Weekly Vulnerabilities Reports > March 31 to April 6, 2014

Overview

106 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 14 high severity vulnerabilities. This weekly summary report vulnerabilities in 116 products from 54 vendors including Apple, Cisco, Redhat, Postgresql, and EMC. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Improper Input Validation", "Permissions, Privileges, and Access Controls", and "SQL Injection".

  • 91 reported vulnerabilities are remotely exploitables.
  • 11 reported vulnerabilities have public exploit available.
  • 32 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 83 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 15 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

12 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-04-04 CVE-2012-6429 Samsung Buffer Errors vulnerability in Samsung Kies 2.3.2.12074/2.3.2.120741313/2.5.0.120942711

Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the password argument.

10.0
2014-04-01 CVE-2013-7350 Checkpoint Security vulnerability in Checkpoint Security Gateway R71.00/R71.45/R75.20

Multiple unspecified vulnerabilities in Check Point Security Gateway 80 R71.x before R71.45 (730159141) and R75.20.x before R75.20.4 and 600 and 1100 appliances R75.20.x before R75.20.42 have unknown impact and attack vectors related to "important security fixes."

10.0
2014-04-01 CVE-2013-2278 Jgaa Unspecified vulnerability in Jgaa Warftpd 1.8.2

Unspecified vulnerability in War FTP Daemon (warftpd) 1.82, when running as a Windows service, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to log messages and the "internal log handler to the Windows Event log."

10.0
2014-03-31 CVE-2014-1982 Alliedtelesis Improper Authentication vulnerability in Alliedtelesis products

The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.

10.0
2014-03-31 CVE-2013-6775 Chainfire
Google
Permissions, Privileges, and Access Controls vulnerability in Chainfire Supersu 1.69

The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su.

10.0
2014-03-31 CVE-2013-6774 Chainfire
Google
Androidsu
Koushik Dutta
Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an arbitrary .jar file and gain privileges via a crafted BOOTCLASSPATH environment variable for a /system/xbin/su process.
10.0
2014-03-31 CVE-2013-6769 Koushik Dutta
Google
Improper Input Validation vulnerability in Koushik Dutta Superuser 1.0.2.1

The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android allows attackers to gain privileges via shell metacharacters in the -c option to /system/xbin/su.

10.0
2014-04-04 CVE-2013-3930 Coreftp Buffer Errors vulnerability in Coreftp Core FTP 1.2/2.1/2.2

Stack-based buffer overflow in Core FTP before 2.2 build 1785 allows remote FTP servers to execute arbitrary code via a crafted directory name in a CWD command reply.

9.3
2014-04-02 CVE-2013-0729 Tracker Software Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tracker-Software Pdf-Xchange Viewer

Heap-based buffer overflow in Tracker Software PDF-XChange before 2.5.208 allows remote attackers to execute arbitrary code via a crafted Define Huffman Table header in a JPEG image file stream in a PDF file.

9.3
2014-04-02 CVE-2013-5365 Autodesk Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Autodesk products

Heap-based buffer overflow in Autodesk SketchBook for Enterprise 2014, Pro, and Express before 6.25, and Copic Edition before 2.0.2 allows remote attackers to execute arbitrary code via RLE-compressed channel data in a PSD file.

9.3
2014-04-01 CVE-2013-0662 Schneider Electric Out-of-bounds Write vulnerability in Schneider-Electric products

Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.

9.3
2014-04-01 CVE-2014-0632 EMC Path Traversal vulnerability in EMC Vplex Geosynchrony

Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors.

9.0

14 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-04-04 CVE-2014-0789 Schneider Electric Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Schneider-Electric products

Multiple buffer overflows in the OPC Automation 2.0 Server Object ActiveX control in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 3.5 and earlier, TLXCDSTOFS33 3.5 and earlier, TLXCDLUOFS33 3.5 and earlier, TLXCDLTOFS33 3.5 and earlier, and TLXCDLFOFS33 3.5 and earlier allow remote attackers to cause a denial of service via long arguments to unspecified functions.

7.8
2014-04-02 CVE-2013-3588 Zyxel Improper Input Validation vulnerability in Zyxel products

The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboot) via a flood of TCP SYN packets.

7.8
2014-04-01 CVE-2014-0633 EMC Improper Input Validation vulnerability in EMC Vplex Geosynchrony

The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation.

7.7
2014-03-31 CVE-2013-6770 Koushik Dutta
Google
Permissions, Privileges, and Access Controls vulnerability in multiple products

The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script.

7.6
2014-04-04 CVE-2014-2210 CA Path Traversal vulnerability in CA Erwin web Portal 9.5

Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors.

7.5
2014-04-04 CVE-2014-0592 Crowbar
Novell
Permissions, Privileges, and Access Controls vulnerability in multiple products

Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs.

7.5
2014-04-04 CVE-2012-5648 Theforeman SQL Injection vulnerability in Theforeman Foreman

Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism.

7.5
2014-04-02 CVE-2013-0735 Cartpauj
Wordpress
SQL Injection vulnerability in Cartpauj Mingle-Forum

Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php.

7.5
2014-04-02 CVE-2013-3213 Vtiger SQL Injection vulnerability in Vtiger CRM

Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php.

7.5
2014-04-01 CVE-2014-1691 Horde Code Injection vulnerability in Horde Application Framework

The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.

7.5
2014-04-01 CVE-2014-0635 EMC Improper Authentication vulnerability in EMC Vplex Geosynchrony

Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors.

7.5
2014-04-01 CVE-2014-2034 Sonatype Security Bypass vulnerability in Sonatype Nexus

Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path."

7.5
2014-04-01 CVE-2013-7349 Raoul Proenca SQL Injection vulnerability in Raoul Proenca Gnew 2013.1

Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.php or (4) users/register.php.

7.5
2014-04-01 CVE-2013-5640 Raoul Proenca SQL Injection vulnerability in Raoul Proenca Gnew 2013.1

Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id parameter to comments/add.php or (4) comments/edit.php, or (5) thread_id parameter to posts/add.php.

7.5

74 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-03-31 CVE-2014-0983 Oracle Resource Management Errors vulnerability in Oracle VM Virtualbox

Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted index, which are not properly handled by the (1) CR_VERTEXATTRIB4NUBARB_OPCODE to the crServerDispatchVertexAttrib4NubARB function, (2) CR_VERTEXATTRIB1DARB_OPCODE to the crServerDispatchVertexAttrib1dARB function, (3) CR_VERTEXATTRIB1FARB_OPCODE to the crServerDispatchVertexAttrib1fARB function, (4) CR_VERTEXATTRIB1SARB_OPCODE to the crServerDispatchVertexAttrib1sARB function, (5) CR_VERTEXATTRIB2DARB_OPCODE to the crServerDispatchVertexAttrib2dARB function, (6) CR_VERTEXATTRIB2FARB_OPCODE to the crServerDispatchVertexAttrib2fARB function, (7) CR_VERTEXATTRIB2SARB_OPCODE to the crServerDispatchVertexAttrib2sARB function, (8) CR_VERTEXATTRIB3DARB_OPCODE to the crServerDispatchVertexAttrib3dARB function, (9) CR_VERTEXATTRIB3FARB_OPCODE to the crServerDispatchVertexAttrib3fARB function, (10) CR_VERTEXATTRIB3SARB_OPCODE to the crServerDispatchVertexAttrib3sARB function, (11) CR_VERTEXATTRIB4DARB_OPCODE to the crServerDispatchVertexAttrib4dARB function, (12) CR_VERTEXATTRIB4FARB_OPCODE to the crServerDispatchVertexAttrib4fARB function, and (13) CR_VERTEXATTRIB4SARB_OPCODE to the crServerDispatchVertexAttrib4sARB function.

6.9
2014-04-06 CVE-2013-5680 LEE Howard Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in LEE Howard Hylafax+

Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, when using LDAP authentication, might allow remote attackers to cause a denial of service (child hang) or execute arbitrary code via a long USER command.

6.8
2014-04-04 CVE-2014-2115 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Emergency Responder 1.1

Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250.

6.8
2014-04-03 CVE-2014-2340 Xcloner Cross-Site Request Forgery (CSRF) vulnerability in Xcloner

Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php.

6.8
2014-04-03 CVE-2014-0466 GNU Arbitrary Command Execution vulnerability in GNU A2Ps 4.14

The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.

6.8
2014-04-02 CVE-2013-7352 B2Evolution Cross-Site Request Forgery (CSRF) vulnerability in B2Evolution

Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-2945.

6.8
2014-04-02 CVE-2014-1313 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.

6.8
2014-04-02 CVE-2014-1312 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.

6.8
2014-04-02 CVE-2014-1311 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.

6.8
2014-04-02 CVE-2014-1310 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.

6.8
2014-04-02 CVE-2014-1309 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.

6.8
2014-04-02 CVE-2014-1308 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.

6.8
2014-04-02 CVE-2014-1307 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.

6.8
2014-04-02 CVE-2014-1305 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.

6.8
2014-04-02 CVE-2014-1304 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.

6.8
2014-04-02 CVE-2014-1302 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.

6.8
2014-04-02 CVE-2014-1301 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Safari

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.

6.8
2014-04-02 CVE-2014-1299 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.

6.8
2014-04-02 CVE-2014-1298 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.

6.8
2014-04-02 CVE-2013-4240 Hitmyserver Cross-Site Request Forgery (CSRF) vulnerability in Hitmyserver HMS Testimonials

Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add new testimonials via the hms-testimonials-addnew page, (2) add new groups via the hms-testimonials-addnewgroup page, (3) change default settings via the hms-testimonials-settings page, (4) change advanced settings via the hms-testimonials-settings-advanced page, (5) change custom fields settings via the hms-testimonials-settings-fields page, or (6) change template settings via the hms-testimonials-templates-new page to wp-admin/admin.php.

6.8
2014-03-31 CVE-2014-2671 Microsoft Buffer Errors vulnerability in Microsoft Windows Media Player 11.0.5721.5230

Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file.

6.8
2014-04-02 CVE-2013-2945 B2Evolution SQL Injection vulnerability in B2Evolution

SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter.

6.5
2014-04-02 CVE-2014-2655 Postfix Admin Project SQL Injection vulnerability in Postfix Admin Project Postfix Admin

SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias.

6.5
2014-03-31 CVE-2014-2669 Postgresql Numeric Errors vulnerability in Postgresql

Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact via vectors related to the (1) hstore_recv, (2) hstore_from_arrays, and (3) hstore_from_array functions in contrib/hstore/hstore_io.c; and the (4) hstoreArrayToPairs function in contrib/hstore/hstore_op.c, which triggers a buffer overflow.

6.5
2014-03-31 CVE-2014-0065 Postgresql Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Postgresql

Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063.

6.5
2014-03-31 CVE-2014-0061 Postgresql Permissions, Privileges, and Access Controls vulnerability in Postgresql

The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.

6.5
2014-04-05 CVE-2014-2144 Cisco Improper Input Validation vulnerability in Cisco IOS XR

Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266.

6.1
2014-04-01 CVE-2014-0634 EMC Improper Input Validation vulnerability in EMC Vplex Geosynchrony

EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

6.0
2014-04-03 CVE-2014-0093 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform 6.2.2

Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access restrictions.

5.8
2014-04-01 CVE-2014-1895 XEN Numeric Errors vulnerability in XEN

Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read.

5.8
2014-04-01 CVE-2014-1894 XEN Numeric Errors vulnerability in XEN

Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1893.

5.2
2014-04-01 CVE-2014-1893 XEN Numeric Errors vulnerability in XEN

Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894.

5.2
2014-04-01 CVE-2014-1892 XEN Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in XEN

Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891, CVE-2014-1893, and CVE-2014-1894.

5.2
2014-04-01 CVE-2014-1891 XEN Numeric Errors vulnerability in XEN

Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894.

5.2
2014-04-05 CVE-2014-2730 Microsoft Resource Management Errors vulnerability in Microsoft Office

The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013, and Office for Mac 2011, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption and persistent application hang) via a crafted XML document containing a large number of nested entity references, as demonstrated by a crafted text/plain e-mail message to Outlook, a similar issue to CVE-2003-1564.

5.0
2014-04-04 CVE-2014-2143 Cisco Denial of Service vulnerability in Cisco IOS XE

The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021.

5.0
2014-04-04 CVE-2012-4920 Zingiri
Wordpress
Path Traversal vulnerability in Zingiri Forums

Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files via a ..

5.0
2014-04-02 CVE-2014-1297 Apple Improper Input Validation vulnerability in Apple Safari

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access.

5.0
2014-04-01 CVE-2014-2212 Posh Project Credentials Management vulnerability in Posh Project Posh

The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie.

5.0
2014-04-01 CVE-2014-2237 Openstack Permissions, Privileges, and Access Controls vulnerability in Openstack Keystone

The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.

5.0
2014-04-01 CVE-2014-2590 Siemens Missing Authentication for Critical Function vulnerability in Siemens Ruggedcom Rugged Operating System

The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface outage) via crafted HTTP packets.

5.0
2014-03-31 CVE-2013-6768 Koushik Dutta
Google
Path Traversal vulnerability in Koushik Dutta Superuser 1.0.2.1

Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process program via a crafted PATH environment variable for a /system/xbin/su process.

5.0
2014-04-01 CVE-2014-1896 XEN Improper Input Validation vulnerability in XEN

The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring."

4.9
2014-03-31 CVE-2014-0062 Postgresql Race Condition vulnerability in Postgresql

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.

4.9
2014-04-01 CVE-2014-2678 Linux
Fedoraproject
Oracle
Null Pointer Dereference vulnerability in multiple products

The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.

4.7
2014-03-31 CVE-2014-0067 Apple
Postgresql
Permissions, Privileges, and Access Controls vulnerability in multiple products

The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.

4.6
2014-03-31 CVE-2014-0981 Oracle Resource Management Errors vulnerability in Oracle VM Virtualbox

VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption.

4.4
2014-04-06 CVE-2013-1946 Restful WEB Services Project
Drupal
Improper Input Validation vulnerability in Restful web Services Project Restful web Services 7.X1.1/7.X1.2/7.X2.0

The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows remote attackers to cause a denial of service via a GET request with an HTTP Accept header set to a non-HTML type, which can "interfere with Drupal's page cache."

4.3
2014-04-05 CVE-2012-6640 Horde Cross-Site Scripting vulnerability in Horde Groupware and IMP

Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565.

4.3
2014-04-05 CVE-2012-5567 Horde Cross-Site Scripting vulnerability in Horde Groupware and Kronolith H4

Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject arbitrary web script or HTML via crafted event location parameters in the (1) month, (2) monthlist, or (3) prevmonthlist fields, related to portal blocks.

4.3
2014-04-05 CVE-2012-5566 Horde Cross-Site Scripting vulnerability in Horde Groupware and Kronolith H4

Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.17, as used in Horde Groupware Webmail Edition before 4.0.8, allow remote attackers to inject arbitrary web script or HTML via the (1) tasks view or (2) search view.

4.3
2014-04-05 CVE-2012-5565 Horde Cross-Site Scripting vulnerability in Horde Groupware and IMP

Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view.

4.3
2014-04-05 CVE-2014-0827 IBM Cross-Site Scripting vulnerability in IBM Optim Workload Replay 1.1

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Workload Replay 1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2014-04-05 CVE-2014-0337 Huawei Cross-Site Scripting vulnerability in Huawei Echo Life and Echo Life Hg8247 Firmware

Cross-site scripting (XSS) vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML via an invalid TELNET connection attempt with a crafted username that is not properly handled during construction of the "failed log-in attempts over telnet" log view.

4.3
2014-04-04 CVE-2014-2117 Cisco Improper Input Validation vulnerability in Cisco Emergency Responder 1.1

Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters, aka Bug ID CSCun37909.

4.3
2014-04-04 CVE-2014-2116 Cisco Improper Input Validation vulnerability in Cisco Emergency Responder 1.1

Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882.

4.3
2014-04-04 CVE-2014-2114 Cisco Cross-Site Scripting vulnerability in Cisco Emergency Responder 1.1

Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384.

4.3
2014-04-04 CVE-2014-0638 EMC Cross-Site Scripting vulnerability in EMC RSA Adaptive Authentication On-Premise

Cross-site scripting (XSS) vulnerability in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a "cross-frame scripting" issue.

4.3
2014-04-04 CVE-2014-0637 EMC Cross-Site Scripting vulnerability in EMC RSA Adaptive Authentication On-Premise

Cross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-04-04 CVE-2013-2287 Roberta Bramski Cross-Site Scripting vulnerability in Roberta Bramski Uploader 1.0.4

Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.

4.3
2014-04-02 CVE-2013-3484 Dotcms Cross-Site Scripting vulnerability in Dotcms

Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) _loginUserName parameter to application/login/login.html, (2) my_account_login parameter to c/portal_public/login, or (3) email parameter to forgotPassword.

4.3
2014-04-02 CVE-2014-2578 Splunk Cross-Site Scripting vulnerability in Splunk

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-04-02 CVE-2013-1770 Ganglia Cross-Site Scripting vulnerability in Ganglia Ganglia-Web 3.5.7

Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia Web 3.5.7 allows remote attackers to inject arbitrary web script or HTML via the view_name parameter.

4.3
2014-04-02 CVE-2014-2138 Cisco Improper Input Validation vulnerability in Cisco Security Manager

CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349.

4.3
2014-04-02 CVE-2014-2137 Cisco Improper Input Validation vulnerability in Cisco products

CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002.

4.3
2014-04-02 CVE-2014-2125 Cisco Cross-Site Scripting vulnerability in Cisco Unity Connection 8.6/8.6(1A)/8.6(2A)

Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028.

4.3
2014-04-02 CVE-2014-1942 Pearson Cross-Site Scripting vulnerability in Pearson Esis Enterprise Student Information System

Cross-site scripting (XSS) vulnerability in aal/loginverification.aspx in Pearson eSIS Enterprise Student Information System allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-04-02 CVE-2014-0828 IBM Cross-Site Scripting vulnerability in IBM Websphere Portal

Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-04-01 CVE-2013-1869 Redhat Improper Input Validation vulnerability in Redhat Satellite and Spacewalk-Java

CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.

4.3
2014-03-31 CVE-2014-0086 Redhat Improper Input Validation vulnerability in Redhat Jboss web Framework KIT and Richfaces

The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests.

4.3
2014-04-05 CVE-2014-2600 HP Denial of Service vulnerability in HP products

Unspecified vulnerability in HP IceWall Identity Manager 4.0 through SP1 and 5.0 and IceWall SSO 10.0 Password Reset Option, when Apache Commons FileUpload is used, allows remote authenticated users to cause a denial of service via unknown vectors.

4.0
2014-04-05 CVE-2014-2145 Cisco Path Traversal vulnerability in Cisco Unity Connection

Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071.

4.0
2014-04-01 CVE-2009-5141 Jgaa USE of Externally-Controlled Format String vulnerability in Jgaa Warftpd 1.8.2

Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command.

4.0
2014-03-31 CVE-2014-0060 Postgresql Permissions, Privileges, and Access Controls vulnerability in Postgresql

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.

4.0

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-04-01 CVE-2012-0032 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Operations Network

Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials.

3.7
2014-03-31 CVE-2013-7347 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Conga and Enterprise Linux

Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie.

3.7
2014-04-02 CVE-2014-2553 Otrs Cross-Site Scripting vulnerability in Otrs

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields.

3.5
2014-04-02 CVE-2014-0901 IBM Cross-Site Scripting vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1

Cross-site scripting (XSS) vulnerability in the Social Rendering implementation in the IBM Connections integration in IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2014-04-01 CVE-2011-4573 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Operations Network

Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail.

3.5
2014-04-05 CVE-2001-1593 GNU Link Following vulnerability in GNU A2Ps

The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.

2.1