SB14-342: Vulnerability Summary for the Week of December 1, 2014

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Title: SB14-342: Vulnerability Summary for the Week of December 1, 2014

NCCIC / US-CERT

National Cyber Awareness System:

12/08/2014 01:33 PM EST

Original release date: December 08, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
canto -- canto_curses canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed. 2014-12-03 7.5 CVE-2013-7416
CONFIRM
CONFIRM
XF
BID
MLIST
MLIST
cchgroup -- prosystem_fx_engagement CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4) P2EWinService service files in PFX Engagement\, which allows local users to obtain LocalSystem privileges via a Trojan horse file. 2014-12-02 7.2 CVE-2014-9113
MISC
EXPLOIT-DB
MISC
creative_minds -- cm_download_manager The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function. 2014-12-05 10.0 CVE-2014-8877
CONFIRM
BID
BUGTRAQ
MISC
MISC
fujitsu -- arrows_kiss_f-03d FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors. 2014-12-05 7.2 CVE-2014-7253
google_doc_embedder_project -- google_doc_embedder SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter. 2014-12-02 7.5 CVE-2014-9173
CONFIRM
XF
EXPLOIT-DB
MISC
OSVDB
graphviz -- graphviz Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string. 2014-12-03 7.5 CVE-2014-9157
CONFIRM
XF
BID
SECUNIA
MLIST
MLIST
hikvision -- dvr_ds-7204_firmware Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization header. 2014-12-08 7.5 CVE-2014-4880
EXPLOIT-DB
MISC
huawei -- p2-6011_firmware The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors. 2014-12-05 7.2 CVE-2014-2273
MISC
XF
BID
huawei -- honor_cube_wireless_router_ws860s Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C02B222 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. 2014-12-03 10.0 CVE-2014-9134
BID
internet_initiative_japan -- seil_b1_firmware The (1) PPP Access Concentrator (PPPAC) and (2) Dial-Up Networking Internet Initiative Japan Inc. SEIL series routers SEIL/x86 Fuji 1.00 through 3.22; SEIL/X1, SEIL/X2, and SEIL/B1 1.00 through 4.62; SEIL/Turbo 1.82 through 2.18; and SEIL/neu 2FE Plus 1.82 through 2.18 allow remote attackers to cause a denial of service (restart) via crafted (a) GRE or (b) MPPE packets. 2014-12-05 7.8 CVE-2014-7256
JVNDB
JVN
invisionpower -- invision_power_board SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter. 2014-12-03 7.5 CVE-2014-9239
FULLDISC
lsyncd_project -- lsyncd default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. 2014-12-05 7.5 CVE-2014-8990
CONFIRM
CONFIRM
CONFIRM
BID
MLIST
MLIST
FEDORA
FEDORA
manageengine -- desktop_central SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to LinkViewFetchServlet.dat. 2014-12-05 7.5 CVE-2014-3996
MISC
MISC
FULLDISC
manageengine -- it360 SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat. 2014-12-05 7.5 CVE-2014-3997
MISC
MISC
FULLDISC
mybb -- mybb SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register action. 2014-12-03 7.5 CVE-2014-9240
MISC
openvas -- openvas_manager SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. 2014-12-02 7.5 CVE-2014-9220
MLIST
ossec -- ossec host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed. 2014-12-01 7.2 CVE-2014-5284
EXPLOIT-DB
MISC
pbboard -- pbboard SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email parameter in the register page to index.php. NOTE: the email parameter in the forget page vector is already covered by CVE-2012-4034.2. 2014-12-05 7.5 CVE-2014-9215
MISC
BUGTRAQ
MISC
proticaret -- proticaret SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request. 2014-12-03 7.5 CVE-2014-9237
FULLDISC
MISC
services_project -- services The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password. 2014-12-01 7.5 CVE-2014-9151
services_project -- services The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess the password via a brute force attack. 2014-12-01 7.5 CVE-2014-9152
smartypantsplugins -- sp_project_&_document_manager Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) vendor_email[] parameter in the email_vendor function or id parameter in the (2) download_project, (3) download_archive, or (4) remove_cat function. 2014-12-02 7.5 CVE-2014-9178
XF
BUGTRAQ
MISC
EXPLOIT-DB
MISC
subex -- roc_fraud_management_system SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ranger_user[name] parameter. 2014-12-02 7.5 CVE-2014-8728
EXPLOIT-DB
technicolor -- td5130_router_firmware Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter). 2014-12-05 7.5 CVE-2014-9144
BUGTRAQ
EXPLOIT-DB
MISC
thomsonreuters -- fixed_assets_cs The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program. 2014-12-02 7.2 CVE-2014-9141
MISC
websitebaker -- websitebaker SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. 2014-12-03 7.5 CVE-2014-9242
FULLDISC
MISC
wpdatatables -- wpdatatables SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a get_wdtable action to wp-admin/admin-ajax.php. 2014-12-02 7.5 CVE-2014-9175
XF
BID
MISC
EXPLOIT-DB
MISC
zohocorp -- manageengine_opmanager Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter. 2014-12-04 7.5 CVE-2014-6035
MISC
FULLDISC
zohocorp -- manageengine_it360 SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeName parameter. 2014-12-04 7.5 CVE-2014-7867
zohocorp -- manageengine_it360 Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet. 2014-12-04 7.5 CVE-2014-7868
MISC
FULLDISC
zte -- zxdsl ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges. 2014-12-02 10.0 CVE-2014-9183
MISC
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
ad-manager_project -- ad-manager Open redirect vulnerability in track-click.php in the Ad-Manager plugin 1.1.2 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the out parameter. 2014-12-02 4.3 CVE-2014-8754
XF
MISC
FULLDISC
MISC
adobe -- acrobat Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568. 2014-11-29 6.4 CVE-2014-9150
MISC
ait-pro -- bulletproof_security Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter. 2014-12-01 5.0 CVE-2014-8749
FULLDISC
altitude -- altitude_unified_customer_interaction Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent in Altitude uCI (Unified Customer Interaction) 7.5 allow remote attackers to inject arbitrary web script or HTML via (1) an email hyperlink or the (2) style parameter in the image attribute section. 2014-12-05 4.3 CVE-2014-9212
MISC
anchorcms -- anchor_cms models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header. 2014-12-02 4.3 CVE-2014-9182
MISC
antiword_project -- antiword Buffer overflow in the bGetPPS function in wordole.c in Antiword 0.37 allows remote attackers to cause a denial of service (crash) via a crafted document. 2014-12-05 5.0 CVE-2014-8123
BID
MLIST
MLIST
apache -- hadoop The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache. 2014-12-05 5.0 CVE-2014-3627
SECUNIA
SECUNIA
avatar_uploader_project -- avatar_uploader Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (dot dot) in the path of a cropped picture in the uploader panel. 2014-12-01 4.0 CVE-2014-9155
clamav -- clamav Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.95.4 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file. 2014-12-01 5.0 CVE-2014-9050
CONFIRM
BID
MLIST
SECUNIA
SECUNIA
FEDORA
creative_minds -- cm_download_manager Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_title parameter in the CMDM_admin_settings page to wp-admin/admin.php. 2014-12-05 6.8 CVE-2014-9129
BID
BUGTRAQ
MISC
d-link -- dcs-2103_hd_cube_network_camera_firmware Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. 2014-12-03 5.0 CVE-2014-9234
FULLDISC
MISC
d-link -- dcs-2103_hd_cube_network_camera_firmware D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character. 2014-12-03 5.0 CVE-2014-9238
FULLDISC
MISC
eleanor-cms -- eleanor_cms Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERY_STRING. 2014-12-02 5.0 CVE-2014-9180
MISC
emc -- rsa_adaptive_authentication_on-premise RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication. 2014-12-08 5.0 CVE-2014-4631
XF
SECTRACK
BID
BUGTRAQ
f5 -- big-ip Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Security Manager (ASM) in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation. 2014-12-08 4.3 CVE-2014-9342
BUGTRAQ
fasttoggle_project -- fasttoggle The Fasttoggle module 7.x-1.3 and 7.x-1.4 for Drupal allows remote attackers to block or unblock an account via a crafted user status link. 2014-12-01 5.8 CVE-2014-5268
filefield_project -- filefield The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file. 2014-12-01 4.0 CVE-2014-9156
fujitsu -- arrows_tab_lte_f-01d Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets 102SH allow local users to execute arbitrary code or read kernel memory via unknown vectors related to userland data and "improper data validation." 2014-12-05 4.6 CVE-2014-7252
JVNDB
JVN
MISC
MISC
fujitsu -- arrows_me_f-11d Unspecified vulnerability in ARROWS Me F-11D allows physically proximate attackers to read or modify flash memory via unknown vectors. 2014-12-05 4.6 CVE-2014-7254
JVNDB
JVN
MISC
gleamtech -- filevista GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message. 2014-12-02 4.0 CVE-2014-8788
CONFIRM
FULLDISC
MISC
gleamtech -- filevista GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled during extraction. 2014-12-02 6.5 CVE-2014-8789
CONFIRM
FULLDISC
MISC
gnu -- glibc iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8. 2014-12-05 5.0 CVE-2012-6656
CONFIRM
CONFIRM
BID
MLIST
MLIST
MANDRIVA
gnu -- glibc GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8. 2014-12-05 5.0 CVE-2014-6040
CONFIRM
CONFIRM
BID
MLIST
MLIST
MANDRIVA
gnu -- cpio Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. 2014-12-02 5.0 CVE-2014-9112
MISC
MLIST
MLIST
MLIST
SECUNIA
FULLDISC
ibm -- java Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache. 2014-12-01 6.9 CVE-2014-3065
CONFIRM
BID
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
ibm -- java IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack. 2014-12-01 6.4 CVE-2014-3068
CONFIRM
XF
icecast -- icecast Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors. 2014-12-03 5.0 CVE-2014-9018
CONFIRM
CONFIRM
XF
BID
MLIST
MLIST
MANDRIVA
CONFIRM
infoware -- mapsuite Absolute path traversal vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to read arbitrary files via unspecified vectors. 2014-12-01 5.0 CVE-2014-2232
MISC
infoware -- mapsuite Server-side request forgery (SSRF) vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via unspecified vectors. 2014-12-01 5.0 CVE-2014-2233
MISC
instasqueeze -- sexy_squeeze_pages Cross-site scripting (XSS) vulnerability in the InstaSqueeze Sexy Squeeze Pages plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php. 2014-12-02 4.3 CVE-2014-9176
XF
MISC
MISC
internet_initiative_japan -- seil_b1_firmware Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 through 4.62, SEIL/X2 2.50 through 4.62, SEIL/B1 2.50 through 4.62, and SEIL/x86 Fuji 1.70 through 3.22 allow remote attackers to cause a denial of service (CPU and traffic consumption) via a large number of NTP requests within a short time, which causes unnecessary NTP responses to be sent. 2014-12-05 5.0 CVE-2014-7255
JVNDB
JVN
kde -- kde-runtime Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message. 2014-12-08 4.3 CVE-2014-8600
MISC
BID
FULLDISC
kennziffer -- ke_questionnaire The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request. 2014-12-02 5.0 CVE-2014-8874
MISC
BUGTRAQ
FULLDISC
kent-web -- clip_board Cross-site scripting (XSS) vulnerability in KENT-WEB Clip Board 2.91 and earlier, when running certain versions of Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-12-05 4.3 CVE-2014-7258
CONFIRM
JVNDB
JVN
lg_electronics -- l-03e LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors. 2014-12-05 5.0 CVE-2014-7243
JVNDB
JVN
MISC
libksba_project -- libskba Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow. 2014-12-01 5.0 CVE-2014-9087
MISC
SECUNIA
SECUNIA
SECUNIA
MLIST
linux -- linux_kernel Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service (L1 guest OS crash) via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842. 2014-11-29 4.9 CVE-2010-5313
CONFIRM
linux -- linux_kernel The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c. 2014-11-29 5.0 CVE-2014-3688
CONFIRM
CONFIRM
UBUNTU
UBUNTU
MLIST
CONFIRM
DEBIAN
CONFIRM
linux -- linux_kernel The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk. 2014-11-29 5.0 CVE-2014-7841
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313. 2014-11-29 4.9 CVE-2014-7842
MLIST
linux -- linux_kernel The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary. 2014-11-29 4.9 CVE-2014-7843
MLIST
linux -- linux_kernel Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call. 2014-11-29 6.1 CVE-2014-8884
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a "negative groups" issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c. 2014-11-29 4.6 CVE-2014-8989
MLIST
CONFIRM
linux -- linux_kernel The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite. 2014-11-29 4.9 CVE-2014-9090
MLIST
modx -- modx_revolution MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter. 2014-12-03 6.8 CVE-2014-8773
MISC
CONFIRM
modx -- modx_revolution Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x before 2.2.15 allows remote attackers to inject arbitrary web script or HTML via the context_key parameter. 2014-12-03 4.3 CVE-2014-8774
MISC
CONFIRM
modx -- modx_revolution MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. 2014-12-03 5.0 CVE-2014-8775
MISC
CONFIRM
mutt -- mutt The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function. 2014-12-02 5.0 CVE-2014-9116
CONFIRM
CONFIRM
SECTRACK
BID
MLIST
MLIST
CONFIRM
mybb -- mybb Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to report.php, (2) signature parameter in a do_editsig action to usercp.php, or (3) title parameter in the style-templates module in an edit_template action or (4) file parameter in the config-languages module in an edit action to admin/index.php. 2014-12-03 4.3 CVE-2014-9241
MISC
nextendweb -- nextend_facebook_connect Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fb_login_button parameter in a newfb_update_options action. 2014-12-05 4.3 CVE-2014-8800
EXPLOIT-DB
MISC
OSVDB
notify_project -- notify The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email. 2014-12-01 4.0 CVE-2014-9154
open-xchange -- open-xchange_appsuite Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview. 2014-12-01 4.3 CVE-2014-5237
BUGTRAQ
CONFIRM
MISC
openvpn -- openvpn OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. 2014-12-03 6.8 CVE-2014-8104
CONFIRM
UBUNTU
phpmyadmin -- phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is improperly handled during rendering of the table browse page; a crafted ENUM value that is improperly handled during rendering of the (4) table print view or (5) zoom search page; or (6) a crafted pma_fontsize cookie that is improperly handled during rendering of the home page. 2014-11-30 4.3 CVE-2014-8958
phpmyadmin -- phpmyadmin Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter. 2014-11-30 6.5 CVE-2014-8959
CONFIRM
phpmyadmin -- phpmyadmin Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter. 2014-11-30 4.0 CVE-2014-8961
phpmyadmin -- phpmyadmin libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password. 2014-12-08 5.0 CVE-2014-9218
CONFIRM
CONFIRM
CONFIRM
XF
CONFIRM
phpmyadmin -- phpmyadmin Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. 2014-12-08 4.3 CVE-2014-9219
CONFIRM
XF
plex -- plex_media_server Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to resources/. 2014-12-02 5.0 CVE-2014-9181
MISC
BUGTRAQ
redhat -- packstack OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic plug-in is not used, does not properly set the libvirt_vif_driver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass intended access restrictions. 2014-12-01 5.0 CVE-2014-3703
redhat -- tcpdump Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet. 2014-12-05 5.0 CVE-2014-9140
CONFIRM
MLIST
services_project -- services Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter in a JSONP response. 2014-12-01 4.3 CVE-2014-9153
springshare -- libcal Multiple cross-site scripting (XSS) vulnerabilities in api_events.php in Springshare LibCal 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) m or (2) cid parameter. 2014-12-01 4.3 CVE-2014-7291
XF
MISC
FULLDISC
square_enix_co_ltd -- kaku_san_sei_million_aruthur SQUARE ENIX Co., Ltd. Kaku-San-Sei Million Arthur before 2.25 for Android stores "product credentials" on the SD card, which allows attackers to gain privileges via a crafted application. 2014-12-05 5.0 CVE-2014-7259
JVNDB
JVN
sunhater -- kcfinder Cross-site scripting (XSS) vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) file or (2) directory (folder) name of an uploaded file. 2014-12-02 4.3 CVE-2014-3988
CONFIRM
supportezzy_ticket_system_project -- supportezzy_ticket_system Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket System plugin 1.2.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the "URL (optional)" field in a new ticket. 2014-12-02 4.0 CVE-2014-9179
MISC
svnlabs -- html5_mp3_player_with_playlist_free The HTML5 MP3 Player with Playlist Free plugin before 2.7 for WordPress allows remote attackers to obtain the installation path via a request to html5plus/playlist.php. 2014-12-02 5.0 CVE-2014-9177
XF
MISC
MISC
technicolor -- td5130_router_firmware Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter. 2014-12-05 4.3 CVE-2014-9142
BUGTRAQ
EXPLOIT-DB
MISC
technicolor -- td5130_router_firmware Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer parameter. 2014-12-05 4.3 CVE-2014-9143
BUGTRAQ
EXPLOIT-DB
MISC
torch_gmbh -- graylog2 Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards. 2014-12-08 5.0 CVE-2014-9217
tuleap -- tuleap project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter. 2014-12-01 6.0 CVE-2014-8791
BID
BUGTRAQ
FULLDISC
MISC
MISC
undertow_project -- undertow Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI. 2014-12-01 5.0 CVE-2014-7816
BID
MLIST
vmware -- vcenter_server_appliance Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-12-08 4.3 CVE-2014-3797
BUGTRAQ
FULLDISC
vmware -- vcenter_server_appliance VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate. 2014-12-08 4.3 CVE-2014-8371
BUGTRAQ
FULLDISC
websitebaker -- websitebaker Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to wb/admin/admintools/tool.php or (2) section_id parameter to edit_module_files.php, (3) news/add_post.php, (4) news/modify_group.php, (5) news/modify_post.php, or (6) news/modify_settings.php in wb/modules/. 2014-12-03 4.3 CVE-2014-9243
FULLDISC
MISC
x3cms -- x3_cms Multiple cross-site request forgery (CSRF) vulnerabilities in the admin area in X3 CMS 0.5.1 and 0.5.1.1 allow remote attackers to hijack the authentication of administrators via unspecified vectors. 2014-12-03 6.8 CVE-2014-8771
MISC
xen -- xen The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode. 2014-12-01 4.9 CVE-2014-8866
BID
SECUNIA
xen -- xen The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors. 2014-12-01 4.9 CVE-2014-8867
BID
SECUNIA
yoast -- google_analytics Cross-site scripting (XSS) vulnerability in the Google Analytics by Yoast (google-analytics-for-wordpress) plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Manually enter your UA code" (manual_ua_code_field) field in the General Settings. 2014-12-02 4.3 CVE-2014-9174
MISC
CONFIRM
BID
zohocorp -- manageengine_it360 Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet. 2014-12-04 5.0 CVE-2014-5445
CONFIRM
MISC
MISC
XF
BID
BUGTRAQ
BUGTRAQ
FULLDISC
zohocorp -- manageengine_it360 Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter. 2014-12-04 5.0 CVE-2014-5446
MISC
XF
BID
BUGTRAQ
BUGTRAQ
FULLDISC
MISC
zohocorp -- manageengine_it360 Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter. 2014-12-04 5.0 CVE-2014-6034
MISC
FULLDISC
zohocorp -- manageengine_it360 Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the fileName parameter. 2014-12-04 6.4 CVE-2014-6036
MISC
FULLDISC
zoph -- zoph Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/. 2014-12-03 6.5 CVE-2014-9235
FULLDISC
MISC
zoph -- zoph Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) photographer_id or (2) _crumb parameter. 2014-12-03 4.3 CVE-2014-9236
FULLDISC
MISC
zte -- zxdsl ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi. 2014-12-02 5.0 CVE-2014-9184
MISC
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
clamav -- clamav clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file. 2014-12-01 2.1 CVE-2013-6497
CONFIRM
XF
UBUNTU
BID
MLIST
MLIST
MANDRIVA
SECUNIA
SECUNIA
FEDORA
FEDORA
fedup_project -- fedup fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a static name for its download cache, which allows local users to cause a denial of service (prevention of system updates). 2014-12-01 2.1 CVE-2013-6494
BID
FEDORA
nagios -- nagios The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702. 2014-12-05 2.1 CVE-2014-4701
SUSE
MLIST
EXPLOIT-DB
SECUNIA
SECUNIA
FULLDISC
MISC
nagios -- nagios The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701. 2014-12-05 2.1 CVE-2014-4702
SUSE
MLIST
SECUNIA
SECUNIA
nagios -- nagios lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701. 2014-12-05 2.1 CVE-2014-4703
MLIST
FULLDISC
phpmyadmin -- phpmyadmin Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. 2014-11-30 3.5 CVE-2014-8960
CONFIRM
redhat -- enterprise_virtualization The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes. 2014-12-05 2.1 CVE-2014-3561
XF
SECTRACK
x3cms -- x3_cms Cross-site scripting (XSS) vulnerability in the search_controller in X3 CMS 0.5.1 and 0.5.1.1 allows remote authenticated users to inject arbitrary web script or HTML via the search parameter. 2014-12-03 3.5 CVE-2014-8772
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


This email was sent to linux-security@xxxxxxxxxxx using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (703) 235-5110 Powered by GovDelivery

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux