U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Bulletin (SB14-279)

Vulnerability Summary for the Week of September 29, 2014

Original release date: October 06, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
belkin -- n300The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header.2014-09-298.3CVE-2013-3092
MISC
MISC
gentoo -- portageThe urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate.2014-09-299.3CVE-2013-2100
XF
BID
MLIST
MLIST
gnu -- bashGNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.2014-09-2710.0CVE-2014-6277
CONFIRM
CONFIRM
CONFIRM
SECUNIA
MISC
gnu -- bashGNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.2014-09-3010.0CVE-2014-6278
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
SECUNIA
MISC
gnu -- bashThe redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.2014-09-2810.0CVE-2014-7186
CONFIRM
CONFIRM
CONFIRM
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
MLIST
MLIST
MLIST
gnu -- bashOff-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.2014-09-2810.0CVE-2014-7187
CONFIRM
CONFIRM
CONFIRM
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
MLIST
MLIST
MLIST
ibm -- websphere_datapower_xc10_applianceUnspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network.2014-10-0110.0CVE-2014-3059
XF
AIXAPAR
ibm -- websphere_datapower_xc10_applianceUnspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network and capturing a session cookie.2014-10-0110.0CVE-2014-3060
XF
ibm -- qradar_security_information_and_event_managerUnspecified vulnerability in IBM Security QRadar SIEM 7.1 MR2 and 7.2 MR2 allows remote attackers to execute arbitrary code via unknown vectors.2014-09-279.3CVE-2014-3062
XF
ibm -- security_access_manager_for_web_applianceThe WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors.2014-10-027.1CVE-2014-4809
XF
ibm -- security_access_manager_for_mobile_applianceThe administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors.2014-10-0210.0CVE-2014-4823
XF
infusionsoft_gravity_forms_project -- infusionsoft_gravity_formsThe Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php.2014-09-267.5CVE-2014-6446
MISC
juniper -- juniper_installer_service_clientJuniper Installer Service (JIS) Client 7.x before 7.4R6 for Windows and Junos Pulse Client before 4.0R6 allows local users to gain privileges via unspecified vectors.2014-09-297.2CVE-2014-3811
libvncserver -- libvncserverInteger overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.2014-09-307.5CVE-2014-6051
MISC
CONFIRM
CONFIRM
MLIST
SECUNIA
MLIST
FEDORA
FEDORA
linksys -- ea6500Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/.2014-09-297.1CVE-2013-3066
MISC
MISC
linux -- linux_kernelinclude/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) by sending invalid packets to a VxLAN interface.2014-09-287.8CVE-2014-3535
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernelThe assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation.2014-09-287.2CVE-2014-3631
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernelBuffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket.2014-09-287.8CVE-2014-6416
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernelnet/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket.2014-09-287.8CVE-2014-6417
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernelnet/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph Monitor.2014-09-287.1CVE-2014-6418
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernelThe SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals.2014-09-287.8CVE-2014-7145
CONFIRM
BID
MLIST
CONFIRM
openmediavault -- openmediavaultThe Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.2014-09-299.0CVE-2013-3632
MISC
MISC
BID
EXPLOIT-DB
OSVDB
plone -- ploneThe sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.2014-09-308.5CVE-2012-5487
CONFIRM
MLIST
plone -- plonegtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.2014-09-308.5CVE-2012-5493
CONFIRM
MLIST
wordpress -- wordpressSQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.2014-10-017.5CVE-2003-1598
XF
BID
MISC
SECUNIA
MLIST
OSVDB
xen -- xenThe hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors.2014-10-028.3CVE-2014-7188
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- apache_axis2/cApache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.2014-09-294.3CVE-2012-6107
CONFIRM
XF
BID
MLIST
apachefriends -- xamppXAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk method.2014-09-294.3CVE-2013-2586
XF
BID
EXPLOIT-DB
MISC
OSVDB
BUGTRAQ
belkin -- f5d8236-4_v2Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_setting.exe in Belkin F5D8236-4 v2 allows remote attackers to hijack the authentication of administrators for requests that open the remote management interface on arbitrary ports via the remote_mgmt_enabled and remote_mgmt_port parameters.2014-09-296.8CVE-2013-3083
MISC
belkin -- n900Cross-site request forgery (CSRF) vulnerability in util_system.html in Belkin N900 router allows remote attackers to hijack the authentication of administrators for requests that change configuration settings including passwords and remote management ports.2014-09-296.8CVE-2013-3086
MISC
MISC
belkin -- n300Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin N300 (F7D7301v1) router allows remote attackers to hijack the authentication of administrators for requests that modify configuration.2014-09-296.8CVE-2013-3089
MISC
MISC
call-cc -- chickenUntrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory.2014-09-294.4CVE-2013-1874
XF
BID
OSVDB
MLIST
CONFIRM
cisco -- linksys_wrt310n_router_firmwareCross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports.2014-09-296.8CVE-2013-3068
MISC
MISC
codeasily -- grand_flagalleryCross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.2014-10-014.3CVE-2011-4624
BID
BUGTRAQ
BUGTRAQ
MLIST
CONFIRM
BUGTRAQ
contactus -- contact_form_7_integrationsMultiple cross-site scripting (XSS) vulnerabilities in includes/toAdmin.php in Contact Form 7 Integrations plugin 1.0 through 1.3.10 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) uE or (2) uC parameter.2014-09-264.3CVE-2014-6445
CONFIRM
MISC
debian -- aptBuffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.2014-09-306.8CVE-2014-6273
XF
BID
drupal -- drupalmodules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document.2014-09-306.8CVE-2014-5267
MLIST
CONFIRM
ekiga -- ekigalib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings.2014-09-295.0CVE-2012-5621
FEDORA
CONFIRM
CONFIRM
XF
BID
MLIST
CONFIRM
exinda -- wan_optimization_suiteCross-site scripting (XSS) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to inject arbitrary web script or HTML via the tabsel parameter to admin/launch.2014-10-024.3CVE-2014-7157
XF
BID
FULLDISC
MISC
exinda -- wan_optimization_suiteCross-site request forgery (CSRF) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to admin/launch.2014-10-026.8CVE-2014-7158
XF
BID
FULLDISC
MISC
google -- nexus_7Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report.2014-09-286.9CVE-2014-3186
CONFIRM
CONFIRM
MLIST
CONFIRM
haproxy -- haproxyMultiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read.2014-09-305.0CVE-2014-6269
MLIST
SECUNIA
SECUNIA
REDHAT
CONFIRM
MLIST
MLIST
hibernate -- hibernate_validatorReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.2014-09-305.0CVE-2014-3558
CONFIRM
MISC
hp -- mpio_device_specific_module_managerUnspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors.2014-09-284.6CVE-2014-2639
hp -- system_management_homepageCross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-10-014.3CVE-2014-2640
hp -- system_management_homepageCross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.2014-10-016.0CVE-2014-2641
hp -- system_management_homepageHP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors.2014-10-014.3CVE-2014-2642
ibm -- tivoli_federated_identity_managerOpen redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0-TIV-TFIM-IF0015, 6.2.1 before 6.2.1-TIV-TFIM-IF0007, and 6.2.2 before 6.2.2-TIV-TFIM-IF0011 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.2014-10-014.3CVE-2014-3097
ibm -- change_and_configuration_management_databaseIBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message.2014-10-015.0CVE-2014-4765
XF
ibm -- websphere_mqIBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors.2014-10-016.5CVE-2014-4793
XF
ibm -- security_access_manager_for_mobile_applianceCross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.2014-10-024.3CVE-2014-6079
XF
jboss -- red_hat_jboss_data_virtualizationTeiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue.2014-09-304.3CVE-2014-0170
XF
SECTRACK
SECUNIA
juniper -- junos_pulse_access_control_serviceCross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors.2014-09-294.3CVE-2014-3820
juniper -- junos_pulse_secure_access_serviceThe Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors.2014-09-294.3CVE-2014-3823
juniper -- junos_pulse_secure_access_serviceCross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-09-294.3CVE-2014-3824
CONFIRM
libvncserver -- libvncserverMultiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.2014-09-306.5CVE-2014-6055
MISC
CONFIRM
CONFIRM
CONFIRM
XF
BID
MLIST
SECUNIA
MLIST
FEDORA
FEDORA
linksys -- ea6500Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys EA6500 with firmware 1.1.28.147876 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the target parameter.2014-09-296.8CVE-2013-3064
MISC
MISC
linux -- linux_kernelThe sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket.2014-09-284.9CVE-2012-6657
CONFIRM
CONFIRM
MLIST
CONFIRM
linux -- linux_kernelThe futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a certain reference count during requeue operations, which allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that triggers a zero count.2014-09-286.9CVE-2014-0205
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernelMultiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event.2014-09-286.9CVE-2014-3181
CONFIRM
MISC
CONFIRM
MLIST
CONFIRM
linux -- linux_kernelArray index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.2014-09-286.9CVE-2014-3182
CONFIRM
MISC
MLIST
linux -- linux_kernelHeap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that specifies a large report size for an LED report.2014-09-286.9CVE-2014-3183
CONFIRM
MLIST
linux -- linux_kernelThe report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c.2014-09-284.7CVE-2014-3184
CONFIRM
MLIST
linux -- linux_kernelMultiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.2014-09-286.9CVE-2014-3185
MLIST
linux -- linux_kernelThe __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode.2014-09-284.7CVE-2014-6410
CONFIRM
CONFIRM
BID
MLIST
mailchimp -- easy_mailchimp_forms_pluginCross-site scripting (XSS) vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the update_options action to wp-admin/admin-ajax.php.2014-09-264.3CVE-2014-7152
CONFIRM
MISC
mediawiki -- mediawikiCross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file.2014-09-304.3CVE-2014-7199
CONFIRM
MLIST
DEBIAN
SECUNIA
openfiler -- openfilerMultiple cross-site request forgery (CSRF) vulnerabilities in Openfiler 2.99.1 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown or (2) reboot the server via a request to admin/system_shutdown.html.2014-09-306.8CVE-2014-7190
BID
FULLDISC
MISC
openstack -- keystoneThe catalog url replacement in Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.2014-10-024.0CVE-2014-3621
CONFIRM
openstack -- neutronOpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors.2014-10-024.0CVE-2014-6414
MLIST
openstack -- keystonemiddlewareOpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate.2014-10-024.3CVE-2014-7144
plone -- ploneregisterConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.2014-09-306.8CVE-2012-5485
CONFIRM
MLIST
plone -- ploneZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.2014-09-306.4CVE-2012-5486
CONFIRM
MLIST
plone -- plonepython_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.2014-09-305.0CVE-2012-5488
CONFIRM
MLIST
plone -- ploneThe App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.2014-09-306.5CVE-2012-5489
CONFIRM
CONFIRM
MLIST
plone -- ploneCross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-09-304.3CVE-2012-5490
CONFIRM
MLIST
plone -- plonez3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.2014-09-304.3CVE-2012-5491
CONFIRM
MLIST
plone -- ploneuid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL.2014-09-305.0CVE-2012-5492
CONFIRM
MLIST
plone -- ploneCross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "{u,}translate."2014-09-304.3CVE-2012-5494
CONFIRM
MLIST
plone -- plonepython_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back."2014-09-305.0CVE-2012-5495
CONFIRM
MLIST
plone -- plonekupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL.2014-09-305.0CVE-2012-5496
CONFIRM
MLIST
plone -- plonemembership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.2014-09-305.0CVE-2012-5497
CONFIRM
MLIST
plone -- plonequeryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.2014-09-305.0CVE-2012-5498
CONFIRM
MLIST
MLIST
plone -- plonepython_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns.2014-09-305.0CVE-2012-5499
CONFIRM
MLIST
plone -- ploneat_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL.2014-09-305.0CVE-2012-5501
CONFIRM
MLIST
plone -- ploneftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors.2014-09-305.0CVE-2012-5503
CONFIRM
MLIST
plone -- ploneCross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-09-304.3CVE-2012-5504
CONFIRM
MLIST
plone -- ploneatat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.2014-09-305.0CVE-2012-5505
CONFIRM
MLIST
plone -- plonepython_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access.2014-09-305.0CVE-2012-5506
CONFIRM
MLIST
plone -- ploneAccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.2014-09-304.3CVE-2012-5507
CONFIRM
CONFIRM
MLIST
postfix -- postfixMultiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php.2014-10-016.5CVE-2012-0811
CONFIRM
BID
MLIST
MLIST
MISC
restaurantmis -- restaurant_scriptMultiple cross-site scripting (XSS) vulnerabilities in register-exec.php in Restaurant Script (PizzaInn_Project) 1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, or (3) login parameter.2014-09-304.3CVE-2014-6619
XF
EXPLOIT-DB
MISC
OSVDB
telerik -- asp.net_ajax_radeditor_controlCross-site scripting (XSS) vulnerability in Telerik UI for ASP.NET AJAX RadEditor control 2014.1.403.35, 2009.3.1208.20, and other versions allows remote attackers to inject arbitrary web script or HTML via CSS expressions in style attributes.2014-09-264.3CVE-2014-4958
BUGTRAQ
MISC
CONFIRM
tp-link -- tl-wr841nMultiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm.2014-09-304.3CVE-2012-6316
BID
MLIST
tp-link -- tl-wdr4300Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to inject arbitrary web script or HTML via the hostname in a DHCP request.2014-09-304.3CVE-2014-4727
XF
BID
BUGTRAQ
FULLDISC
MISC
tp-link -- tl-wdr4300The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to cause a denial of service (crash) via a long header in a GET request.2014-09-305.0CVE-2014-4728
XF
BID
BUGTRAQ
FULLDISC
MISC
xen -- xenRace condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.2014-10-026.1CVE-2014-7154
xen -- xenThe x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction.2014-10-025.8CVE-2014-7155
yorba -- gearyGeary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate.2014-09-304.3CVE-2014-5444
CONFIRM
SUSE
your_online_shop_project -- your_online_shopCross-site scripting (XSS) vulnerability in Your Online Shop allows remote attackers to inject arbitrary web script or HTML via the products_id parameter.2014-09-304.3CVE-2014-6618
XF
BID
MISC
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
bcron_project -- bcron_execbcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor.2014-09-292.1CVE-2012-6110
XF
CONFIRM
MLIST
data_dumper_project -- data_dumperThe Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.2014-09-302.1CVE-2014-4330
CONFIRM
CONFIRM
XF
BID
BUGTRAQ
MLIST
SECUNIA
MLIST
FULLDISC
MISC
FEDORA
linksys -- ea6500Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Blocked Specific Sites section.2014-09-293.5CVE-2013-3065
MISC
MISC
php -- phpThe PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.2014-09-273.6CVE-2014-5459
MISC
MLIST
phpmyadmin -- phpmyadminMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php.2014-10-023.5CVE-2014-7217
CONFIRM
CONFIRM
plone -- ploneCross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors.2014-09-303.5CVE-2012-5502
CONFIRM
MLIST
sleuthkit -- the_sleuth_kitThe Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame.2014-09-292.1CVE-2012-5619
CONFIRM
MLIST
MLIST
MANDRIVA
FEDORA
FEDORA
MISC
xen -- xenThe x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors.2014-10-023.3CVE-2014-7156
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top