vulnerability summary for the week of december 15, 2014 summary for the... · vulnerability summary...
TRANSCRIPT
Vulnerability Summary for the Week of December 15, 2014Please Note:
• The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low.
• The CVE indentity number is the publicly known ID given to that particular vulnerability. Therefore you can
search the status of that particular vulnerability using that ID.
• The CVSS (Common Vulnerability Scoring System) score is a standard scoring system used to determine the
severity of the vulnerability.
High Severity Vulnerabilities
The Primary Vendor --- Product
Description Date Published
CVSS Score
The CVE Identity
alliedtelesis -- ar440s Buffer overflow on the Allied Telesis AR440S,
AR441S, AR442S, AR745, AR750S, AR750S-DP,
AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-
8748XL, AT-8848, AT-9816GB, AT-9924T, AT-
9924Ts, CentreCOM AR415S, CentreCOM
AR450S, CentreCOM AR550S, CentreCOM
AR570S, CentreCOM 8700SL, CentreCOM
8948XL, CentreCOM 9924SP, CentreCOM
9924T/4SP, Rapier 48i, and SwitchBlade4000
with firmware before 2.9.1-21 allows remote
attackers to execute arbitrary code via a crafted
HTTP POST request.
2014-12-19 10.0 CVE-2014-7249
arris --
touchstone_tg862g/ct_fir
mware
ARRIS Touchstone TG862G/CT Telephony
Gateway with firmware 7.6.59S.CT and earlier
has a default password of password for the
admin account, which makes it easier for remote
attackers to obtain access via a request to
home_loggedout.php.
2014-12-18 10.0 CVE-2014-9406FULLDISC
docker -- docker Docker before 1.3.2 allows remote attackers to
write to arbitrary files and execute arbitrary code
2014-12-12 7.5 CVE-2014-6407MLIST (link is
via a (1) symlink or (2) hard link attack in an
image archive in a (a) pull or (b) load operation.
external)SECUNIA (link is external)SECUNIA (link is external)SUSEFEDORA
docker -- docker Docker 1.3.2 allows remote attackers to execute
arbitrary code with root privileges via a crafted
(1) image or (2) build in a Dockerfile in an LZMA
(.xz) archive, related to the chroot for archive
extraction.
2014-12-16 10.0 CVE-2014-9357CONFIRM (linkis external)BUGTRAQ (link is external)
emc --
documentum_content_se
rver
EMC Documentum Content Server before 6.7
SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and
7.1 before P09 allows remote authenticated
users to gain privileges by (1) placing a
command in a dm_job object and setting this
object's owner to a privileged user or placing a
rename action in a dm_job_request object and
waiting for a (2) dm_UserRename or (3)
dm_GroupRename service task, aka ESA-2014-
105. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2014-2515.
2014-12-16 9.0 CVE-2014-4626MISC (link is external)
ettercap_project --
ettercap
Heap-based buffer overflow in the
dissector_postgresql function in
dissectors/ec_postgresql.c in Ettercap before 8.1
allows remote attackers to cause a denial of
service or possibly execute arbitrary code via a
crafted password length value that is
inconsistent with the actual length of the
password.
2014-12-19 7.5 CVE-2014-6395MISC (link is external)CONFIRM (linkis external)BUGTRAQ (link is external)
ettercap_project --
ettercap
The dissector_postgresql function in
dissectors/ec_postgresql.c in Ettercap before 8.1
allows remote attackers to cause a denial of
service and possibly execute arbitrary code via a
crafted password length, which triggers a 0
character to be written to an arbitrary memory
location.
2014-12-19 7.5 CVE-2014-6396MISC (link is external)CONFIRM (linkis external)BUGTRAQ (link is external)
ettercap_project --
ettercap
Integer underflow in Ettercap 8.1 allows remote
attackers to cause a denial of service (out-of-
2014-12-19 7.5 CVE-2014-9376MISC (link is external)
bounds write) and possibly execute arbitrary
code via a small (1) size variable value in the
dissector_dhcp function in dissectors/ec_dhcp.c,
(2) length value to the dissector_gg function in
dissectors/ec_gg.c, or (3) string length to the
get_decode_len function in ec_utils.c or a
request without a (4) username or (5) password
to the dissector_TN3270 function in
dissectors/ec_TN3270.c.
CONFIRM (linkis external)CONFIRM (linkis external)CONFIRM (linkis external)CONFIRM (linkis external)BUGTRAQ (link is external)
ettercap_project --
ettercap
Heap-based buffer overflow in the nbns_spoof
function in plug-ins/nbns_spoof/nbns_spoof.c in
Ettercap 8.1 allows remote attackers to cause a
denial of service or possibly execute arbitrary
code via a large netbios packet.
2014-12-19 7.5 CVE-2014-9377MISC (link is external)CONFIRM (linkis external)BUGTRAQ (link is external)
ettercap_project --
ettercap
Ettercap 8.1 does not validate certain return
values, which allows remote attackers to cause a
denial of service (crash) or possibly execute
arbitrary code via a crafted (1) name to the
parse_line function in
mdns_spoof/mdns_spoof.c or (2) base64
encoded password to the dissector_imap
function in dissectors/ec_imap.c.
2014-12-19 7.5 CVE-2014-9378MISC (link is external)CONFIRM (linkis external)CONFIRM (linkis external)BUGTRAQ (link is external)
ettercap_project --
ettercap
The radius_get_attribute function in
dissectors/ec_radius.c in Ettercap 8.1 performs
an incorrect cast, which allows remote attackers
to cause a denial of service (crash) or possibly
execute arbitrary code via unspecified vectors,
which triggers a stack-based buffer overflow.
2014-12-19 7.5 CVE-2014-9379MISC (link is external)CONFIRM (linkis external)BUGTRAQ (link is external)
google -- android luni/src/main/java/java/io/ObjectInputStream.ja
va in the java.io.ObjectInputStream
implementation in Android before 5.0.0 does not
verify that deserialization will result in an object
that met the requirements for serialization,
which allows attackers to execute arbitrary code
via a crafted finalize method for a serialized
object in an ArrayMap Parcel within an intent
sent to system_service, as demonstrated by the
finalize method of android.os.BinderProxy, aka
2014-12-15 7.2 CVE-2014-7911FULLDISC
Bug 15874291.
google -- android Multiple SQL injection vulnerabilities in the
queryLastApp method in
packages/WAPPushManager/src/com/android/s
mspush/WapPushManager.java in the
WAPPushManager module in Android before
5.0.0 allow remote attackers to execute arbitrary
SQL commands, and consequently launch an
activity or service, via the (1) wapAppId or (2)
contentType field of a PDU for a malformed
WAPPush message, aka Bug 17969135.
2014-12-15 7.5 CVE-2014-8507MISC (link is external)FULLDISCMISC (link is external)
google -- android The addAccount method in
src/com/android/settings/accounts/AddAccount
Settings.java in the Settings application in
Android before 5.0.0 does not properly create a
PendingIntent, which allows attackers to use the
SYSTEM uid for broadcasting an intent with
arbitrary component, action, or category
information via a third-party authenticator in a
crafted application, aka Bug 17356824.
2014-12-15 7.2 CVE-2014-8609MISC (link is external)FULLDISCMISC (link is external)
gparted -- gparted GParted before 0.15.0 allows local users to
execute arbitrary commands with root privileges
via shell metacharacters in a crafted filesystem
label.
2014-12-19 7.2 CVE-2014-7208FULLDISC
honeywell -- opos_suite Multiple stack-based buffer overflows in (1)
HWOPOSScale.ocx and (2)
HWOPOSSCANNER.ocx in Honeywell OPOS Suite
before 1.13.4.15 allow remote attackers to
execute arbitrary code via a crafted file that is
improperly handled by the Open method.
2014-12-12 7.5 CVE-2014-8269MISC (link is external)MISC (link is external)
k7computing --
k7firewall_packet_driver
Heap-based buffer overflow in the K7FWFilt.sys
kernel mode driver (aka K7Firewall Packet
Driver) before 14.0.1.16, as used in multiple K7
Computing products, allows local users to
execute arbitrary code with kernel privileges via
a crafted parameter in a DeviceIoControl API call.
2014-12-12 7.2 CVE-2014-7136MISC (link is external)FULLDISCMISC (link is external)
k7computing --
k7av_sentry_device_drive
Stack-based buffer overflow in the K7Sentry.sys
kernel mode driver (aka K7AV Sentry Device
2014-12-12 7.2 CVE-2014-8956MISC (link is external)
r Driver) before 12.8.0.119, as used in multiple K7
Computing products, allows local users to
execute arbitrary code with kernel privileges via
unspecified vectors.
FULLDISCMISC (link is external)
libvncserver --
libvncserver
The HandleRFBServerMessage function in
libvncclient/rfbproto.c in LibVNCServer 0.9.9 and
earlier does not check certain malloc return
values, which allows remote VNC servers to
cause a denial of service (application crash) or
possibly execute arbitrary code by specifying a
large screen size in a (1) FramebufferUpdate, (2)
ResizeFrameBuffer, or (3)
PalmVNCReSizeFrameBuffer message.
2014-12-15 7.5 CVE-2014-6052MISCCONFIRM (linkis external)MLIST (link is external)SECUNIA (link is external)SECUNIA (link is external)MLIST
linux -- linux_kernel arch/x86/kernel/entry_64.S in the Linux kernel
before 3.17.5 does not properly handle faults
associated with the Stack Segment (SS) segment
register, which allows local users to gain
privileges by triggering an IRET instruction that
leads to access to a GS Base address from the
wrong space.
2014-12-17 7.2 CVE-2014-9322CONFIRMCONFIRM (linkis external)MLIST (link is external)CONFIRM
malwarebytes --
malwarebytes_anti-
exploit
The upgrade functionality in Malwarebytes Anti-
Malware (MBAM) consumer before 2.0.3 and
Malwarebytes Anti-Exploit (MBAE) consumer
1.04.1.1012 and earlier allow man-in-the-middle
attackers to execute arbitrary code by spoofing
the update server and uploading an executable.
2014-12-16 9.3 CVE-2014-4936MISC (link is external)
manageengine --
desktop_central
The NativeAppServlet in ManageEngine Desktop
Central MSP before 90075 allows remote
attackers to execute arbitrary code via a crafted
JSON object.
2014-12-16 10.0 CVE-2014-9371MISC (link is external)
manageengine --
netflow_analyzer
Directory traversal vulnerability in the
CollectorConfInfoServlet servlet in
ManageEngine NetFlow Analyzer allows remote
attackers to execute arbitrary code via a .. (dot
dot) in the filename.
2014-12-16 10.0 CVE-2014-9373MISC (link is external)
mozilla --
network_security_services
The definite_length_decoder function in
lib/util/quickder.c in Mozilla Network Security
Services (NSS) before 3.16.2.4 and 3.17.x before
2014-12-15 7.5 CVE-2014-1569MISC (link is external)MISC
3.17.3 does not ensure that the DER encoding of
an ASN.1 length is properly formed, which allows
remote attackers to conduct data-smuggling
attacks by using a long byte sequence for an
encoding, as demonstrated by the
SEC_QuickDERDecodeItem function's improper
handling of an arbitrary-length encoding of
0x00.
CONFIRMMISC (link is external)
qemu -- qemu The host_from_stream_offset function in
arch_init.c in QEMU, when loading RAM during
migration, allows remote attackers to execute
arbitrary code via a crafted (1) offset or (2) length
value in savevm data.
2014-12-12 7.5 CVE-2014-7840CONFIRM (linkis external)XF (link is external)MLIST
rpm -- rpm Race condition in RPM 4.11.1 and earlier allows
remote attackers to execute arbitrary code via a
crafted RPM file whose installation extracts the
contents to temporary files before validating the
signature, as demonstrated by installing a file in
the /etc/cron.d directory.
2014-12-16 7.5 CVE-2013-6435CONFIRM (linkis external)CONFIRM (linkis external)REDHAT (link is external)REDHAT (link is external)REDHAT (link is external)
rpm -- rpm Integer overflow in RPM 4.12 and earlier allows
remote attackers to execute arbitrary code via a
crafted CPIO header in the payload section of an
RPM file, which triggers a stack-based buffer
overflow.
2014-12-16 10.0 CVE-2014-8118REDHAT (link is external)
safenet-inc --
safenet_authentication_s
ervice_outlook_web_acce
ss_agent
Directory traversal vulnerability in SafeNet
Authentication Service (SAS) Outlook Web
Access Agent (formerly CRYPTOCard) before
1.03.30109 allows remote attackers to read
arbitrary files via a .. (dot dot) in the GetFile
parameter to owa/owa.
2014-12-16 7.8 CVE-2014-5359MISC (link is external)
sap -- businessobjects SAP BussinessObjects Edge 4.1 allows remote
attackers to obtain the
SI_PLATFORM_SEARCH_SERVER_LOGON_TOKE
N token and gain privileges via a crafted CORBA
call, aka SAP Note 2039905.
2014-12-17 10.0 CVE-2014-9387BUGTRAQ (link is external)MISC (link is external)FULLDISC
sixapart -- movabletype SQL injection vulnerability in the XML-RPC 2014-12-16 7.5 CVE-2014-9057
interface in Movable Type before 5.18, 5.2.x
before 5.2.11, and 6.x before 6.0.6 allows remote
attackers to execute arbitrary SQL commands via
unspecified vectors.
SECUNIA (link is external)
zenoss -- zenoss_core Zenoss Core through 5 Beta 3 allows remote
attackers to bypass intended access restrictions
and place files in a directory with public (1) read
or (2) execute access via a move action, aka ZEN-
15386.
2014-12-15 7.5 CVE-2014-6256CERT-VNCONFIRM (linkis external)
zenoss -- zenoss_core Zenoss Core through 5 Beta 3 does not properly
implement the Check For Updates feature, which
allows remote attackers to execute arbitrary
code by (1) spoofing the callhome server or (2)
deploying a crafted web site that is visited
during a login session, aka ZEN-12657.
2014-12-15 9.3 CVE-2014-6261
zenoss -- zenoss_core The default configuration of Zenoss Core before
5 allows remote attackers to read or modify
database information by connecting to
unspecified open ports, aka ZEN-15408.
2014-12-15 7.5 CVE-2014-9249
zoneo-soft -- phptraffica SQL injection vulnerability in
Php/Functions/log_function.php in phpTrafficA
2.3 and earlier allows remote attackers to
execute arbitrary SQL commands via a User-
Agent HTTP header.
2014-12-16 7.5 CVE-2014-8340BUGTRAQ (link is external)MISC (link is external)
Medium Severity Vulnerabilities
The Primary Vendor --- Product
Description Date Published CVSSScore
The CVE Identity
apache --
subversion
The mod_dav_svn Apache HTTPD server module in
Apache Subversion 1.x before 1.7.19 and 1.8.x
before 1.8.11 allows remote attackers to cause a
denial of service (NULL pointer dereference and
server crash) via a REPORT request for a resource
that does not exist.
2014-12-18 5.0 CVE-2014-3580SECUNIA (link is external)
apache --
http_server
The handle_headers function in mod_proxy_fcgi.c
in the mod_proxy_fcgi module in the Apache HTTP
Server 2.4.10 allows remote FastCGI servers to
cause a denial of service (buffer over-read and
daemon crash) via long response headers.
2014-12-15 5.0 CVE-2014-3583CONFIRM (linkis external)
apache --
subversion
The mod_dav_svn Apache HTTPD server module in
Apache Subversion 1.7.x before 1.7.19 and 1.8.x
before 1.8.11 allows remote attackers to cause a
denial of service (NULL pointer dereference and
crash) via a request for a URI that triggers a lookup
for a virtual transaction name that does not exist.
2014-12-18 5.0 CVE-2014-8108SECUNIA (link is external)
arris --
touchstone_tg862g
/ct_firmware
Multiple cross-site request forgery (CSRF)
vulnerabilities in ARRIS Touchstone TG862G/CT
Telephony Gateway with firmware 7.6.59S.CT and
earlier allow remote attackers to hijack the
authentication of administrators for requests that
(1) enable remote management via a request to
remote_management.php, (2) add a port
forwarding rule via a request to
port_forwarding_add.php, (3) change the wireless
network to open via a request to
wireless_network_configuration_edit.php, or (4)
conduct cross-site scripting (XSS) attacks via the
keyword parameter to
managed_sites_add_keyword.php.
2014-12-17 6.8 CVE-2014-5437FULLDISCFULLDISC
bittorrent -- The web interface in BitTorrent allows remote 2014-12-12 6.8 CVE-2014-8515
bittorrent attackers to execute arbitrary commands by
leveraging knowledge of the pairing values and a
crafted request to port 10000.
MISC (link is external)
c-icap_project -- c-
icap
Multiple unspecified vulnerabilities in request.c in
c-icap 0.2.x allow remote attackers to cause a denial
of service (crash) via a crafted ICAP request.
2014-12-17 5.0 CVE-2013-7402DEBIANCONFIRM (linkis external)SECUNIA (link is external)SECUNIA (link is external)MLIST
ca --
release_automation
Cross-site request forgery (CSRF) vulnerability in CA
Release Automation (formerly iTKO LISA Release
Automation) before 4.7.1 b448 allows remote
attackers to hijack the authentication of unspecified
victims via unknown vectors.
2014-12-16 6.8 CVE-2014-8246BUGTRAQ (link is external)SECTRACK (link is external)FULLDISC
ca --
release_automation
Cross-site scripting (XSS) vulnerability in CA Release
Automation (formerly iTKO LISA Release
Automation) before 4.7.1 b448 allows remote
attackers to inject arbitrary web script or HTML via
unspecified vectors.
2014-12-16 4.3 CVE-2014-8247BUGTRAQ (link is external)SECTRACK (link is external)FULLDISC
ca --
release_automation
SQL injection vulnerability in CA Release
Automation (formerly iTKO LISA Release
Automation) before 4.7.1 b448 allows remote
authenticated users to execute arbitrary SQL
commands via a crafted query.
2014-12-16 6.5 CVE-2014-8248BUGTRAQ (link is external)SECTRACK (link is external)FULLDISC
cisco --
prime_security_ma
nager
Multiple cross-site scripting (XSS) vulnerabilities in
the web framework in Cisco Prime Security
Manager (aka PRSM) 9.2.1-2 and earlier allow
remote attackers to inject arbitrary web script or
HTML via a (1) Access Policies or (2) Device
Summary Dashboard parameter, aka Bug ID
CSCuq80661.
2014-12-12 4.3 CVE-2014-3364
cisco -- isb8320-
e_high-
definition_ip-
only_dvr
The Disaster Recovery (DRA) feature on the Cisco
ISB8320-E High-Definition IP-Only DVR allows
remote attackers to bypass authentication by
establishing a TELNET session during a recovery
boot, aka Bug ID CSCup85422.
2014-12-16 4.3 CVE-2014-8006
cisco -- Cross-site scripting (XSS) vulnerability in the 2014-12-18 4.3 CVE-2014-8012
adaptive_security_a
ppliance_software
WebVPN Portal Login page in Cisco Adaptive
Security Appliance (ASA) Software allows remote
attackers to inject arbitrary web script or HTML via
crafted attributes in a cookie, aka Bug ID
CSCuh24695.
cisco -- ios_xr Cisco IOS XR allows remote attackers to cause a
denial of service (RSVP process reload) via a
malformed RSVP packet, aka Bug ID CSCub63710.
2014-12-18 5.0 CVE-2014-8014
cisco --
ironport_email_sec
urity_appliances
The Cisco IronPort Email Security Appliance (ESA)
allows remote attackers to cause a denial of service
(CPU consumption) via long Subject headers in e-
mail messages, aka Bug ID CSCzv93864.
2014-12-18 5.0 CVE-2014-8016
dell --
idrac6_modular
The IPMI 1.5 functionality in Dell iDRAC6 modular
before 3.65, iDRAC6 monolithic before 1.98, and
iDRAC7 before 1.57.57 does not properly select
session ID values, which makes it easier for remote
attackers to execute arbitrary commands via a
brute-force attack.
2014-12-19 5.0 CVE-2014-8272
digium -- asterisk Double free vulnerability in the WebSocket Server
(res_http_websocket module) in Asterisk Open
Source 11.x before 11.14.2, 12.x before 12.7.2, and
13.x before 13.0.2 and Certified Asterisk 11.6 before
11.6-cert9 allows remote attackers to cause a denial
of service (crash) by sending a zero length frame
after a non-zero length frame.
2014-12-12 5.0 CVE-2014-9374SECTRACK (link is external)BID (link is external)BUGTRAQ (link is external)SECUNIA (link is external)FULLDISCMISC (link is external)
docker -- docker Docker 1.3.0 through 1.3.1 allows remote attackers
to modify the default run profile of image
containers and possibly bypass the container by
applying unspecified security options to an image.
2014-12-12 5.0 CVE-2014-6408MLIST (link is external)SECUNIA (link is external)SECUNIA (link is external)SUSEFEDORA
docker -- docker Docker before 1.3.3 does not properly validate
image IDs, which allows remote attackers to
conduct path traversal attacks and spoof
repositories via a crafted image in a (1) "docker
2014-12-16 6.4 CVE-2014-9358CONFIRM (linkis external)BUGTRAQ (link is external)
load" operation or (2) "registry communications."
dokuwiki --
dokuwiki
The default file type whitelist configuration in
conf/mime.conf in the Media Manager in DokuWiki
before 2014-09-29b allows remote attackers to
execute arbitrary web script or HTML by uploading
an SWF file, then accessing it via the media
parameter to lib/exe/fetch.php.
2014-12-17 4.3 CVE-2014-9253CONFIRMCONFIRM (linkis external)XF (link is external)SECTRACK (link is external)BID (link is external)MISC (link is external)MLIST
ekahau -- activator Ekahau B4 staff badge tag 5.7 with firmware 1.4.52,
Real-Time Location System (RTLS) Controller 6.0.5-
FINAL, and Activator 3 reuses the RC4 cipher
stream, which makes it easier for remote attackers
to obtain plaintext messages via an XOR operation
on two ciphertexts.
2014-12-19 4.3 CVE-2014-2716BID (link is external)BUGTRAQ (link is external)MISC (link is external)MISC (link is external)
ekahau -- activator Ekahau B4 staff badge tag 5.7 with firmware 1.4.52,
Real-Time Location System (RTLS) Controller 6.0.5-
FINAL, and Activator 3 uses part of the MAC address
as part of the RC4 setup key, which makes it easier
for remote attackers to guess the key via a brute-
force attack.
2014-12-19 5.0 CVE-2014-9408BID (link is external)BUGTRAQ (link is external)MISC (link is external)MISC (link is external)
emc --
rsa_authentication_
manager
Open redirect vulnerability in EMC RSA
Authentication Manager 8.x before 8.1 Patch 6
allows remote attackers to redirect users to
arbitrary web sites and conduct phishing attacks via
unspecified vectors.
2014-12-12 5.8 CVE-2014-2516BUGTRAQ (link is external)
emc --
isilon_insightiq
Cross-site scripting (XSS) vulnerability in EMC Isilon
InsightIQ 2.x and 3.x before 3.1 allows remote
attackers to inject arbitrary web script or HTML via
unspecified vectors.
2014-12-12 4.3 CVE-2014-4628BUGTRAQ (link is external)
emc --
rsa_archer_egrc
Cross-site scripting (XSS) vulnerability in EMC RSA
Archer GRC Platform 5.x before 5.5.1.1 allows
remote attackers to inject arbitrary web script or
HTML via unspecified vectors.
2014-12-12 4.3 CVE-2014-4633BUGTRAQ (link is external)
ettercap_project --
ettercap
The dissector_cvs function in dissectors/ec_cvs.c in
Ettercap 8.1 allows remote attackers to cause a
denial of service (out-of-bounds read) via a packet
containing only a CVS_LOGIN signature.
2014-12-19 5.0 CVE-2014-9380MISC (link is external)CONFIRM (linkis external)BUGTRAQ (link is external)
ettercap_project --
ettercap
Integer signedness error in the dissector_cvs
function in dissectors/ec_cvs.c in Ettercap 8.1
allows remote attackers to cause a denial of service
(crash) via a crafted password, which triggers a
large memory allocation.
2014-12-19 5.0 CVE-2014-9381MISC (link is external)CONFIRM (linkis external)BUGTRAQ (link is external)
file_project -- file The ELF parser (readelf.c) in file before 5.21 allows
remote attackers to cause a denial of service (CPU
consumption or crash) via a large number of (1)
program or (2) section headers or (3) invalid
capabilities.
2014-12-17 5.0 CVE-2014-8116CONFIRM (linkis external)CONFIRM (linkis external)CONFIRM (linkis external)SECTRACK (link is external)MLIST
file_project -- file softmagic.c in file before 5.21 does not properly
limit recursion, which allows remote attackers to
cause a denial of service (CPU consumption or
crash) via unspecified vectors.
2014-12-17 5.0 CVE-2014-8117CONFIRM (linkis external)CONFIRM (linkis external)SECTRACK (link is external)MLIST
firebirdsql -- firebird The xdr_status_vector function in Firebird before
2.1.7 and 2.5.x before 2.5.3 SU1 allows remote
attackers to cause a denial of service (NULL pointer
dereference, segmentation fault, and crash) via an
op_response action with a non-empty status.
2014-12-16 5.0 CVE-2014-9323SUSE
glpi-project -- glpi SQL injection vulnerability in
ajax/getDropdownValue.php in GLPI before 0.85.1
allows remote authenticated users to execute
arbitrary SQL commands via the condition
parameter.
2014-12-19 6.5 CVE-2014-9258EXPLOIT-DB (link is external)MISC (link is external)SECUNIA (link is external)OSVDB
goywp -- webpress Multiple cross-site scripting (XSS) vulnerabilities in
goYWP WebPress 13.00.06 allow remote attackers
2014-12-16 4.3 CVE-2014-8751FULLDISCMISC (link is
to inject arbitrary web script or HTML via the (1)
search_param parameter to search.php or (2) name,
(3) address, or (4) comment parameter to
forms.php.
external)
hp --
tcp_ip_services_op
envms
Multiple unspecified vulnerabilities in the POP
implementation in HP OpenVMS TCP/IP 5.7 before
ECO5 allow remote attackers to cause a denial of
service via unspecified vectors.
2014-12-17 5.0 CVE-2014-7880
ibm --
business_process_
manager
The import/export functionality in IBM Business
Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x
through 8.0.1.3, and 8.5.x through 8.5.5 allows
remote authenticated users to bypass intended
access restrictions via a project action for a (1)
process application or (2) toolkit.
2014-12-16 6.5 CVE-2014-4844XF (link is external)
ibm --
security_access_ma
nager_for_mobile
IBM Security Access Manager for Mobile 8.x before
8.0.1 and Security Access Manager for Web 7.x
before 7.0.0 FP10 and 8.x before 8.0.1 allow remote
attackers to conduct clickjacking attacks via a
crafted web site.
2014-12-18 4.3 CVE-2014-6076XF (link is external)
ibm --
security_access_ma
nager_for_mobile
Cross-site request forgery (CSRF) vulnerability in
IBM Security Access Manager for Mobile 8.x before
8.0.1 and Security Access Manager for Web 7.x
before 7.0.0 FP10 and 8.x before 8.0.1 allows
remote attackers to hijack the authentication of
arbitrary users for requests that insert XSS
sequences.
2014-12-18 6.8 CVE-2014-6077XF (link is external)
ibm --
security_access_ma
nager_for_mobile
IBM Security Access Manager for Mobile 8.x before
8.0.1 and Security Access Manager for Web 7.x
before 7.0.0 FP10 and 8.x before 8.0.1 do not have a
lockout period after invalid login attempts, which
makes it easier for remote attackers to obtain
admin access via a brute-force attack.
2014-12-18 5.0 CVE-2014-6078XF (link is external)
ibm --
security_access_ma
nager_for_mobile
SQL injection vulnerability in IBM Security Access
Manager for Mobile 8.x before 8.0.1 and Security
Access Manager for Web 7.x before 7.0.0 FP10 and
8.x before 8.0.1 allows remote authenticated users
to execute arbitrary SQL commands via unspecified
vectors.
2014-12-18 6.5 CVE-2014-6080XF (link is external)
ibm --
security_access_ma
nager_for_mobile
IBM Security Access Manager for Mobile 8.x before
8.0.1 and Security Access Manager for Web 7.x
before 7.0.0 FP10 and 8.x before 8.0.1 allow remote
authenticated users to cause a denial of service
(administration UI outage) via unspecified vectors.
2014-12-18 4.0 CVE-2014-6082XF (link is external)
ibm --
security_access_ma
nager_for_mobile
IBM Security Access Manager for Mobile 8.x before
8.0.1 and Security Access Manager for Web 7.x
before 7.0.0 FP10 and 8.x before 8.0.1 allow remote
attackers to obtain sensitive cookie information by
sniffing the network during an HTTP session.
2014-12-18 5.0 CVE-2014-6083XF (link is external)
ibm --
security_access_ma
nager_for_mobile
IBM Security Access Manager for Mobile 8.x before
8.0.1 and Security Access Manager for Web 7.x
before 7.0.0 FP10 and 8.x before 8.0.1 make it easier
for remote attackers to obtain sensitive information
by sniffing the network during use of a weak SSL
cipher.
2014-12-18 5.0 CVE-2014-6084XF (link is external)
ibm --
security_access_ma
nager_for_mobile
IBM Security Access Manager for Mobile 8.x before
8.0.1 and Security Access Manager for Web 7.x
before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure
that HTTPS is used, which allows remote attackers
to obtain sensitive information by sniffing the
network during an HTTP session.
2014-12-18 5.0 CVE-2014-6086XF (link is external)
ibm --
security_access_ma
nager_for_mobile
IBM Security Access Manager for Mobile 8.x before
8.0.1 and Security Access Manager for Web 7.x
before 7.0.0 FP10 and 8.x before 8.0.1 make it easier
for remote attackers to obtain sensitive information
by sniffing the network during use of a weak
algorithm in an SSL cipher suite.
2014-12-18 5.0 CVE-2014-6087XF (link is external)
ibm --
security_access_ma
nager_for_mobile
IBM Security Access Manager for Mobile 8.x before
8.0.1 and Security Access Manager for Web 7.x
before 7.0.0 FP10 and 8.x before 8.0.1 allow remote
attackers to obtain sensitive information by sniffing
the network during use of the null SSL cipher.
2014-12-18 5.0 CVE-2014-6088XF (link is external)
ibm --
security_access_ma
nager_for_mobile
IBM Security Access Manager for Mobile 8.x before
8.0.1 and Security Access Manager for Web 7.x
before 7.0.0 FP10 and 8.x before 8.0.1 allow remote
authenticated users to cause a denial of service
(disrupted system operations) by uploading a file to
2014-12-18 4.0 CVE-2014-6089XF (link is external)CONFIRM (linkis external)
a protected area.
ibm --
websphere_applicat
ion_server
IBM WebSphere Application Server 8.0.x before
8.0.0.10 and 8.5.x before 8.5.5.4 allows remote
attackers to spoof OpenID and OpenID Connect
cookies, and consequently obtain sensitive
information, via a crafted URL.
2014-12-18 5.0 CVE-2014-6164XF (link is external)
ibm --
websphere_applicat
ion_server
The Communications Enabled Applications (CEA)
service in IBM WebSphere Application Server 8.0.x
before 8.0.0.10 and 8.5.x before 8.5.5.4, and Feature
Pack for CEA 1.x before 1.0.0.15, allows remote
attackers to read arbitrary files via an XML external
entity declaration in conjunction with an entity
reference, related to an XML External Entity (XXE)
issue.
2014-12-18 4.3 CVE-2014-6166XF (link is external)
ibm --
websphere_applicat
ion_server
Cross-site scripting (XSS) vulnerability in the URL
rewriting feature in IBM WebSphere Application
Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and
8.5.x before 8.5.5.4 allows remote attackers to inject
arbitrary web script or HTML via a crafted URL.
2014-12-18 4.3 CVE-2014-6167XF (link is external)
ibm --
websphere_portal
Cross-site scripting (XSS) vulnerability in IBM
WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5
through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29,
8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04
allows remote attackers to inject arbitrary web
script or HTML via a crafted URL.
2014-12-18 4.3 CVE-2014-6171XF (link is external)
ibm --
websphere_applicat
ion_server
IBM WebSphere Application Server 7.x before
7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before
8.5.5.4 allows remote attackers to conduct
clickjacking attacks via a crafted web site.
2014-12-18 4.3 CVE-2014-6174XF (link is external)
ibm --
business_process_
manager
IBM WebSphere Process Server 7.0, WebSphere
Enterprise Service Bus 7.0, and Business Process
Manager Advanced 7.5.x through 7.5.1.2, 8.0.x
through 8.0.1.3, and 8.5.x through 8.5.5 disregard
the SSL setting in the SCA module HTTP import
binding and unconditionally select the SSLv3
protocol, which makes it easier for remote attackers
to hijack sessions or obtain sensitive information by
leveraging the use of a weak cipher.
2014-12-16 4.3 CVE-2014-6176XF (link is external)
ibm --
business_process_
manager
Directory traversal vulnerability in an export
function in the Process Center in IBM Business
Process Manager (BPM) 8.0.x through 8.0.1.3 and
8.5.x through 8.5.5 allows remote authenticated
users to read arbitrary files via a .. (dot dot) in a URL.
2014-12-16 4.0 CVE-2014-6182XF (link is external)
ibm --
websphere_portal
IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14
and 8.5.0 before CF04, when the Managed Pages
setting is enabled, allows remote authenticated
users to write to pages via an XML injection attack.
2014-12-18 4.9 CVE-2014-6193XF (link is external)AIXAPAR (link is external)
ibm -- db2 IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8
through FP5, 10.1 through FP4, and 10.5 before FP5
on Linux, UNIX, and Windows allows remote
authenticated users to cause a denial of service
(daemon crash) by specifying an identity column
within a crafted ALTER TABLE statement.
2014-12-12 4.0 CVE-2014-6209XF (link is external)AIXAPAR (link is external)AIXAPAR (link is external)AIXAPAR (link is external)AIXAPAR (link is external)AIXAPAR (link is external)
ibm -- db2 IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1
through FP4, and 10.5 before FP5 on Linux, UNIX,
and Windows allows remote authenticated users to
cause a denial of service (daemon crash) by
specifying the same column within multiple ALTER
TABLE statements.
2014-12-12 4.0 CVE-2014-6210XF (link is external)CONFIRM (linkis external)AIXAPAR (link is external)AIXAPAR (link is external)AIXAPAR (link is external)
ibm --
websphere_applicat
ion_server
IBM WebSphere Application Server Liberty Profile
8.5.x before 8.5.5.4 allows remote attackers to gain
privileges by leveraging the combination of a
servlet's deployment descriptor security constraints
and ServletSecurity annotations.
2014-12-18 5.1 CVE-2014-8890XF (link is external)
ibm -- db2 IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8
through FP5, 10.1 through FP4, and 10.5 before FP5
allows remote authenticated users to cause a denial
of service (CPU consumption) via a crafted XML
query.
2014-12-18 4.0 CVE-2014-8901XF (link is external)CONFIRM (linkis external)AIXAPAR (link is external)AIXAPAR (link
is external)AIXAPAR (link is external)AIXAPAR (link is external)
ibm --
websphere_portal
Cross-site scripting (XSS) vulnerability in the Blog
Portlet in IBM WebSphere Portal 6.1.0 through
6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0
through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14,
and 8.5.0 before CF04 allows remote attackers to
inject arbitrary web script or HTML via a crafted
URL.
2014-12-18 4.3 CVE-2014-8902XF (link is external)AIXAPAR (link is external)
k7computing --
k7av_sentry_device
_driver
The K7Sentry.sys kernel mode driver (aka K7AV
Sentry Device Driver) before 12.8.0.119, as used in
multiple K7 Computing products, allows local users
to cause a denial of service (NULL pointer
dereference) as demonstrated by a filename
containing "crashme{1}quot;.
2014-12-12 4.9 CVE-2014-8608MISC (link is external)BID (link is external)FULLDISCMISC (link is external)
libvncserver --
libvncserver
The rfbProcessClientNormalMessage function in
libvncserver/rfbserver.c in LibVNCServer 0.9.9 and
earlier does not properly handle attempts to send a
large amount of ClientCutText data, which allows
remote attackers to cause a denial of service
(memory consumption or daemon crash) via a
crafted message that is processed by using a single
unchecked malloc.
2014-12-15 5.0 CVE-2014-6053MLIST (link is external)UBUNTU (link is external)SECUNIA (link is external)SECUNIA (link is external)MLIST
manageengine --
password_manager
_pro
Directory traversal vulnerability in the
UploadAccountActivities servlet in ManageEngine
Password Manager Pro (PMP) before 7103 allows
remote attackers to delete arbitrary files via a .. (dot
dot) in a filename.
2014-12-16 6.4 CVE-2014-9372MISC (link is external)
mantisbt -- mantisbt The mci_account_get_array_by_id function in
api/soap/mc_account_api.php in MantisBT before
1.2.18 allows remote attackers to obtain sensitive
information via a (1) mc_project_get_users, (2)
mc_issue_get, (3) mc_filter_get_issues, or (4)
mc_project_get_issues SOAP request.
2014-12-17 5.0 CVE-2014-8553CONFIRMCONFIRM (linkis external)CONFIRM (linkis external)XF (link is external)MLIST
mantisbt -- mantisbt bug_report.php in MantisBT before 1.2.18 allows 2014-12-17 5.0 CVE-2014-9388CONFIRM
remote attackers to assign arbitrary issues via the
handler_id parameter.
MLIST
microsoft --
internet_explorer
Use-after-free vulnerability in Microsoft Internet
Explorer allows remote attackers to execute
arbitrary code via a crafted HTML document in
conjunction with a Cascading Style Sheets (CSS)
token sequence specifying the run-in value for the
display property, leading to improper CElement
reference counting.
2014-12-15 6.8 CVE-2014-8967MISC (link is external)
modwsgi --
mod_wsgi
mod_wsgi before 4.2.4 for Apache, when creating a
daemon process group, does not properly handle
when group privileges cannot be dropped, which
might allow attackers to gain privileges via
unspecified vectors.
2014-12-16 6.9 CVE-2014-8583CONFIRM (linkis external)UBUNTU (link is external)MLIST (link is external)MLIST (link is external)SUSE
novell -- edirectory Cross-site scripting (XSS) vulnerability in
nds/search/data in iMonitor in Novell eDirectory
before 8.8 SP8 Patch 4 allows remote attackers to
inject arbitrary web script or HTML via the rdn
parameter.
2014-12-19 4.3 CVE-2014-5212CONFIRM (linkis external)BUGTRAQ (link is external)
novell -- edirectory nds/files/opt/novell/eDirectory/lib64/ndsimon/publ
ic/images in iMonitor in Novell eDirectory before
8.8 SP8 Patch 4 allows remote authenticated users
to obtain sensitive information from process
memory via a direct request.
2014-12-19 4.0 CVE-2014-5213CONFIRM (linkis external)BUGTRAQ (link is external)
openstack -- horizon OpenStack Dashboard (Horizon) before 2014.1.3
and 2014.2.x before 2014.2.1 does not properly
handle session records when using a db or
memcached session engine, which allows remote
attackers to cause a denial of service via a large
number of requests to the login page.
2014-12-12 4.3 CVE-2014-8124SECUNIA (link is external)
pcre -- perl-
compatible_regular
_expression_library
Heap-based buffer overflow in PCRE 8.36 and earlier
allows remote attackers to cause a denial of service
(crash) or have other unspecified impact via a
crafted regular expression, related to an assertion
that allows zero repeats.
2014-12-16 5.0 CVE-2014-8964CONFIRM (linkis external)MLIST (link is external)FEDORA
pingidentity --
pingfederate
Open redirect vulnerability in startSSO.ping in the
SP Endpoints in Ping Identity PingFederate 6.10.1
allows remote attackers to redirect users to
arbitrary web sites and conduct phishing attacks via
a URL in the TargetResource parameter.
2014-12-12 6.4 CVE-2014-8489MISC (link is external)FULLDISCMISC (link is external)
pwgen_project --
pwgen
Password Generator (aka Pwgen) before 2.07
generates weak non-tty passwords, which makes it
easier for context-dependent attackers to guess the
password via a brute-force attack.
2014-12-19 5.0 CVE-2013-4440MLIST (link is external)MLIST (link is external)FEDORAFEDORAFEDORA
pwgen_project --
pwgen
Password Generator (aka Pwgen) before 2.07 uses
weak pseudo generated numbers when
/dev/urandom is unavailable, which makes it easier
for context-dependent attackers to guess the
numbers.
2014-12-19 5.0 CVE-2013-4442MISCMLIST (link is external)MLIST (link is external)FEDORAFEDORAFEDORA
redhat -- libvirt The remoteClientFreeFunc function in
daemon/remote.c in libvirt before 1.1.3, when ACLs
are used, does not set an identity, which causes
event handler removal to be denied and remote
attackers to cause a denial of service (use-after-free
and crash) by registering an event handler and then
closing the connection.
2014-12-12 4.3 CVE-2013-4399BID (link is external)GENTOOSECUNIA (link is external)
revive-adserver --
revive_adserver
Cross-site scripting (XSS) vulnerability in
lib/max/Admin/UI/Field/PublisherIdField.php in
Revive Adserver before 3.0.6 allows remote
attackers to inject arbitrary web script or HTML via
the refresh_page parameter to www/admin/report-
generate.php.
2014-12-19 4.3 CVE-2014-8793MISC (link is external)CONFIRM (linkis external)BID (link is external)BUGTRAQ (link is external)BUGTRAQ (link is external)MISC (link is external)MISC (link is external)
revive-adserver --
revive_adserver
The XML_RPC_cd function in lib/pear/XML/RPC.php
in Revive Adserver before 3.0.6 allows remote
2014-12-19 5.0 CVE-2014-8875BID (link is
attackers to cause a denial of service (CPU and
memory consumption) via a crafted XML-RPC
request, aka an XML Entity Expansion (XEE) attack.
external)BUGTRAQ (link is external)MISC (link is external)
revive-adserver --
revive_adserver
Multiple cross-site request forgery (CSRF)
vulnerabilities in Revive Adserver before 3.0.5 allow
remote attackers to hijack the authentication of
administrators for requests that (1) delete data via a
request to agency-delete.php, (2) tracker-
delete.php, or (3) userlog-delete.php in admin/ or
(4) unlink accounts via a request to admin-user-
unlink.php. (5) advertiser-user-unlink.php, or (6)
affiliate-user-unlink.php in admin/.
2014-12-19 6.8 CVE-2014-9407
ricksoft --
wbs_gantt-chart
Cross-site scripting (XSS) vulnerability in the data-
export feature in the Ricksoft WBS Gantt-Chart add-
on 7.8.1 and earlier for JIRA allows remote attackers
to inject arbitrary web script or HTML via
unspecified vectors, a different vulnerability than
CVE-2014-7267.
2014-12-19 4.3 CVE-2014-7268
splunk -- splunk Cross-site scripting (XSS) vulnerability in the
Dashboard in Splunk Web in Splunk Enterprise 6.1.x
before 6.1.4, 6.0.x before 6.0.7, and 5.0.x before
5.0.10 allows remote attackers to inject arbitrary
web script or HTML via unspecified vectors.
2014-12-16 4.3 CVE-2014-5466
symantec --
web_gateway
The management console on the Symantec Web
Gateway (SWG) appliance before 5.2.2 allows
remote authenticated users to execute arbitrary OS
commands by injecting command strings into
unspecified PHP scripts.
2014-12-17 6.5 CVE-2014-7285BID (link is external)
thermostat_project
-- thermostat
The agent in Thermostat before 1.0.6, when using
unspecified configurations, allows local users to
obtain the JMX management URLs of all local Java
virtual machines and gain privileges via unknown
vectors.
2014-12-18 4.4 CVE-2014-8120REDHAT (link is external)
tsutaya -- tsutaya The TSUTAYA application 5.3 and earlier for
Android allows remote attackers to execute
arbitrary Java methods via a crafted HTML
document.
2014-12-19 6.8 CVE-2014-7241CONFIRM (linkis external)
unitedplanet --
intrexx_professional
Cross-site scripting (XSS) vulnerability in the search
functionality in United Planet Intrexx Professional
before 5.2 Online Update 0905 and 6.x before 6.0
Online Update 10 allows remote attackers to inject
arbitrary web script or HTML via the request
parameter.
2014-12-19 4.3 CVE-2014-2026BID (link is external)BUGTRAQ (link is external)MISC (link is external)MISC (link is external)
w3edge --
total_cache
Cross-site scripting (XSS) vulnerability in the W3
Total Cache plugin before 0.9.4.1 for WordPress,
when debug mode is enabled, allows remote
attackers to inject arbitrary web script or HTML via
the "Cache key" in the HTML-Comments, as
demonstrated by the PATH_INFO to the default URI.
2014-12-19 4.3 CVE-2014-8724MISC (link is external)BUGTRAQ (link is external)MISC (link is external)
zenoss --
zenoss_core
Multiple cross-site request forgery (CSRF)
vulnerabilities in Zenoss Core through 5 Beta 3
allow remote attackers to hijack the authentication
of arbitrary users, aka ZEN-12653.
2014-12-15 6.8 CVE-2014-6253CONFIRM (linkis external)
zenoss --
zenoss_core
Multiple cross-site scripting (XSS) vulnerabilities in
Zenoss Core through 5 Beta 3 allow remote
attackers to inject arbitrary web script or HTML via
an attribute in a (1) device name, (2) device detail,
(3) report name, (4) report detail, or (5) portlet
name, or (6) a string to a helper method, aka ZEN-
15381 and ZEN-15410.
2014-12-15 4.3 CVE-2014-6254
zenoss --
zenoss_core
Open redirect vulnerability in the login form in
Zenoss Core before 4.2.5 SP161 allows remote
attackers to redirect users to arbitrary web sites and
conduct phishing attacks via the came_from
parameter, aka ZEN-11998.
2014-12-15 6.4 CVE-2014-6255
zenoss --
zenoss_core
Zenoss Core through 5 Beta 3 allows remote
attackers to bypass intended access restrictions by
using a web-endpoint URL to invoke an object
helper method, aka ZEN-15407.
2014-12-15 5.0 CVE-2014-6257
zenoss --
zenoss_core
An unspecified endpoint in Zenoss Core through 5
Beta 3 allows remote attackers to cause a denial of
service (CPU consumption) by triggering an
arbitrary regular-expression match attempt, aka
ZEN-15411.
2014-12-15 5.0 CVE-2014-6258
zenoss --
zenoss_core
Zenoss Core through 5 Beta 3 does not properly
detect recursion during entity expansion, which
allows remote attackers to cause a denial of service
(memory and CPU consumption) via a crafted XML
document containing a large number of nested
entity references, aka ZEN-15414, a similar issue to
CVE-2003-1564.
2014-12-15 5.0 CVE-2014-6259
zenoss --
zenoss_core
Zenoss Core through 5 Beta 3 does not require a
password for modifying the pager command string,
which allows remote attackers to execute arbitrary
commands or cause a denial of service (paging
outage) by leveraging an unattended workstation,
aka ZEN-15412.
2014-12-15 6.8 CVE-2014-6260
zenoss --
zenoss_core
Zenoss Core through 5 Beta 3 allows remote
attackers to obtain sensitive information by
attempting a product-rename action with an invalid
new name and then reading a stack trace, as
demonstrated by internal URL information, aka
ZEN-15382.
2014-12-15 5.0 CVE-2014-9245
zenoss --
zenoss_core
Zenoss Core through 5 Beta 3 allows remote
authenticated users to obtain sensitive (1) user
account, (2) e-mail address, and (3) role information
by visiting the ZenUsers (aka User Manager) page,
aka ZEN-15389.
2014-12-15 4.0 CVE-2014-9247
zenoss --
zenoss_core
Zenoss Core through 5 Beta 3 does not require
complex passwords, which makes it easier for
remote attackers to obtain access via a brute-force
attack, aka ZEN-15406.
2014-12-15 5.0 CVE-2014-9248
zenoss --
zenoss_core
Zenoss Core through 5 Beta 3 does not include the
HTTPOnly flag in a Set-Cookie header for the
authentication cookie, which makes it easier for
remote attackers to obtain credential information
via script access to this cookie, aka ZEN-10418.
2014-12-15 5.0 CVE-2014-9250
zenoss --
zenoss_core
Zenoss Core through 5 Beta 3 uses a weak
algorithm to hash passwords, which makes it easier
for context-dependent attackers to obtain cleartext
values via a brute-force attack on hash values in the
database, aka ZEN-15413.
2014-12-15 5.0 CVE-2014-9251
zenoss --
zenoss_core
Cross-site request forgery (CSRF) vulnerability in
Zenoss Core through 5 Beta 3 allows remote
attackers to hijack the authentication of arbitrary
users for requests that trigger arbitrary code
execution via a ZenPack upload, aka ZEN-15388.
2014-12-15 6.8 CVE-2014-9385CONFIRM (linkis external)
zenoss --
zenoss_core
Zenoss Core before 4.2.5 SP161 sets an infinite
lifetime for the session ID cookie, which makes it
easier for remote attackers to hijack sessions by
leveraging an unattended workstation, aka ZEN-
12691.
2014-12-15 6.8 CVE-2014-9386
Low Severity Vulnerabilities
The Primary Vendor --- Product
Description Date Published CVSSScore
The CVE Identity
arris --
touchstone_tg862g
/ct_firmware
Cross-site scripting (XSS) vulnerability in ARRIS
Touchstone TG862G/CT Telephony Gateway with
firmware 7.6.59S.CT and earlier allows remote
authenticated users to inject arbitrary web script or
HTML via the computer_name parameter to
connected_devices_computers_edit.php.
2014-12-17 3.5 CVE-2014-5438FULLDISC
google -- android AndroidManifest.xml in Android before 5.0.0 does
not require the SEND_SMS permission for the
SmsReceiver receiver, which allows attackers to send
stored SMS messages, and consequently transmit
arbitrary new draft SMS messages or trigger
additional per-message charges from a network
operator for old messages, via a crafted application
2014-12-15 3.3 CVE-2014-8610MISC (link is external)MISC (link is external)FULLDISCFULLDISCMISC (link is external)
that broadcasts an intent with the
com.android.mms.transaction.MESSAGE_SENT
action, aka Bug 17671795.
ibm --
rational_quality_m
anager
Cross-site scripting (XSS) vulnerability in IBM
Rational Quality Manager 2.x through 2.0.1.1, 3.x
before 3.0.1.6 iFix 4, 4.x before 4.0.7 iFix 2, and 5.x
before 5.0.1 allows remote authenticated users to
inject arbitrary web script or HTML via a crafted URL.
2014-12-18 3.5 CVE-2014-4801XF (link is external)
ibm --
cognos_business_i
ntelligence
Cross-site scripting (XSS) vulnerability in the server
in IBM Cognos Business Intelligence 10.1 before IF10,
10.1.1 before IF9, 10.2 before IF11, 10.2.1 before IF8,
and 10.2.1.1 before IF7 allows remote authenticated
users to inject arbitrary web script or HTML via a
crafted URL.
2014-12-12 3.5 CVE-2014-6145XF (link is external)
ibm --
business_process_
manager
Cross-site scripting (XSS) vulnerability in the Process
Inspector in IBM Business Process Manager (BPM)
8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows
remote authenticated users to inject arbitrary web
script or HTML via a crafted URL.
2014-12-18 3.5 CVE-2014-6173XF (link is external)
juniper --
mobile_system_sof
tware
Juniper WLC devices with WLAN Software releases
8.0.x before 8.0.4, 9.0.x before 9.0.2.11, 9.0.3.x before
9.0.3.5, and 9.1.x before 9.1.1, when "Proxy ARP" or
"No Broadcast" features are enabled in a clustered
setup, allows remote attackers to cause a denial of
service (device disconnect) via unspecified vectors.
2014-12-12 2.9 CVE-2014-6381SECTRACK (link is external)BID (link is external)
linux -- linux_kernel arch/x86/kernel/tls.c in the Thread Local Storage
(TLS) implementation in the Linux kernel through
3.18.1 allows local users to bypass the espfix
protection mechanism, and consequently makes it
easier for local users to bypass the ASLR protection
mechanism, via a crafted application that makes a
set_thread_area system call and later reads a 16-bit
value.
2014-12-17 2.1 CVE-2014-8133CONFIRM (linkis external)CONFIRM (linkis external)MLIST (link is external)CONFIRM
linux -- linux_kernel The paravirt_ops_setup function in
arch/x86/kernel/kvm.c in the Linux kernel through
3.18 uses an improper paravirt_enabled setting for
KVM guest kernels, which makes it easier for guest
OS users to bypass the ASLR protection mechanism
2014-12-12 2.1 CVE-2014-8134CONFIRM (linkis external)
via a crafted application that reads a 16-bit value.
mit -- kerberos The krb5_ldap_get_password_policy_from_dn
function in
plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in
MIT Kerberos 5 (aka krb5) before 1.13.1, when the
KDC uses LDAP, allows remote authenticated users
to cause a denial of service (daemon crash) via a
successful LDAP query with no results, as
demonstrated by using an incorrect object type for a
password policy.
2014-12-16 3.5 CVE-2014-5353
mit -- kerberos plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in
MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before
1.13.1, when the KDC uses LDAP, allows remote
authenticated users to cause a denial of service
(NULL pointer dereference and daemon crash) by
creating a database entry for a keyless principal, as
demonstrated by a kadmin "add_principal -nokey"
or "purgekeys -all" command.
2014-12-16 3.5 CVE-2014-5354CONFIRM (linkis external)
puppetlabs --
puppet_server
Race condition in Puppet Server 0.2.0 allows local
users to obtain sensitive information by accessing it
in between package installation or upgrade and the
start of the service.
2014-12-17 1.9 CVE-2014-7170
ricksoft --
wbs_gantt-chart
Cross-site scripting (XSS) vulnerability in the output-
page generator in the Ricksoft WBS Gantt-Chart add-
on 7.8.1 and earlier for JIRA allows remote
authenticated users to inject arbitrary web script or
HTML via unspecified vectors, a different
vulnerability than CVE-2014-7268.
2014-12-19 3.5 CVE-2014-7267
zenoss --
zenoss_core
Zenoss Core through 5 Beta 3 stores cleartext
passwords in the session database, which might
allow local users to obtain sensitive information by
reading database entries, aka ZEN-15416.
2014-12-15 2.1 CVE-2014-9252
• Sources: http://nvd.nist.gov (For more information visit the National Vulnerabilities Database (NVD) which
contains a database of every vulnerability that has ever been published).
Uganda Communications Commission – UGCERTEmail: [email protected] Tel + 256 414 302 100/150 Toll Free: 0800 133 911
Website www.ug-cert.ug Face book / Twitter: UGCERT