Weekly Vulnerabilities Reports > February 17 to 23, 2014
Overview
54 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 16 high severity vulnerabilities. This weekly summary report vulnerabilities in 51 products from 29 vendors including Cisco, Belkin, Apple, IBM, and Adobe. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Cryptographic Issues", "Improper Input Validation", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 50 reported vulnerabilities are remotely exploitables.
- 16 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 49 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 14 reported vulnerabilities.
- Cisco has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
6 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-02-22 | CVE-2014-0721 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified SIP Phone 3905 The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows remote attackers to obtain root access via a session on the test interface on TCP port 7870, aka Bug ID CSCuh75574. | 10.0 |
2014-02-22 | CVE-2013-6952 | Belkin | Cryptographic Issues vulnerability in Belkin Wemo Home Automation Firmware 2769 The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data. | 10.0 |
2014-02-21 | CVE-2014-0498 | Adobe Apple Microsoft Linux | Buffer Errors vulnerability in Adobe Air, Adobe AIR SDK and Flash Player Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2014-02-22 | CVE-2014-0709 | Cisco | Credentials Management vulnerability in Cisco UCS Director Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930. | 9.3 |
2014-02-22 | CVE-2013-6949 | Belkin | Permissions, Privileges, and Access Controls vulnerability in Belkin Wemo Home Automation Firmware 2769 The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device. | 9.3 |
2014-02-18 | CVE-2014-1861 | Jetroplatforms | Improper Input Validation vulnerability in Jetroplatforms Jetro Cockpit Secure Browsing 4.3.1/4.3.3 The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 does not validate the FileName element in an RDP_FILE_TRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension. | 9.3 |
16 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-02-21 | CVE-2014-0502 | Adobe Suse Opensuse Redhat | Double Free vulnerability in multiple products Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014. | 8.8 |
2014-02-22 | CVE-2014-0719 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco IPS Sensor Software The control-plane access-list implementation in Cisco IPS Software before 7.1(8p2)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (MainApp process outage) via crafted packets to TCP port 7000, aka Bug ID CSCui67394. | 7.8 |
2014-02-22 | CVE-2013-6950 | Belkin | Cryptographic Issues vulnerability in Belkin Wemo Home Automation Firmware 2769 The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution server. | 7.8 |
2014-02-22 | CVE-2013-6948 | Belkin | Code Injection vulnerability in Belkin Wemo Home Automation Firmware 2769 The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 7.8 |
2014-02-21 | CVE-2014-0499 | Adobe Apple Microsoft Linux | Permissions, Privileges, and Access Controls vulnerability in Adobe Air, Adobe AIR SDK and Flash Player Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 do not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors. | 7.8 |
2014-02-22 | CVE-2014-0818 | Autodesk | Code Injection vulnerability in Autodesk Autocad Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges and execute arbitrary VBScript code via a Trojan horse FAS file in the FAS file search path. | 7.5 |
2014-02-20 | CVE-2014-0734 | Cisco | SQL Injection vulnerability in Cisco Unified Communications Manager SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483. | 7.5 |
2014-02-18 | CVE-2014-1903 | Freepbx Sangoma | Permissions, Privileges, and Access Controls vulnerability in multiple products admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php. | 7.5 |
2014-02-17 | CVE-2012-0270 | Csounds | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Csounds Csound Multiple stack-based buffer overflows in Csound before 5.16.6 allow remote attackers to execute arbitrary code via a crafted (1) hetro file to the getnum function in util/heti_main.c or (2) PVOC file to the getnum function in util/pv_import.c. | 7.5 |
2014-02-17 | CVE-2011-3604 | Litech | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Litech Router Advertisement Daemon The process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to cause a denial of service (stack-based buffer over-read and crash) via unspecified vectors. | 7.5 |
2014-02-17 | CVE-2011-3601 | Litech | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Litech Router Advertisement Daemon Buffer overflow in the process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative value in a label_len value. | 7.5 |
2014-02-22 | CVE-2014-1266 | Apple | Improper Certificate Validation vulnerability in Apple Iphone OS, mac OS X and Tvos The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step. | 7.4 |
2014-02-22 | CVE-2014-0720 | Cisco | Improper Input Validation vulnerability in Cisco IPS Sensor Software Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via a flood of jumbo frames, aka Bug ID CSCuh94944. | 7.1 |
2014-02-22 | CVE-2014-0718 | Cisco | Improper Input Validation vulnerability in Cisco IPS Sensor Software The produce-verbose-alert feature in Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via fragmented packets, aka Bug ID CSCui91266. | 7.1 |
2014-02-22 | CVE-2014-0710 | Cisco | Race Condition vulnerability in Cisco Firewall Services Module Software Race condition in the cut-through proxy feature in Cisco Firewall Services Module (FWSM) Software 3.x before 3.2(28) and 4.x before 4.1(15) allows remote attackers to cause a denial of service (device reload) via certain matching traffic, aka Bug ID CSCuj16824. | 7.1 |
2014-02-22 | CVE-2013-6951 | Belkin | Cryptographic Issues vulnerability in Belkin Wemo Home Automation Firmware 2769 The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary X.509 certificate. | 7.1 |
28 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-02-22 | CVE-2014-0730 | Cisco | Improper Input Validation vulnerability in Cisco Unified Computing System Central Software Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain privileges via a CLI copy command in a local-mgmt context, aka Bug ID CSCul53128. | 6.8 |
2014-02-20 | CVE-2014-0080 | Rubyonrails | SQL Injection vulnerability in Rubyonrails Rails SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns. | 6.8 |
2014-02-20 | CVE-2014-0736 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Manager Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468. | 6.8 |
2014-02-21 | CVE-2014-1910 | Citrix | Cryptographic Issues vulnerability in Citrix Sharefile Mobile and Sharefile Mobile for Tablets Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |
2014-02-20 | CVE-2013-4420 | Feep | Path Traversal vulnerability in Feep Libtar Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. | 5.8 |
2014-02-18 | CVE-2013-6396 | Openstack | Cryptographic Issues vulnerability in Openstack Swift The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |
2014-02-17 | CVE-2011-0528 | Puppet | Permissions, Privileges, and Access Controls vulnerability in Puppet Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors. | 5.5 |
2014-02-22 | CVE-2014-0854 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Cognos Business Intelligence The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.0 |
2014-02-22 | CVE-2014-0731 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Manager The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497. | 5.0 |
2014-02-20 | CVE-2014-0733 | Cisco | Improper Authentication vulnerability in Cisco Unified Communications Manager The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494. | 5.0 |
2014-02-20 | CVE-2014-0082 | Rubyonrails | Improper Input Validation vulnerability in Rubyonrails Rails and Ruby ON Rails actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers. | 5.0 |
2014-02-20 | CVE-2014-0732 | Cisco | Improper Authentication vulnerability in Cisco Unified Communications Manager The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495. | 5.0 |
2014-02-18 | CVE-2014-2020 | PHP | Numeric Errors vulnerability in PHP ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226. | 5.0 |
2014-02-18 | CVE-2014-0627 | EMC Dell | Cryptographic Issues vulnerability in multiple products The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state. | 5.0 |
2014-02-18 | CVE-2014-0626 | Dell EMC | Cryptographic Issues vulnerability in multiple products The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated. | 5.0 |
2014-02-18 | CVE-2014-0625 | EMC Dell | Resource Management Errors vulnerability in multiple products The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered. | 5.0 |
2014-02-17 | CVE-2011-3605 | Litech | Improper Input Validation vulnerability in Litech Router Advertisement Daemon The process_rs function in the router advertisement daemon (radvd) before 1.8.2, when UnicastOnly is enabled, allows remote attackers to cause a denial of service (temporary service hang) via a large number of ND_ROUTER_SOLICIT requests. | 5.0 |
2014-02-18 | CVE-2014-2019 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value. | 4.9 |
2014-02-22 | CVE-2014-0819 | Autodesk | Improper Input Validation vulnerability in Autodesk Autocad Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 4.4 |
2014-02-22 | CVE-2014-0811 | Blackboard | Cross-Site Scripting vulnerability in Blackboard Vista/Ce 8.0 Cross-site scripting (XSS) vulnerability in Blackboard Vista/CE 8.0 SP6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-02-22 | CVE-2014-0737 | Cisco | Improper Authentication vulnerability in Cisco Unified IP Phone 7960G The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66795. | 4.3 |
2014-02-22 | CVE-2013-6732 | IBM | Cross-Site Scripting vulnerability in IBM Cognos Business Intelligence Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | 4.3 |
2014-02-20 | CVE-2014-0081 | Rubyonrails Opensuse Opensuse Project Redhat | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper. | 4.3 |
2014-02-20 | CVE-2014-0735 | Cisco | Cross-Site Scripting vulnerability in Cisco Unified Communications Manager Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470. | 4.3 |
2014-02-17 | CVE-2014-2018 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Seamonkey, Thunderbird and Thunderbird ESR Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674. | 4.3 |
2014-02-17 | CVE-2013-6674 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Seamonkey, Thunderbird and Thunderbird ESR Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018. | 4.3 |
2014-02-17 | CVE-2013-1070 | Ubuntu | Cross-Site Scripting vulnerability in Ubuntu Metal AS A Service 1.2/1.4 Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/. | 4.3 |
2014-02-17 | CVE-2011-4083 | Redhat | Cryptographic Issues vulnerability in Redhat SOS The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes (1) Certificate-based Red Hat Network private entitlement keys and the (2) private key for the entitlement in an archive of debugging information, which might allow remote attackers to obtain sensitive information by reading the archive. | 4.3 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-02-22 | CVE-2014-0861 | IBM | Cross-Site Scripting vulnerability in IBM Cognos Business Intelligence Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter that is not properly handled during use of the Back button. | 3.5 |
2014-02-22 | CVE-2013-6734 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Extreme Scale Client IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportunistic circumstances by leveraging access to the same web container. | 3.5 |
2014-02-20 | CVE-2014-1879 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. | 3.5 |
2014-02-17 | CVE-2013-1069 | Ubuntu | Permissions, Privileges, and Access Controls vulnerability in Ubuntu Metal AS A Service 1.2/1.4 Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file. | 2.1 |