National Cyber Awareness System:
05/12/2014 06:15 AM EDT
Original release date: May 12, 2014
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
Back to top
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| caldera -- caldera | Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname. | 2014-05-08 | 7.5 | CVE-2014-2933 |
| caldera -- caldera | Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php. | 2014-05-08 | 7.5 | CVE-2014-2934 |
| caldera -- caldera | costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC request. | 2014-05-08 | 10.0 | CVE-2014-2935 |
| caldera -- caldera | The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified parameter to (2) PPD/index.php, (3) dirmng/docmd.php, or (4) dirmng/param.php. | 2014-05-08 | 7.5 | CVE-2014-2936 |
| cisco -- webex_advanced_recording_format_player | Cisco WebEx Recording Format (WRF) player and Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allow remote attackers to cause a denial of service (application crash) via a crafted (1) .wrf or (2) .arf file that triggers a buffer over-read, aka Bug ID CSCuh52768. | 2014-05-08 | 7.8 | CVE-2014-2132 |
| cisco -- webex_advanced_recording_format_player | Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file that triggers improper LZW decompression, aka Bug ID CSCuj87565. | 2014-05-08 | 9.3 | CVE-2014-2133 |
| cisco -- webex_advanced_recording_format_player | Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio channel in a .wrf file, aka Bug ID CSCuc39458. | 2014-05-08 | 9.3 | CVE-2014-2134 |
| cisco -- webex_advanced_recording_format_player | Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCul87216 and CSCuj07603. | 2014-05-08 | 9.3 | CVE-2014-2135 |
| cisco -- webex_advanced_recording_format_player | Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCui72223, CSCul01163, and CSCul01166. | 2014-05-08 | 9.3 | CVE-2014-2136 |
| dynamixsolutions -- arabic_prawn | lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable. | 2014-05-02 | 7.5 | CVE-2014-2322 |
| f5 -- big-iq | F5 BIG-IQ 4.1.0.2013.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/. | 2014-05-05 | 9.0 | CVE-2014-3220 |
| freebsd -- freebsd | The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or possibly read system memory via multiple crafted packets, related to moving a reassemble queue entry to the segment list when the queue is full. | 2014-05-02 | 7.8 | CVE-2014-3000 |
| google -- chrome | Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value. | 2014-05-06 | 7.5 | CVE-2014-1736 |
| ibm -- security_access_manager_for_web_software | The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cause a denial of service (infinite loop) via crafted SSL messages. | 2014-05-08 | 7.1 | CVE-2014-0963 |
| livezilla -- livezilla | The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie. | 2014-05-05 | 7.5 | CVE-2013-7034 |
| nagios -- remote_plugin_executor | ** DISPUTED ** Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments. | 2014-05-07 | 7.5 | CVE-2014-2913 |
| php -- php | sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client. | 2014-05-06 | 7.2 | CVE-2014-0185 |
| php-fusion -- php-fusion | Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated users with certain permissions to execute arbitrary SQL commands via a (2) parameter name starting with "delete_attach_" in an edit action to forum/postedit.php; the (3) poll_opts[] parameter in a newthread action to forum/postnewthread.php; the (4) pm_email_notify, (5) pm_save_sent, (6) pm_inbox, (7) pm_sentbox, or (8) pm_savebox parameter to administration/settings_messages.php; the (9) thumb_compression, (10) photo_watermark_text_color1, (11) photo_watermark_text_color2, or (12) photo_watermark_text_color3 parameter to administration/settings_photo.php; the (13) enable parameter to administration/bbcodes.php; the (14) news_image, (15) news_image_t1, or (16) news_image_t2 parameter to administration/news.php; the (17) news_id parameter in an edit action to administration/news.php; or the (18) article_id parameter in an edit action to administration/articles.php. NOTE: the user ID cookie issue in Authenticate.class.php is already covered by CVE-2013-7375. | 2014-05-05 | 7.5 | CVE-2013-1803 |
| php-fusion -- php-fusion | SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803. | 2014-05-05 | 7.5 | CVE-2013-7375 |
| symantec -- critical_system_protection | Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors. | 2014-05-08 | 7.6 | CVE-2013-5016 |
| theforeman -- foreman | Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API. | 2014-05-08 | 7.5 | CVE-2013-0171 |
| theforeman -- foreman | The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands. | 2014-05-08 | 7.5 | CVE-2013-0210 |
| unitrends -- enterprise_backup | recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string. | 2014-05-02 | 7.5 | CVE-2014-3139 |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- cxf | Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error. | 2014-05-08 | 4.3 | CVE-2014-0109 |
| apache -- cxf | Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message. | 2014-05-08 | 4.3 | CVE-2014-0110 |
| apache -- struts | CookieInterceptor in Apache Struts 2.x before 2.3.16.3, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113. | 2014-05-08 | 5.8 | CVE-2014-0116 |
| ayatana_project -- unity | Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash. | 2014-05-06 | 4.4 | CVE-2014-3202 |
| ayatana_project -- unity | Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restrict access to the Dash when the lock screen is active, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by pressing the SUPER key before the screen auto-locks. | 2014-05-06 | 4.4 | CVE-2014-3203 |
| ayatana_project -- unity | Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle keyboard shortcuts, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by right-clicking on the indicator bar and then pressing the ALT and F2 keys. | 2014-05-06 | 4.4 | CVE-2014-3204 |
| bestpractical -- request_tracker | Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the name of an attached file. | 2014-05-05 | 4.3 | CVE-2013-3736 |
| bradesco_gateway_plugin_project -- bradesco_gateway | Cross-site scripting (XSS) vulnerability in falha.php in the Bradesco Gateway plugin 2.0 for Wordpress, as used in the WP e-Commerce plugin, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. | 2014-05-08 | 4.3 | CVE-2013-5916 |
| cisco -- nexus_7000 | Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136. | 2014-05-07 | 4.6 | CVE-2014-0684 |
| cisco -- cisco_nexus_1000v_intercloud | Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691. | 2014-05-07 | 5.0 | CVE-2014-0685 |
| cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliance (ASA) Software allows remote authenticated users to read files by sending a crafted URL to the HTTP server, as demonstrated by reading the running configuration, aka Bug ID CSCun78551. | 2014-05-07 | 6.8 | CVE-2014-2181 |
| cisco -- broadband_access_center_telco_wireless_software | Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to hijack the authentication of arbitrary users for requests that make BAC-TW changes, aka Bug IDs CSCuo23804 and CSCuo26389. | 2014-05-07 | 6.8 | CVE-2014-2190 |
| cisco -- broadband_access_center_telco_wireless_software | Cross-site scripting (XSS) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun91113. | 2014-05-07 | 4.3 | CVE-2014-2191 |
| citrix -- netscaler_access_gateway | Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-05-02 | 4.3 | CVE-2014-1899 |
| cristian_gafton -- pam_userdb | The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack. | 2014-05-08 | 4.3 | CVE-2013-7041 |
| david_leonard -- pkstat | tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log. | 2014-05-05 | 6.3 | CVE-2013-0350 |
| debian -- xbuffy | Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subject lines. | 2014-05-05 | 6.8 | CVE-2014-0469 |
| debian -- strongswan | strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload. | 2014-05-07 | 5.0 | CVE-2014-2891 |
| digia -- qt | The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. | 2014-05-08 | 4.3 | CVE-2014-0190 |
| fishshell -- fish | fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions. | 2014-05-02 | 6.9 | CVE-2014-2905 |
| fortinet -- fortiweb | Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via unspecified vectors. | 2014-05-08 | 6.8 | CVE-2014-3115 |
| freebsd -- freebsd | The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jailed device node process. | 2014-05-02 | 5.8 | CVE-2014-3001 |
| gnu -- rush | GNU Rush 1.7 does not properly drop privileges, which allows local users to read arbitrary files via the --lint option. | 2014-05-08 | 4.9 | CVE-2013-6889 |
| google -- search_appliance_software | Cross-site scripting (XSS) vulnerability on Google Search Appliance (GSA) devices before 7.0.14.G.216 and 7.2 before 7.2.0.G.114, when dynamic navigation is configured, allows remote attackers to inject arbitrary web script or HTML via input included in a SCRIPT element. | 2014-05-08 | 4.3 | CVE-2014-0362 |
| hp -- oneview | Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors. | 2014-05-08 | 6.5 | CVE-2014-2602 |
| ibm -- websphere_mq | inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0.4 allows remote attackers to cause a denial of service (disk or CPU consumption) via unspecified vectors. | 2014-05-07 | 4.3 | CVE-2014-0911 |
| ibm -- lotus_domino | Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka SPR BFEY9GXHZE. | 2014-05-08 | 4.3 | CVE-2014-0913 |
| ibm -- aix | The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation. | 2014-05-08 | 4.7 | CVE-2014-0930 |
| ibm -- operational_decision_manager | Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 2014-05-09 | 6.0 | CVE-2014-0944 |
| ibm -- operational_decision_manager | The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation. | 2014-05-09 | 4.3 | CVE-2014-0946 |
| intra-mart -- webplatform/appframework | Open redirect vulnerability in WebPlatform / AppFramework 6.0 through 7.2 in NTT DATA INTRAMART intra-mart allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2014-05-09 | 5.8 | CVE-2014-1991 |
| isc -- bind | The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a DNS query that triggers a response with unspecified attributes. | 2014-05-08 | 5.0 | CVE-2014-3214 |
| libpng -- libpng | Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow. | 2014-05-06 | 5.0 | CVE-2013-7353 |
| libpng -- libpng | Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow. | 2014-05-06 | 5.0 | CVE-2013-7354 |
| linux -- linux_kernel | The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. | 2014-05-07 | 6.9 | CVE-2014-0196 |
| livezilla -- livezilla | Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) filename to chat.php. | 2014-05-05 | 4.3 | CVE-2013-7003 |
| nagios -- plugins | The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping. | 2014-05-05 | 4.4 | CVE-2013-4215 |
| netty_project -- netty | WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames. | 2014-05-06 | 5.0 | CVE-2014-0193 |
| openssl -- openssl | The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. | 2014-05-06 | 4.3 | CVE-2014-0198 |
| phplist -- phplist | Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/. | 2014-05-05 | 6.8 | CVE-2014-2916 |
| plone -- plone | Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope. | 2014-05-02 | 5.0 | CVE-2013-7060 |
| plone -- plone | Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API. | 2014-05-02 | 4.0 | CVE-2013-7061 |
| pywbem_project -- pywbem | PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate. | 2014-05-05 | 5.8 | CVE-2013-6418 |
| pywbem_project -- pywbem | PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2014-05-05 | 5.8 | CVE-2013-6444 |
| qemu -- qemu | hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information. | 2014-05-08 | 4.9 | CVE-2013-4544 |
| randall_hand -- yerase's_tnef_stream_reader | Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow. | 2014-05-05 | 4.3 | CVE-2010-5109 |
| redhat -- jboss_web_framework_kit | Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id name. | 2014-05-05 | 4.3 | CVE-2014-0149 |
| redhat -- policycoreutils | seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges. | 2014-05-08 | 6.9 | CVE-2014-3215 |
| rubyonrails -- ruby_on_rails | Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request. | 2014-05-07 | 4.3 | CVE-2014-0130 |
| semantictitle_project -- semantictitle | Cross-site scripting (XSS) vulnerability in the SemanticTitle extension before 1.1.0 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-05-08 | 4.3 | CVE-2014-2854 |
| sitepark -- information_enterprise_server | Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and obtain sensitive information via a request to install/. | 2014-05-02 | 6.8 | CVE-2014-3006 |
| sks_keyserver_project -- sks_keyserver | Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1. | 2014-05-08 | 4.3 | CVE-2014-3207 |
| skyphe -- file-gallery | The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a |
slashes&dots -- offriaCross-site scripting (XSS) vulnerability in Offiria 2.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to installer/index.php.2014-05-084.3CVE-2014-2689theforeman -- foremanForeman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack.2014-05-085.0CVE-2013-0173theforeman -- foremanThe external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request.2014-05-085.0CVE-2013-0174theforeman -- foremanForeman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request.2014-05-086.5CVE-2013-0187theforeman -- foremanSession fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie.2014-05-086.8CVE-2014-0090theforeman -- foremanForeman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to "spoof."2014-05-085.0CVE-2014-0192xen -- xenThe HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types.2014-05-076.7CVE-2014-3124xen -- xenXen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash) via unspecified vectors.2014-05-026.2CVE-2014-3125zabbix -- zabbixThe API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.2014-05-084.0CVE-2014-1682zabbix -- zabbixThe Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors.2014-05-085.5CVE-2014-1685
Back to top
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| amtelco -- misecuremessages | Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request. | 2014-05-06 | 3.5 | CVE-2014-2347 |
| dest-unreach -- socat | socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions. | 2014-05-08 | 2.6 | CVE-2013-3571 |
| gnu -- emacs | lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. | 2014-05-08 | 3.3 | CVE-2014-3421 |
| gnu -- emacs | lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/. | 2014-05-08 | 3.3 | CVE-2014-3422 |
| gnu -- emacs | lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file. | 2014-05-08 | 3.3 | CVE-2014-3423 |
| gnu -- emacs | lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file. | 2014-05-08 | 3.3 | CVE-2014-3424 |
| ibm -- tririga_application_platform | Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv in IBM TRIRIGA Application Platform 3.2.x and 3.3.x before 3.3.1.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2014-05-07 | 3.5 | CVE-2013-6726 |
| ibm -- operational_decision_manager | Cross-site scripting (XSS) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2014-05-09 | 3.5 | CVE-2014-0945 |
| illinois -- ncsa_mosaic | NCSA Mosaic 2.0 and earlier allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/xmosaic.pid file for every possible PID. | 2014-05-08 | 2.1 | CVE-2014-3425 |
| illinois -- ncsa_mosaic | NCSA Mosaic 2.1 through 2.7b5 allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/Mosaic.pid file for every possible PID. | 2014-05-08 | 2.1 | CVE-2014-3426 |
| jenkins-ci -- subversion-plugin | The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file. | 2014-05-08 | 2.1 | CVE-2013-6372 |
| novell -- open_enterprise_server | /opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator. | 2014-05-08 | 2.6 | CVE-2014-0595 |
| openstack -- neutron | The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command. | 2014-05-08 | 2.1 | CVE-2014-0056 |
| openstack -- compute | The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image. | 2014-05-08 | 3.5 | CVE-2014-0134 |
| redhat -- libvirt | The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function. | 2014-05-07 | 1.9 | CVE-2013-7336 |
| redhat -- openshift | openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file. | 2014-05-05 | 2.1 | CVE-2014-0164 |
| theforeman -- foreman | The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors. | 2014-05-08 | 3.6 | CVE-2012-5477 |
| theforeman -- kafo | Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file. | 2014-05-08 | 1.9 | CVE-2014-0135 |
| travis_shirk -- eyed3 | tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file. | 2014-05-08 | 3.3 | CVE-2014-1934 |
| varnish-cache -- varnish | varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. NOTE: some of these details are obtained from third party information. | 2014-05-08 | 2.1 | CVE-2013-0345 |
| virt-who_project -- virt-who | virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file. | 2014-05-02 | 2.1 | CVE-2014-0189 |
| wpgetready -- nextcellent_gallery | Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, NextGEN Manage gallery, or NextGEN Manage others gallery permission to inject arbitrary web script or HTML via the "Alt & Title Text" field. | 2014-05-08 | 2.1 | CVE-2014-3123 |
This product is provided subject to this Notification and this Privacy & Use policy.
No comments:
Post a Comment