Weekly Vulnerabilities Reports > May 19 to 25, 2014
Overview
127 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 114 products from 68 vendors including Apple, Cisco, IBM, Wordpress, and Opentext. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", and "Cryptographic Issues".
- 113 reported vulnerabilities are remotely exploitables.
- 13 reported vulnerabilities have public exploit available.
- 32 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 108 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 20 reported vulnerabilities.
- Juniper has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
7 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-05-21 | CVE-2012-1166 | Canonical | OS Command Injection vulnerability in Canonical Ltsp Display Manager and Ubuntu Linux The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window. | 10.0 |
2014-05-20 | CVE-2014-3791 | Efssoft | Buffer Errors vulnerability in Efssoft Easy File Sharing web Server 6.8 Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp. | 10.0 |
2014-05-20 | CVE-2014-3412 | Juniper | Remote Code Execution vulnerability in Juniper products Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when the firewall in disabled, allows remote attackers to execute arbitrary commands via unspecified vectors. | 10.0 |
2014-05-19 | CVE-2014-3411 | Juniper | Remote Code Execution vulnerability in Juniper products Unspecified vulnerability in the NSM XDB service in Juniper NSM before 2012.2R8 allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2014-05-22 | CVE-2014-1770 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function. | 9.3 |
2014-05-20 | CVE-2014-3444 | Realnetworks | Code Injection vulnerability in Realnetworks Realplayer The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and application crash) via a malformed .3gp file. | 9.3 |
2014-05-20 | CVE-2013-7383 | X2Go | Permissions, Privileges, and Access Controls vulnerability in X2Go Server x2gocleansessions in X2Go Server before 4.0.0.8 and 4.0.1.x before 4.0.1.10 allows remote authenticated users to gain privileges via unspecified vectors, possibly related to backticks. | 9.0 |
13 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-05-23 | CVE-2013-1668 | Coscms | OS Command Injection vulnerability in Coscms 1.3/1.41 The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file. | 8.5 |
2014-05-22 | CVE-2014-2938 | Hanon | Improper Authentication vulnerability in Hanon products Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands. | 8.3 |
2014-05-23 | CVE-2013-2757 | Citrix | Permissions, Privileges, and Access Controls vulnerability in Citrix Cloudplatform Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors. | 7.5 |
2014-05-22 | CVE-2014-3789 | Cogentdatahub | Code Injection vulnerability in Cogentdatahub Cogent Datahub GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors. | 7.5 |
2014-05-22 | CVE-2014-3788 | Cogentdatahub | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cogentdatahub Cogent Datahub Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field in a request. | 7.5 |
2014-05-22 | CVE-2014-2350 | Emerson | Credentials Management vulnerability in Emerson Deltav Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program. | 7.5 |
2014-05-22 | CVE-2014-3775 | Libgadu | Improper Input Validation vulnerability in Libgadu 1.12.0 libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted message. | 7.5 |
2014-05-20 | CVE-2014-3749 | Construtiva | SQL Injection vulnerability in Construtiva CIS Manager CMS SQL injection vulnerability in Construtiva CIS Manager allows remote attackers to execute arbitrary SQL commands via the email parameter to autenticar/lembrarlogin.asp. | 7.5 |
2014-05-20 | CVE-2014-2351 | Controlsystemworks | SQL Injection vulnerability in Controlsystemworks Csworks SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests. | 7.5 |
2014-05-19 | CVE-2013-6766 | Openvas | Improper Authentication vulnerability in Openvas Administrator OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version information, which causes the state to be set to CLIENT_AUTHENTIC. | 7.5 |
2014-05-19 | CVE-2013-6765 | Openvas | Improper Authentication vulnerability in Openvas Manager OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c. | 7.5 |
2014-05-23 | CVE-2014-3450 | Pandasecurity | Local Privilege Escalation Vulnerabilitiy in Panda Security Multiple Products Unspecified vulnerability in Panda Gold Protection and Global Protection 2014 7.01.01 and earlier, Internet Security 2014 19.01.01 and earlier, and AV Pro 2014 13.01.01 and earlier allows local users to gain privileges via unspecified vectors. | 7.2 |
2014-05-25 | CVE-2014-0943 | IBM | Improper Input Validation vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 6.0 Feature Pack 2 through Feature Pack 5, 7.0.0.0 through 7.0.0.8, and 7.0 Feature Pack 1 through Feature Pack 7 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a malformed id parameter in a request. | 7.1 |
96 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-05-23 | CVE-2013-2713 | Krisonav | Cross-Site Request Forgery (CSRF) vulnerability in Krisonav Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request. | 6.8 |
2014-05-23 | CVE-2012-5649 | Apache | Code Injection vulnerability in Apache Couchdb Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash. | 6.8 |
2014-05-23 | CVE-2013-2107 | Mail ON Update Project | Cross-Site Request Forgery (CSRF) vulnerability in Mail ON Update Project Mail ON Update 5.0.0/5.1.0 Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin before 5.2.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change the "List of alternative recipients" via the mailonupdate_mailto parameter in the mail-on-update page to wp-admin/options-general.php. | 6.8 |
2014-05-23 | CVE-2010-5299 | Microp Project | Buffer Errors vulnerability in Microp Project Microp 0.1.1.1600 Stack-based buffer overflow in MicroP 0.1.1.1600 allows remote attackers to execute arbitrary code via a crafted .mppl file. | 6.8 |
2014-05-22 | CVE-2014-1344 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 6.8 |
2014-05-22 | CVE-2014-1343 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 6.8 |
2014-05-22 | CVE-2014-1342 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 6.8 |
2014-05-22 | CVE-2014-1341 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 6.8 |
2014-05-22 | CVE-2014-1339 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 6.8 |
2014-05-22 | CVE-2014-1338 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 6.8 |
2014-05-22 | CVE-2014-1337 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 6.8 |
2014-05-22 | CVE-2014-1336 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 6.8 |
2014-05-22 | CVE-2014-1335 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 6.8 |
2014-05-22 | CVE-2014-1334 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 6.8 |
2014-05-22 | CVE-2014-1333 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 6.8 |
2014-05-22 | CVE-2014-1331 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 6.8 |
2014-05-22 | CVE-2014-1330 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 6.8 |
2014-05-22 | CVE-2014-1329 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 6.8 |
2014-05-22 | CVE-2014-1327 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 6.8 |
2014-05-22 | CVE-2014-1326 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 6.8 |
2014-05-22 | CVE-2014-1324 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 6.8 |
2014-05-22 | CVE-2014-1323 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 6.8 |
2014-05-22 | CVE-2014-3845 | Tinymce Wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Tinymce Color Picker Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. | 6.8 |
2014-05-22 | CVE-2014-3843 | Zemanta Wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Zemanta Search Everything Cross-site request forgery (CSRF) vulnerability in the Search Everything plugin before 8.1.1 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2014-05-22 | CVE-2014-0954 | IBM | Improper Input Validation vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL. | 6.8 |
2014-05-20 | CVE-2014-3802 | Microsoft | Improper Input Validation vulnerability in Microsoft products msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file. | 6.8 |
2014-05-20 | CVE-2014-3792 | Beetel | Cross-Site Request Forgery (CSRF) vulnerability in Beetel 450Tc2 Router and 450Tc2 Router Firmware Cross-site request forgery (CSRF) vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005_retail allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the uiViewTools_Password and uiViewTools_PasswordConfirm parameters to Forms/tools_admin_1. | 6.8 |
2014-05-20 | CVE-2014-3460 | Microfocus | Path Traversal vulnerability in Microfocus Sentinel and Sentinel Agent Manager Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname. | 6.8 |
2014-05-20 | CVE-2014-3269 | Cisco | Improper Input Validation vulnerability in Cisco IOS XE 3.5E The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204. | 6.8 |
2014-05-20 | CVE-2014-2194 | Cisco | Improper Input Validation vulnerability in Cisco Unified web and E-Mail Interaction Manager 9.0(2) system/egain/chat/entrypoint in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to have an unspecified impact by injecting a spoofed XML external entity. | 6.8 |
2014-05-19 | CVE-2013-7385 | Livezilla | Cryptographic Issues vulnerability in Livezilla LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. | 6.8 |
2014-05-19 | CVE-2013-6807 | Opentext | Cryptographic Issues vulnerability in Opentext Exceed Ondemand 8.0 The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses. | 6.8 |
2014-05-19 | CVE-2013-6806 | Opentext | Improper Authentication vulnerability in Opentext Exceed Ondemand 8.0 OpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a downgrade to simple authentication that sends credentials in plaintext. | 6.8 |
2014-05-22 | CVE-2014-2948 | Bizagi | SQL Injection vulnerability in Bizagi Business Process Management Suite SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Suite through 10.4 allows remote authenticated users to execute arbitrary SQL commands via a crafted SOAP request. | 6.5 |
2014-05-22 | CVE-2014-3210 | Dotonpaper Wordpress | SQL Injection vulnerability in Dotonpaper Booking System 1.0/1.1 SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php. | 6.5 |
2014-05-20 | CVE-2013-4321 | Typo3 | Code Injection vulnerability in Typo3 The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. | 6.5 |
2014-05-20 | CVE-2013-4250 | Typo3 | Improper Input Validation vulnerability in Typo3 The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file. | 6.5 |
2014-05-19 | CVE-2013-6994 | Opentext | Cryptographic Issues vulnerability in Opentext Exceed Ondemand 8.0 OpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network. | 6.4 |
2014-05-20 | CVE-2014-3264 | Cisco | Unspecified vulnerability in Cisco Adaptive Security Appliance Software Cisco Adaptive Security Appliance (ASA) Software 9.1(.5) and earlier allows remote authenticated users to cause a denial of service (device reload) via crafted attributes in a RADIUS packet, aka Bug ID CSCun69561. | 6.3 |
2014-05-25 | CVE-2014-3284 | Cisco | Improper Input Validation vulnerability in Cisco products Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180. | 6.1 |
2014-05-20 | CVE-2014-3273 | Cisco | Improper Input Validation vulnerability in Cisco IOS The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282. | 6.1 |
2014-05-22 | CVE-2014-3783 | Dotclear | SQL Injection vulnerability in Dotclear SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categories_order parameter. | 6.0 |
2014-05-22 | CVE-2014-0958 | IBM | Open Redirection vulnerability in IBM WebSphere Portal Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 |
2014-05-20 | CVE-2014-3739 | Zenoss | Improper Input Validation vulnerability in Zenoss 4.2.5 Open redirect vulnerability in zport/acl_users/cookieAuthHelper/login_form in Zenoss 4.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the came_from parameter. | 5.8 |
2014-05-20 | CVE-2013-4320 | Typo3 | Permissions, Privileges, and Access Controls vulnerability in Typo3 The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL. | 5.5 |
2014-05-19 | CVE-2013-4431 | Mahara | Permissions, Privileges, and Access Controls vulnerability in Mahara Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request. | 5.5 |
2014-05-23 | CVE-2014-3848 | Imember360 | Permissions, Privileges, and Access Controls vulnerability in Imember360 The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4w_dbinfo parameter. | 5.0 |
2014-05-23 | CVE-2013-4223 | Gentoo | Permissions, Privileges, and Access Controls vulnerability in Gentoo Nullmailer 1.11 The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file. | 5.0 |
2014-05-22 | CVE-2014-1346 | Apple | Improper Input Validation vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL. | 5.0 |
2014-05-22 | CVE-2014-3844 | Tinymce Wordpress | Permissions, Privileges, and Access Controls vulnerability in Tinymce Color Picker The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. | 5.0 |
2014-05-22 | CVE-2014-2604 | HP | Denial of Service vulnerability in Multiple HP IceWall Products Unspecified vulnerability in HP IceWall SSO 10.0 Dfw and IceWall MCRP 2.1 and 3.0 allows remote attackers to cause a denial of service via unknown vectors. | 5.0 |
2014-05-22 | CVE-2014-0949 | IBM | Resource Management Errors vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a crafted web request. | 5.0 |
2014-05-21 | CVE-2014-3806 | Vmturbo | Path Traversal vulnerability in Vmturbo Operations Manager 4.0/4.5 Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. | 5.0 |
2014-05-20 | CVE-2014-3271 | Cisco | Improper Input Validation vulnerability in Cisco IOS XR The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149. | 5.0 |
2014-05-20 | CVE-2014-3270 | Cisco | Improper Input Validation vulnerability in Cisco IOS XR The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924. | 5.0 |
2014-05-20 | CVE-2014-3268 | Cisco | Improper Input Validation vulnerability in Cisco IOS and Unified Border Element Cisco IOS 15.2(4)M4 on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service (input-queue consumption and traffic-processing outage) via crafted RTCP packets, aka Bug ID CSCuj72215. | 5.0 |
2014-05-20 | CVE-2014-2199 | Cisco | Information Exposure vulnerability in Cisco products meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738. | 5.0 |
2014-05-19 | CVE-2014-3787 | SAP | Information Exposure vulnerability in SAP Netweaver SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. | 5.0 |
2014-05-19 | CVE-2013-7384 | Unrealircd | Unspecified vulnerability in Unrealircd 3.2.10/3.2.10.1 UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. | 5.0 |
2014-05-19 | CVE-2013-6805 | Opentext | Cryptographic Issues vulnerability in Opentext Exceed Ondemand 8.0 OpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, which makes it easier for (1) remote attackers to discover credentials by sniffing the network or (2) local users to discover credentials by reading a .eod8 file. | 5.0 |
2014-05-19 | CVE-2013-6413 | Unrealircd | Resource Management Errors vulnerability in Unrealircd 3.2.10/3.2.10.1 Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. | 5.0 |
2014-05-19 | CVE-2013-4406 | Quick Tabs Module Project | Permissions, Privileges, and Access Controls vulnerability in Quick Tabs Module Project Quicktabs The Quick Tabs module 6.x-2.x before 6.x-2.2, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.6 for Drupal does not properly check block permissions, which allows remote attackers to obtain sensitive information by reading a Quick Tab. | 5.0 |
2014-05-22 | CVE-2014-2349 | Emerson | Permissions, Privileges, and Access Controls vulnerability in Emerson Deltav Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 allows local users to modify or read configuration files by leveraging engineering-level privileges. | 4.6 |
2014-05-20 | CVE-2013-6975 | Cisco | Path Traversal vulnerability in Cisco Nx-Os Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217. | 4.6 |
2014-05-19 | CVE-2014-1402 | Pocoo | Permissions, Privileges, and Access Controls vulnerability in Pocoo Jinja2 The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp. | 4.4 |
2014-05-25 | CVE-2014-0639 | EMC | Cross-Site Scripting vulnerability in EMC RSA Archer Egrc Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-05-23 | CVE-2014-3849 | Imember360 | Permissions, Privileges, and Access Controls vulnerability in Imember360 The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4w_clearuser parameter. | 4.3 |
2014-05-23 | CVE-2014-3442 | Nullsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s. | 4.3 |
2014-05-23 | CVE-2013-2712 | Krisonav | Cross-Site Scripting vulnerability in Krisonav Cross-site scripting (XSS) vulnerability in services/get_article.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter. | 4.3 |
2014-05-23 | CVE-2013-1864 | Opalvoip Ekiga Suse | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack." | 4.3 |
2014-05-23 | CVE-2013-0289 | Isync Project | Cryptographic Issues vulnerability in Isync Project Isync Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 4.3 |
2014-05-22 | CVE-2014-2947 | Bizagi | Cross-Site Scripting vulnerability in Bizagi Business Process Management Suite Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM Suite before 10.3 allows remote attackers to inject arbitrary web script or HTML via the txtUsername parameter. | 4.3 |
2014-05-22 | CVE-2014-3846 | Flyingcart | Cross-Site Scripting vulnerability in Flyingcart Flying Cart Cross-site scripting (XSS) vulnerability in Flying Cart allows remote attackers to inject arbitrary web script or HTML via the p parameter to index.php. | 4.3 |
2014-05-22 | CVE-2014-3842 | Imember360 | Cross-Site Scripting vulnerability in Imember360 Multiple cross-site scripting (XSS) vulnerabilities in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) decrypt or (2) encrypt parameter. | 4.3 |
2014-05-22 | CVE-2014-3841 | Tech Banker Wordpress | Cross-Site Scripting vulnerability in Tech-Banker Contact Bank Cross-site scripting (XSS) vulnerability in the Contact Bank plugin before 2.0.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Label field, related to form layout configuration. | 4.3 |
2014-05-22 | CVE-2014-0956 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Portal Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-05-22 | CVE-2014-0955 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1 Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0 before 8.0.0.1 CF12, when Social Rendering in Connections integration is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-05-22 | CVE-2014-0952 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Portal Cross-site scripting (XSS) vulnerability in boot_config.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF28, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-05-22 | CVE-2014-0951 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Portal Cross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM WebSphere Portal 7.0 before 7.0.0.2 CF28 and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-05-21 | CVE-2014-3808 | Barracudadrive Realtimelogic | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) role parameter to roles.lsp, (2) name parameter to user.lsp, (3) path parameter to wizard/setuser.lsp, (4) host parameter to tunnelconstr.lsp, or (5) newpath parameter to wfsconstr.lsp in rtl/protected/admin/. | 4.3 |
2014-05-21 | CVE-2014-3807 | Barracudadrive | Cross-Site Scripting vulnerability in Barracudadrive 6.7.2 Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) blog, (2) bloggeruser, or (3) bloggerpasswd parameter to private/manage/. | 4.3 |
2014-05-21 | CVE-2014-3803 | Information Exposure vulnerability in Google Chrome The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute. | 4.3 | |
2014-05-20 | CVE-2014-3738 | Zenoss | Cross-Site Scripting vulnerability in Zenoss 4.2.5 Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the title of a device. | 4.3 |
2014-05-20 | CVE-2014-1855 | Seopanel | Cross-Site Scripting vulnerability in Seopanel SEO Panel 3.3.1/3.4.0 Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel before 3.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) capcheck parameter to directories.php or (2) keyword parameter to proxy.php. | 4.3 |
2014-05-20 | CVE-2014-3265 | Cisco | Cross-Site Scripting vulnerability in Cisco Security Manager 4.2 Cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuo06900. | 4.3 |
2014-05-20 | CVE-2014-2195 | Cisco | Improper Input Validation vulnerability in Cisco products Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085. | 4.3 |
2014-05-20 | CVE-2014-2193 | Cisco | Improper Input Validation vulnerability in Cisco Unified web and E-Mail Interaction Manager Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCuj43084. | 4.3 |
2014-05-20 | CVE-2014-2192 | Cisco | Cross-Site Scripting vulnerability in Cisco Unified web and E-Mail Interaction Manager 9.0(2) Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj43033. | 4.3 |
2014-05-19 | CVE-2014-3735 | Intel | Buffer Errors vulnerability in Intel Indeo Video 4.5 ir41_32.ax 4.51.16.3 for Intel Indeo Video 4.5 allows remote attackers to cause a denial of service (crash) via a crafted .avi file. | 4.3 |
2014-05-19 | CVE-2013-7040 | Apple Python | Cryptographic Issues vulnerability in multiple products Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | 4.3 |
2014-05-19 | CVE-2013-7033 | Livezilla | Cryptographic Issues vulnerability in Livezilla LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. | 4.3 |
2014-05-19 | CVE-2013-4430 | Mahara | Cross-Site Scripting vulnerability in Mahara Cross-site scripting (XSS) vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 allows remote attackers to inject arbitrary web script or HTML via the Host header to lib/web.php. | 4.3 |
2014-05-22 | CVE-2014-0959 | IBM | Improper Input Validation vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote authenticated users to cause a denial of service (infinite loop) via a login redirect. | 4.0 |
2014-05-20 | CVE-2012-6146 | Typo3 | Permissions, Privileges, and Access Controls vulnerability in Typo3 The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL. | 4.0 |
2014-05-19 | CVE-2013-4432 | Mahara | Permissions, Privileges, and Access Controls vulnerability in Mahara Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were removed or (2) via the folder parameter to artefact/file/groupfiles.php. | 4.0 |
2014-05-19 | CVE-2013-4429 | Mahara | Permissions, Privileges, and Access Controls vulnerability in Mahara Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly restrict access to artefacts, which allows remote authenticated users to read arbitrary artefacts via the (1) artefact id in an upload action when creating a journal or (2) instconf_artefactid_selected[ID] parameter in an upload action when editing a block. | 4.0 |
11 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-05-19 | CVE-2013-4426 | Leon Weber | Local Denial of Service vulnerability in Leon Weber Pyxtrlock 0.1 pyxtrlock before 0.1 uses an incorrect variable name, which allows physically proximate attackers to bypass the lock screen via multiple failed authentication attempts, which trigger a crash. | 3.6 |
2014-05-23 | CVE-2014-3801 | Openstack | Information Exposure vulnerability in Openstack Heat OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list. | 3.5 |
2014-05-21 | CVE-2011-2198 | Gnome Opensuse Oracle | Improper Input Validation vulnerability in multiple products The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@". | 3.5 |
2014-05-19 | CVE-2014-3717 | XEN | Improper Input Validation vulnerability in XEN 4.4.0 Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which triggers a buffer overflow. | 3.3 |
2014-05-19 | CVE-2014-3715 | XEN | Buffer Errors vulnerability in XEN 4.4.0 Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB. | 3.3 |
2014-05-19 | CVE-2014-3714 | XEN | Improper Input Validation vulnerability in XEN 4.4.0 The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overflow. | 3.3 |
2014-05-22 | CVE-2012-6648 | GDM Guest Session Project Canonical | Permissions, Privileges, and Access Controls vulnerability in multiple products gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. | 2.1 |
2014-05-22 | CVE-2012-0943 | Robert Ancell Canonical | Permissions, Privileges, and Access Controls vulnerability in multiple products debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. | 2.1 |
2014-05-20 | CVE-2013-4380 | Mediafront Drupal | Cross-Site Scripting vulnerability in Mediafront Cross-site scripting (XSS) vulnerability in the MediaFront module 6.x-1.x before 6.x-1.6, 7.x-1.x before 7.x-1.6, and 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer mediafront" permission to inject arbitrary web script or HTML via the preset settings. | 2.1 |
2014-05-19 | CVE-2013-4427 | Leon Weber | Improper Input Validation vulnerability in Leon Weber Pyxtrlock 0.1 pyxtrlock before 0.2 does not properly check the return values of the (1) xcb_grab_pointer and (2) xcb_grab_keyboard XCB library functions, which allows physically proximate attackers to gain access to the keyboard or mouse without unlocking the screen via unspecified vectors. | 2.1 |
2014-05-19 | CVE-2014-3716 | XEN | Improper Input Validation vulnerability in XEN 4.4.0 Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel. | 1.9 |