Weekly Vulnerabilities Reports > February 3 to 9, 2014

Overview

117 new vulnerabilities reported during this period, including 18 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 146 products from 76 vendors including Opensuse, Canonical, Redhat, Mozilla, and Suse. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", and "Numeric Errors".

  • 101 reported vulnerabilities are remotely exploitables.
  • 8 reported vulnerabilities have public exploit available.
  • 30 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 109 reported vulnerabilities are exploitable by an anonymous user.
  • Opensuse has the most reported vulnerabilities, with 22 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

18 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-02-06 CVE-2013-6490 Pidgin Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pidgin

The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow.

10.0
2014-02-06 CVE-2014-1488 Mozilla
Canonical
Oracle
Opensuse
Suse
The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.
10.0
2014-02-06 CVE-2014-1486 Mozilla
Fedoraproject
Suse
Opensuse
Debian
Canonical
Redhat
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.

10.0
2014-02-06 CVE-2014-1478 Mozilla
Canonical
Opensuse
Oracle
Out-Of-Bounds Write vulnerability in multiple products

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors.

10.0
2014-02-05 CVE-2014-0497 Adobe
Linux
Apple
Microsoft
Numeric Errors vulnerability in Adobe Flash Player

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.

10.0
2014-02-04 CVE-2013-6035 Gatehouse
Harris
Hughes Network Systems
Inmarsat
Japan Radio
Thuraya Telecommunications
Improper Authentication vulnerability in multiple products

The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals does not require authentication for sessions on TCP port 1827, which allows remote attackers to execute arbitrary code via unspecified protocol operations.

10.0
2014-02-04 CVE-2013-6034 Gatehouse
Harris
Hughes Network Systems
Inmarsat
Japan Radio
Thuraya Telecommunications
Credentials Management vulnerability in multiple products

The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals has hardcoded credentials, which makes it easier for attackers to obtain unspecified login access via unknown vectors.

10.0
2014-02-04 CVE-2013-6032 Lexmark Improper Input Validation vulnerability in Lexmark products

cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter.

10.0
2014-02-06 CVE-2013-6486 Pidgin Improper Input Validation vulnerability in Pidgin

gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command.

9.3
2014-02-06 CVE-2014-1490 Mozilla
Oracle
Fedoraproject
Opensuse
Suse
Debian
Canonical
Race Condition vulnerability in Mozilla products

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.

9.3
2014-02-06 CVE-2014-1482 Mozilla
Canonical
Debian
Redhat
Fedoraproject
Suse
Opensuse
Out-Of-Bounds Write vulnerability in multiple products

RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create.

9.3
2014-02-05 CVE-2013-4978 Aloaha Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Aloaha PDF Suite Free and Aloahapdfviewer

Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in Aloaha PDF Suite FREE allows remote attackers to execute arbitrary code via a crafted PDF file.

9.3
2014-02-05 CVE-2013-2691 Jetaudio Buffer Errors vulnerability in Jetaudio 8.0.17

Stack-based buffer overflow in the JetMPG.ax module in jetAudio 8.0.17 allows remote attackers to execute arbitrary code via a crafted MPEG2-TS video file, related to the MPEG2 transport stream.

9.3
2014-02-04 CVE-2012-2108 Csounds Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Csounds Csound

Stack-based buffer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file.

9.3
2014-02-04 CVE-2012-2107 Csounds Numeric Errors vulnerability in Csounds Csound

Integer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.

9.3
2014-02-04 CVE-2012-2106 Csounds Numeric Errors vulnerability in Csounds Csound 5.16.6

Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.

9.3
2014-02-04 CVE-2014-0329 ZTE Credentials Management vulnerability in ZTE Zxv10 W300 2.1.0

The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.

9.3
2014-02-06 CVE-2014-0622 EMC Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Foundation Services

The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, which allows remote authenticated users to bypass intended content access restrictions via unspecified vectors.

9.0

13 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-02-06 CVE-2013-6332 IBM Arbitrary File Creation vulnerability in IBM Algo One

Unrestricted file upload vulnerability in IBM Algo One UDS 4.7.0 through 5.0.0 allows remote authenticated users to execute arbitrary code by uploading a .jsp file and then launching it.

8.5
2014-02-04 CVE-2013-3365 Trendnet OS Command Injection vulnerability in Trendnet Tew-812Dru

TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp username, or (8) l2tp password to internet/wan.asp; (9) NtpDstStart, (10) NtpDstEnd, or (11) NtpDstOffset to adm/time.asp; or (12) device url to adm/management.asp.

8.5
2014-02-04 CVE-2013-7179 Seowonintech Improper Input Validation vulnerability in Seowonintech Swc-9100

The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the ping_ipaddr parameter.

8.3
2014-02-06 CVE-2014-0822 IBM Unspecified vulnerability in IBM Lotus Domino

The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, aka SPR KLYH9F4S2Z.

7.8
2014-02-04 CVE-2013-7183 Seowonintech Improper Authentication vulnerability in Seowonintech Swc-9100

cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote attackers to (1) cause a denial of service (reboot) via a default_reboot action or (2) reset all configuration values via a factory_default action.

7.8
2014-02-08 CVE-2014-0045 Light Speed Gaming Numeric Errors vulnerability in Light Speed Gaming Mumble and Mumblekit

The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opus_decode_float function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Opus voice packet, which triggers an error in opus_decode_float, a conversion of a negative integer to an unsigned integer, and a heap-based buffer over-read and over-write.

7.5
2014-02-07 CVE-2014-1697 Siemens Arbitrary Code Execution vulnerability in SIEMENS SIMATIC WinCC Open Architecture

The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999.

7.5
2014-02-06 CVE-2013-6487 Pidgin Numeric Errors vulnerability in Pidgin

Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow.

7.5
2014-02-06 CVE-2014-1485 Mozilla
Oracle
Canonical
Opensuse
Suse
The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.
7.5
2014-02-05 CVE-2013-1852 Kolja Schleich SQL Injection vulnerability in Kolja Schleich Leaguemanager

SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.

7.5
2014-02-04 CVE-2014-1471 Otrs SQL Injection vulnerability in Otrs

SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL.

7.5
2014-02-03 CVE-2013-4738 Codeaurora
Qualcomm
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c, or (2) a crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c.

7.2
2014-02-06 CVE-2013-7130 Openstack Information Exposure vulnerability in Openstack products

The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.

7.1

81 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-02-06 CVE-2014-0038 Linux Improper Input Validation vulnerability in Linux Kernel

The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.

6.9
2014-02-05 CVE-2014-0755 Rockwellautomation Credentials Management vulnerability in Rockwellautomation Rslogix 5000 Design and Configuration Software

Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.

6.9
2014-02-07 CVE-2014-1915 Doug Poulin Cross-Site Request Forgery (CSRF) vulnerability in Doug Poulin Command School Student Management System 1.06.01

Multiple cross-site request forgery (CSRF) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of (1) administrators for requests that change the administrator password via an update action to sw/admin_change_password.php or (2) unspecified victims for requests that add a topic or blog entry to sw/add_topic.php.

6.8
2014-02-06 CVE-2013-6393 Pyyaml
Canonical
Redhat
Debian
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.

6.8
2014-02-06 CVE-2013-7320 D Link Cross-Site Request Forgery (CSRF) vulnerability in D-Link DAP 2253 and DAP 2253 Firmware

Cross-site request forgery (CSRF) vulnerability in D-Link DAP-2253 Access Point (Rev.

6.8
2014-02-06 CVE-2014-1477 Mozilla
Canonical
Debian
Redhat
Fedoraproject
Suse
Opensuse
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
6.8
2014-02-04 CVE-2011-2725 KDE
Canonical
Opensuse
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via ..

6.8
2014-02-04 CVE-2012-6493 Rapid7 Cross-Site Request Forgery (CSRF) vulnerability in Rapid7 Nexpose

Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.

6.8
2014-02-04 CVE-2014-1694 Otrs Cross-Site Request Forgery (CSRF) vulnerability in Otrs

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets.

6.8
2014-02-04 CVE-2013-3098 Trendnet Cross-Site Request Forgery (CSRF) vulnerability in Trendnet Tew-812Dru and Tew-812Dru Firmware

Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet TEW-812DRU router with firmware before 1.0.9.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change admin credentials in a request to setSysAdm.cgi, (2) enable remote management or (3) enable port forwarding in an Apply action to uapply.cgi, or (4) have unspecified impact via a request to setNTP.cgi.

6.8
2014-02-04 CVE-2013-5427 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM products

Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 FP8 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote attackers to hijack the authentication of arbitrary users.

6.8
2014-02-06 CVE-2013-6483 Pidgin Improper Input Validation vulnerability in Pidgin

The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply.

6.4
2014-02-04 CVE-2014-0686 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Manager

Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908.

6.0
2014-02-05 CVE-2011-1594 Redhat Improper Input Validation vulnerability in Redhat Network Satellite and Spacewalk

Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url_bounce parameter.

5.8
2014-02-04 CVE-2012-0875 Systemtap Permissions, Privileges, and Access Controls vulnerability in Systemtap 1.6.7/1.7

SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service (kernel panic and crash) via vectors related to crafted DWARF data, which triggers a read of an invalid pointer.

5.4
2014-02-08 CVE-2014-1916 Light Speed Gaming Resource Management Errors vulnerability in Light Speed Gaming Mumble and Mumblekit

The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client in MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d and Mumble for iOS 1.1 through 1.2.2 do not properly check the return value of the copyDataBlock method, which allow remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted length prefix value in an Opus voice packet.

5.0
2014-02-08 CVE-2014-0044 Light Speed Gaming Buffer Errors vulnerability in Light Speed Gaming Mumble 1.2.3/1.2.4

The opus_packet_get_samples_per_frame function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service (crash) via a crafted length prefix value, which triggers a NULL pointer dereference or a heap-based buffer over-read (aka "out-of-bounds array access").

5.0
2014-02-08 CVE-2013-1904 Roundcube Path Traversal vulnerability in Roundcube Webmail

Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers to read arbitrary files via a full pathname in the _value parameter for the generic_message_footer setting in a save-perf action to index.php, as exploited in the wild in March 2013.

5.0
2014-02-07 CVE-2014-1699 Siemens Resource Management Errors vulnerability in Siemens Simatic Wincc Open Architecture

Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999.

5.0
2014-02-07 CVE-2014-1698 Siemens Path Traversal vulnerability in Siemens Simatic Wincc Open Architecture

Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999.

5.0
2014-02-07 CVE-2014-1696 Siemens Cryptographic Issues vulnerability in Siemens Simatic Wincc Open Architecture

Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack.

5.0
2014-02-06 CVE-2014-1663 Citrix Information Disclosure vulnerability in Citrix products

Unspecified vulnerability in Citrix XenMobile Device Manager server (formerly Zenprise Device Manager server) 8.5, 8.6, and MDM 8.0.1 allows remote attackers to obtain sensitive information via unknown vectors.

5.0
2014-02-06 CVE-2013-6489 Pidgin Numeric Errors vulnerability in Pidgin

Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow.

5.0
2014-02-06 CVE-2013-6482 Pidgin Improper Input Validation vulnerability in Pidgin

Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header.

5.0
2014-02-06 CVE-2013-6481 Pidgin Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pidgin

libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read.

5.0
2014-02-06 CVE-2010-4226 GNU
Opensuse
Link Following vulnerability in multiple products

cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive.

5.0
2014-02-06 CVE-2014-0020 Pidgin Improper Input Validation vulnerability in Pidgin

The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message.

5.0
2014-02-06 CVE-2013-6485 Pidgin Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pidgin

Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data.

5.0
2014-02-06 CVE-2013-6484 Pidgin Improper Input Validation vulnerability in Pidgin

The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error.

5.0
2014-02-06 CVE-2013-6479 Pidgin Resource Management Errors vulnerability in Pidgin

util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted response.

5.0
2014-02-06 CVE-2013-6477 Pidgin Numeric Errors vulnerability in Pidgin

Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message.

5.0
2014-02-06 CVE-2012-6152 Pidgin Improper Input Validation vulnerability in Pidgin

The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences.

5.0
2014-02-06 CVE-2014-1487 Mozilla
Fedoraproject
Suse
Opensuse
Canonical
Debian
Redhat
Origin Validation Error vulnerability in multiple products

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.

5.0
2014-02-06 CVE-2014-1484 Suse
Mozilla
Google
Opensuse
Opensuse Project
Oracle
Information Exposure vulnerability in multiple products

Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application.

5.0
2014-02-06 CVE-2014-1483 Oracle
Canonical
Mozilla
Suse
Opensuse
Improper Restriction of Rendered UI Layers OR Frames vulnerability in multiple products

Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions.

5.0
2014-02-06 CVE-2014-1481 Mozilla
Fedoraproject
Suse
Opensuse
Redhat
Debian
Canonical
Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.
5.0
2014-02-06 CVE-2014-1479 Mozilla
Canonical
Debian
Redhat
Fedoraproject
Suse
Opensuse
The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes.
5.0
2014-02-05 CVE-2014-1439 Hiphop Virtual Machine FOR PHP Project Unspecified vulnerability in Hiphop Virtual Machine FOR PHP Project Hiphop Virtual Machine FOR PHP

The libxml_disable_entity_loader function in runtime/ext/ext_simplexml.cpp in HipHop Virtual Machine for PHP (HHVM) before 2.4.0 and 2.3.x before 2.3.3 does not properly disable a certain libxml handler, which allows remote attackers to conduct XML External Entity (XXE) attacks.

5.0
2014-02-05 CVE-2013-2074 KDE Information Exposure vulnerability in KDE Kdelibs

kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.

5.0
2014-02-05 CVE-2014-1833 Devscripts Devel Team Path Traversal vulnerability in Devscripts Devel Team Devscripts 2.14.1

Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink.

5.0
2014-02-03 CVE-2012-2250 Torproject Remote Denial of Service vulnerability in Tor

Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol negotiation incorrectly.

5.0
2014-02-03 CVE-2012-2249 Torproject Remote Denial of Service vulnerability in Tor

Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a renegotiation attempt that occurs after the initiation of the V3 link protocol.

5.0
2014-02-06 CVE-2013-2962 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Websphere Transformation Extender

Buffer overflow in the Launcher in IBM WebSphere Transformation Extender 8.4.x before 8.4.0.4 allows local users to cause a denial of service (process crash or Admin Console command-stream outage) via unspecified vectors.

4.9
2014-02-03 CVE-2013-4739 Codeaurora
Qualcomm
Information Exposure vulnerability in multiple products

The MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to obtain sensitive information from kernel stack memory via (1) a crafted MSM_MCR_IOCTL_EVT_GET ioctl call, related to drivers/media/platform/msm/camera_v1/mercury/msm_mercury_sync.c, or (2) a crafted MSM_JPEG_IOCTL_EVT_GET ioctl call, related to drivers/media/platform/msm/camera_v2/jpeg_10/msm_jpeg_sync.c.

4.9
2014-02-08 CVE-2011-4099 Libcap Permissions, Privileges, and Access Controls vulnerability in Libcap

The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors.

4.6
2014-02-05 CVE-2011-4613 X ORG
Canonical
Debian
Ubuntu
Permissions, Privileges, and Access Controls vulnerability in multiple products

The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.

4.6
2014-02-08 CVE-2014-0039 Cipherdyne Local Privilege Escalation vulnerability in fwsnort 'fwsnort.conf'

Untrusted search path vulnerability in fwsnort before 1.6.4, when not running as root, allows local users to execute arbitrary code via a Trojan horse fwsnort.conf in the current working directory.

4.4
2014-02-08 CVE-2011-1773 Matthew Booth
Redhat
Credentials Management vulnerability in multiple products

virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password.

4.4
2014-02-08 CVE-2014-1869 Redhat
Zeroclipboard Project
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M.

4.3
2014-02-08 CVE-2013-2191 Python Bugzilla Project
Fedoraproject
Opensuse
Improper Input Validation vulnerability in multiple products

python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate.

4.3
2014-02-08 CVE-2012-5524 Gajim Improper Input Validation vulnerability in Gajim

The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA.

4.3
2014-02-07 CVE-2014-1914 Doug Poulin Cross-Site Scripting vulnerability in Doug Poulin Command School Student Management System 1.06.01

Multiple cross-site scripting (XSS) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to inject arbitrary web script or HTML via the (1) topic parameter to sw/add_topic.php or (2) nick parameter to sw/chat/message.php.

4.3
2014-02-06 CVE-2014-1870 Opera
Apple
Unspecified vulnerability in Opera Browser

Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation.

4.3
2014-02-06 CVE-2014-0330 Dell Cross-Site Scripting vulnerability in Dell products

Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter.

4.3
2014-02-06 CVE-2014-0815 Opera
Google
Information Exposure vulnerability in Opera Browser

The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies.

4.3
2014-02-06 CVE-2013-2038 Gpsd Project
Canonical
Improper Input Validation vulnerability in multiple products

The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator.

4.3
2014-02-06 CVE-2012-1095 Opensuse Permissions, Privileges, and Access Controls vulnerability in Opensuse and OSC

osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted (1) build log or (2) build status that contains an escape sequence for a terminal emulator.

4.3
2014-02-06 CVE-2013-7321 D Link Cross-Site Scripting vulnerability in D-Link DAP 2253 and DAP 2253 Firmware

Cross-site scripting (XSS) vulnerability in D-Link DAP-2253 Access Point (Rev.

4.3
2014-02-06 CVE-2013-7319 Wpdownloadmanager Cross-Site Scripting vulnerability in Wpdownloadmanager Wordpress Download Manager

Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field.

4.3
2014-02-06 CVE-2013-6478 Pidgin Improper Input Validation vulnerability in Pidgin

gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip.

4.3
2014-02-06 CVE-2013-5983 Guppy Cross-Site Scripting vulnerability in Guppy

Multiple cross-site scripting (XSS) vulnerabilities in GuppY before 4.6.28 allow remote attackers to inject arbitrary web script or HTML via the (1) "an" parameter to agenda.php or (2) cat parameter to mobile/thread.php.

4.3
2014-02-06 CVE-2014-1491 Mozilla
Oracle
Fedoraproject
Opensuse
Suse
Debian
Canonical
Inadequate Encryption Strength vulnerability in Mozilla products

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.

4.3
2014-02-06 CVE-2014-1489 Oracle
Suse
Mozilla
Opensuse
Opensuse Project
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.

4.3
2014-02-06 CVE-2014-1480 Opensuse
Suse
Oracle
Canonical
Mozilla
Improper Restriction of Rendered UI Layers OR Frames vulnerability in multiple products

The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.

4.3
2014-02-05 CVE-2011-3377 Redhat
Canonical
Opensuse
Permissions, Privileges, and Access Controls vulnerability in multiple products

The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.

4.3
2014-02-05 CVE-2013-4449 Debian
Openldap
Numeric Errors vulnerability in multiple products

The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.

4.3
2014-02-05 CVE-2013-1880 Apache Cross-Site Scripting vulnerability in Apache Activemq

Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.

4.3
2014-02-05 CVE-2012-0059 Redhat Cryptographic Issues vulnerability in Redhat Network Proxy and Network Satellite

Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading (1) the server log and (2) an email.

4.3
2014-02-05 CVE-2011-3344 Redhat Cross-Site Scripting vulnerability in Redhat Network Satellite and Spacewalk

Cross-site scripting (XSS) vulnerability in the Lookup Login/Password form in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the URI.

4.3
2014-02-05 CVE-2011-2927 Redhat Cross-Site Scripting vulnerability in Redhat Network Satellite and Spacewalk

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via vectors related to Search forms.

4.3
2014-02-05 CVE-2011-2920 Redhat Cross-Site Scripting vulnerability in Redhat Network Satellite and Spacewalk

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via the "Filter by Synopsis" field and other unspecified filter forms.

4.3
2014-02-05 CVE-2011-2919 Redhat Cross-Site Scripting vulnerability in Redhat Network Satellite and Spacewalk

Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page.

4.3
2014-02-05 CVE-2014-1403 Easyxdm Cross-Site Scripting vulnerability in Easyxdm

Cross-site scripting (XSS) vulnerability in name.html in easyXDM before 2.4.19 allows remote attackers to inject arbitrary web script or HTML via the location.hash value.

4.3
2014-02-05 CVE-2013-3639 Xaraya Cross-Site Scripting vulnerability in Xaraya 2.4.0

Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) interface, (3) name, or (4) tabmodule parameter to index.php.

4.3
2014-02-05 CVE-2013-1967 Mediaelementjs
Owncloud
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter.

4.3
2014-02-05 CVE-2013-1470 Geeklog Cross-Site Scripting vulnerability in Geeklog 1.8.2/2.0.0

Cross-site scripting (XSS) vulnerability in calendar/index.php in the Calendar plugin in Geeklog before 1.8.2sr1 and 2.0.0 before 2.0.0rc2 allows remote attackers to inject arbitrary web script or HTML via the calendar_type parameter to submit.php.

4.3
2014-02-05 CVE-2013-1466 Glfusion Cross-Site Scripting vulnerability in Glfusion

Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, or (9) zipcode parameter to calendar/index.php; (10) title or (11) url parameter to links/index.php; or (12) PATH_INFO to admin/plugins/mediagallery/xppubwiz.php/.

4.3
2014-02-04 CVE-2013-7182 Fortinet Cross-Site Scripting vulnerability in Fortinet Fortios 5.0.5

Cross-site scripting (XSS) vulnerability in firewall/schedule/recurrdlg in Fortinet FortiOS 5.0.5 allows remote attackers to inject arbitrary web script or HTML via the mkey parameter.

4.3
2014-02-04 CVE-2013-7181 Fortinet Cross-Site Scripting vulnerability in Fortinet Fortiweb 5.0.3

Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote attackers to inject arbitrary web script or HTML via the filter parameter.

4.3
2014-02-07 CVE-2014-1643 Symantec Permissions, Privileges, and Access Controls vulnerability in Symantec Encryption Management Server 3.3.0/3.3.1

The Web Email Protection component in Symantec Encryption Management Server (aka PGP Universal Server) before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL.

4.0
2014-02-04 CVE-2014-0834 IBM Improper Input Validation vulnerability in IBM General Parallel File System

IBM General Parallel File System (GPFS) 3.4 through 3.4.0.27 and 3.5 through 3.5.0.16 allows attackers to cause a denial of service (daemon crash) via crafted arguments to a setuid program.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-02-04 CVE-2014-1458 Fortinet Cross-Site Scripting vulnerability in Fortinet Fortiweb

Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors.

3.5
2014-02-04 CVE-2013-6033 Lexmark Cross-Site Scripting vulnerability in Lexmark products

Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allow remote authenticated users to inject arbitrary web script or HTML by using (1) SNMP or (2) the Embedded Web Server (EWS) to set the (a) Contact or (b) Location field.

3.5
2014-02-06 CVE-2013-4463 Openstack Resource Management Errors vulnerability in Openstack Folsom, Grizzly and Havana

OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image.

2.1
2014-02-03 CVE-2011-4327 Openbsd Information Exposure vulnerability in Openbsd Openssh

ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.

2.1
2014-02-04 CVE-2014-0019 Dest Unreach
Fedoraproject
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line.

1.9