Vulnerability Summary for the Week of September 29, 2014
Released
Oct 06, 2014
Document ID
SB14-279
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| belkin -- n300 | The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header. | 2014-09-29 | 8.3 | CVE-2013-3092 MISC MISC |
| gentoo -- portage | The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate. | 2014-09-29 | 9.3 | CVE-2013-2100 XF BID MLIST MLIST |
| gnu -- bash | GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169. | 2014-09-27 | 10.0 | CVE-2014-6277 CONFIRM CONFIRM CONFIRM SECUNIA MISC |
| gnu -- bash | GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. | 2014-09-30 | 10.0 | CVE-2014-6278 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM SECUNIA MISC |
| gnu -- bash | The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue. | 2014-09-28 | 10.0 | CVE-2014-7186 CONFIRM CONFIRM CONFIRM SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA MLIST MLIST MLIST |
| gnu -- bash | Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue. | 2014-09-28 | 10.0 | CVE-2014-7187 CONFIRM CONFIRM CONFIRM SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA MLIST MLIST MLIST |
| ibm -- websphere_datapower_xc10_appliance | Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network. | 2014-10-01 | 10.0 | CVE-2014-3059 XF AIXAPAR |
| ibm -- websphere_datapower_xc10_appliance | Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network and capturing a session cookie. | 2014-10-01 | 10.0 | CVE-2014-3060 XF |
| ibm -- qradar_security_information_and_event_manager | Unspecified vulnerability in IBM Security QRadar SIEM 7.1 MR2 and 7.2 MR2 allows remote attackers to execute arbitrary code via unknown vectors. | 2014-09-27 | 9.3 | CVE-2014-3062 XF |
| ibm -- security_access_manager_for_web_appliance | The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors. | 2014-10-02 | 7.1 | CVE-2014-4809 XF |
| ibm -- security_access_manager_for_mobile_appliance | The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors. | 2014-10-02 | 10.0 | CVE-2014-4823 XF |
| infusionsoft_gravity_forms_project -- infusionsoft_gravity_forms | The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php. | 2014-09-26 | 7.5 | CVE-2014-6446 MISC |
| juniper -- juniper_installer_service_client | Juniper Installer Service (JIS) Client 7.x before 7.4R6 for Windows and Junos Pulse Client before 4.0R6 allows local users to gain privileges via unspecified vectors. | 2014-09-29 | 7.2 | CVE-2014-3811 |
| libvncserver -- libvncserver | Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow. | 2014-09-30 | 7.5 | CVE-2014-6051 MISC CONFIRM CONFIRM MLIST SECUNIA MLIST FEDORA FEDORA |
| linksys -- ea6500 | Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/. | 2014-09-29 | 7.1 | CVE-2013-3066 MISC MISC |
| linux -- linux_kernel | include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) by sending invalid packets to a VxLAN interface. | 2014-09-28 | 7.8 | CVE-2014-3535 CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation. | 2014-09-28 | 7.2 | CVE-2014-3631 CONFIRM CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket. | 2014-09-28 | 7.8 | CVE-2014-6416 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux -- linux_kernel | net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket. | 2014-09-28 | 7.8 | CVE-2014-6417 CONFIRM CONFIRM MLIST CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph Monitor. | 2014-09-28 | 7.1 | CVE-2014-6418 CONFIRM CONFIRM MLIST CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals. | 2014-09-28 | 7.8 | CVE-2014-7145 CONFIRM BID MLIST CONFIRM |
| openmediavault -- openmediavault | The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter. | 2014-09-29 | 9.0 | CVE-2013-3632 MISC MISC BID EXPLOIT-DB OSVDB |
| plone -- plone | The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing. | 2014-09-30 | 8.5 | CVE-2012-5487 CONFIRM MLIST |
| plone -- plone | gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors. | 2014-09-30 | 8.5 | CVE-2012-5493 CONFIRM MLIST |
| wordpress -- wordpress | SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable. | 2014-10-01 | 7.5 | CVE-2003-1598 XF BID MISC SECUNIA MLIST OSVDB |
| xen -- xen | The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors. | 2014-10-02 | 8.3 | CVE-2014-7188 |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- apache_axis2/c | Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2014-09-29 | 4.3 | CVE-2012-6107 CONFIRM XF BID MLIST |
| apachefriends -- xampp | XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk method. | 2014-09-29 | 4.3 | CVE-2013-2586 XF BID EXPLOIT-DB MISC OSVDB BUGTRAQ |
| belkin -- f5d8236-4_v2 | Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_setting.exe in Belkin F5D8236-4 v2 allows remote attackers to hijack the authentication of administrators for requests that open the remote management interface on arbitrary ports via the remote_mgmt_enabled and remote_mgmt_port parameters. | 2014-09-29 | 6.8 | CVE-2013-3083 MISC |
| belkin -- n900 | Cross-site request forgery (CSRF) vulnerability in util_system.html in Belkin N900 router allows remote attackers to hijack the authentication of administrators for requests that change configuration settings including passwords and remote management ports. | 2014-09-29 | 6.8 | CVE-2013-3086 MISC MISC |
| belkin -- n300 | Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin N300 (F7D7301v1) router allows remote attackers to hijack the authentication of administrators for requests that modify configuration. | 2014-09-29 | 6.8 | CVE-2013-3089 MISC MISC |
| call-cc -- chicken | Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory. | 2014-09-29 | 4.4 | CVE-2013-1874 XF BID OSVDB MLIST CONFIRM |
| cisco -- linksys_wrt310n_router_firmware | Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports. | 2014-09-29 | 6.8 | CVE-2013-3068 MISC MISC |
| codeasily -- grand_flagallery | Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter. | 2014-10-01 | 4.3 | CVE-2011-4624 BID BUGTRAQ BUGTRAQ MLIST CONFIRM BUGTRAQ |
| contactus -- contact_form_7_integrations | Multiple cross-site scripting (XSS) vulnerabilities in includes/toAdmin.php in Contact Form 7 Integrations plugin 1.0 through 1.3.10 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) uE or (2) uC parameter. | 2014-09-26 | 4.3 | CVE-2014-6445 CONFIRM MISC |
| debian -- apt | Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL. | 2014-09-30 | 6.8 | CVE-2014-6273 XF BID |
| drupal -- drupal | modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document. | 2014-09-30 | 6.8 | CVE-2014-5267 MLIST CONFIRM |
| ekiga -- ekiga | lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings. | 2014-09-29 | 5.0 | CVE-2012-5621 FEDORA CONFIRM CONFIRM XF BID MLIST CONFIRM |
| exinda -- wan_optimization_suite | Cross-site scripting (XSS) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to inject arbitrary web script or HTML via the tabsel parameter to admin/launch. | 2014-10-02 | 4.3 | CVE-2014-7157 XF BID FULLDISC MISC |
| exinda -- wan_optimization_suite | Cross-site request forgery (CSRF) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to admin/launch. | 2014-10-02 | 6.8 | CVE-2014-7158 XF BID FULLDISC MISC |
| google -- nexus_7 | Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report. | 2014-09-28 | 6.9 | CVE-2014-3186 CONFIRM CONFIRM MLIST CONFIRM |
| haproxy -- haproxy | Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read. | 2014-09-30 | 5.0 | CVE-2014-6269 MLIST SECUNIA SECUNIA REDHAT CONFIRM MLIST MLIST |
| hibernate -- hibernate_validator | ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application. | 2014-09-30 | 5.0 | CVE-2014-3558 CONFIRM MISC |
| hp -- mpio_device_specific_module_manager | Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors. | 2014-09-28 | 4.6 | CVE-2014-2639 |
| hp -- system_management_homepage | Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-10-01 | 4.3 | CVE-2014-2640 |
| hp -- system_management_homepage | Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | 2014-10-01 | 6.0 | CVE-2014-2641 |
| hp -- system_management_homepage | HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 2014-10-01 | 4.3 | CVE-2014-2642 |
| ibm -- tivoli_federated_identity_manager | Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0-TIV-TFIM-IF0015, 6.2.1 before 6.2.1-TIV-TFIM-IF0007, and 6.2.2 before 6.2.2-TIV-TFIM-IF0011 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2014-10-01 | 4.3 | CVE-2014-3097 |
| ibm -- change_and_configuration_management_database | IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message. | 2014-10-01 | 5.0 | CVE-2014-4765 XF |
| ibm -- websphere_mq | IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors. | 2014-10-01 | 6.5 | CVE-2014-4793 XF |
| ibm -- security_access_manager_for_mobile_appliance | Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2014-10-02 | 4.3 | CVE-2014-6079 XF |
| jboss -- red_hat_jboss_data_virtualization | Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue. | 2014-09-30 | 4.3 | CVE-2014-0170 XF SECTRACK SECUNIA |
| juniper -- junos_pulse_access_control_service | Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors. | 2014-09-29 | 4.3 | CVE-2014-3820 |
| juniper -- junos_pulse_secure_access_service | The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 2014-09-29 | 4.3 | CVE-2014-3823 |
| juniper -- junos_pulse_secure_access_service | Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-09-29 | 4.3 | CVE-2014-3824 CONFIRM |
| libvncserver -- libvncserver | Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message. | 2014-09-30 | 6.5 | CVE-2014-6055 MISC CONFIRM CONFIRM CONFIRM XF BID MLIST SECUNIA MLIST FEDORA FEDORA |
| linksys -- ea6500 | Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys EA6500 with firmware 1.1.28.147876 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the target parameter. | 2014-09-29 | 6.8 | CVE-2013-3064 MISC MISC |
| linux -- linux_kernel | The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket. | 2014-09-28 | 4.9 | CVE-2012-6657 CONFIRM CONFIRM MLIST CONFIRM |
| linux -- linux_kernel | The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a certain reference count during requeue operations, which allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that triggers a zero count. | 2014-09-28 | 6.9 | CVE-2014-0205 CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event. | 2014-09-28 | 6.9 | CVE-2014-3181 CONFIRM MISC CONFIRM MLIST CONFIRM |
| linux -- linux_kernel | Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value. | 2014-09-28 | 6.9 | CVE-2014-3182 CONFIRM MISC MLIST |
| linux -- linux_kernel | Heap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that specifies a large report size for an LED report. | 2014-09-28 | 6.9 | CVE-2014-3183 CONFIRM MLIST |
| linux -- linux_kernel | The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c. | 2014-09-28 | 4.7 | CVE-2014-3184 CONFIRM MLIST |
| linux -- linux_kernel | Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response. | 2014-09-28 | 6.9 | CVE-2014-3185 MLIST |
| linux -- linux_kernel | The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode. | 2014-09-28 | 4.7 | CVE-2014-6410 CONFIRM CONFIRM BID MLIST |
| mailchimp -- easy_mailchimp_forms_plugin | Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the update_options action to wp-admin/admin-ajax.php. | 2014-09-26 | 4.3 | CVE-2014-7152 CONFIRM MISC |
| mediawiki -- mediawiki | Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file. | 2014-09-30 | 4.3 | CVE-2014-7199 CONFIRM MLIST DEBIAN SECUNIA |
| openfiler -- openfiler | Multiple cross-site request forgery (CSRF) vulnerabilities in Openfiler 2.99.1 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown or (2) reboot the server via a request to admin/system_shutdown.html. | 2014-09-30 | 6.8 | CVE-2014-7190 BID FULLDISC MISC |
| openstack -- keystone | The catalog url replacement in Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field. | 2014-10-02 | 4.0 | CVE-2014-3621 CONFIRM |
| openstack -- neutron | OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. | 2014-10-02 | 4.0 | CVE-2014-6414 MLIST |
| openstack -- keystonemiddleware | OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate. | 2014-10-02 | 4.3 | CVE-2014-7144 |
| plone -- plone | registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface. | 2014-09-30 | 6.8 | CVE-2012-5485 CONFIRM MLIST |
| plone -- plone | ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character. | 2014-09-30 | 6.4 | CVE-2012-5486 CONFIRM MLIST |
| plone -- plone | python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject. | 2014-09-30 | 5.0 | CVE-2012-5488 CONFIRM MLIST |
| plone -- plone | The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors. | 2014-09-30 | 6.5 | CVE-2012-5489 CONFIRM CONFIRM MLIST |
| plone -- plone | Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-09-30 | 4.3 | CVE-2012-5490 CONFIRM MLIST |
| plone -- plone | z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id. | 2014-09-30 | 4.3 | CVE-2012-5491 CONFIRM MLIST |
| plone -- plone | uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL. | 2014-09-30 | 5.0 | CVE-2012-5492 CONFIRM MLIST |
| plone -- plone | Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "{u,}translate." | 2014-09-30 | 4.3 | CVE-2012-5494 CONFIRM MLIST |
| plone -- plone | python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back." | 2014-09-30 | 5.0 | CVE-2012-5495 CONFIRM MLIST |
| plone -- plone | kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL. | 2014-09-30 | 5.0 | CVE-2012-5496 CONFIRM MLIST |
| plone -- plone | membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL. | 2014-09-30 | 5.0 | CVE-2012-5497 CONFIRM MLIST |
| plone -- plone | queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection. | 2014-09-30 | 5.0 | CVE-2012-5498 CONFIRM MLIST MLIST |
| plone -- plone | python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns. | 2014-09-30 | 5.0 | CVE-2012-5499 CONFIRM MLIST |
| plone -- plone | at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL. | 2014-09-30 | 5.0 | CVE-2012-5501 CONFIRM MLIST |
| plone -- plone | ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors. | 2014-09-30 | 5.0 | CVE-2012-5503 CONFIRM MLIST |
| plone -- plone | Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-09-30 | 4.3 | CVE-2012-5504 CONFIRM MLIST |
| plone -- plone | atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name. | 2014-09-30 | 5.0 | CVE-2012-5505 CONFIRM MLIST |
| plone -- plone | python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access. | 2014-09-30 | 5.0 | CVE-2012-5506 CONFIRM MLIST |
| plone -- plone | AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation. | 2014-09-30 | 4.3 | CVE-2012-5507 CONFIRM CONFIRM MLIST |
| postfix -- postfix | Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php. | 2014-10-01 | 6.5 | CVE-2012-0811 CONFIRM BID MLIST MLIST MISC |
| restaurantmis -- restaurant_script | Multiple cross-site scripting (XSS) vulnerabilities in register-exec.php in Restaurant Script (PizzaInn_Project) 1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, or (3) login parameter. | 2014-09-30 | 4.3 | CVE-2014-6619 XF EXPLOIT-DB MISC OSVDB |
| telerik -- asp.net_ajax_radeditor_control | Cross-site scripting (XSS) vulnerability in Telerik UI for ASP.NET AJAX RadEditor control 2014.1.403.35, 2009.3.1208.20, and other versions allows remote attackers to inject arbitrary web script or HTML via CSS expressions in style attributes. | 2014-09-26 | 4.3 | CVE-2014-4958 BUGTRAQ MISC CONFIRM |
| tp-link -- tl-wr841n | Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm. | 2014-09-30 | 4.3 | CVE-2012-6316 BID MLIST |
| tp-link -- tl-wdr4300 | Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to inject arbitrary web script or HTML via the hostname in a DHCP request. | 2014-09-30 | 4.3 | CVE-2014-4727 XF BID BUGTRAQ FULLDISC MISC |
| tp-link -- tl-wdr4300 | The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to cause a denial of service (crash) via a long header in a GET request. | 2014-09-30 | 5.0 | CVE-2014-4728 XF BID BUGTRAQ FULLDISC MISC |
| xen -- xen | Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors. | 2014-10-02 | 6.1 | CVE-2014-7154 |
| xen -- xen | The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction. | 2014-10-02 | 5.8 | CVE-2014-7155 |
| yorba -- geary | Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate. | 2014-09-30 | 4.3 | CVE-2014-5444 CONFIRM SUSE |
| your_online_shop_project -- your_online_shop | Cross-site scripting (XSS) vulnerability in Your Online Shop allows remote attackers to inject arbitrary web script or HTML via the products_id parameter. | 2014-09-30 | 4.3 | CVE-2014-6618 XF BID MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| bcron_project -- bcron_exec | bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor. | 2014-09-29 | 2.1 | CVE-2012-6110 XF CONFIRM MLIST |
| data_dumper_project -- data_dumper | The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function. | 2014-09-30 | 2.1 | CVE-2014-4330 CONFIRM CONFIRM XF BID BUGTRAQ MLIST SECUNIA MLIST FULLDISC MISC FEDORA |
| linksys -- ea6500 | Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Blocked Specific Sites section. | 2014-09-29 | 3.5 | CVE-2013-3065 MISC MISC |
| php -- php | The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions. | 2014-09-27 | 3.6 | CVE-2014-5459 MISC MLIST |
| phpmyadmin -- phpmyadmin | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php. | 2014-10-02 | 3.5 | CVE-2014-7217 CONFIRM CONFIRM |
| plone -- plone | Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors. | 2014-09-30 | 3.5 | CVE-2012-5502 CONFIRM MLIST |
| sleuthkit -- the_sleuth_kit | The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame. | 2014-09-29 | 2.1 | CVE-2012-5619 CONFIRM MLIST MLIST MANDRIVA FEDORA FEDORA MISC |
| xen -- xen | The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors. | 2014-10-02 | 3.3 | CVE-2014-7156 |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.