ECI Blog @WordPress

Latest news from the ECI Networks Group

SB14-286: Vulnerability Summary for the Week of October 6, 2014

National Cyber Awareness System:  Original release date: October 13, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.

The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
alex_kellner — powermail Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted extension, then accessing it via unspecified vectors. 2014-10-03 7.5 CVE-2014-3947
CONFIRM
CONFIRM
alex_kellner — powermail The powermail extension 2.x before 2.0.11 for TYPO3 allows remote attackers to bypass the CAPTCHA protection mechanism via unspecified vectors. 2014-10-03 7.5 CVE-2014-6288
CONFIRM
apache — shiro Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password. 2014-10-06 7.5 CVE-2014-0074
FULLDISC
REDHAT
apple — mac_os_x The IOHIDSecurePromptClient function in Apple OS X does not properly validate pointer values, which allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted web site. 2014-10-05 9.3 CVE-2014-7861
MISC
BID
arubanetworks — arubaos Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain potentially sensitive information or add guest accounts, via an SSH session. 2014-10-07 7.5 CVE-2014-7299
bassmaster_plugin_project — bassmaster_plugin Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors. 2014-10-08 10.0 CVE-2014-7205
MISC
CONFIRM
XF
BID
MLIST
brocade — vyatta_5400_vrouter_software The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command. 2014-10-07 9.0 CVE-2014-4868
brocade — vyatta_5400_vrouter_software /opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parameters, which allows local users to gain privileges by leveraging the sudo configuration. 2014-10-07 7.2 CVE-2014-4870
chneider-electric — modicon_plc_ethernet_module Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request. 2014-10-03 10.0 CVE-2014-0754
cisco — asa The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted SQL REDIRECT packets, aka Bug ID CSCum46027. 2014-10-10 7.8 CVE-2014-3382
cisco — asa The IKE implementation in the VPN component in Cisco ASA Software 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted UDP packets, aka Bug ID CSCul36176. 2014-10-10 7.8 CVE-2014-3383
cisco — asa The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted packet that is sent during tunnel creation, aka Bug ID CSCum96401. 2014-10-10 7.8 CVE-2014-3384
cisco — asa Race condition in the Health and Performance Monitoring (HPM) for ASDM feature in Cisco ASA Software 8.3 before 8.3(2.42), 8.4 before 8.4(7.11), 8.5 before 8.5(1.19), 8.6 before 8.6(1.13), 8.7 before 8.7(1.11), 9.0 before 9.0(4.8), and 9.1 before 9.1(4.5) allows remote attackers to cause a denial of service (device reload) via TCP traffic that triggers many half-open connections at the same time, aka Bug ID CSCum00556. 2014-10-10 7.8 CVE-2014-3385
cisco — asa The GPRS Tunneling Protocol (GTP) inspection engine in Cisco ASA Software 8.2 before 8.2(5.51), 8.4 before 8.4(7.15), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted series of GTP packets, aka Bug ID CSCum56399. 2014-10-10 7.8 CVE-2014-3386
cisco — asa The SunRPC inspection engine in Cisco ASA Software 7.2 before 7.2(5.14), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.3) allows remote attackers to cause a denial of service (device reload) via crafted SunRPC packets, aka Bug ID CSCun11074. 2014-10-10 7.8 CVE-2014-3387
cisco — asa The DNS inspection engine in Cisco ASA Software 9.0 before 9.0(4.13), 9.1 before 9.1(5.7), and 9.2 before 9.2(2) allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCuo68327. 2014-10-10 7.8 CVE-2014-3388
cisco — asa The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.6), and 9.3 before 9.3(1.1) does not properly implement a tunnel filter, which allows remote authenticated users to obtain failover-unit access via crafted packets, aka Bug ID CSCuq28582. 2014-10-10 9.0 CVE-2014-3389
cisco — asr_9000_rsp440_router Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133. 2014-10-04 7.5 CVE-2014-3396
content_audit_project — content_audit SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the “Audited content types” option in the content-audit page to wp-admin/options-general.php. 2014-10-06 7.5 CVE-2014-5389
CONFIRM
MISC
FULLDISC
MISC
cyberoam — cyberoam_os Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary code via a crafted webpage or file. 2014-10-07 9.3 CVE-2014-5501
MISC
cyberoam — cyberoam_os The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode. 2014-10-07 9.0 CVE-2014-5502
MISC
MISC
MISC
MISC
cyberoam — cyberoam_os SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode. 2014-10-07 10.0 CVE-2014-5503
MISC
daniel_lienert — yet_another_gallery The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) extension before 3.0.1 and Tools for Extbase development (pt_extbase) extension before 1.5.1 allows remote attackers to bypass access restrictions and execute arbitrary controller actions via unspecified vectors. 2014-10-03 7.5 CVE-2014-6289
CONFIRM
CONFIRM
freepbx — freepbx htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth coockie, related to the PHP unserialize function, as exploited in the wild in September 2014. 2014-10-07 10.0 CVE-2014-7235
CONFIRM
XF
BID
SECUNIA
MISC
CONFIRM
gnu — glibc The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. 2014-10-06 7.5 CVE-2014-4043
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
XF
BID
google — chrome Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h. 2014-10-08 10.0 CVE-2014-3188
CONFIRM
CONFIRM
google — chrome The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via unknown vectors. 2014-10-08 7.5 CVE-2014-3189
CONFIRM
google — chrome Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that accesses the path property of an Event object. 2014-10-08 7.5 CVE-2014-3190
CONFIRM
CONFIRM
google — chrome Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers a widget-position update that improperly interacts with the render tree, related to the FrameView::updateLayoutAndStyleForPainting function in core/frame/FrameView.cpp and the RenderLayerScrollableArea::setScrollOffset function in core/rendering/RenderLayerScrollableArea.cpp. 2014-10-08 7.5 CVE-2014-3191
CONFIRM
CONFIRM
google — chrome Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2014-10-08 7.5 CVE-2014-3192
CONFIRM
CONFIRM
google — chrome The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors that leverage “type confusion” for callback processing. 2014-10-08 7.5 CVE-2014-3193
CONFIRM
google — chrome Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2014-10-08 7.5 CVE-2014-3194
CONFIRM
google — chrome base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors. 2014-10-08 7.5 CVE-2014-3196
CONFIRM
CONFIRM
CONFIRM
google — chrome Multiple unspecified vulnerabilities in Google Chrome before 38.0.2125.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2014-10-08 7.5 CVE-2014-3200
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — chrome Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, as used in Google Chrome before 38.0.2125.101, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2014-10-08 7.5 CVE-2014-7967
gopro — gopro_hero gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action. 2014-10-07 10.0 CVE-2014-6433
MISC
gopro — gopro_hero gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action. 2014-10-07 10.0 CVE-2014-6434
MISC
hp — sprinter Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2343. 2014-10-09 7.5 CVE-2014-2635
hp — sprinter Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2336. 2014-10-09 7.5 CVE-2014-2636
hp — sprinter Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2342. 2014-10-09 7.5 CVE-2014-2637
hp — sprinter Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2344. 2014-10-09 7.5 CVE-2014-2638
hp — network_automation Unspecified vulnerability in HP Network Automation 9.10 and 9.20 allows local users to bypass intended access restrictions via unknown vectors. 2014-10-09 7.2 CVE-2014-2646
hp — operations_manager Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors. 2014-10-09 10.0 CVE-2014-2648
hp — operations_manager Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors. 2014-10-09 7.5 CVE-2014-2649
joomla — joomla! Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication. 2014-10-08 7.5 CVE-2014-6632
SECUNIA
SECUNIA
CONFIRM
joomla — joomla! SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2014-10-08 7.5 CVE-2014-7981
joomla — joomla! Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication. 2014-10-08 7.5 CVE-2014-7984
CONFIRM
joyent — node.js visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using “public-restricted” under a “public” directory. 2014-10-08 7.5 CVE-2014-6394
MISC
MISC
CONFIRM
CONFIRM
XF
BID
MLIST
MLIST
FEDORA
FEDORA
FEDORA
kennziffer — statistics SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014. 2014-10-03 7.5 CVE-2014-6293
CONFIRM
mm_forum_project — mm_forum Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. 2014-10-03 7.5 CVE-2014-6298
mmonit — m/monit M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409. 2014-10-06 7.5 CVE-2014-6607
EXPLOIT-DB
FULLDISC
MISC
news_project — news The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an “insecure unserialize” issue. 2014-10-03 7.5 CVE-2014-6290
openstack — neutron The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression. 2014-10-07 7.6 CVE-2014-3632
oracle — solaris Multiple unspecified vulnerabilities in libXtsol in Oracle Solaris 10 and 11.1 have unspecified impact and attack vectors related to “Buffer errors.” 2014-10-06 10.0 CVE-2014-0397
CONFIRM
XF
BID
owncloud — owncloud Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program. 2014-10-06 7.5 CVE-2014-2044
MISC
XF
BID
BUGTRAQ
OSVDB
EXPLOIT-DB
SECUNIA
FULLDISC
MISC
phpcompta — phpcompta/noalyss backup.php in PHPCompta/NOALYSS before 6.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the d parameter. 2014-10-06 7.5 CVE-2014-6389
XF
EXPLOIT-DB
FULLDISC
MISC
rejetto — http_file_server The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action. 2014-10-07 7.5 CVE-2014-6287
CERT-VN
MISC
MISC
rejetto — http_file_server The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols. 2014-10-09 7.5 CVE-2014-7226
BID
EXPLOIT-DB
MISC
rockwellautomation — ab_micrologix_controller The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 1766-Lxxxxx A FRN controllers 7 and earlier and 1400 1766-Lxxxxx B FRN controllers before 15.001 allows remote attackers to cause a denial of service (process disruption) via malformed packets over (1) an Ethernet network or (2) a serial line. 2014-10-03 7.1 CVE-2014-5410
testlink — testlink Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php. 2014-10-08 9.0 CVE-2014-5308
MISC
CONFIRM
BID
EXPLOIT-DB
FULLDISC
FULLDISC
MISC
OSVDB
tp-link — firmware Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for requests that (1) enable FTP access (aka “FTP directory traversal”) to /tmp via the shareEntire parameter to userRpm/NasFtpCfgRpm.htm, (2) change the FTP administrative password via the nas_admin_pwd parameter to userRpm/NasUserAdvRpm.htm, (3) enable FTP on the WAN interface via the internetA parameter to userRpm/NasFtpCfgRpm.htm, (4) launch the FTP service via the startFtp parameter to userRpm/NasFtpCfgRpm.htm, or (5) enable or disable bandwidth limits via the QoSCtrl parameter to userRpm/QoSCfgRpm.htm. 2014-10-05 9.3 CVE-2013-2645
MISC
wec_map_project — wec_map SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2014-10-03 7.5 CVE-2014-6295
x2engine — x2engine The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery (SSRF) attacks via crafted serialized data in the report parameter. 2014-10-09 7.5 CVE-2014-5297
BUGTRAQ
FULLDISC
MISC
MISC
xmonad — xmonad-contrab The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 allows remote attackers to execute arbitrary commands via a web page title, which activates the commands when the user clicks on the xmobar window title, as demonstrated using an action tag. 2014-10-06 7.5 CVE-2013-1436
BID
MLIST
GENTOO


Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adaptivecomputing — moab Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote attackers to bypass the signature check, impersonate arbitrary users, and execute commands via a message without a signature. 2014-10-08 5.0 CVE-2014-5300
XF
BID
BUGTRAQ
EXPLOIT-DB
MISC
adaptivecomputing — moab The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 does not properly validate the message owner matches the submitting user, which allows remote authenticated users to impersonate arbitrary users via the UserId and Owner tags. 2014-10-08 4.0 CVE-2014-5375
XF
BID
BUGTRAQ
MISC
adaptivecomputing — moab Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a pre-generated key is used, does not validate that the requesting user matches the actor in the message, which allows remote authenticated users to impersonate arbitrary users via the actor field in a message. 2014-10-08 4.0 CVE-2014-5376
XF
BID
BUGTRAQ
MISC
adobe — digital_editions Adobe Digital Editions (DE) 4 does not use encryption for transmission of data to adelogs.adobe.com, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by book-navigation information. 2014-10-09 5.0 CVE-2014-8068
CONFIRM
CONFIRM
alphabetic_sitemap_project — alphabetic_sitemap Cross-site scripting (XSS) vulnerability in the Alphabetic Sitemap (alpha_sitemap) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-10-03 4.3 CVE-2014-6291
bmc — bmc_track-it! BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page. 2014-10-10 4.0 CVE-2014-4874
brocade — vyatta_5400_vrouter_software The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group. 2014-10-07 5.0 CVE-2014-4869
cisco — adaptive_security_appliance_software The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain potentially sensitive software-version information by reading the verbose response data that is provided for a request to an unspecified URL, aka Bug ID CSCuq65542. 2014-10-04 5.0 CVE-2014-3398
cisco — adaptive_security_appliance_software The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information during creation of a SharePoint handler, which allows remote authenticated users to overwrite arbitrary RAMFS cache files or inject Lua programs, and consequently cause a denial of service (portal outage or system reload), via crafted HTTP requests, aka Bug ID CSCup54208. 2014-10-07 5.5 CVE-2014-3399
cisco — webex_meetings_server Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344. 2014-10-04 4.0 CVE-2014-3400
cisco — ios_xe The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647. 2014-10-09 5.0 CVE-2014-3403
cisco — ios_xe The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to trigger acceptance of an invalid message via crafted messages, aka Bug ID CSCuq22677. 2014-10-09 4.3 CVE-2014-3404
cisco — ios_xe Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces, which allows remote attackers to conduct route-injection attacks via crafted RPL advertisements on an ANI interface, aka Bug ID CSCuq22673. 2014-10-09 4.8 CVE-2014-3405
debian — apt-cacher Cross-site scripting (XSS) vulnerability in job.cc in apt-cacher-ng 0.7.26 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2014-10-06 4.3 CVE-2014-4510
CONFIRM
BID
MISC
MLIST
MLIST
MISC
debian — exuberant_ctags jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file. 2014-10-07 5.0 CVE-2014-7204
CONFIRM
MLIST
DEBIAN
MISC
drupal — mayo Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the “administer themes” permission to inject arbitrary web script or HTML via vectors related to header background setting. 2014-10-09 4.0 CVE-2014-8079
XF
BID
SECUNIA
OSVDB
elasticsearch — elasticsearch Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-10-09 4.3 CVE-2014-6439
BID
BUGTRAQ
MISC
embarcadero — embarcadero_c++builder_xe6 Heap-based buffer overflow in the ReadDIB function in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows context-dependent attackers to execute arbitrary code via the BITMAPINFOHEADER.biClrUsed field in a BMP file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0993. 2014-10-06 6.8 CVE-2014-0994
MISC
FULLDISC
eng — spagobi The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL document. 2014-10-08 6.8 CVE-2014-7296
BID
external_links_click_statistics_project — external_links_click_statistics Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-10-03 4.3 CVE-2014-6294
femanager_project — femanager The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors. 2014-10-03 6.4 CVE-2014-6292
getmail — getmail The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate. 2014-10-07 6.8 CVE-2014-7273
CONFIRM
MLIST
getmail — getmail The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority. 2014-10-07 6.8 CVE-2014-7274
CONFIRM
MLIST
getmail — getmail The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate. 2014-10-07 6.8 CVE-2014-7275
CONFIRM
MLIST
golang — go crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors. 2014-10-07 4.3 CVE-2014-7189
CONFIRM
XF
BID
MLIST
google — chrome Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site. 2014-10-08 6.8 CVE-2014-3187
MISC
CONFIRM
MISC
google — chrome Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_ArrayConcat function in runtime.cc. 2014-10-08 5.0 CVE-2014-3195
CONFIRM
CONFIRM
CONFIRM
google — chrome The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site. 2014-10-08 5.0 CVE-2014-3197
CONFIRM
CONFIRM
google — chrome The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. 2014-10-08 5.0 CVE-2014-3198
CONFIRM
google — chrome The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 38.0.2125.101, has an erroneous fallback outcome for wrapper-selection failures, which allows remote attackers to cause a denial of service via vectors that trigger stopping a worker process that had been handling an Event object. 2014-10-08 5.0 CVE-2014-3199
CONFIRM
CONFIRM
google — chrome core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar. 2014-10-09 5.0 CVE-2014-3201
CONFIRM
CONFIRM
hp — systems_insight_manager Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote authenticated users to gain privileges via unknown vectors. 2014-10-04 6.5 CVE-2014-2643
hp — systems_insight_manager Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. 2014-10-05 4.3 CVE-2014-2644
hp — systems_insight_manager HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to conduct clickjacking attacks via unknown vectors. 2014-10-04 4.3 CVE-2014-2645
hp — records_manager Cross-site scripting (XSS) vulnerability in HP Records Manager before 7.3.5 and 8.x before 8.1 Patch 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-10-09 4.3 CVE-2014-4661
ibm — tivoli_service_automation_manager Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Service Automation Manager 7.2.2.2 before 7.2.2.2-TIV-TSAM-LA0041 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) REST API or (2) Self Service UI. 2014-10-07 4.3 CVE-2014-0940
XF
ibm — business_process_manager The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 through 8.5.5 does not properly restrict task and instance listings in result sets, which allows remote authenticated users to bypass authorization checks and obtain sensitive information by executing a saved search. 2014-10-07 4.0 CVE-2014-4802
XF
jolokia — jolokia Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page. 2014-10-06 6.8 CVE-2014-0168
CONFIRM
joomla — joomla! Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-10-08 4.3 CVE-2014-6631
SECUNIA
joomla — joomla! Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors. 2014-10-08 5.0 CVE-2014-7229
joomla — joomla! Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-10-08 4.3 CVE-2014-7982
joomla — joomla! Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-10-08 4.3 CVE-2014-7983
libgadu — libgadu libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. 2014-10-09 4.3 CVE-2013-4488
FEDORA
CONFIRM
BID
MLIST
MANDRIVA
MLIST
libvirt — libvirt The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read. 2014-10-06 5.8 CVE-2014-3633
REDHAT
CONFIRM
libvirt — libvirt The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command. 2014-10-06 5.0 CVE-2014-3657
REDHAT
CONFIRM
libvncserver — libvncserver The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message. 2014-10-06 4.3 CVE-2014-6054
MISC
CONFIRM
UBUNTU
MLIST
SECUNIA
SECUNIA
MLIST
mm_forum_project — mm_forum Cross-site scripting (XSS) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-10-03 4.3 CVE-2014-6297
mm_forum_project — mm_forum Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspecified vectors. 2014-10-03 6.8 CVE-2014-6299
mmonit — m/monit Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update. 2014-10-06 6.8 CVE-2014-6409
XF
EXPLOIT-DB
FULLDISC
MISC
net-snmp — net-snmp snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message. 2014-10-07 5.0 CVE-2014-3565
CONFIRM
CONFIRM
SUSE
netcommwireless — nb604n Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter. 2014-10-07 4.3 CVE-2014-4871
openinfosecfoundation — suricata The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service (crash), or possibly have unspecified other impact via a crafted banner, which triggers a large memory allocation or an out-of-bounds write. 2014-10-07 5.0 CVE-2014-6603
XF
BID
BUGTRAQ
FULLDISC
MISC
FEDORA
FEDORA
openstack — cinder The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header. 2014-10-08 4.0 CVE-2014-3641
CONFIRM
BID
MLIST
perl — cgi_application_module The CGI::Application module 4.50 and earlier for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function. 2014-10-06 5.0 CVE-2013-7329
MISC
CONFIRM
CONFIRM
CONFIRM
XF
BID
MLIST
FEDORA
FEDORA
python — python Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a “buffer” function. 2014-10-08 6.4 CVE-2014-7185
CONFIRM
XF
BID
MLIST
MLIST
FEDORA
CONFIRM
redhat — conga Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension. 2014-10-06 5.0 CVE-2013-6496
CONFIRM
redhat — cloudforms_3.0.1_management_engine Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request. 2014-10-06 4.0 CVE-2014-0140
CONFIRM
redhat — conga The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL. 2014-10-06 5.5 CVE-2014-3521
CONFIRM
redhat — cloudforms_3.0.1_management_engine vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an “insecure send method.” 2014-10-06 6.5 CVE-2014-3642
CONFIRM
restlet — restlet_framework Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack. 2014-10-06 5.0 CVE-2014-1868
CONFIRM
XF
SECUNIA
rexx-systems — recruitment Incomplete blacklist vulnerability in the user registration feature in rexx Recruitment R6.1 and R7 without “fixes from 2014-01-15″ allows remote attackers to conduct cross-site scripting (XSS) attacks via the oninput event handler in the fname parameter to the default URI in /reg. 2014-10-06 4.3 CVE-2014-1224
MISC
BUGTRAQ
SECUNIA
FULLDISC
wec_map_project — wec_map Cross-site scripting (XSS) vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-10-03 4.3 CVE-2014-6296
x2engine — x2engine FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated using a PHP program. 2014-10-09 5.0 CVE-2014-5298
CONFIRM
BUGTRAQ
FULLDISC
MISC
MISC
zeromq — zeromq stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request. 2014-10-08 4.3 CVE-2014-7202
CONFIRM
XF
BID
MLIST
MLIST
zeromq — zeromq libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors. 2014-10-08 4.3 CVE-2014-7203
CONFIRM
XF
BID
MLIST
MLIST
zyxel — sbg3300-n Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified “welcome message” form data that is improperly handled during rendering of the loginMessage list item, a different vulnerability than CVE-2014-7278. 2014-10-04 4.3 CVE-2014-7277
BUGTRAQ
zyxel — sbg3300-n The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified “welcome message” form data that is improperly handled during use for the loginMsg variable’s value, a different vulnerability than CVE-2014-7277. 2014-10-04 5.0 CVE-2014-7278
BUGTRAQ


Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cspan — capture-tiny The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file. 2014-10-06 3.6 CVE-2014-1875
CONFIRM
CONFIRM
CONFIRM
CONFIRM
XF
BID
SECUNIA
MLIST
MLIST
OSVDB
FEDORA
FEDORA
CONFIRM
drupal — context_form_alteration_module Cross-site scripting (XSS) vulnerability in the configuration UI in the Context Form Alteration module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the “administer contexts” permission to inject arbitrary web script or HTML via unspecified vectors. 2014-10-06 3.5 CVE-2014-7869
BID
SECUNIA
drupal — custom_search_module Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with the “administer custom search” permission to inject arbitrary web script or HTML via the “Label text” field to admin/config/search/custom_search/results. 2014-10-06 3.5 CVE-2014-7870
FULLDISC
drupal — bluemasters Cross-site scripting (XSS) vulnerability in the BlueMasters theme 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the “administer themes” permission to inject arbitrary web script or HTML via vectors related to theme settings. 2014-10-08 3.5 CVE-2014-7978
XF
BID
SECUNIA
drupal — simplecorp Cross-site scripting (XSS) vulnerability in the SimpleCorp theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the “administer themes” permission to inject arbitrary web script or HTML via vectors related to theme settings. 2014-10-08 3.5 CVE-2014-7979
XF
BID
SECUNIA
drupal — zen Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the “administer themes” permission to inject arbitrary web script or HTML via the skip_link_text setting and unspecified other theme settings. 2014-10-08 3.5 CVE-2014-7980
BID
SECUNIA
drupal — tribune Cross-site scripting (XSS) vulnerability in the Tribune module 6.x-1.x and 7.x-3.x for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title. 2014-10-09 3.5 CVE-2014-8075
XF
BID
OSVDB
drupal — professional_theme Cross-site scripting (XSS) vulnerability in the Professional theme 7.x before 7.x-2.04 for Drupal allows remote authenticated users with the “administer themes” permission to inject arbitrary web script or HTML via vectors related to custom copyright information. 2014-10-09 3.5 CVE-2014-8076
XF
SECUNIA
drupal — newsflash Cross-site scripting (XSS) vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the “administer themes” permission to inject arbitrary web script or HTML via vectors related to font family CSS property. 2014-10-09 3.5 CVE-2014-8077
XF
BID
SECUNIA
drupal — print Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 6.x-1.x before 6.x-1.19, 7.x-1.x before 7.x-1.3, and 7.x-2.x before 7.x-2.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes. 2014-10-09 3.5 CVE-2014-8078
XF
SECUNIA
gnupg — libgcrypt Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576. 2014-10-09 2.1 CVE-2014-5270
MISC
MLIST
mediawiki — mediawiki The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css. 2014-10-07 3.5 CVE-2014-7295
MLIST
DEBIAN
MLIST
openstack — compute The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2573. 2014-10-06 2.7 CVE-2014-3608
CONFIRM
MLIST
openstack — cinder The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log. 2014-10-08 2.1 CVE-2014-7230
CONFIRM
XF
BID
MLIST
openstack — cinder The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log. 2014-10-08 2.1 CVE-2014-7231
CONFIRM
XF
BID
MLIST
splunk — splunk Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file. 2014-10-09 3.5 CVE-2014-3147
SECTRACK

 

SB14-286: Vulnerability Summary for the Week of October 6, 2014 was originally published on Blogg'n @ ECI

October 21, 2014 - Posted by | NewsUpdate | , , , , , , , , ,

Sorry, the comment form is closed at this time.