS) vulnerability in the Web Dorado Spider Video Player (aka WordPress Video Player) plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2014-11-04
4.3
CVE-2014-8584

webedition -- webedition_cms
Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
2014-11-06
4.0
CVE-2014-5258
MISC
BUGTRAQ
MISC

wordfence_security_project -- wordfence_security
Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the whoisval parameter on the WordfenceWhois page to wp-admin/admin.php.
2014-11-06
4.3
CVE-2014-4664
MISC

wp-dbmanager_project -- wp-dbmanager
The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka "Path to Backup:" field) or (2) $backup['mysqldumppath'] variable.
2014-10-31
6.5
CVE-2014-8334
XF
MISC
BID
BUGTRAQ
MLIST
MLIST
FULLDISC
MISC
OSVDB

xmlsoft -- libxml2
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.
2014-11-04
5.0
CVE-2014-3660
MISC
CONFIRM
MISC
BID
DEBIAN
REDHAT
SUSE

Back to top

Low Vulnerabilities

Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info

compfight_project -- compfight
Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter.
2014-11-05
3.5
CVE-2014-8622
MISC

eset -- personal_firewall_ndis_filter
The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls.
2014-11-04
2.1
CVE-2014-4974
MISC
XF
BID
FULLDISC
MISC

linksys -- e4200v2
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain the administrator's MD5 password hash via a direct request for the /.htpasswd URI.
2014-11-01
3.3
CVE-2014-8243

openstack -- horizon
Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name.
2014-10-31
3.5
CVE-2014-3474
CONFIRM
BID

phpmyadmin -- phpmyadmin
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page.
2014-11-05
3.5
CVE-2014-8326
CONFIRM
CONFIRM

qemu -- qemu
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
2014-11-01
2.1
CVE-2014-3615
REDHAT
REDHAT
CONFIRM
CONFIRM

shim_project -- shim
The default configuration in systemd-shim 8 enables the Abandon debugging clause, which allows local users to cause a denial of service via unspecified vectors.
2014-10-31
2.1
CVE-2014-8399
CONFIRM

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

OTHER RESOURCES:

Contact Us | Security Publications | Alerts and Tips | Related Resources

STAY CONNECTED:

SUBSCRIBER SERVICES:
Manage Preferences  |  Unsubscribe  |  Help

This email was sent to linux-security@xxxxxxxxxxx using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (703) 235-5110