본문 바로가기
IT 와 Social 이야기/Security

[US-CERT: Bulletin(SB14-328)] 2014년 11월 17일까지 발표된 보안 취약점

by manga0713 2014. 11. 25.

 

 

 

 

원본기사확인하기: [US-CERT: Bulletin(SB14-328)] 2014년 11월 17일까지 발표된 보안 취약점

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
advantech -- eki-6340 cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi. 2014-11-20 9.0 CVE-2014-8387
BID(link is external)
BUGTRAQ(link is external)
MISC(link is external)
FULLDISC
advantech -- advantech_webaccess Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document. 2014-11-20 7.2 CVE-2014-8388
MISC
apache -- mod_auth_mellon The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data. 2014-11-14 9.4 CVE-2014-8567
MLIST(link is external)
CONFIRM(link is external)
SECUNIA(link is external)
CONFIRM(link is external)
apple -- iphone_os Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses. 2014-11-18 7.2 CVE-2014-4451
apple -- iphone_os The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled. 2014-11-18 7.5 CVE-2014-4457
apple -- apple_tv The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application. 2014-11-18 9.3 CVE-2014-4461
arubanetworks -- clearpass Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-6627. 2014-11-19 10.0 CVE-2014-5342
SECUNIA(link is external)
arubanetworks -- clearpass The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors. 2014-11-19 9.0 CVE-2014-6625
SECUNIA(link is external)
arubanetworks -- clearpass Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors. 2014-11-19 10.0 CVE-2014-6626
SECUNIA(link is external)
arubanetworks -- clearpass Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342. 2014-11-19 9.0 CVE-2014-6627
SECUNIA(link is external)
checkpoint -- security_gateway Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS request. 2014-11-16 7.1 CVE-2014-8950
CONFIRM(link is external)
SECUNIA(link is external)
checkpoint -- security_gateway Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) Anti-Bot, or (6) Anti-Virus blade is used, allows remote attackers to cause a denial of service (fwk0 process crash, core dump, and restart) via a redirect to the UserCheck page. 2014-11-16 7.1 CVE-2014-8951
SECUNIA(link is external)
checkpoint -- security_gateway Multiple unspecified vulnerabilities in Check Point Security Gateway R75.40VS, R75.45, R75.46, R75.47, R76, R77, and R77.10, when the (1) IPS blade, (2) IPsec Remote Access, (3) Mobile Access / SSL VPN blade, (4) SSL Network Extender, (5) Identify Awareness blade, (6) HTTPS Inspection, (7) UserCheck, or (8) Data Leak Prevention blade module is enabled, allow remote attackers to cause a denial of service ("stability issue") via an unspecified "traffic condition." 2014-11-16 7.1 CVE-2014-8952
SECUNIA(link is external)
cisco -- ios Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509. 2014-11-14 7.1 CVE-2014-7998
digitalvidhya -- digi_online_examination_system Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/uploads/images/. 2014-11-20 7.5 CVE-2014-8997
XF(link is external)
EXPLOIT-DB(link is external)
MISC(link is external)
faronics -- deep_freeze The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, related to the IofCallDriver function. 2014-11-20 7.2 CVE-2014-2382
MISC(link is external)
FULLDISC
MISC(link is external)
freerdp_project -- freerdp Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated. 2014-11-16 7.5 CVE-2014-0250
CONFIRM(link is external)
BID(link is external)
MLIST
SUSE
google -- chrome Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. 2014-11-19 7.5 CVE-2014-7900
CONFIRM(link is external)
CONFIRM(link is external)
google -- chrome Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long segment in a JPEG image. 2014-11-19 7.5 CVE-2014-7901
CONFIRM(link is external)
CONFIRM(link is external)
google -- chrome Use-after-free vulnerability in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. 2014-11-19 7.5 CVE-2014-7902
CONFIRM(link is external)
google -- chrome Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG image. 2014-11-19 7.5 CVE-2014-7903
CONFIRM(link is external)
CONFIRM(link is external)
google -- chrome Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2014-11-19 7.5 CVE-2014-7904
CONFIRM(link is external)
google -- chrome Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of the object's lifetime. 2014-11-19 7.5 CVE-2014-7906
CONFIRM(link is external)
CONFIRM(link is external)
google -- chrome Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger improper handling of a detached frame, related to the (1) lock and (2) unlock methods. 2014-11-19 7.5 CVE-2014-7907
CONFIRM
CONFIRM(link is external)
google -- chrome Multiple integer overflows in the CheckMov function in media/base/container_names.cc in Google Chrome before 39.0.2171.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a large atom in (1) MPEG-4 or (2) QuickTime .mov data. 2014-11-19 7.5 CVE-2014-7908
CONFIRM(link is external)
CONFIRM(link is external)
google -- chrome Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2014-11-19 7.5 CVE-2014-7910
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
lantronix -- xprintserver Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action. 2014-11-20 10.0 CVE-2014-9002
XF(link is external)
FULLDISC
MISC(link is external)
MISC(link is external)
mantisbt -- mantisbt The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier. 2014-11-18 7.5 CVE-2014-7146
XF(link is external)
BID(link is external)
CONFIRM
MLIST
microsoft -- windows_7 The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability." 2014-11-18 9.0 CVE-2014-6324
CONFIRM(link is external)
netbsd -- netbsd The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. 2014-11-17 7.5 CVE-2014-8517
SECUNIA(link is external)
SECUNIA(link is external)
MLIST
MLIST
SUSE
php-fusion -- php-fusion Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php. 2014-11-17 7.5 CVE-2014-8596
MISC(link is external)
XF(link is external)
BID(link is external)
EXPLOIT-DB(link is external)
MISC(link is external)
OSVDB
protected_pages_project -- protected_pages The Protected Pages module 7.x-2.x before 7.x-2.4 for Drupal allows remote attackers to bypass the password protection via a crafted path. 2014-11-20 7.5 CVE-2014-9024
samba -- ppp Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[corrupts] security-relevant variables." 2014-11-15 7.5 CVE-2014-3158
CONFIRM(link is external)
MLIST(link is external)
FEDORA
sap -- governance_risk_and_compliance Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request. 2014-11-18 9.0 CVE-2013-3678
MISC(link is external)
XF(link is external)
BID(link is external)
BUGTRAQ(link is external)
MISC(link is external)
FULLDISC
MISC(link is external)
vld_interactive -- vldpersonals Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search action to index.php. 2014-11-20 7.5 CVE-2014-9005
XF(link is external)
EXPLOIT-DB(link is external)
webfs -- webfs The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file. 2014-11-16 7.2 CVE-2013-0347
XF(link is external)
BID(link is external)
MLIST
MLIST
MLIST
OSVDB
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apache -- cordova Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL. 2014-11-15 6.4 CVE-2014-3500
BID(link is external)
apache -- cordova Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView. 2014-11-15 4.3 CVE-2014-3501
BID(link is external)
apache -- cordova Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent. 2014-11-15 4.3 CVE-2014-3502
BID(link is external)
apache -- qpid XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message. 2014-11-17 4.3 CVE-2014-3629
XF(link is external)
BID(link is external)
BUGTRAQ(link is external)
SECUNIA(link is external)
MISC(link is external)
apple -- apple_tv WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462. 2014-11-18 5.4 CVE-2014-4452
apple -- iphone_os Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. 2014-11-18 5.0 CVE-2014-4453
apple -- mac_os_x The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors. 2014-11-18 5.0 CVE-2014-4458
apple -- mac_os_x Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. 2014-11-18 6.8 CVE-2014-4459
apple -- apple_tv WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452. 2014-11-18 5.8 CVE-2014-4462
arubanetworks -- clearpass Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting and diagnostics page in production systems, which allows remote attackers to obtain version numbers, module configuration, and other sensitive information by reading the page. 2014-11-19 5.0 CVE-2014-6621
SECUNIA(link is external)
arubanetworks -- clearpass Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to determine the validity of filenames via unspecified vectors. 2014-11-19 5.0 CVE-2014-6622
SECUNIA(link is external)
arubanetworks -- clearpass The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to read arbitrary files via unspecified vectors. 2014-11-19 6.8 CVE-2014-6624
SECUNIA(link is external)
atlas_systems -- aeon Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems Aeon 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) Action or (2) Form parameter to aeon.dll. 2014-11-19 4.3 CVE-2014-7290
XF(link is external)
MISC(link is external)
FULLDISC
MISC(link is external)
bestpractical -- rt-extension-mobileui The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and caches via unspecified vectors. 2014-11-15 5.0 CVE-2013-3737
OSVDB
SECUNIA(link is external)
cisco -- ios The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014. 2014-11-17 5.0 CVE-2014-7992
cisco -- unified_computing_system Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477. 2014-11-18 6.8 CVE-2014-7996
cisco -- ios The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281. 2014-11-14 6.1 CVE-2014-7997
cisco -- unified_communications_manager_im_and_presence_service Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497. 2014-11-20 5.0 CVE-2014-8000
codecanyon -- phpsound Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Description fields in a playlist or the (3) filter parameter in an explore action to index.php. 2014-11-17 4.3 CVE-2014-8954
EXPLOIT-DB(link is external)
MISC(link is external)
commerceguys -- commerce The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via unspecified vectors. 2014-11-20 5.0 CVE-2014-9025
docker -- docker Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. 2014-11-17 5.0 CVE-2014-5277
CONFIRM(link is external)
SUSE
dolibarr -- dolibarr_erp/crm Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet/tasks/contact.php; (4) lineid parameter in a deletecontact action, (5) ligne parameter in a swapstatut action, or (6) ref parameter to projet/contact.php; (7) id parameter to compta/bank/fiche.php, (8) contact/info.php, (9) holiday/index.php, (10) product/stock/fiche.php, (11) product/stock/info.php, or (12) in an edit action to product/stock/fiche.php; (13) productid parameter in an addline action to product/stock/massstockmove.php; (14) project_ref parameter to projet/tasks/note.php; (15) ref parameter to element.php, (16) ganttview.php, (17) note.php, or (18) tasks.php in projet/; (19) sall or (20) sref parameter to comm/mailing/liste.php; (21) search_bon, (22) search_ligne, (23) search_societ e, or (24) search_code parameter to compta/prelevement/liste.php; (25) search_label parameter to compta/sociales/index.php; (26) search_project parameter to projet/tasks/index.php; (27) search_societe parameter to compta/prelevement/demandes.php; (28) search_statut parameter to user/index.php; (29) socid parameter to compta/recap-compta.php, (30) societe/commerciaux.php, or (31) societe/rib.php; (32) sortorder, (33) sref, (34) sall, or (35) sortfield parameter to product/stock/liste.php; (36) statut parameter to adherents/liste.php or (37) compta/dons/liste.php; (38) tobuy or (39) tosell parameter to product/liste.php; (40) tobuy, (41) tosell, (42) search_categ, or (43) sref parameter to product/reassort.php; (44) type parameter to product/index.php; or the (a) sortorder or (b) sortfield parameter to (45) compta/paiement/cheque/liste.php, (46) compta/prelevement/bons.php, (47) compta/prelevement/rejets.php, (48) product/stats/commande.php, (49) product/stats/commande_fournis seur.php, (50) product/stats/contrat.php, (51) product/stats! /facture.php, (52) product/stats/facture_fournisseur.php, (53) product/stats/propal.php, or (54) product/stock/replenishorders.php. 2014-11-21 6.5 CVE-2014-7137
MISC(link is external)
BID(link is external)
BUGTRAQ(link is external)
FULLDISC
f5 -- big-ip_local_traffic_manager Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form. 2014-11-17 6.2 CVE-2014-8727
CONFIRM(link is external)
XF(link is external)
BID(link is external)
EXPLOIT-DB(link is external)
MISC(link is external)
freebsd -- freebsd FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and prevention of new connections) by ending multiple connections before authentication is completed. 2014-11-18 4.3 CVE-2014-8475
XF(link is external)
BID(link is external)
SECUNIA(link is external)
MISC(link is external)
google -- chrome Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string. 2014-11-19 5.0 CVE-2014-7899
CONFIRM
CONFIRM(link is external)
google -- chrome Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended access restrictions via a crafted web site. 2014-11-19 5.0 CVE-2014-7905
CONFIRM(link is external)
google -- chrome effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data. 2014-11-19 5.0 CVE-2014-7909
CONFIRM(link is external)
CONFIRM(link is external)
haxx -- curl cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. 2014-11-18 5.0 CVE-2014-3613
SUSE
haxx -- curl cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. 2014-11-18 5.0 CVE-2014-3620
SUSE
haxx -- libcurl The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. 2014-11-15 4.3 CVE-2014-3707
UBUNTU(link is external)
CONFIRM(link is external)
ibm -- security_identity_manager Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors. 2014-11-17 5.0 CVE-2014-6095
AIXAPAR(link is external)
AIXAPAR(link is external)
AIXAPAR(link is external)
AIXAPAR(link is external)
AIXAPAR(link is external)
AIXAPAR(link is external)
ibm -- security_identity_manager Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2014-11-17 4.3 CVE-2014-6096
AIXAPAR(link is external)
AIXAPAR(link is external)
AIXAPAR(link is external)
AIXAPAR(link is external)
AIXAPAR(link is external)
AIXAPAR(link is external)
ibm -- security_identity_manager IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request. 2014-11-17 5.0 CVE-2014-6098
AIXAPAR(link is external)
AIXAPAR(link is external)
AIXAPAR(link is external)
AIXAPAR(link is external)
AIXAPAR(link is external)
AIXAPAR(link is external)
ibm -- security_identity_manager IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors. 2014-11-17 4.3 CVE-2014-6105
AIXAPAR(link is external)
AIXAPAR(link is external)
AIXAPAR(link is external)
AIXAPAR(link is external)
AIXAPAR(link is external)
AIXAPAR(link is external)
ibm -- security_identity_manager IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. 2014-11-17 4.3 CVE-2014-6107
AIXAPAR(link is external)
AIXAPAR(link is external)
AIXAPAR(link is external)
AIXAPAR(link is external)
AIXAPAR(link is external)
AIXAPAR(link is external)
imember360 -- imember360 Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that with an unspecified impact via the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to execute arbitrary commands. 2014-11-16 6.8 CVE-2014-8948
EXPLOIT-DB(link is external)
SECUNIA(link is external)
FULLDISC
MISC(link is external)
OSVDB
imember360 -- imember360 The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear whether this issue itself crosses privileges. 2014-11-16 6.0 CVE-2014-8949
EXPLOIT-DB(link is external)
SECUNIA(link is external)
FULLDISC
MISC(link is external)
OSVDB
incrediblepbx -- incredible_pbx_11 reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5) APPTYR, or (6) APPTPHONE parameters. 2014-11-20 6.5 CVE-2014-9001
FULLDISC
ipa -- ilogscanner Cross-site scripting (XSS) vulnerability in IPA iLogScanner 4.0 allows remote attackers to inject arbitrary web script or HTML by triggering a crafted entry in a log file. 2014-11-14 4.3 CVE-2014-7248
JVNDB(link is external)
JVN(link is external)
lantronix -- xprintserver Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action. 2014-11-20 6.8 CVE-2014-9003
XF(link is external)
FULLDISC
MISC(link is external)
maarch -- letterbox SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie. 2014-11-20 5.0 CVE-2014-8995
XF(link is external)
OSVDB
MISC(link is external)
manageengine -- password_manager_pro SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter. 2014-11-17 6.5 CVE-2014-8498
MISC(link is external)
XF(link is external)
BID(link is external)
EXPLOIT-DB(link is external)
FULLDISC
MISC(link is external)
OSVDB
manageengine -- password_manager_pro Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc. 2014-11-17 6.5 CVE-2014-8499
MISC(link is external)
XF(link is external)
XF(link is external)
BID(link is external)
EXPLOIT-DB(link is external)
FULLDISC
MISC(link is external)
OSVDB
OSVDB
mantisbt -- mantisbt The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code. 2014-11-18 6.4 CVE-2014-8598
XF(link is external)
BID(link is external)
MLIST(link is external)
megnicholas -- clean_and_simple_contact_form Cross-site scripting (XSS) vulnerability in the Contact Form Clean and Simple (clean-and-simple-contact-form-by-meg-nicholas) plugin 4.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the cscf[name] parameter to contact-us/. 2014-11-17 4.3 CVE-2014-8955
XF(link is external)
MISC(link is external)
monstra -- monstra Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values. 2014-11-20 5.0 CVE-2014-9006
XF(link is external)
MISC(link is external)
mulesoft -- mule_enterprise_management_console Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC. 2014-11-20 6.5 CVE-2014-9000
FULLDISC
FULLDISC
MISC(link is external)
mumble -- mumble The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file. 2014-11-16 5.0 CVE-2014-3755
MISC
BID(link is external)
MLIST(link is external)
MLIST(link is external)
mumble -- mumble The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip. 2014-11-16 5.0 CVE-2014-3756
BID(link is external)
MLIST(link is external)
MLIST(link is external)
nibbleblog -- nibbleblog Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) author_name or (2) content parameter to index.php. 2014-11-20 4.3 CVE-2014-8996
XF(link is external)
BID(link is external)
FULLDISC
MISC(link is external)
pandorafms -- pandora_flexible_monitoring_system Cross-site scripting (XSS) vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via the refr parameter to index.php. 2014-11-19 4.3 CVE-2014-8629
XF(link is external)
FULLDISC
MISC(link is external)
phpmemcachedadmin_project -- phpmemcachedadmin Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-11-17 4.3 CVE-2014-8732
XF(link is external)
BID(link is external)
BUGTRAQ(link is external)
BUGTRAQ(link is external)
MISC(link is external)
phpmoneybooks -- phpmoneybooks Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. 2014-11-17 4.3 CVE-2012-1669
BID(link is external)
BUGTRAQ(link is external)
EXPLOIT-DB(link is external)
FULLDISC
MISC(link is external)
OSVDB
phpmoneybooks -- phpmoneybooks Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2012-1669. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might have been fixed in 1.0.3. 2014-11-17 4.3 CVE-2012-6665
SECUNIA(link is external)
OSVDB
phpscriptlerim -- php_scriptlerim_who's_who Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php. 2014-11-17 6.8 CVE-2014-8953
XF(link is external)
EXPLOIT-DB(link is external)
MISC(link is external)
pivotal -- spring_framework Directory traversal vulnerability in Pivitol Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling. 2014-11-20 5.0 CVE-2014-3625
CONFIRM(link is external)
puppetlabs -- facter Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine. 2014-11-16 6.2 CVE-2014-3248
BID(link is external)
SECUNIA(link is external)
SECUNIA(link is external)
MISC(link is external)
qemu -- qemu Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption. 2014-11-15 4.6 CVE-2014-5388
MLIST
CONFIRM(link is external)
UBUNTU(link is external)
MLIST
MLIST
CONFIRM
redhat -- openshift Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme. 2014-11-16 6.5 CVE-2014-0233
CONFIRM(link is external)
redhat -- tcpdump Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame. 2014-11-20 5.0 CVE-2014-8767
XF(link is external)
BID(link is external)
BUGTRAQ(link is external)
FULLDISC
MISC(link is external)
redhat -- tcpdump Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame. 2014-11-20 5.0 CVE-2014-8768
XF(link is external)
BID(link is external)
BUGTRAQ(link is external)
FULLDISC
MISC(link is external)
redhat -- tcpdump tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access. 2014-11-20 6.4 CVE-2014-8769
XF(link is external)
BID(link is external)
BUGTRAQ(link is external)
FULLDISC
MISC(link is external)
rubyonrails -- ruby_on_rails The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string. 2014-11-16 5.0 CVE-2014-3916
XF(link is external)
BID(link is external)
MLIST
MLIST
rubyonrails -- ruby_on_rails Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow. 2014-11-15 5.0 CVE-2014-4975
CONFIRM(link is external)
XF(link is external)
UBUNTU(link is external)
MLIST(link is external)
rubyonrails -- ruby_on_rails Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \ (backslash) character, a similar issue to CVE-2014-7818. 2014-11-18 5.0 CVE-2014-7829
MLIST(link is external)
simple_email_form_project -- simple_email_form Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the mod_simpleemailform_field2_1 parameter to index.php. 2014-11-21 4.3 CVE-2014-8539
MISC(link is external)
BID(link is external)
BUGTRAQ(link is external)
MISC(link is external)
tibco -- managed_file_transfer_command_center TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive information or modify data by leveraging agent access. 2014-11-20 6.4 CVE-2014-7194
tibco -- silver_fabric_enabler Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6.0.2 and 6.5.x before 6.5.2, Spotfire Deployment Kit 6.0.x before 6.0.2 and 6.5.x before 6.5.2, and Silver Fabric Enabler for Spotfire Web Player before 1.6.1 allows remote authenticated users to obtain sensitive information via unspecified vectors. 2014-11-20 4.0 CVE-2014-7195
twilio_project -- twilio The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restirct access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tokens by leveraging the "access administration pages" Drupal permission. 2014-11-20 5.5 CVE-2014-9023
ubercart -- ubercart The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer product classes" permission to execute arbitrary PHP code via unspecified vectors. 2014-11-15 6.0 CVE-2012-2301
BID(link is external)
MLIST(link is external)
MLIST(link is external)
SECUNIA(link is external)
ubercart -- ubercart The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtain sensitive information via unspecified vectors. 2014-11-20 4.0 CVE-2014-9026
uninett -- mod_auth_mellon The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving "sessions overlapping in memory." 2014-11-15 6.4 CVE-2014-8566
SECUNIA(link is external)
SECUNIA(link is external)
REDHAT(link is external)
CONFIRM(link is external)
vld_interactive -- vldpersonals Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a member_profile action to index.php. 2014-11-20 4.3 CVE-2014-9004
XF(link is external)
EXPLOIT-DB(link is external)
vtiger -- vtiger_crm views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter. 2014-11-15 5.0 CVE-2014-2268
MISC(link is external)
BID(link is external)
EXPLOIT-DB(link is external)
web_component_roles_project -- web_component_roles The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x before 7.x-1.8 for Drupal allows remote attackers to bypass the "disabled" restriction and modify read-only components via a crafted form. 2014-11-20 6.4 CVE-2014-9022
x7chat -- x7_chat lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch. 2014-11-20 6.5 CVE-2014-8998
XF(link is external)
BID(link is external)
EXPLOIT-DB(link is external)
MISC(link is external)
xen -- xen The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer derference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP). 2014-11-19 5.4 CVE-2014-8594
xoops -- xoops SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter. 2014-11-20 6.5 CVE-2014-8999
BID(link is external)
FULLDISC
MISC(link is external)
zend -- zend_framework Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657. 2014-11-15 6.4 CVE-2014-2681
MANDRIVA(link is external)
MLIST
CONFIRM
zend -- zend_framework Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0, when PHP-FPM is used, does not properly share the libxml_disable_entity_loader setting between threads, which might allow remote attackers to conduct XML External Entity (XXE) attacks via an XML external entity declaration in conjunction with an entity reference. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657. 2014-11-15 6.8 CVE-2014-2682
MANDRIVA(link is external)
MLIST
CONFIRM
zend -- zend_framework Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-6532. 2014-11-15 5.0 CVE-2014-2683
MANDRIVA(link is external)
MLIST
CONFIRM
zend -- zend_framework The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association handle, which allows remote attackers to bypass authentication and spoof arbitrary OpenID identities by using a malicious OpenID Provider that generates OpenID tokens with arbitrary identifier and claimed_id values. 2014-11-15 6.4 CVE-2014-2684
MANDRIVA(link is external)
MLIST
CONFIRM
zte -- zxdsl Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name or (2) conduct cross-site scripting (XSS) attacks via the sysUserName parameter in a save action to adminpasswd.cgi or (3) change the admin user password via the sysPassword parameter in a save action to adminpasswd.cgi. 2014-11-20 6.8 CVE-2014-9019
XF(link is external)
BID(link is external)
BUGTRAQ(link is external)
MISC(link is external)
zteusa -- zxhn_h108l_firmware ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1. 2014-11-20 5.0 CVE-2014-8493
MISC(link is external)
XF(link is external)
EXPLOIT-DB(link is external)
EXPLOIT-DB(link is external)
FULLDISC
MISC(link is external)
zteusa -- zxdsl_831 Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected products and codebases. 2014-11-20 4.3 CVE-2014-9020
XF(link is external)
BID(link is external)
BID(link is external)
BUGTRAQ(link is external)
BUGTRAQ(link is external)
MISC(link is external)
MISC(link is external)
zteusa -- zxdsl_831 Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 allow remote attackers to inject arbitrary web script or HTML via the (1) tr69cAcsURL, (2) tr69cAcsUser, (3) tr69cAcsPwd, (4) tr69cConnReqPwd, or (5) tr69cDebugEnable parameter to the TR-069 client page (tr69cfg.cgi); the (6) timezone parameter to the Time and date page (sntpcfg.sntp); or the (7) hostname parameter in a save action to the Quick Stats page (psilan.cgi). NOTE: this issue was SPLIT from CVE-2014-9020 per ADT1 due to different affected products and codebases. 2014-11-20 4.3 CVE-2014-9021
XF(link is external)
BID(link is external)
BUGTRAQ(link is external)
MISC(link is external)
zteusa -- zxdsl_831cii Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the (1) enblftp, (2) enblhttp, (3) enblsnmp, (4) enbltelnet, (5) enbltftp, (6) enblicmp, or (7) enblssh parameter to accesslocal.cmd. 2014-11-20 6.8 CVE-2014-9027
XF(link is external)
MISC(link is external)
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apache -- hive Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI. 2014-11-16 3.5 CVE-2014-0228
BUGTRAQ(link is external)
MISC(link is external)
apple -- apple_tv dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file. 2014-11-18 2.1 CVE-2014-4455
apple -- iphone_os CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files. 2014-11-18 2.1 CVE-2014-4460
apple -- iphone_os Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature. 2014-11-18 2.1 CVE-2014-4463
d-bus_project -- d-bus D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1. 2014-11-18 2.1 CVE-2014-7824
CONFIRM
XF(link is external)
BID(link is external)
MLIST(link is external)
freeipa -- freeipa FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind. 2014-11-19 3.5 CVE-2014-7828
MLIST(link is external)
MLIST(link is external)
CONFIRM
CONFIRM(link is external)
XF(link is external)
BID(link is external)
FEDORA
ibm -- tivoli_storage_manager The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename. 2014-11-18 2.1 CVE-2014-4817
XF(link is external)
ibm -- security_identity_manager IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation. 2014-11-17 2.1 CVE-2014-6110
AIXAPAR(link is external)
AIXAPAR(link is external)
AIXAPAR(link is external)
AIXAPAR(link is external)
AIXAPAR(link is external)
AIXAPAR(link is external)
nlnetlabs -- ldns The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file. 2014-11-15 2.1 CVE-2014-3209
CONFIRM(link is external)
CONFIRM
BID(link is external)
MLIST(link is external)
MLIST(link is external)
python -- python Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. 2014-11-15 3.3 CVE-2014-2667
MLIST(link is external)
MLIST(link is external)
MLIST(link is external)
SUSE
SUSE
redhat -- jboss_enterprise_application_platform JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions audit.log, which allows local users to obtain sensitive information by reading this file. 2014-11-17 2.1 CVE-2014-0059
xen -- xen arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction. 2014-11-19 1.9 CVE-2014-8595