Weekly Vulnerabilities Reports > April 28 to May 4, 2014
Overview
127 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 31 high severity vulnerabilities. This weekly summary report vulnerabilities in 119 products from 63 vendors including Cisco, Canonical, Fedoraproject, Mozilla, and Opensuse. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Cross-site Scripting", "Information Exposure", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 112 reported vulnerabilities are remotely exploitables.
- 6 reported vulnerabilities have public exploit available.
- 26 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 99 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 24 reported vulnerabilities.
- Canonical has the most reported critical vulnerabilities, with 8 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
16 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-05-02 | CVE-2014-2171 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Telepresence TC Software and Telepresence TE Software Heap-based buffer overflow in Cisco TelePresence TC Software 4.x through 6.x before 6.0.1 and TE Software 4.x and 6.0.x before 6.0.2 allows remote attackers to execute arbitrary code via crafted SIP packets, aka Bug ID CSCud81796. | 10.0 |
2014-05-01 | CVE-2014-2882 | Citrix | Unspecified vulnerability in Citrix products Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate validation. | 10.0 |
2014-05-01 | CVE-2014-2881 | Citrix | Security vulnerability in Citrix NetScaler Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors. | 10.0 |
2014-04-30 | CVE-2014-1528 | Canonical Opensuse Opensuse Project Oracle Mozilla Microsoft Fedoraproject | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element. | 10.0 |
2014-04-29 | CVE-2014-0515 | Adobe Linux Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Flash Player Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014. | 10.0 |
2014-04-28 | CVE-2014-3008 | Unitrends | OS Command Injection vulnerability in Unitrends Enterprise Backup 7.3.0 Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php. | 10.0 |
2014-04-30 | CVE-2014-1531 | Mozilla Canonical Debian Redhat Fedoraproject Opensuse Suse | USE After Free vulnerability in multiple products Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation. | 9.3 |
2014-04-30 | CVE-2014-1529 | Mozilla Canonical Debian Redhat Fedoraproject Opensuse Suse | Improper Privilege Management vulnerability in multiple products The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted. | 9.3 |
2014-04-30 | CVE-2014-1525 | Mozilla Canonical Opensuse Fedoraproject | USE After Free vulnerability in multiple products The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document. | 9.3 |
2014-04-30 | CVE-2014-1522 | Fedoraproject Canonical Opensuse Mozilla | Out-Of-Bounds Read vulnerability in multiple products The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted content. | 9.3 |
2014-04-30 | CVE-2014-1519 | Mozilla Canonical Opensuse Fedoraproject | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
2014-04-30 | CVE-2014-1518 | Mozilla Fedoraproject Canonical Debian Redhat Opensuse Suse | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
2014-05-02 | CVE-2014-2170 | Cisco | Code Injection vulnerability in Cisco Telepresence TC Software and Telepresence TE Software Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to tshell (aka tcsh) scripts, aka Bug ID CSCue60202. | 9.0 |
2014-05-02 | CVE-2014-2169 | Cisco | Improper Input Validation vulnerability in Cisco Telepresence TC Software and Telepresence TE Software Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to internal system scripts, aka Bug ID CSCue60211. | 9.0 |
2014-04-30 | CVE-2013-6990 | Fortinet | Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortiauthenticator FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface. | 9.0 |
2014-04-28 | CVE-2014-0187 | Openstack Canonical Opensuse | Permissions, Privileges, and Access Controls vulnerability in multiple products The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied. | 9.0 |
31 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-05-02 | CVE-2014-3000 | Freebsd | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freebsd The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or possibly read system memory via multiple crafted packets, related to moving a reassemble queue entry to the segment list when the queue is full. | 7.8 |
2014-05-02 | CVE-2014-2175 | Cisco | Improper Input Validation vulnerability in Cisco Telepresence TC Software and Telepresence TE Software Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allow remote attackers to cause a denial of service (memory consumption) via crafted H.225 packets, aka Bug ID CSCtq78849. | 7.8 |
2014-05-02 | CVE-2014-2167 | Cisco | Improper Input Validation vulnerability in Cisco Telepresence TC Software and Telepresence TE Software The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCua86589. | 7.8 |
2014-05-02 | CVE-2014-2166 | Cisco | Improper Input Validation vulnerability in Cisco Telepresence TC Software and Telepresence TE Software The SIP implementation in Cisco TelePresence TC Software 4.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCto70562. | 7.8 |
2014-05-02 | CVE-2014-2165 | Cisco | Improper Input Validation vulnerability in Cisco Telepresence TC Software and Telepresence TE Software The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtq72699. | 7.8 |
2014-05-02 | CVE-2014-2164 | Cisco | Improper Input Validation vulnerability in Cisco Telepresence TC Software and Telepresence TE Software The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCuj94651. | 7.8 |
2014-05-02 | CVE-2014-2163 | Cisco | Improper Input Validation vulnerability in Cisco Telepresence TC Software and Telepresence TE Software The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCua64961. | 7.8 |
2014-05-02 | CVE-2014-2162 | Cisco | Improper Input Validation vulnerability in Cisco Telepresence TC Software and Telepresence TE Software The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCud29566. | 7.8 |
2014-05-02 | CVE-2014-2161 | Cisco | Improper Input Validation vulnerability in Cisco products The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45731. | 7.8 |
2014-05-02 | CVE-2014-2160 | Cisco | Improper Input Validation vulnerability in Cisco products The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45745. | 7.8 |
2014-05-02 | CVE-2014-2159 | Cisco | Improper Input Validation vulnerability in Cisco products The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCtq78722. | 7.8 |
2014-05-02 | CVE-2014-2158 | Cisco | Improper Input Validation vulnerability in Cisco products Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45720. | 7.8 |
2014-05-02 | CVE-2014-2168 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Telepresence TC Software and Telepresence TE Software Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to execute arbitrary code via crafted DNS response packets, aka Bug ID CSCty44804. | 7.6 |
2014-05-02 | CVE-2014-2322 | Dynamixsolutions | Unspecified vulnerability in Dynamixsolutions Arabic Prawn 0.0.1 lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable. | 7.5 |
2014-05-02 | CVE-2014-3139 | Unitrends | Improper Authentication vulnerability in Unitrends Enterprise Backup 7.3.0 recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string. | 7.5 |
2014-04-30 | CVE-2014-1532 | Mozilla Fedoraproject Canonical Debian Redhat Opensuse Suse | USE After Free vulnerability in multiple products Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution. | 7.5 |
2014-04-30 | CVE-2014-1524 | Mozilla Canonical Debian Redhat Opensuse Suse Fedoraproject | Classic Buffer Overflow vulnerability in multiple products The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object. | 7.5 |
2014-04-29 | CVE-2013-7373 | Information Exposure vulnerability in Google Android Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications. | 7.5 | |
2014-04-29 | CVE-2014-0088 | F5 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in F5 Nginx 1.5.10 The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request. | 7.5 |
2014-04-29 | CVE-2013-7236 | Simplemachines | Improper Input Validation vulnerability in Simplemachines Simple Machines Forum Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username. | 7.5 |
2014-04-29 | CVE-2013-7134 | Phusion | Credentials Management vulnerability in Phusion Juvia Juvia uses the same secret key for all installations, which allows remote attackers to have unspecified impact by leveraging the secret key in app/config/initializers/secret_token.rb, related to cookies. | 7.5 |
2014-04-29 | CVE-2014-0113 | Apache | Permissions, Privileges, and Access Controls vulnerability in Apache Struts CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. | 7.5 |
2014-04-29 | CVE-2014-0112 | Apache | Permissions, Privileges, and Access Controls vulnerability in Apache Struts ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. | 7.5 |
2014-04-28 | CVE-2014-2846 | Westerndigital | Path Traversal vulnerability in Westerndigital Arkeia Virtual Appliance Firmware 10.2.7 Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin. | 7.5 |
2014-04-28 | CVE-2014-2657 | Papercut | Security vulnerability in Papercut MF 14.1 Unspecified vulnerability in the print release functionality in PaperCut MF before 14.1 (Build 26983) has unknown impact and remote vectors, related to embedded MFPs. | 7.5 |
2014-04-28 | CVE-2014-2042 | Livetecs | Arbitrary File Upload vulnerability in Livetecs Timelive Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a predictable directory in Uploads/. | 7.5 |
2014-04-28 | CVE-2014-1217 | Livetecs | Permissions, Privileges, and Access Controls vulnerability in Livetecs Timeline Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors. | 7.5 |
2014-05-02 | CVE-2014-2173 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Telepresence TC Software and Telepresence TE Software Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 do not properly restrict access to the serial port, which allows local users to gain privileges via unspecified commands, aka Bug ID CSCub67692. | 7.2 |
2014-04-30 | CVE-2014-0470 | Super Project | Permissions, Privileges, and Access Controls vulnerability in Super Project Super 3.30.0 super.c in Super 3.30.0 does not check the return value of the setuid function when the -F flag is set, which allows local users to gain privileges via unspecified vectors, aka an RLIMIT_NPROC attack. | 7.2 |
2014-05-02 | CVE-2014-2157 | Cisco | Improper Input Validation vulnerability in Cisco products Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45733. | 7.1 |
2014-05-02 | CVE-2014-2156 | Cisco | Improper Input Validation vulnerability in Cisco products Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45739. | 7.1 |
72 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-05-02 | CVE-2014-2905 | Fishshell | Permissions, Privileges, and Access Controls vulnerability in Fishshell Fish 1.16.0/2.0.0 fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions. | 6.9 |
2014-05-01 | CVE-2014-0646 | EMC | Cryptographic Issues vulnerability in EMC RSA Access Manager 6.1/6.2 The runtime WS component in the server in EMC RSA Access Manager 6.1.3 before 6.1.3.39, 6.1.4 before 6.1.4.22, 6.2.0 before 6.2.0.11, and 6.2.1 before 6.2.1.03, when INFO logging is enabled, allows local users to discover cleartext passwords by reading log files. | 6.9 |
2014-04-30 | CVE-2014-1520 | Mozilla Fedoraproject | Improper Privilege Management vulnerability in multiple products maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process. | 6.9 |
2014-05-02 | CVE-2014-3006 | Sitepark | Permissions, Privileges, and Access Controls vulnerability in Sitepark Information Enterprise Server 2.9 Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and obtain sensitive information via a request to install/. | 6.8 |
2014-04-30 | CVE-2014-2186 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Meetings Server Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj81777. | 6.8 |
2014-04-30 | CVE-2014-1526 | Mozilla Canonical Opensuse Fedoraproject | Improper Privilege Management vulnerability in multiple products The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped objects. | 6.8 |
2014-04-29 | CVE-2013-7302 | Ubercart Drupal | Improper Authentication vulnerability in Ubercart Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID. | 6.8 |
2014-04-29 | CVE-2013-7284 | Malcolm Nooning | Code Injection vulnerability in Malcolm Nooning Pirpc The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized. | 6.8 |
2014-04-29 | CVE-2013-7259 | Neo4J | Cross-Site Request Forgery (CSRF) vulnerability in Neo4J 1.9.2 Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/. | 6.8 |
2014-05-02 | CVE-2014-2172 | Cisco | Buffer Errors vulnerability in Cisco Telepresence TC Software and Telepresence TE Software Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows local users to gain privileges by leveraging improper handling of the u-boot compiler flag for internal executable files, aka Bug ID CSCub67693. | 6.6 |
2014-05-02 | CVE-2014-3138 | Xerox | SQL Injection vulnerability in Xerox Docushare 6.5.3/6.6.1 SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/. | 6.5 |
2014-04-30 | CVE-2013-1806 | PHP Fusion | Path Traversal vulnerability in PHP-Fusion Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. | 6.5 |
2014-04-30 | CVE-2014-2565 | Bluecoat | OS Command Injection vulnerability in Bluecoat products The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injection." | 6.5 |
2014-04-30 | CVE-2014-1957 | Fortinet | Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortiweb FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors. | 6.5 |
2014-04-29 | CVE-2014-2183 | Cisco | Improper Input Validation vulnerability in Cisco products The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973. | 6.3 |
2014-05-02 | CVE-2014-3125 | XEN | Permissions, Privileges, and Access Controls vulnerability in XEN 4.4.0 Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash) via unspecified vectors. | 6.2 |
2014-05-02 | CVE-2014-1989 | Cybozu | Permissions, Privileges, and Access Controls vulnerability in Cybozu Garoon Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls. | 6.0 |
2014-05-02 | CVE-2014-3001 | Freebsd | Permissions, Privileges, and Access Controls vulnerability in Freebsd 10.0 The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jailed device node process. | 5.8 |
2014-04-30 | CVE-2014-0363 | Igniterealtime | Improper Certificate Validation vulnerability in Igniterealtime Smack The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain. | 5.8 |
2014-04-29 | CVE-2013-7065 | Organic Groups Project | Permissions, Privileges, and Access Controls vulnerability in Organic Groups Project Organic Groups The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field. | 5.8 |
2014-05-02 | CVE-2013-7061 | Plone | Permissions, Privileges, and Access Controls vulnerability in Plone Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API. | 5.5 |
2014-04-28 | CVE-2014-2986 | XEN | Improper Input Validation vulnerability in XEN 4.4.0 The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denial of service (NULL pointer dereference and host crash) via unspecified vectors. | 5.5 |
2014-05-02 | CVE-2013-7060 | Plone | Information Exposure vulnerability in Plone Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope. | 5.0 |
2014-05-01 | CVE-2014-0859 | IBM | Denial of Service vulnerability in IBM WebSphere Application Server The web-server plugin in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, when POST retries are enabled, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | 5.0 |
2014-05-01 | CVE-2014-0786 | Ecava | Cryptographic Issues vulnerability in Ecava Integraxor Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role. | 5.0 |
2014-04-30 | CVE-2013-1807 | PHP Fusion | Permissions, Privileges, and Access Controls vulnerability in PHP-Fusion PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/db_backups/. | 5.0 |
2014-04-30 | CVE-2014-3133 | SAP | Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver Java Application Server SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection. | 5.0 |
2014-04-30 | CVE-2014-3129 | SAP | Information Exposure vulnerability in SAP Netweaver Software Lifecycle Manager 7.1 The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1. | 5.0 |
2014-04-30 | CVE-2014-1956 | Fortinet | Unspecified vulnerability in Fortinet Fortiweb CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 5.0 |
2014-04-30 | CVE-2014-0471 | Debian Canonical | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting." | 5.0 |
2014-04-30 | CVE-2013-6445 | Redhat | Cryptographic Issues vulnerability in Redhat Enterprise MRG 2.5 Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack. | 5.0 |
2014-04-30 | CVE-2014-2545 | Tibco | Information Exposure vulnerability in Tibco products TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File Transfer Command Center before 7.2.2, Slingshot before 1.9.1, and Vault before 1.0.1 allow remote attackers to obtain sensitive information via a crafted HTTP request. | 5.0 |
2014-04-30 | CVE-2014-1527 | Fedoraproject Mozilla Oracle | Security vulnerability in Mozilla Firefox for Android Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen. | 5.0 |
2014-04-30 | CVE-2014-0364 | Igniterealtime | Insufficient Verification of Data Authenticity vulnerability in Igniterealtime Smack The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute. | 5.0 |
2014-04-29 | CVE-2013-7372 | Apache | Cryptographic Issues vulnerability in multiple products The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and other products, when no seed is provided by the user, uses an incorrect offset value, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the resulting PRNG predictability, as exploited in the wild against Bitcoin wallet applications in August 2013. | 5.0 |
2014-04-29 | CVE-2013-7111 | Basespace Ruby SDK Project | Information Exposure vulnerability in Basespace Ruby SDK Project Basespace Ruby SDK 0.1.7 The put_call function in the API client (api/api_client.rb) in the BaseSpace Ruby SDK (aka bio-basespace-sdk) gem 0.1.7 for Ruby uses the API_KEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes. | 5.0 |
2014-04-29 | CVE-2013-7063 | Invitation Project | Permissions, Privileges, and Access Controls vulnerability in Invitation Project Invitation 7.X2.0/7.X2.1 The Invitation module 7.x-2.x for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified default views. | 5.0 |
2014-04-29 | CVE-2014-2184 | Cisco | Improper Input Validation vulnerability in Cisco Unified Communications Manager The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352. | 5.0 |
2014-04-29 | CVE-2014-1843 | Southrivertech | Path Traversal vulnerability in Southrivertech Titan FTP Server Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. | 5.0 |
2014-04-29 | CVE-2014-1842 | Southrivertech | Path Traversal vulnerability in Southrivertech Titan FTP Server Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. | 5.0 |
2014-04-29 | CVE-2014-1841 | Southrivertech | Path Traversal vulnerability in Southrivertech Titan FTP Server Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. | 5.0 |
2014-04-28 | CVE-2014-2658 | Papercut | Denial of Service vulnerability in PaperCut MF And PaperCut NG Unspecified vulnerability in Papercut MF and NG before 14.1 (Build 26983) allows attacker to cause a denial of service via unknown vectors. | 5.0 |
2014-04-28 | CVE-2014-0079 | Zarafa | Improper Input Validation vulnerability in Zarafa The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password." | 5.0 |
2014-04-28 | CVE-2014-0037 | Zarafa | Improper Input Validation vulnerability in Zarafa The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the username." | 5.0 |
2014-04-29 | CVE-2013-7068 | Organic Groups Project | Permissions, Privileges, and Access Controls vulnerability in Organic Groups Project Organic Groups The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field. | 4.9 |
2014-05-01 | CVE-2013-7374 | Canonical | Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu Linux 13.10 The Ubuntu Date and Time Indicator (aka indicator-datetime) 13.10.0+13.10.x before 13.10.0+13.10.20131023.2-0ubuntu1.1 does not properly restrict access to Evolution, which allows local users to bypass the greeter screen restrictions by clicking the date. | 4.6 |
2014-04-30 | CVE-2014-3130 | SAP | Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver Abap Application Server The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages. | 4.6 |
2014-04-29 | CVE-2013-7221 | Gnome | Permissions, Privileges, and Access Controls vulnerability in Gnome Gnome-Shell The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation. | 4.6 |
2014-04-29 | CVE-2013-7220 | Gnome | Unspecified vulnerability in Gnome Gnome-Shell js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search. | 4.6 |
2014-05-02 | CVE-2014-1899 | Citrix | Cross-Site Scripting vulnerability in Citrix products Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-05-02 | CVE-2014-1441 | Coreftp | Race Condition vulnerability in Coreftp Core FTP 1.2 Core FTP Server 1.2 before build 515 allows remote attackers to cause a denial of service (reachable assertion and crash) via an AUTH SSL command with malformed data, as demonstrated by pressing the enter key twice. | 4.3 |
2014-05-02 | CVE-2013-7110 | Transifex | Improper Input Validation vulnerability in Transifex Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. | 4.3 |
2014-05-02 | CVE-2013-2073 | Transifex | Improper Input Validation vulnerability in Transifex Transifex command-line client before 0.9 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. | 4.3 |
2014-05-01 | CVE-2014-0896 | IBM | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information via a crafted request. | 4.3 |
2014-05-01 | CVE-2014-0823 | IBM | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files via a crafted URL. | 4.3 |
2014-04-30 | CVE-2014-3135 | Vbulletin | Cross-Site Scripting vulnerability in Vbulletin 5.1.1 Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to privatemessage/new/, (2) the folderid parameter to a private message in privatemessage/view, (3) a fragment indicator to /help, or (4) the view parameter to a topic, as demonstrated by a request to forum/anunturi-importante/rst-power/67030-rst-admin-restore. | 4.3 |
2014-04-30 | CVE-2014-3134 | SAP | Cross-Site Scripting vulnerability in SAP Businessobjects Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-04-30 | CVE-2014-1955 | Fortinet | Cross-Site Scripting vulnerability in Fortinet Fortiweb Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-04-30 | CVE-2014-1530 | Mozilla Fedoraproject Canonical Debian Redhat Opensuse Suse | Cross-Site Scripting vulnerability in multiple products The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation. | 4.3 |
2014-04-30 | CVE-2014-1523 | Mozilla Fedoraproject Debian Canonical Redhat Opensuse Suse | Out-Of-Bounds Write vulnerability in multiple products Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. | 4.3 |
2014-04-29 | CVE-2013-1804 | PHP Fusion | Cross-Site Scripting vulnerability in PHP-Fusion Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php; or remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (2) user_list or (3) user_types parameter to messages.php; (4) message parameter to infusions/shoutbox_panel/shoutbox_admin.php; (5) message parameter to administration/news.php; (6) panel_list parameter to administration/panel_editor.php; (7) HTTP User Agent string to administration/phpinfo.php; (8) "__BBCODE__" parameter to administration/bbcodes.php; errorMessage parameter to (9) article_cats.php, (10) download_cats.php, (11) news_cats.php, or (12) weblink_cats.php in administration/, when error is 3; or (13) body or (14) body2 parameter to administration/articles.php. | 4.3 |
2014-04-29 | CVE-2014-2853 | Mediawiki | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action. | 4.3 |
2014-04-29 | CVE-2013-7066 | Entity Reference Project | Permissions, Privileges, and Access Controls vulnerability in Entity Reference Project Entityreference 7.X1.0/7.X1.X The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal allows remote attackers to read private nodes titles by leveraging edit permissions to a node that references a private node. | 4.3 |
2014-04-28 | CVE-2014-2980 | Gnustep | Improper Input Validation vulnerability in Gnustep Base 1.24.6 Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run in daemon mode, does not properly handle the file descriptor for the logger, which allows remote attackers to cause a denial of service (abort) via an invalid request. | 4.3 |
2014-04-28 | CVE-2014-2715 | Videowhisper | Cross-Site Scripting vulnerability in Videowhisper Multiple cross-site scripting (XSS) vulnerabilities in vwrooms\templates\logout.tpl.php in the VideoWhisper Webcam plugins for Drupal 7.x allow remote attackers to inject arbitrary web script or HTML via the (1) module or (2) message parameter to index.php. | 4.3 |
2014-05-02 | CVE-2014-1443 | Coreftp | Buffer Errors vulnerability in Coreftp Core FTP 1.2 Core FTP Server 1.2 before build 515 allows remote authenticated users to obtain sensitive information (password for the previous user) via a USER command with a specific length, possibly related to an out-of-bounds read. | 4.0 |
2014-05-02 | CVE-2014-1442 | Coreftp | Path Traversal vulnerability in Coreftp Core FTP 1.2 Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticated users to determine the existence of arbitrary files via a /../ sequence in an XCRC command. | 4.0 |
2014-05-01 | CVE-2014-0857 | IBM | Information Exposure vulnerability in IBM Websphere Application Server The Administrative Console in IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote authenticated users to obtain sensitive information via a crafted request. | 4.0 |
2014-04-30 | CVE-2014-3132 | SAP | Permissions, Privileges, and Access Controls vulnerability in SAP Background Processing SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. | 4.0 |
2014-04-30 | CVE-2014-3131 | SAP | Permissions, Privileges, and Access Controls vulnerability in SAP Profile Maintenance SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. | 4.0 |
2014-04-29 | CVE-2014-2185 | Cisco | Information Exposure vulnerability in Cisco Unified Communications Manager The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374. | 4.0 |
2014-04-29 | CVE-2014-2180 | Cisco | Improper Input Validation vulnerability in Cisco products The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a crafted HTTP request, aka Bug ID CSCun74133. | 4.0 |
8 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-05-02 | CVE-2014-1988 | Cybozu | Denial of Service vulnerability in Cybozu Garoon The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors. | 3.5 |
2014-05-01 | CVE-2014-0942 | IBM | Cross-Site Scripting vulnerability in IBM Tivoli Netcool/Omnibus 7.4.0 Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-0941. | 3.5 |
2014-05-01 | CVE-2014-0941 | IBM | Cross-Site Scripting vulnerability in IBM Tivoli Netcool/Omnibus 7.4.0 Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-0942. | 3.5 |
2014-05-01 | CVE-2013-6323 | IBM | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before 7.0.0.5, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2014-04-30 | CVE-2014-2260 | Ajenti | Cross-Site Scripting vulnerability in Ajenti 1.2.13 Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality. | 3.5 |
2014-04-29 | CVE-2013-7273 | Gnome | Unspecified vulnerability in Gnome Display Manager GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name. | 2.1 |
2014-04-29 | CVE-2013-7064 | Freelance IT Consultant | Cross-Site Scripting vulnerability in Freelance-It-Consultant EU Cookie Compliance Cross-site scripting (XSS) vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated administrators with the "Administer EU Cookie Compliance popup" permission to inject arbitrary web script or HTML via unspecified configuration values. | 2.1 |
2014-04-28 | CVE-2013-4285 | Dkorunic | Credentials Management vulnerability in Dkorunic PAM S/Key A certain Gentoo patch for the PAM S/Key module does not properly clear credentials from memory, which allows local users to obtain sensitive information by reading system memory. | 2.1 |