Weekly Vulnerabilities Reports > March 31 to April 6, 2014
Overview
106 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 14 high severity vulnerabilities. This weekly summary report vulnerabilities in 116 products from 54 vendors including Apple, Cisco, Redhat, Postgresql, and EMC. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Improper Input Validation", "Permissions, Privileges, and Access Controls", and "SQL Injection".
- 91 reported vulnerabilities are remotely exploitables.
- 11 reported vulnerabilities have public exploit available.
- 32 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 83 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 15 reported vulnerabilities.
- Google has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
12 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-04-04 | CVE-2012-6429 | Samsung | Buffer Errors vulnerability in Samsung Kies 2.3.2.12074/2.3.2.120741313/2.5.0.120942711 Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the password argument. | 10.0 |
2014-04-01 | CVE-2013-7350 | Checkpoint | Security vulnerability in Checkpoint Security Gateway R71.00/R71.45/R75.20 Multiple unspecified vulnerabilities in Check Point Security Gateway 80 R71.x before R71.45 (730159141) and R75.20.x before R75.20.4 and 600 and 1100 appliances R75.20.x before R75.20.42 have unknown impact and attack vectors related to "important security fixes." | 10.0 |
2014-04-01 | CVE-2013-2278 | Jgaa | Unspecified vulnerability in Jgaa Warftpd 1.8.2 Unspecified vulnerability in War FTP Daemon (warftpd) 1.82, when running as a Windows service, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to log messages and the "internal log handler to the Windows Event log." | 10.0 |
2014-03-31 | CVE-2014-1982 | Alliedtelesis | Improper Authentication vulnerability in Alliedtelesis products The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html. | 10.0 |
2014-03-31 | CVE-2013-6775 | Chainfire | Permissions, Privileges, and Access Controls vulnerability in Chainfire Supersu 1.69 The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su. | 10.0 |
2014-03-31 | CVE-2013-6774 | Chainfire Androidsu Koushik Dutta | Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an arbitrary .jar file and gain privileges via a crafted BOOTCLASSPATH environment variable for a /system/xbin/su process. | 10.0 |
2014-03-31 | CVE-2013-6769 | Koushik Dutta | Improper Input Validation vulnerability in Koushik Dutta Superuser 1.0.2.1 The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android allows attackers to gain privileges via shell metacharacters in the -c option to /system/xbin/su. | 10.0 |
2014-04-04 | CVE-2013-3930 | Coreftp | Buffer Errors vulnerability in Coreftp Core FTP 1.2/2.1/2.2 Stack-based buffer overflow in Core FTP before 2.2 build 1785 allows remote FTP servers to execute arbitrary code via a crafted directory name in a CWD command reply. | 9.3 |
2014-04-02 | CVE-2013-0729 | Tracker Software | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tracker-Software Pdf-Xchange Viewer Heap-based buffer overflow in Tracker Software PDF-XChange before 2.5.208 allows remote attackers to execute arbitrary code via a crafted Define Huffman Table header in a JPEG image file stream in a PDF file. | 9.3 |
2014-04-02 | CVE-2013-5365 | Autodesk | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Autodesk products Heap-based buffer overflow in Autodesk SketchBook for Enterprise 2014, Pro, and Express before 6.25, and Copic Edition before 2.0.2 allows remote attackers to execute arbitrary code via RLE-compressed channel data in a PSD file. | 9.3 |
2014-04-01 | CVE-2013-0662 | Schneider Electric | Out-of-bounds Write vulnerability in Schneider-Electric products Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header. | 9.3 |
2014-04-01 | CVE-2014-0632 | EMC | Path Traversal vulnerability in EMC Vplex Geosynchrony Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors. | 9.0 |
14 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-04-04 | CVE-2014-0789 | Schneider Electric | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Schneider-Electric products Multiple buffer overflows in the OPC Automation 2.0 Server Object ActiveX control in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 3.5 and earlier, TLXCDSTOFS33 3.5 and earlier, TLXCDLUOFS33 3.5 and earlier, TLXCDLTOFS33 3.5 and earlier, and TLXCDLFOFS33 3.5 and earlier allow remote attackers to cause a denial of service via long arguments to unspecified functions. | 7.8 |
2014-04-02 | CVE-2013-3588 | Zyxel | Improper Input Validation vulnerability in Zyxel products The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboot) via a flood of TCP SYN packets. | 7.8 |
2014-04-01 | CVE-2014-0633 | EMC | Improper Input Validation vulnerability in EMC Vplex Geosynchrony The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. | 7.7 |
2014-03-31 | CVE-2013-6770 | Koushik Dutta | Permissions, Privileges, and Access Controls vulnerability in multiple products The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script. | 7.6 |
2014-04-04 | CVE-2014-2210 | CA | Path Traversal vulnerability in CA Erwin web Portal 9.5 Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors. | 7.5 |
2014-04-04 | CVE-2014-0592 | Crowbar Novell | Permissions, Privileges, and Access Controls vulnerability in multiple products Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs. | 7.5 |
2014-04-04 | CVE-2012-5648 | Theforeman | SQL Injection vulnerability in Theforeman Foreman Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism. | 7.5 |
2014-04-02 | CVE-2013-0735 | Cartpauj Wordpress | SQL Injection vulnerability in Cartpauj Mingle-Forum Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php. | 7.5 |
2014-04-02 | CVE-2013-3213 | Vtiger | SQL Injection vulnerability in Vtiger CRM Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php. | 7.5 |
2014-04-01 | CVE-2014-1691 | Horde | Code Injection vulnerability in Horde Application Framework The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form. | 7.5 |
2014-04-01 | CVE-2014-0635 | EMC | Improper Authentication vulnerability in EMC Vplex Geosynchrony Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors. | 7.5 |
2014-04-01 | CVE-2014-2034 | Sonatype | Security Bypass vulnerability in Sonatype Nexus Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path." | 7.5 |
2014-04-01 | CVE-2013-7349 | Raoul Proenca | SQL Injection vulnerability in Raoul Proenca Gnew 2013.1 Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.php or (4) users/register.php. | 7.5 |
2014-04-01 | CVE-2013-5640 | Raoul Proenca | SQL Injection vulnerability in Raoul Proenca Gnew 2013.1 Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id parameter to comments/add.php or (4) comments/edit.php, or (5) thread_id parameter to posts/add.php. | 7.5 |
74 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-03-31 | CVE-2014-0983 | Oracle | Resource Management Errors vulnerability in Oracle VM Virtualbox Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted index, which are not properly handled by the (1) CR_VERTEXATTRIB4NUBARB_OPCODE to the crServerDispatchVertexAttrib4NubARB function, (2) CR_VERTEXATTRIB1DARB_OPCODE to the crServerDispatchVertexAttrib1dARB function, (3) CR_VERTEXATTRIB1FARB_OPCODE to the crServerDispatchVertexAttrib1fARB function, (4) CR_VERTEXATTRIB1SARB_OPCODE to the crServerDispatchVertexAttrib1sARB function, (5) CR_VERTEXATTRIB2DARB_OPCODE to the crServerDispatchVertexAttrib2dARB function, (6) CR_VERTEXATTRIB2FARB_OPCODE to the crServerDispatchVertexAttrib2fARB function, (7) CR_VERTEXATTRIB2SARB_OPCODE to the crServerDispatchVertexAttrib2sARB function, (8) CR_VERTEXATTRIB3DARB_OPCODE to the crServerDispatchVertexAttrib3dARB function, (9) CR_VERTEXATTRIB3FARB_OPCODE to the crServerDispatchVertexAttrib3fARB function, (10) CR_VERTEXATTRIB3SARB_OPCODE to the crServerDispatchVertexAttrib3sARB function, (11) CR_VERTEXATTRIB4DARB_OPCODE to the crServerDispatchVertexAttrib4dARB function, (12) CR_VERTEXATTRIB4FARB_OPCODE to the crServerDispatchVertexAttrib4fARB function, and (13) CR_VERTEXATTRIB4SARB_OPCODE to the crServerDispatchVertexAttrib4sARB function. | 6.9 |
2014-04-06 | CVE-2013-5680 | LEE Howard | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in LEE Howard Hylafax+ Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, when using LDAP authentication, might allow remote attackers to cause a denial of service (child hang) or execute arbitrary code via a long USER command. | 6.8 |
2014-04-04 | CVE-2014-2115 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Emergency Responder 1.1 Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250. | 6.8 |
2014-04-03 | CVE-2014-2340 | Xcloner | Cross-Site Request Forgery (CSRF) vulnerability in Xcloner Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php. | 6.8 |
2014-04-03 | CVE-2014-0466 | GNU | Arbitrary Command Execution vulnerability in GNU A2Ps 4.14 The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file. | 6.8 |
2014-04-02 | CVE-2013-7352 | B2Evolution | Cross-Site Request Forgery (CSRF) vulnerability in B2Evolution Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-2945. | 6.8 |
2014-04-02 | CVE-2014-1313 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 6.8 |
2014-04-02 | CVE-2014-1312 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 6.8 |
2014-04-02 | CVE-2014-1311 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 6.8 |
2014-04-02 | CVE-2014-1310 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 6.8 |
2014-04-02 | CVE-2014-1309 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 6.8 |
2014-04-02 | CVE-2014-1308 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 6.8 |
2014-04-02 | CVE-2014-1307 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 6.8 |
2014-04-02 | CVE-2014-1305 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 6.8 |
2014-04-02 | CVE-2014-1304 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 6.8 |
2014-04-02 | CVE-2014-1302 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 6.8 |
2014-04-02 | CVE-2014-1301 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Safari WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 6.8 |
2014-04-02 | CVE-2014-1299 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 6.8 |
2014-04-02 | CVE-2014-1298 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 6.8 |
2014-04-02 | CVE-2013-4240 | Hitmyserver | Cross-Site Request Forgery (CSRF) vulnerability in Hitmyserver HMS Testimonials Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add new testimonials via the hms-testimonials-addnew page, (2) add new groups via the hms-testimonials-addnewgroup page, (3) change default settings via the hms-testimonials-settings page, (4) change advanced settings via the hms-testimonials-settings-advanced page, (5) change custom fields settings via the hms-testimonials-settings-fields page, or (6) change template settings via the hms-testimonials-templates-new page to wp-admin/admin.php. | 6.8 |
2014-03-31 | CVE-2014-2671 | Microsoft | Buffer Errors vulnerability in Microsoft Windows Media Player 11.0.5721.5230 Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file. | 6.8 |
2014-04-02 | CVE-2013-2945 | B2Evolution | SQL Injection vulnerability in B2Evolution SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. | 6.5 |
2014-04-02 | CVE-2014-2655 | Postfix Admin Project | SQL Injection vulnerability in Postfix Admin Project Postfix Admin SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias. | 6.5 |
2014-03-31 | CVE-2014-2669 | Postgresql | Numeric Errors vulnerability in Postgresql Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact via vectors related to the (1) hstore_recv, (2) hstore_from_arrays, and (3) hstore_from_array functions in contrib/hstore/hstore_io.c; and the (4) hstoreArrayToPairs function in contrib/hstore/hstore_op.c, which triggers a buffer overflow. | 6.5 |
2014-03-31 | CVE-2014-0065 | Postgresql | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Postgresql Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063. | 6.5 |
2014-03-31 | CVE-2014-0061 | Postgresql | Permissions, Privileges, and Access Controls vulnerability in Postgresql The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions. | 6.5 |
2014-04-05 | CVE-2014-2144 | Cisco | Improper Input Validation vulnerability in Cisco IOS XR Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266. | 6.1 |
2014-04-01 | CVE-2014-0634 | EMC | Improper Input Validation vulnerability in EMC Vplex Geosynchrony EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 6.0 |
2014-04-03 | CVE-2014-0093 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform 6.2.2 Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access restrictions. | 5.8 |
2014-04-01 | CVE-2014-1895 | XEN | Numeric Errors vulnerability in XEN Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read. | 5.8 |
2014-04-01 | CVE-2014-1894 | XEN | Numeric Errors vulnerability in XEN Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1893. | 5.2 |
2014-04-01 | CVE-2014-1893 | XEN | Numeric Errors vulnerability in XEN Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894. | 5.2 |
2014-04-01 | CVE-2014-1892 | XEN | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in XEN Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891, CVE-2014-1893, and CVE-2014-1894. | 5.2 |
2014-04-01 | CVE-2014-1891 | XEN | Numeric Errors vulnerability in XEN Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894. | 5.2 |
2014-04-05 | CVE-2014-2730 | Microsoft | Resource Management Errors vulnerability in Microsoft Office The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013, and Office for Mac 2011, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption and persistent application hang) via a crafted XML document containing a large number of nested entity references, as demonstrated by a crafted text/plain e-mail message to Outlook, a similar issue to CVE-2003-1564. | 5.0 |
2014-04-04 | CVE-2014-2143 | Cisco | Denial of Service vulnerability in Cisco IOS XE The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021. | 5.0 |
2014-04-04 | CVE-2012-4920 | Zingiri Wordpress | Path Traversal vulnerability in Zingiri Forums Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files via a .. | 5.0 |
2014-04-02 | CVE-2014-1297 | Apple | Improper Input Validation vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access. | 5.0 |
2014-04-01 | CVE-2014-2212 | Posh Project | Credentials Management vulnerability in Posh Project Posh The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie. | 5.0 |
2014-04-01 | CVE-2014-2237 | Openstack | Permissions, Privileges, and Access Controls vulnerability in Openstack Keystone The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions. | 5.0 |
2014-04-01 | CVE-2014-2590 | Siemens | Missing Authentication for Critical Function vulnerability in Siemens Ruggedcom Rugged Operating System The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface outage) via crafted HTTP packets. | 5.0 |
2014-03-31 | CVE-2013-6768 | Koushik Dutta | Path Traversal vulnerability in Koushik Dutta Superuser 1.0.2.1 Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process program via a crafted PATH environment variable for a /system/xbin/su process. | 5.0 |
2014-04-01 | CVE-2014-1896 | XEN | Improper Input Validation vulnerability in XEN The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring." | 4.9 |
2014-03-31 | CVE-2014-0062 | Postgresql | Race Condition vulnerability in Postgresql Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window. | 4.9 |
2014-04-01 | CVE-2014-2678 | Linux Fedoraproject Oracle | Null Pointer Dereference vulnerability in multiple products The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. | 4.7 |
2014-03-31 | CVE-2014-0067 | Apple Postgresql | Permissions, Privileges, and Access Controls vulnerability in multiple products The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster. | 4.6 |
2014-03-31 | CVE-2014-0981 | Oracle | Resource Management Errors vulnerability in Oracle VM Virtualbox VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. | 4.4 |
2014-04-06 | CVE-2013-1946 | Restful WEB Services Project Drupal | Improper Input Validation vulnerability in Restful web Services Project Restful web Services 7.X1.1/7.X1.2/7.X2.0 The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows remote attackers to cause a denial of service via a GET request with an HTTP Accept header set to a non-HTML type, which can "interfere with Drupal's page cache." | 4.3 |
2014-04-05 | CVE-2012-6640 | Horde | Cross-Site Scripting vulnerability in Horde Groupware and IMP Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565. | 4.3 |
2014-04-05 | CVE-2012-5567 | Horde | Cross-Site Scripting vulnerability in Horde Groupware and Kronolith H4 Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject arbitrary web script or HTML via crafted event location parameters in the (1) month, (2) monthlist, or (3) prevmonthlist fields, related to portal blocks. | 4.3 |
2014-04-05 | CVE-2012-5566 | Horde | Cross-Site Scripting vulnerability in Horde Groupware and Kronolith H4 Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.17, as used in Horde Groupware Webmail Edition before 4.0.8, allow remote attackers to inject arbitrary web script or HTML via the (1) tasks view or (2) search view. | 4.3 |
2014-04-05 | CVE-2012-5565 | Horde | Cross-Site Scripting vulnerability in Horde Groupware and IMP Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view. | 4.3 |
2014-04-05 | CVE-2014-0827 | IBM | Cross-Site Scripting vulnerability in IBM Optim Workload Replay 1.1 Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Workload Replay 1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2014-04-05 | CVE-2014-0337 | Huawei | Cross-Site Scripting vulnerability in Huawei Echo Life and Echo Life Hg8247 Firmware Cross-site scripting (XSS) vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML via an invalid TELNET connection attempt with a crafted username that is not properly handled during construction of the "failed log-in attempts over telnet" log view. | 4.3 |
2014-04-04 | CVE-2014-2117 | Cisco | Improper Input Validation vulnerability in Cisco Emergency Responder 1.1 Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters, aka Bug ID CSCun37909. | 4.3 |
2014-04-04 | CVE-2014-2116 | Cisco | Improper Input Validation vulnerability in Cisco Emergency Responder 1.1 Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882. | 4.3 |
2014-04-04 | CVE-2014-2114 | Cisco | Cross-Site Scripting vulnerability in Cisco Emergency Responder 1.1 Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384. | 4.3 |
2014-04-04 | CVE-2014-0638 | EMC | Cross-Site Scripting vulnerability in EMC RSA Adaptive Authentication On-Premise Cross-site scripting (XSS) vulnerability in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a "cross-frame scripting" issue. | 4.3 |
2014-04-04 | CVE-2014-0637 | EMC | Cross-Site Scripting vulnerability in EMC RSA Adaptive Authentication On-Premise Cross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-04-04 | CVE-2013-2287 | Roberta Bramski | Cross-Site Scripting vulnerability in Roberta Bramski Uploader 1.0.4 Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter. | 4.3 |
2014-04-02 | CVE-2013-3484 | Dotcms | Cross-Site Scripting vulnerability in Dotcms Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) _loginUserName parameter to application/login/login.html, (2) my_account_login parameter to c/portal_public/login, or (3) email parameter to forgotPassword. | 4.3 |
2014-04-02 | CVE-2014-2578 | Splunk | Cross-Site Scripting vulnerability in Splunk Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-04-02 | CVE-2013-1770 | Ganglia | Cross-Site Scripting vulnerability in Ganglia Ganglia-Web 3.5.7 Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia Web 3.5.7 allows remote attackers to inject arbitrary web script or HTML via the view_name parameter. | 4.3 |
2014-04-02 | CVE-2014-2138 | Cisco | Improper Input Validation vulnerability in Cisco Security Manager CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349. | 4.3 |
2014-04-02 | CVE-2014-2137 | Cisco | Improper Input Validation vulnerability in Cisco products CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002. | 4.3 |
2014-04-02 | CVE-2014-2125 | Cisco | Cross-Site Scripting vulnerability in Cisco Unity Connection 8.6/8.6(1A)/8.6(2A) Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028. | 4.3 |
2014-04-02 | CVE-2014-1942 | Pearson | Cross-Site Scripting vulnerability in Pearson Esis Enterprise Student Information System Cross-site scripting (XSS) vulnerability in aal/loginverification.aspx in Pearson eSIS Enterprise Student Information System allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-04-02 | CVE-2014-0828 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Portal Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-04-01 | CVE-2013-1869 | Redhat | Improper Input Validation vulnerability in Redhat Satellite and Spacewalk-Java CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter. | 4.3 |
2014-03-31 | CVE-2014-0086 | Redhat | Improper Input Validation vulnerability in Redhat Jboss web Framework KIT and Richfaces The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests. | 4.3 |
2014-04-05 | CVE-2014-2600 | HP | Denial of Service vulnerability in HP products Unspecified vulnerability in HP IceWall Identity Manager 4.0 through SP1 and 5.0 and IceWall SSO 10.0 Password Reset Option, when Apache Commons FileUpload is used, allows remote authenticated users to cause a denial of service via unknown vectors. | 4.0 |
2014-04-05 | CVE-2014-2145 | Cisco | Path Traversal vulnerability in Cisco Unity Connection Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071. | 4.0 |
2014-04-01 | CVE-2009-5141 | Jgaa | USE of Externally-Controlled Format String vulnerability in Jgaa Warftpd 1.8.2 Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command. | 4.0 |
2014-03-31 | CVE-2014-0060 | Postgresql | Permissions, Privileges, and Access Controls vulnerability in Postgresql PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command. | 4.0 |
6 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-04-01 | CVE-2012-0032 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Operations Network Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials. | 3.7 |
2014-03-31 | CVE-2013-7347 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Conga and Enterprise Linux Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. | 3.7 |
2014-04-02 | CVE-2014-2553 | Otrs | Cross-Site Scripting vulnerability in Otrs Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields. | 3.5 |
2014-04-02 | CVE-2014-0901 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1 Cross-site scripting (XSS) vulnerability in the Social Rendering implementation in the IBM Connections integration in IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2014-04-01 | CVE-2011-4573 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Operations Network Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail. | 3.5 |
2014-04-05 | CVE-2001-1593 | GNU | Link Following vulnerability in GNU A2Ps The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file. | 2.1 |