Weekly Vulnerabilities Reports > April 21 to 27, 2014
Overview
115 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 14 high severity vulnerabilities. This weekly summary report vulnerabilities in 123 products from 69 vendors including Cisco, Apple, Microsoft, Debian, and Opensuse. Vulnerabilities are notably categorized as "Improper Input Validation", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Information Exposure".
- 98 reported vulnerabilities are remotely exploitables.
- 8 reported vulnerabilities have public exploit available.
- 27 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 98 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 19 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
13 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-04-27 | CVE-2014-3007 | Python Pythonware | OS Command Injection vulnerability in multiple products Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py. | 10.0 |
2014-04-27 | CVE-2014-1764 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. | 10.0 |
2014-04-27 | CVE-2014-1763 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer 10/11/9 Use-after-free vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. | 10.0 |
2014-04-27 | CVE-2014-2994 | Acunetix | Buffer Errors vulnerability in Acunetix web vulnerability Scanner 8 Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute). | 10.0 |
2014-04-23 | CVE-2014-0474 | Canonical Djangoproject | Resource Management Errors vulnerability in multiple products The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting." | 10.0 |
2014-04-23 | CVE-2014-1318 | Apple | Improper Input Validation vulnerability in Apple mac OS X The Intel Graphics Driver in Apple OS X through 10.9.2 does not properly validate a certain pointer, which allows attackers to execute arbitrary code via a crafted application. | 10.0 |
2014-04-23 | CVE-2014-1314 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application. | 10.0 |
2014-04-27 | CVE-2014-1776 | Microsoft | Use After Free vulnerability in Microsoft Internet Explorer Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. | 9.8 |
2014-04-25 | CVE-2014-0780 | Indusoft | Path Traversal vulnerability in Indusoft web Studio 7.1 Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests. | 9.8 |
2014-04-27 | CVE-2014-1766 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 10/11/9 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014. | 9.3 |
2014-04-25 | CVE-2013-5660 | Powersoftware | Buffer Errors vulnerability in Powersoftware Winarchiver 3.2 Buffer overflow in Power Software WinArchiver 3.2 allows remote attackers to execute arbitrary code via a crafted .zip file. | 9.3 |
2014-04-25 | CVE-2014-0769 | Softmotion3D Festo 3S Software | Improper Authentication vulnerability in multiple products The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001. | 9.3 |
2014-04-25 | CVE-2014-0760 | 3S Software Festo Softmotion3D | Improper Authentication vulnerability in multiple products The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | 9.3 |
14 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-04-22 | CVE-2013-5948 | T Mobile Asus | OS Command Injection vulnerability in multiple products The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter). | 8.5 |
2014-04-24 | CVE-2014-2601 | HP | Remote Denial of Service vulnerability in HP Integrated Lights-Out The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool. | 7.8 |
2014-04-27 | CVE-2014-1765 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer Multiple use-after-free vulnerabilities in Microsoft Internet Explorer 6 through 11 allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014. | 7.6 |
2014-04-25 | CVE-2014-2579 | Xcloner | Cross-Site Request Forgery (CSRF) vulnerability in Xcloner 3.5 Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) when the enable_db_backup and sql_mem options are enabled, access the database backup functionality via the dbbackup_comp parameter in the generate action to index2.php. | 7.6 |
2014-04-27 | CVE-2014-1762 | Microsoft | Remote Code Execution vulnerability in Microsoft Internet Explorer Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at CanSecWest 2014. | 7.5 |
2014-04-24 | CVE-2014-2736 | Modx | SQL Injection vulnerability in Modx Revolution Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message.php or (3) id parameter to manager/index.php. | 7.5 |
2014-04-23 | CVE-2014-2888 | Herry | Unspecified vulnerability in Herry Sfpagent lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request. | 7.5 |
2014-04-23 | CVE-2014-2709 | Cacti Debian | Security vulnerability in Cacti 'rrd.php' lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters. | 7.5 |
2014-04-22 | CVE-2014-2892 | Libmms Project | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libmms Project Libmms Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response. | 7.5 |
2014-04-22 | CVE-2014-2737 | Knowledgetree | SQL Injection vulnerability in Knowledgetree SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function. | 7.5 |
2014-04-22 | CVE-2014-1216 | Fitnesse | Remote Code Execution vulnerability in Fitnesse FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page. | 7.5 |
2014-04-21 | CVE-2014-2921 | Pimcore | Code Injection vulnerability in Pimcore The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via vectors involving a Zend_Pdf_ElementFactory_Proxy object and a pathname with a trailing \0 character. | 7.5 |
2014-04-25 | CVE-2014-2996 | Xcloner | Code Injection vulnerability in Xcloner 3.5 XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup_comp parameter in a generate action to index2.php. | 7.1 |
2014-04-22 | CVE-2013-7338 | Python Apple | Improper Input Validation vulnerability in multiple products Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function. | 7.1 |
76 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-04-25 | CVE-2013-4726 | Ddsn | Cross-Site Request Forgery (CSRF) vulnerability in Ddsn CM3 Acora Content Management System Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2014-04-25 | CVE-2013-4565 | Debian | Buffer Errors vulnerability in Debian Ppthtml 0.5.1 Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .ppt file. | 6.8 |
2014-04-25 | CVE-2013-5954 | Revive Adserver Openx | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php. | 6.8 |
2014-04-23 | CVE-2014-2327 | Cacti Debian Opensuse | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users. | 6.8 |
2014-04-23 | CVE-2014-1319 | Apple | Buffer Errors vulnerability in Apple mac OS X 10.9/10.9.1/10.9.2 Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. | 6.8 |
2014-04-23 | CVE-2014-1315 | Apple | USE of Externally-Controlled Format String vulnerability in Apple mac OS X 10.9/10.9.1/10.9.2 Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a URL. | 6.8 |
2014-04-23 | CVE-2014-1295 | Apple | Improper Authentication vulnerability in Apple Iphone OS, mac OS X and Tvos Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack." | 6.8 |
2014-04-23 | CVE-2012-5422 | Cisco | Denial-Of-Service vulnerability in Cisco IOS Unspecified vulnerability in Cisco IOS before 15.3(2)T on AS5400 devices allows remote authenticated users to cause a denial of service (spurious errors) via unknown vectors, aka Bug ID CSCub61009. | 6.8 |
2014-04-23 | CVE-2012-5036 | Cisco | Resource Management Errors vulnerability in Cisco IOS Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662. | 6.8 |
2014-04-23 | CVE-2012-5017 | Cisco | Improper Input Validation vulnerability in Cisco products Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device reload) by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID CSCub39268. | 6.8 |
2014-04-22 | CVE-2014-2659 | Papercut | Cross-Site Request Forgery (CSRF) vulnerability in Papercut MF and Papercut NG Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 6.8 |
2014-04-22 | CVE-2014-1615 | Carbonblack | Cross-Site Request Forgery (CSRF) vulnerability in Carbonblack Carbon Black 4.0.3/4.1.0 Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative users and have other unspecified action, as demonstrated by a request to api/user. | 6.8 |
2014-04-22 | CVE-2014-2341 | Cubecart | Improper Authentication vulnerability in Cubecart Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | 6.8 |
2014-04-23 | CVE-2014-2328 | Cacti Fedoraproject Opensuse Debian | Remote Command Execution vulnerability in Cacti lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors. | 6.5 |
2014-04-22 | CVE-2014-2654 | Mobfox | SQL Injection vulnerability in Mobfox Madserve 2.0 Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) edit_ad_unit.php, (2) view_adunits.php, or (3) edit_campaign.php in www/cp/. | 6.5 |
2014-04-27 | CVE-2013-6887 | Uclouvain | Improper Input Validation vulnerability in Uclouvain Openjpeg 1.5.1 OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors. | 6.4 |
2014-04-27 | CVE-2011-3152 | Canonical | Cryptographic Issues vulnerability in Canonical Ubuntu Linux and Update-Manager DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file. | 6.4 |
2014-04-26 | CVE-2014-2993 | Birebin | Cryptographic Issues vulnerability in Birebin Birebin.Com APP The Birebin.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 6.4 |
2014-04-26 | CVE-2014-2992 | Misli | Cryptographic Issues vulnerability in Misli Misli.Com APP The Misli.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 6.4 |
2014-04-26 | CVE-2014-0350 | Pocoproject | Cryptographic Issues vulnerability in Pocoproject Poco C++ Libraries 1.4.5/1.4.6 The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate. | 6.4 |
2014-04-23 | CVE-2012-5032 | Cisco | Improper Authentication vulnerability in Cisco IOS The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or the discarding of this traffic, by arranging for an arbitrary device to become a cluster member, aka Bug ID CSCub93641. | 6.4 |
2014-04-22 | CVE-2014-2269 | Vtiger | Improper Input Validation vulnerability in Vtiger CRM 6.0.0 modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters. | 6.4 |
2014-04-21 | CVE-2014-2922 | Pimcore | Improper Input Validation vulnerability in Pimcore 1.4.9/1.5.0/2.1.0 The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote attackers to conduct PHP object injection attacks and delete arbitrary files via vectors involving a Zend_Http_Response_Stream object. | 6.4 |
2014-04-23 | CVE-2012-5014 | Cisco | Denial-Of-Service vulnerability in IOS Cisco IOS before 15.1(2)SY allows remote authenticated users to cause a denial of service (device crash) by establishing an SSH session from a client and then placing this client into a (1) slow or (2) idle state, aka Bug ID CSCto87436. | 6.3 |
2014-04-22 | CVE-2014-2719 | Asus T Mobile | Information Exposure vulnerability in multiple products Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code. | 6.3 |
2014-04-24 | CVE-2012-5723 | Cisco | Improper Input Validation vulnerability in Cisco products Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948. | 6.1 |
2014-04-23 | CVE-2012-1366 | Cisco | Improper Input Validation vulnerability in Cisco products Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544. | 6.1 |
2014-04-25 | CVE-2013-4723 | Ddsn | Improper Input Validation vulnerability in Ddsn CM3 Acora Content Management System Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx. | 5.8 |
2014-04-25 | CVE-2014-2909 | Siemens | Code Injection vulnerability in Siemens products CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. | 5.8 |
2014-04-22 | CVE-2014-2900 | Yassl | Cryptographic Issues vulnerability in Yassl Cyassl wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate. | 5.8 |
2014-04-22 | CVE-2014-2735 | Winscp | Improper Input Validation vulnerability in Winscp WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 |
2014-04-22 | CVE-2014-0173 | Automattic | Permissions, Privileges, and Access Controls vulnerability in Automattic Jetpack The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors. | 5.8 |
2014-04-23 | CVE-2012-3062 | Cisco | Improper Input Validation vulnerability in Cisco IOS 15.1 Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193. | 5.7 |
2014-04-24 | CVE-2014-2915 | XEN | Permissions, Privileges, and Access Controls vulnerability in XEN 4.4.0 Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified vectors, related to (1) cache control, (2) coprocessors, (3) debug registers, and (4) other unspecified registers. | 5.5 |
2014-04-21 | CVE-2013-5459 | IBM | Security vulnerability in IBM products Unspecified vulnerability in IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modify data by leveraging improper parameter checking. | 5.5 |
2014-04-23 | CVE-2012-5044 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809. | 5.4 |
2014-04-23 | CVE-2012-1317 | Cisco | Buffer Errors vulnerability in Cisco IOS 15.1 The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717. | 5.4 |
2014-04-23 | CVE-2014-0472 | Djangoproject Canonical | Code Injection vulnerability in multiple products The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path." | 5.1 |
2014-04-27 | CVE-2013-6053 | Uclouvain | Improper Input Validation vulnerability in Uclouvain Openjpeg 1.5.1 OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read. | 5.0 |
2014-04-24 | CVE-2012-3946 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682. | 5.0 |
2014-04-23 | CVE-2011-5279 | Microsoft | Unspecified vulnerability in Microsoft Internet Information Services 4.0/5.0 CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header. | 5.0 |
2014-04-23 | CVE-2014-0892 | IBM Linux | Information Exposure vulnerability in IBM Lotus Domino and Lotus Notes IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to execute arbitrary code by leveraging the absence of the NX protection mechanism and placing crafted x86 code on the stack, aka SPR KLYH9GGS9W. | 5.0 |
2014-04-23 | CVE-2014-2983 | Drupal Debian | Information Exposure vulnerability in multiple products Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors. | 5.0 |
2014-04-23 | CVE-2014-2976 | Sixnet | Path Traversal vulnerability in Sixnet Sixview Manager 2.4.1 Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. | 5.0 |
2014-04-23 | CVE-2014-0473 | Djangoproject Canonical | Permissions, Privileges, and Access Controls vulnerability in multiple products The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users. | 5.0 |
2014-04-23 | CVE-2014-1316 | Apple | Improper Input Validation vulnerability in Apple mac OS X Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service (abort and daemon exit) via ASN.1 data encountered in the Kerberos 5 protocol. | 5.0 |
2014-04-23 | CVE-2012-4658 | Cisco | Improper Authentication vulnerability in Cisco IOS The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated HTTP sessions, aka Bug ID CSCtz99447. | 5.0 |
2014-04-23 | CVE-2012-0360 | Cisco | Resource Management Errors vulnerability in Cisco IOS 15.1 Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376. | 5.0 |
2014-04-22 | CVE-2014-2899 | Yassl | Improper Input Validation vulnerability in Yassl Cyassl wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found. | 5.0 |
2014-04-23 | CVE-2014-1322 | Apple | Information Exposure vulnerability in Apple mac OS X The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object. | 4.9 |
2014-04-23 | CVE-2014-1320 | Apple | Information Exposure vulnerability in Apple Iphone OS, mac OS X and Tvos IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object. | 4.9 |
2014-04-23 | CVE-2012-4638 | Cisco | Denial-Of-Service vulnerability in Cisco IOS 15.1 Cisco IOS before 15.1(1)SY allows local users to cause a denial of service (device reload) by establishing an outbound SSH session, aka Bug ID CSCto00318. | 4.9 |
2014-04-23 | CVE-2012-5037 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an object-group command, aka Bug ID CSCts16133. | 4.6 |
2014-04-27 | CVE-2013-0296 | Zlib | Permissions, Privileges, and Access Controls vulnerability in Zlib Pigz Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring. | 4.4 |
2014-04-27 | CVE-2011-3603 | Litech | Improper Input Validation vulnerability in Litech Router Advertisement Daemon The router advertisement daemon (radvd) before 1.8.2 does not properly handle errors in the privsep_init function, which causes the radvd daemon to run as root and has an unspecified impact. | 4.4 |
2014-04-27 | CVE-2014-2285 | NET Snmp | Improper Input Validation vulnerability in Net-Snmp The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl. | 4.3 |
2014-04-25 | CVE-2013-4722 | Ddsn | Cross-Site Scripting vulnerability in Ddsn CM3 Acora Content Management System Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) url, (3) qstr parameter. | 4.3 |
2014-04-25 | CVE-2013-2025 | Ushahidi | Cross-Site Scripting vulnerability in Ushahidi Platform 2.5/2.6/2.6.1 Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-04-25 | CVE-2013-5956 | Joomlaboat | Cross-Site Scripting vulnerability in Joomlaboat COM Youtubegallery 3.4.0 Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php in the Youtube Gallery (com_youtubegallery) component 3.4.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the videofile parameter. | 4.3 |
2014-04-25 | CVE-2012-4230 | Tinymce | Permissions, Privileges, and Access Controls vulnerability in Tinymce 3.5.8 The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors, as demonstrated using a textarea element. | 4.3 |
2014-04-25 | CVE-2014-2908 | Siemens | Cross-Site Scripting vulnerability in Siemens products Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-04-24 | CVE-2013-6738 | IBM | Cross-Site Scripting vulnerability in IBM Smartcloud Analytics LOG Analysis 1.1.0/1.2.0 Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint. | 4.3 |
2014-04-24 | CVE-2014-2393 | Open Xchange | Cross-Site Scripting vulnerability in Open-Xchange Appsuite Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment. | 4.3 |
2014-04-24 | CVE-2014-2392 | Open Xchange | Information Exposure vulnerability in Open-Xchange Appsuite The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | 4.3 |
2014-04-24 | CVE-2014-2391 | Open Xchange | Information Exposure vulnerability in Open-Xchange Appsuite The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request. | 4.3 |
2014-04-23 | CVE-2014-2554 | Opensuse Otrs | Improper Input Validation vulnerability in multiple products OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element. | 4.3 |
2014-04-23 | CVE-2014-1648 | Symantec | Cross-Site Scripting vulnerability in Symantec Messaging Gateway Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter. | 4.3 |
2014-04-23 | CVE-2014-1296 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple products CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction. | 4.3 |
2014-04-23 | CVE-2012-5039 | Cisco | Resource Management Errors vulnerability in Cisco IOS The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003. | 4.3 |
2014-04-23 | CVE-2012-4651 | Cisco | Numeric Errors vulnerability in Cisco IOS Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Tower, aka Bug ID CSCub85451. | 4.3 |
2014-04-23 | CVE-2012-3918 | Cisco | Denial-Of-Service vulnerability in Cisco IOS Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317. | 4.3 |
2014-04-22 | CVE-2014-2890 | Siege | Cross-Site Scripting vulnerability in Siege PHPmyid 0.9 Cross-site scripting (XSS) vulnerability in the wrap_html function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_error parameter to MyID.config.php when the openid.mode parameter is set to error, which is not properly handled in an error message. | 4.3 |
2014-04-22 | CVE-2013-2187 | Apache | Cross-Site Scripting vulnerability in Apache Archiva Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page. | 4.3 |
2014-04-22 | CVE-2013-1421 | Webcalendar Project | Cross-Site Scripting vulnerability in Webcalendar Project Webcalendar Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php. | 4.3 |
2014-04-22 | CVE-2014-2925 | T Mobile Asus | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi. | 4.3 |
2014-04-23 | CVE-2012-5427 | Cisco | Improper Input Validation vulnerability in Cisco IOS Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP packets, aka Bug ID CSCuc42518. | 4.0 |
12 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-04-25 | CVE-2013-3069 | Netgear | Cross-Site Scripting vulnerability in Netgear Wndr4700 and Wndr4700 Firmware Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page. | 3.5 |
2014-04-25 | CVE-2014-2729 | Ektron | Cross-Site Scripting vulnerability in Ektron Content Management System 8.7.0 Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects tab in the View Properties menu option. | 3.5 |
2014-04-21 | CVE-2014-0932 | IBM | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.5 before HF105 and Sterling Selling and Fulfillment Foundation 9.0 before HF85 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2014-04-23 | CVE-2014-1321 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.9/10.9.1/10.9.2 Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action. | 3.3 |
2014-04-22 | CVE-2013-4472 | Freedesktop | Link Following vulnerability in Freedesktop Poppler The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | 3.3 |
2014-04-22 | CVE-2013-4116 | Npmjs | Link Following vulnerability in Npmjs Node Packaged Modules 1.3.2 lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives. | 3.3 |
2014-04-22 | CVE-2013-2105 | Jonathan Leung | Link Following vulnerability in Jonathan Leung Show in Browser 0.0.3 The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html. | 3.3 |
2014-04-21 | CVE-2014-0361 | Toshibacommerce | Cryptographic Issues vulnerability in Toshibacommerce 4690 Point of Sale Operating System 6.2/6.3/6.4 The default configuration of IBM 4690 OS, as used in Toshiba Global Commerce Solutions 4690 POS and other products, hashes passwords with the ADXCRYPT algorithm, which makes it easier for context-dependent attackers to obtain sensitive information via unspecified cryptanalysis of an ADXCSOUF.DAT file. | 3.0 |
2014-04-23 | CVE-2014-1647 | Symantec | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec Encryption Desktop and PGP Desktop Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate. | 2.6 |
2014-04-23 | CVE-2014-1646 | Symantec | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec Encryption Desktop and PGP Desktop Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate. | 2.6 |
2014-04-27 | CVE-2014-0181 | Linux Opensuse Redhat Suse | Permissions, Privileges, and Access Controls vulnerability in multiple products The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program. | 2.1 |
2014-04-23 | CVE-2014-2893 | Opensuse Llvm | Link Following vulnerability in multiple products The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names. | 1.9 |