Weekly Vulnerabilities Reports > June 23 to 29, 2014

Overview

36 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 50 products from 24 vendors including Linux, IBM, Canonical, HP, and Microsoft. Vulnerabilities are notably categorized as "Cross-site Scripting", "Information Exposure", "Permissions, Privileges, and Access Controls", "SQL Injection", and "Improper Input Validation".

  • 25 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 11 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 23 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • Linux has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

2 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-06-28 CVE-2014-4648 Piwigo Security vulnerability in Piwigo

Unspecified vulnerability in Piwigo before 2.6.3 has unknown impact and attack vectors, related to a "security failure."

10.0
2014-06-28 CVE-2014-2613 HP
Microsoft
Linux
Privilege Escalation vulnerability in HP Release Control

Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to gain privileges via unknown vectors.

9.0

1 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-06-25 CVE-2014-4644 Cacti SQL Injection vulnerability in Cacti Superlinks 1.42

SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5

24 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-06-25 CVE-2014-2005 Sophos Improper Authentication vulnerability in Sophos Enterprise Console 5.1/5.2/5.2.1

Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen.

6.9
2014-06-28 CVE-2014-3881 Intercom Cross-Site Request Forgery (CSRF) vulnerability in Intercom web Kyukincho 3.0

Cross-site request forgery (CSRF) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to hijack the authentication of arbitrary users.

6.8
2014-06-25 CVE-2014-4030 Longtailvideo Cross-Site Request Forgery (CSRF) vulnerability in Longtailvideo JW Player FOR Flash & Html5 Video Plugin

Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php.

6.8
2014-06-25 CVE-2014-3882 12Net Cross-Site Request Forgery (CSRF) vulnerability in 12Net Login Rebuilder

Cross-site request forgery (CSRF) vulnerability in the Login rebuilder plugin before 1.2.0 for WordPress allows remote attackers to hijack the authentication of arbitrary users.

6.8
2014-06-25 CVE-2014-3299 Cisco Improper Input Validation vulnerability in Cisco IOS

Cisco IOS allows remote authenticated users to cause a denial of service (device reload) via malformed IPsec packets, aka Bug ID CSCui79745.

6.8
2014-06-28 CVE-2014-4649 Piwigo SQL Injection vulnerability in Piwigo

SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field.

6.5
2014-06-28 CVE-2013-6311 IBM SQL Injection vulnerability in IBM Marketing Platform 9.1.0.0/9.1.0.1

SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2014-06-27 CVE-2011-1381 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Openpages GRC Platform 6.1.0.1

Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to bypass intended access restrictions via unknown vectors.

6.4
2014-06-23 CVE-2014-4014 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.

6.2
2014-06-28 CVE-2013-6309 IBM Code Injection vulnerability in IBM Marketing Platform 9.1.0.0/9.1.0.1

IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to hijack sessions, and consequently read records, modify records, or conduct transactions, via an unspecified link injection.

6.0
2014-06-28 CVE-2014-0891 IBM Information Exposure vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information by leveraging incorrect request handling by the (1) Proxy or (2) ODR server.

5.0
2014-06-27 CVE-2014-3011 IBM Code Injection vulnerability in IBM Openpages GRC Platform 6.1.0.1

IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to conduct link injection attacks via unspecified vectors.

5.0
2014-06-25 CVE-2014-4643 Coreftp Buffer Errors vulnerability in Coreftp Core FTP 2.2

Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in a reply to a (1) USER, (2) PASS, (3) PASV, (4) SYST, (5) PWD, or (6) CDUP command.

5.0
2014-06-25 CVE-2014-4617 Gnupg
Debian
Opensuse
Improper Input Validation vulnerability in multiple products

The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.

5.0
2014-06-28 CVE-2013-6308 IBM URI Redirection vulnerability in IBM Marketing Platform 9.1.0.0/9.1.0.1

IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to conduct phishing attacks and capture login credentials via an unspecified injection.

4.9
2014-06-23 CVE-2014-0203 Linux
Oracle
USE After Free vulnerability in multiple products

The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call.

4.9
2014-06-23 CVE-2014-4508 Linux
Canonical
Numeric Errors vulnerability in multiple products

arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000.

4.7
2014-06-23 CVE-2014-4171 Linux
Canonical
Local Denial of Service vulnerability in Linux Kernel

mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call.

4.7
2014-06-23 CVE-2014-4157 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure _TIF_SECCOMP checks on the fast system-call path, which allows local users to bypass intended PR_SET_SECCOMP restrictions by executing a crafted application without invoking a trace or audit subsystem.

4.6
2014-06-28 CVE-2014-2006 Intercom Cross-Site Scripting vulnerability in Intercom web Kyukincho 3.0

Cross-site scripting (XSS) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-06-27 CVE-2014-3433 Symantec Cross-Site Scripting vulnerability in Symantec Data Insight 3.0/3.0.1/4.0

Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field, related to an "HTML script injection" issue.

4.3
2014-06-27 CVE-2014-3432 Symantec Cross-Site Scripting vulnerability in Symantec Data Insight 3.0/3.0.1/4.0

Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field.

4.3
2014-06-25 CVE-2014-4645 D Link Cross-Site Scripting vulnerability in D-Link Dsl-2760U-E1

Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname.

4.3
2014-06-28 CVE-2014-2612 HP
Linux
Microsoft
Information Disclosure vulnerability in HP Release Control

Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to obtain sensitive information via unknown vectors.

4.0

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-06-28 CVE-2014-4669 HP Information Exposure vulnerability in HP Enterprise Maps 1.00

HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a GetQuote operation, related to an XML External Entity (XXE) issue.

3.5
2014-06-28 CVE-2013-6310 IBM Cross-Site Scripting vulnerability in IBM Marketing Platform 9.1.0.0/9.1.0.1

Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2014-06-25 CVE-2014-4349 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action.

3.5
2014-06-25 CVE-2014-4348 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables.

3.5
2014-06-23 CVE-2014-0244 Samba Improper Input Validation vulnerability in Samba

The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.

3.3
2014-06-23 CVE-2014-3493 Samba Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba

The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference.

2.7
2014-06-23 CVE-2014-4027 Linux
Redhat
Canonical
Suse
F5
Information Exposure vulnerability in multiple products

The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.

2.3
2014-06-25 CVE-2014-0206 Linux Local Information Disclosure vulnerability in Linux Kernel '/fs/aio.c'

Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value.

2.1
2014-06-23 CVE-2014-1739 Linux
Canonical
Suse
Information Exposure vulnerability in multiple products

The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.

2.1