Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-12-15 | CVE-2014-6255 | Open Redirection vulnerability in Zenoss Open redirect vulnerability in the login form in Zenoss Core before 4.2.5 SP161 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the came_from parameter, aka ZEN-11998. | 6.4 |
| 2014-12-15 | CVE-2014-6254 | Cross-Site Scripting vulnerability in Zenoss Core Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script or HTML via an attribute in a (1) device name, (2) device detail, (3) report name, (4) report detail, or (5) portlet name, or (6) a string to a helper method, aka ZEN-15381 and ZEN-15410. | 4.3 |
| 2014-12-15 | CVE-2014-6253 | Cross-Site Request Forgery (CSRF) vulnerability in Zenoss Core Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to hijack the authentication of arbitrary users, aka ZEN-12653. | 6.8 |
| 2014-12-15 | CVE-2014-6053 | Data Processing Errors vulnerability in multiple products The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc. | 5.0 |
| 2014-12-15 | CVE-2014-6052 | Improper Input Validation vulnerability in multiple products The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message. | 7.5 |
| 2014-12-15 | CVE-2014-1569 | Security Bypass vulnerability in Mozilla Network Security Services The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function's improper handling of an arbitrary-length encoding of 0x00. | 7.5 |
| 2014-12-13 | CVE-2014-8269 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Honeywell Opos Suite Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx in Honeywell OPOS Suite before 1.13.4.15 allow remote attackers to execute arbitrary code via a crafted file that is improperly handled by the Open method. | 7.5 |
| 2014-12-13 | CVE-2014-3364 | Cross-Site Scripting vulnerability in Cisco Prime Security Manager Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Prime Security Manager (aka PRSM) 9.2.1-2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) Access Policies or (2) Device Summary Dashboard parameter, aka Bug ID CSCuq80661. | 4.3 |
| 2014-12-12 | CVE-2014-8134 | The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. | 3.3 |
| 2014-12-12 | CVE-2014-4633 | Cross-Site Scripting vulnerability in EMC RSA Archer Egrc Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |