Weekly Vulnerabilities Reports > May 5 to 11, 2014

Overview

104 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 14 high severity vulnerabilities. This weekly summary report vulnerabilities in 127 products from 59 vendors including Cisco, Canonical, Theforeman, IBM, and Debian. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Link Following", and "Improper Input Validation".

  • 72 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 24 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 86 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • Cisco has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

6 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-05-08 CVE-2014-2935 Caldera OS Command Injection vulnerability in Caldera 9.20

costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC request.

10.0
2014-05-08 CVE-2014-2136 Cisco Buffer Errors vulnerability in Cisco products

Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCui72223, CSCul01163, and CSCul01166.

9.3
2014-05-08 CVE-2014-2135 Cisco Buffer Errors vulnerability in Cisco products

Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCul87216 and CSCuj07603.

9.3
2014-05-08 CVE-2014-2134 Cisco Buffer Errors vulnerability in Cisco products

Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio channel in a .wrf file, aka Bug ID CSCuc39458.

9.3
2014-05-08 CVE-2014-2133 Cisco Buffer Errors vulnerability in Cisco products

Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file that triggers improper LZW decompression, aka Bug ID CSCuj87565.

9.3
2014-05-05 CVE-2014-3220 F5 Credentials Management vulnerability in F5 Big-Iq 4.1.0.2013.0

F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/.

9.0

14 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-05-08 CVE-2014-2132 Cisco Buffer Errors vulnerability in Cisco products

Cisco WebEx Recording Format (WRF) player and Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allow remote attackers to cause a denial of service (application crash) via a crafted (1) .wrf or (2) .arf file that triggers a buffer over-read, aka Bug ID CSCuh52768.

7.8
2014-05-08 CVE-2013-5016 Symantec
Microsoft
Permissions, Privileges, and Access Controls vulnerability in Symantec Critical System Protection

Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors.

7.6
2014-05-08 CVE-2013-0210 Theforeman Code Injection vulnerability in Theforeman Foreman

The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands.

7.5
2014-05-08 CVE-2013-0171 Theforeman Code Injection vulnerability in Theforeman Foreman

Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API.

7.5
2014-05-08 CVE-2014-2936 Caldera Code Injection vulnerability in Caldera 9.20

The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified parameter to (2) PPD/index.php, (3) dirmng/docmd.php, or (4) dirmng/param.php.

7.5
2014-05-08 CVE-2014-2934 Caldera SQL Injection vulnerability in Caldera 9.20

Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php.

7.5
2014-05-07 CVE-2014-2913 Nagios
Opensuse
Remote Plugin Executor 'nrpe.c' Remote Code Execution vulnerability in Nagios

** DISPUTED ** Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe.

7.5
2014-05-06 CVE-2014-1736 Google
Linux
Apple
Microsoft
Numeric Errors vulnerability in Google Chrome

Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value.

7.5
2014-05-05 CVE-2013-7375 PHP Fusion SQL Injection vulnerability in PHP-Fusion

SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803.

7.5
2014-05-05 CVE-2013-7034 Livezilla Code Injection vulnerability in Livezilla

The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie.

7.5
2014-05-05 CVE-2013-1803 PHP Fusion SQL Injection vulnerability in PHP-Fusion

Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated users with certain permissions to execute arbitrary SQL commands via a (2) parameter name starting with "delete_attach_" in an edit action to forum/postedit.php; the (3) poll_opts[] parameter in a newthread action to forum/postnewthread.php; the (4) pm_email_notify, (5) pm_save_sent, (6) pm_inbox, (7) pm_sentbox, or (8) pm_savebox parameter to administration/settings_messages.php; the (9) thumb_compression, (10) photo_watermark_text_color1, (11) photo_watermark_text_color2, or (12) photo_watermark_text_color3 parameter to administration/settings_photo.php; the (13) enable parameter to administration/bbcodes.php; the (14) news_image, (15) news_image_t1, or (16) news_image_t2 parameter to administration/news.php; the (17) news_id parameter in an edit action to administration/news.php; or the (18) article_id parameter in an edit action to administration/articles.php.

7.5
2014-05-11 CVE-2014-1737 Linux
Oracle
Debian
Suse
Redhat
Improper Check FOR Unusual OR Exceptional Conditions vulnerability in multiple products

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.

7.2
2014-05-06 CVE-2014-0185 PHP Permissions, Privileges, and Access Controls vulnerability in PHP

sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.

7.2
2014-05-08 CVE-2014-0963 IBM Resource Management Errors vulnerability in IBM products

The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cause a denial of service (infinite loop) via crafted SSL messages.

7.1

61 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-05-08 CVE-2014-3215 Selinuxproject Permissions, Privileges, and Access Controls vulnerability in Selinuxproject Policycoreutils 2.2.5

seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.

6.9
2014-05-07 CVE-2014-0196 Linux
Debian
Redhat
Suse
Oracle
Canonical
F5
Race Condition vulnerability in multiple products

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.

6.9
2014-05-08 CVE-2014-3115 Fortinet Cross-Site Request Forgery (CSRF) vulnerability in Fortinet Fortiweb

Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors.

6.8
2014-05-08 CVE-2014-0090 Theforeman Improper Authentication vulnerability in Theforeman Foreman

Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie.

6.8
2014-05-07 CVE-2014-2190 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Broadband Access Center Telco Wireless Software

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to hijack the authentication of arbitrary users for requests that make BAC-TW changes, aka Bug IDs CSCuo23804 and CSCuo26389.

6.8
2014-05-07 CVE-2014-2181 Cisco Improper Authentication vulnerability in Cisco Adaptive Security Appliance Software

Cisco Adaptive Security Appliance (ASA) Software allows remote authenticated users to read files by sending a crafted URL to the HTTP server, as demonstrated by reading the running configuration, aka Bug ID CSCun78551.

6.8
2014-05-05 CVE-2014-2916 Phplist Cross-Site Request Forgery (CSRF) vulnerability in PHPlist

Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/.

6.8
2014-05-05 CVE-2014-0469 Debian Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Debian Xbuffy

Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subject lines.

6.8
2014-05-07 CVE-2014-3124 XEN Permissions, Privileges, and Access Controls vulnerability in XEN

The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types.

6.7
2014-05-08 CVE-2013-0187 Theforeman Permissions, Privileges, and Access Controls vulnerability in Theforeman Foreman

Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request.

6.5
2014-05-08 CVE-2014-2602 HP Remote Privilege Escalation vulnerability in RETIRED: HP Oneview 1.0/1.01

Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors.

6.5
2014-05-06 CVE-2014-2558 Skyphe Code Injection vulnerability in Skyphe File-Gallery

The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function.

6.5
2014-05-05 CVE-2013-0350 David Leonard Link Following vulnerability in David Leonard Pkstat 1.8.5

tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log.

6.3
2014-05-09 CVE-2014-0944 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Operational Decision Manager 7.5/8.0/8.5

Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

6.0
2014-05-09 CVE-2014-1991 Intra Mart Improper Input Validation vulnerability in Intra-Mart Webplatform/Appframework

Open redirect vulnerability in WebPlatform / AppFramework 6.0 through 7.2 in NTT DATA INTRAMART intra-mart allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

5.8
2014-05-08 CVE-2014-0116 Apache Permissions, Privileges, and Access Controls vulnerability in Apache Struts

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request.

5.8
2014-05-05 CVE-2013-6444 Pywbem Project Improper Input Validation vulnerability in Pywbem Project Pywbem

PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2014-05-05 CVE-2013-6418 Pywbem Project Improper Input Validation vulnerability in Pywbem Project Pywbem

PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate.

5.8
2014-05-08 CVE-2014-1685 Zabbix
Fedoraproject
Security Bypass vulnerability in Zabbix

The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors.

5.5
2014-05-09 CVE-2014-3214 ISC Improper Input Validation vulnerability in ISC Bind 9.10.0

The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a DNS query that triggers a response with unspecified attributes.

5.0
2014-05-08 CVE-2014-0192 Theforeman Permissions, Privileges, and Access Controls vulnerability in Theforeman Foreman

Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to "spoof."

5.0
2014-05-08 CVE-2013-0174 Theforeman Information Exposure vulnerability in Theforeman Foreman

The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request.

5.0
2014-05-08 CVE-2013-0173 Theforeman Cryptographic Issues vulnerability in Theforeman Foreman

Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack.

5.0
2014-05-08 CVE-2014-2933 Caldera Path Traversal vulnerability in Caldera 9.20

Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname.

5.0
2014-05-07 CVE-2014-2891 Debian
Strongswan
NULL Pointer Dereference Denial of Service vulnerability in strongSwan

strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload.

5.0
2014-05-07 CVE-2014-0685 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Nexus 1000V Intercloud 5.2(1)Ic1(1.2)

Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691.

5.0
2014-05-06 CVE-2014-0193 Netty Resource Management Errors vulnerability in Netty

WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames.

5.0
2014-05-06 CVE-2013-7354 Libpng Numeric Errors vulnerability in Libpng

Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.

5.0
2014-05-06 CVE-2013-7353 Libpng Numeric Errors vulnerability in Libpng

Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.

5.0
2014-05-11 CVE-2014-3145 Linux
Oracle
Canonical
Debian
Out-Of-Bounds Read vulnerability in multiple products

The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions.

4.9
2014-05-11 CVE-2014-3144 Linux
Debian
Canonical
Oracle
Integer Overflow OR Wraparound vulnerability in multiple products

The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions.

4.9
2014-05-11 CVE-2014-3122 Linux
Canonical
Debian
Resource Exhaustion vulnerability in multiple products

The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings.

4.9
2014-05-08 CVE-2013-6889 GNU Permissions, Privileges, and Access Controls vulnerability in GNU Rush 1.7

GNU Rush 1.7 does not properly drop privileges, which allows local users to read arbitrary files via the --lint option.

4.9
2014-05-08 CVE-2013-4544 Canonical
Qemu
Improper Input Validation vulnerability in multiple products

hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices.

4.9
2014-05-08 CVE-2014-0930 IBM Denial of Service vulnerability in Multiple IBM Products

The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation.

4.7
2014-05-07 CVE-2014-0684 Cisco Improper Input Validation vulnerability in Cisco products

Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136.

4.6
2014-05-06 CVE-2014-3204 Ayatana Project
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle keyboard shortcuts, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by right-clicking on the indicator bar and then pressing the ALT and F2 keys.

4.4
2014-05-06 CVE-2014-3203 Ayatana Project
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restrict access to the Dash when the lock screen is active, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by pressing the SUPER key before the screen auto-locks.

4.4
2014-05-06 CVE-2014-3202 Ayatana Project Permissions, Privileges, and Access Controls vulnerability in Ayatana Project Unity

Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash.

4.4
2014-05-05 CVE-2013-4215 Nagios Link Following vulnerability in Nagios Plugins 1.4.16

The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping.

4.4
2014-05-10 CVE-2013-6220 HP Cross-Site Scripting vulnerability in HP Network Node Manager I 9.0/9.10/9.20

Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0, 9.10, and 9.20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-05-09 CVE-2014-0946 IBM Information Exposure vulnerability in IBM Operational Decision Manager 7.5/8.0/8.5

The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.

4.3
2014-05-09 CVE-2014-0913 IBM Cross-Site Scripting vulnerability in IBM Lotus Domino and Lotus Inotes

Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka SPR BFEY9GXHZE.

4.3
2014-05-08 CVE-2014-2854 Semantictitle Project Cross-Site Scripting vulnerability in Semantictitle Project Semantictitle

Cross-site scripting (XSS) vulnerability in the SemanticTitle extension before 1.1.0 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-05-08 CVE-2013-5916 Bradesco Gateway Plugin Project Cross-Site Scripting vulnerability in Bradesco Gateway Plugin Project Bradesco Gateway 2.0

Cross-site scripting (XSS) vulnerability in falha.php in the Bradesco Gateway plugin 2.0 for Wordpress, as used in the WP e-Commerce plugin, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.

4.3
2014-05-08 CVE-2014-3207 SKS Keyserver Project Cross-Site Scripting vulnerability in SKS Keyserver Project SKS Keyserver

Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1.

4.3
2014-05-08 CVE-2014-2689 Slashes Dots Cross-Site Scripting vulnerability in Slashes&Dots Offria

Cross-site scripting (XSS) vulnerability in Offiria 2.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to installer/index.php.

4.3
2014-05-08 CVE-2014-0190 QT
Fedoraproject
Opensuse
Canonical
Null Pointer Dereference vulnerability in multiple products

The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.

4.3
2014-05-08 CVE-2014-0110 Apache Resource Management Errors vulnerability in Apache CXF

Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message.

4.3
2014-05-08 CVE-2014-0109 Apache Resource Management Errors vulnerability in Apache CXF

Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error.

4.3
2014-05-08 CVE-2013-7041 Cristian Gafton Cryptographic Issues vulnerability in Cristian Gafton PAM Userdb

The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack.

4.3
2014-05-08 CVE-2014-0362 Google Cross-Site Scripting vulnerability in Google Search Appliance Software

Cross-site scripting (XSS) vulnerability on Google Search Appliance (GSA) devices before 7.0.14.G.216 and 7.2 before 7.2.0.G.114, when dynamic navigation is configured, allows remote attackers to inject arbitrary web script or HTML via input included in a SCRIPT element.

4.3
2014-05-07 CVE-2014-2191 Cisco Cross-Site Scripting vulnerability in Cisco Broadband Access Center Telco Wireless Software

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun91113.

4.3
2014-05-07 CVE-2014-0911 IBM Unspecified vulnerability in IBM Websphere MQ

inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0.4 allows remote attackers to cause a denial of service (disk or CPU consumption) via unspecified vectors.

4.3
2014-05-07 CVE-2014-0130 Redhat
Rubyonrails
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.

4.3
2014-05-06 CVE-2014-0198 Openssl Denial of Service vulnerability in OpenSSL 'so_ssl3_write()' Function NULL Pointer Dereference

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

4.3
2014-05-05 CVE-2014-0149 Redhat Cross-Site Scripting vulnerability in Redhat Jboss web Framework KIT 2.5.0

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id name.

4.3
2014-05-05 CVE-2013-7003 Livezilla Cross-Site Scripting vulnerability in Livezilla

Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) filename to chat.php.

4.3
2014-05-05 CVE-2013-3736 Bestpractical Cross-Site Scripting vulnerability in Bestpractical Request Tracker and Rt-Extension-Mobileui

Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the name of an attached file.

4.3
2014-05-05 CVE-2010-5109 Randall Hand
Fedoraproject
Numeric Errors vulnerability in multiple products

Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow.

4.3
2014-05-08 CVE-2014-1682 Zabbix
Fedoraproject
Improper Authentication vulnerability in multiple products

The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.

4.0

23 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-05-08 CVE-2012-5477 Theforeman Permissions, Privileges, and Access Controls vulnerability in Theforeman Foreman

The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors.

3.6
2014-05-09 CVE-2014-0945 IBM Cross-Site Scripting vulnerability in IBM Operational Decision Manager 7.5/8.0/8.5

Cross-site scripting (XSS) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2014-05-08 CVE-2014-0134 Openstack Information Exposure vulnerability in Openstack Compute 2013.2/2013.2.1/2013.2.2

The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image.

3.5
2014-05-07 CVE-2013-6726 IBM Cross-Site Scripting vulnerability in IBM Tririga Application Platform

Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv in IBM TRIRIGA Application Platform 3.2.x and 3.3.x before 3.3.1.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2014-05-06 CVE-2014-2347 Amtelco Permissions, Privileges, and Access Controls vulnerability in Amtelco Misecuremessages 6.2

Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request.

3.5
2014-05-08 CVE-2014-1934 Travis Shirk
Opensuse
Link Following vulnerability in multiple products

tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.

3.3
2014-05-08 CVE-2014-3424 Mageia Project
GNU
Link Following vulnerability in multiple products

lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.

3.3
2014-05-08 CVE-2014-3423 Mageia Project
GNU
Link Following vulnerability in multiple products

lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.

3.3
2014-05-08 CVE-2014-3422 GNU
Mageia Project
Link Following vulnerability in multiple products

lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.

3.3
2014-05-08 CVE-2014-3421 Mageia Project
GNU
Link Following vulnerability in multiple products

lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.

3.3
2014-05-08 CVE-2013-3571 Dest Unreach Remote Denial of Service vulnerability in socat

socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions.

2.6
2014-05-08 CVE-2014-0595 Novell Buffer Errors vulnerability in Novell Open Enterprise Server 11.0

/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator.

2.6
2014-05-11 CVE-2014-1738 Linux
Redhat
Debian
Oracle
Suse
Information Exposure vulnerability in multiple products

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.

2.1
2014-05-08 CVE-2014-3123 Wpgetready Cross-Site Scripting vulnerability in Wpgetready Nextcellent Gallery

Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, NextGEN Manage gallery, or NextGEN Manage others gallery permission to inject arbitrary web script or HTML via the "Alt & Title Text" field.

2.1
2014-05-08 CVE-2014-0056 Openstack
Canonical
Improper Authentication vulnerability in multiple products

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.

2.1
2014-05-08 CVE-2013-6372 Jenkins CI Credentials Management vulnerability in Jenkins-Ci Subversion-Plugin

The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.

2.1
2014-05-08 CVE-2013-0345 Varnish Cache Permissions, Privileges, and Access Controls vulnerability in Varnish-Cache Varnish 3.0.3

varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files.

2.1
2014-05-08 CVE-2014-3426 Illinois Local Denial of Service vulnerability in NCSA Mosaic 2.1/2.7

NCSA Mosaic 2.1 through 2.7b5 allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/Mosaic.pid file for every possible PID.

2.1
2014-05-08 CVE-2014-3425 Illinois Local Denial of Service vulnerability in Illinois Ncsa Mosaic 2.0

NCSA Mosaic 2.0 and earlier allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/xmosaic.pid file for every possible PID.

2.1
2014-05-05 CVE-2014-0164 Redhat Cryptographic Issues vulnerability in Redhat Openshift 1.2.7/2.0.5

openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file.

2.1
2014-05-08 CVE-2014-0135 Theforeman Permissions, Privileges, and Access Controls vulnerability in Theforeman Kafo

Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file.

1.9
2014-05-07 CVE-2013-7336 Redhat
Opensuse
Denial of Service vulnerability in libvirt

The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function.

1.9
2014-05-10 CVE-2014-2603 HP Unspecified vulnerability in HP products

Unspecified vulnerability on HP 8/20q switches, SN6000 switches, and 8Gb Simple SAN Connection Kit with firmware before 8.0.14.08.00 allows remote authenticated users to obtain sensitive information via unknown vectors.

1.7