Weekly Vulnerabilities Reports > August 18 to 24, 2014
Overview
94 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 14 high severity vulnerabilities. This weekly summary report vulnerabilities in 130 products from 54 vendors including IBM, EMC, Opensuse, Apache, and Canonical. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Cross-Site Request Forgery (CSRF)", "Information Exposure", and "SQL Injection".
- 82 reported vulnerabilities are remotely exploitables.
- 4 reported vulnerabilities have public exploit available.
- 29 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 78 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 10 reported vulnerabilities.
- HP has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
6 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-08-23 | CVE-2014-2632 | HP | Remote Privilege Escalation vulnerability in HP Service Manager Unspecified vulnerability in the WebTier component in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
2014-08-22 | CVE-2014-5246 | Tenda | Permissions, Privileges, and Access Controls vulnerability in Tenda A5S and A5S Firmware The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn. | 10.0 |
2014-08-22 | CVE-2014-3525 | Apache | Security vulnerability in Apache Traffic Server Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks. | 10.0 |
2014-08-21 | CVE-2014-5210 | Alienvault | Code Injection vulnerability in Alienvault Open Source Security Information Management The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805. | 10.0 |
2014-08-21 | CVE-2014-5158 | Alienvault | Code Injection vulnerability in Alienvault Open Source Security Information Management The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors. | 10.0 |
2014-08-23 | CVE-2014-2634 | HP | Remote Unauthorized Access vulnerability in HP Service Manager Unspecified vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to bypass intended access restrictions, and modify data or cause a denial of service, via unknown vectors. | 9.4 |
14 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-08-20 | CVE-2014-4618 | EMC | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Content Server EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object. | 8.5 |
2014-08-20 | CVE-2014-2515 | EMC | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum D2 EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket. | 8.5 |
2014-08-22 | CVE-2014-5396 | Schrack | Unspecified vulnerability in Schrack products The web interface in Schrack Technik microControl with firmware before 1.7.0 (937) has a hardcoded password of not for the "user" account, which makes it easier for remote attackers to obtain access via unspecified vectors. | 7.5 |
2014-08-22 | CVE-2014-5262 | Cacti | SQL Injection vulnerability in Cacti SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2014-08-22 | CVE-2014-5261 | Cacti | Code Injection vulnerability in Cacti The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php. | 7.5 |
2014-08-22 | CVE-2014-5097 | Freereprintables | SQL Injection vulnerability in Freereprintables Articlefr 3.0.4 Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to rate.php. | 7.5 |
2014-08-22 | CVE-2014-4197 | Bssys | SQL Injection vulnerability in Bssys RBS Bs-Client 3.17.9 Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allow remote attackers to execute arbitrary SQL commands via the (1) CARDS or (2) XACTION parameter. | 7.5 |
2014-08-21 | CVE-2014-5159 | Alienvault | SQL Injection vulnerability in Alienvault Open Source Security Information Management SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter. | 7.5 |
2014-08-20 | CVE-2014-3514 | Rubyonrails | Permissions, Privileges, and Access Controls vulnerability in Rubyonrails Rails activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls. | 7.5 |
2014-08-19 | CVE-2014-3490 | Redhat | Information Disclosure vulnerability in RESTEasy Incomplete Fix XML Entity References RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. | 7.5 |
2014-08-19 | CVE-2014-3906 | KK OSK | SQL Injection vulnerability in Kk-Osk Advance-Flow and Advance-Flow Forms SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and Advance-Flow Forms 4.41 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2014-08-18 | CVE-2014-5203 | Wordpress | Unspecified vulnerability in Wordpress 3.9.0/3.9.1 wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data. | 7.5 |
2014-08-22 | CVE-2014-3563 | Saltstack | Link Following vulnerability in Saltstack Salt Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud. | 7.2 |
2014-08-22 | CVE-2014-4764 | IBM | Denial of Service vulnerability in IBM WebSphere Application Server IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3, when Load Balancer for IPv4 Dispatcher is enabled, allows remote attackers to cause a denial of service (Load Balancer crash) via unspecified vectors. | 7.1 |
67 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-08-19 | CVE-2014-5033 | Debian Canonical KDE | Race Condition vulnerability in multiple products KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions." | 6.9 |
2014-08-23 | CVE-2014-2633 | HP | Cross-Site Request Forgery (CSRF) vulnerability in HP Service Manager Cross-site request forgery (CSRF) vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2014-08-23 | CVE-2014-3597 | PHP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. | 6.8 |
2014-08-22 | CVE-2014-5241 | Mediawiki | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with a restricted character set. | 6.8 |
2014-08-20 | CVE-2014-4929 | Owncloud | Path Traversal vulnerability in Owncloud Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2014-08-20 | CVE-2014-2518 | EMC | Cross-Site Request Forgery (CSRF) vulnerability in EMC products Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users. | 6.8 |
2014-08-20 | CVE-2014-0641 | EMC | Cross-Site Request Forgery (CSRF) vulnerability in EMC RSA Archer Egrc 5.3/5.4/5.5 Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
2014-08-19 | CVE-2014-5347 | Disqus | Cross-Site Request Forgery (CSRF) vulnerability in Disqus Comment System Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin before 2.76 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) disqus_replace, (2) disqus_public_key, or (3) disqus_secret_key parameter to wp-admin/edit-comments.php in manage.php or that (4) reset or (5) delete plugin options via the reset parameter to wp-admin/edit-comments.php. | 6.8 |
2014-08-19 | CVE-2014-5346 | Disqus | Cross-Site Request Forgery (CSRF) vulnerability in Disqus Comment System 2.77 Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) activate or (2) deactivate the plugin via the active parameter to wp-admin/edit-comments.php, (3) import comments via an import_comments action, or (4) export comments via an export_comments action to wp-admin/index.php. | 6.8 |
2014-08-18 | CVE-2014-5205 | Wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack. | 6.8 |
2014-08-18 | CVE-2014-5204 | Debian Wordpress | Cross-Site Request Forgery (CSRF) vulnerability in multiple products wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack. | 6.8 |
2014-08-22 | CVE-2014-4767 | IBM | Code Injection vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.3 does not properly use the Liberty Repository for feature installation, which allows remote authenticated users to execute arbitrary code via unspecified vectors. | 6.5 |
2014-08-21 | CVE-2014-5383 | Alienvault | SQL Injection vulnerability in Alienvault Open Source Security Information Management SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2014-08-20 | CVE-2014-2517 | EMC | Privilege Escalation vulnerability in EMC RSA Archer Egrc 5.3/5.4/5.5 Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors. | 6.5 |
2014-08-23 | CVE-2014-5120 | PHP | Improper Input Validation vulnerability in PHP gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function. | 6.4 |
2014-08-20 | CVE-2014-2521 | EMC | Information Exposure vulnerability in EMC Documentum Content Server EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command. | 6.3 |
2014-08-20 | CVE-2014-2520 | EMC | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Content Server EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request. | 6.3 |
2014-08-18 | CVE-2014-5207 | Linux Canonical | Improper Privilege Management vulnerability in multiple products fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace. | 6.2 |
2014-08-18 | CVE-2014-2388 | Blackberry | Permissions, Privileges, and Access Controls vulnerability in Blackberry products The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode. | 6.1 |
2014-08-22 | CVE-2014-5122 | Esri | Open Redirection vulnerability in Esri Arcgis for Server 10.1.1 Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, related to login. | 5.8 |
2014-08-21 | CVE-2014-3577 | Apache | Unspecified vulnerability in Apache Httpasyncclient and Httpclient org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field. | 5.8 |
2014-08-19 | CVE-2014-3464 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform 6.2.0/6.3.0 The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class. | 5.5 |
2014-08-20 | CVE-2014-2505 | EMC | Remote Code Execution vulnerability in EMC RSA Archer Egrc 5.3/5.4/5.5 EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors. | 5.4 |
2014-08-22 | CVE-2014-5368 | WP Content Source Control Project | Path Traversal vulnerability in WP Content Source Control Project WP Content Source Control 3.0.0 Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. | 5.0 |
2014-08-22 | CVE-2014-3436 | Symantec | Cryptographic Issues vulnerability in Symantec Encryption Desktop and PGP Desktop Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size. | 5.0 |
2014-08-22 | CVE-2014-3083 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.3 does not properly restrict resource access, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
2014-08-22 | CVE-2014-3070 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task in IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3 does not properly create accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | 5.0 |
2014-08-21 | CVE-2014-5385 | Shopizer | Improper Authentication vulnerability in Shopizer 1.1.5 com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 and earlier does not restrict the number of authentication attempts, which makes it easier for remote attackers to guess passwords via a brute force attack. | 5.0 |
2014-08-21 | CVE-2014-5384 | Freebsd Netbsd | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function. | 5.0 |
2014-08-21 | CVE-2014-3951 | Freebsd Netbsd | The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted argument to the iconv_open function. | 5.0 |
2014-08-19 | CVE-2014-5350 | Bitdefender | Path Traversal vulnerability in Bitdefender Gravityzone 5.1.5.386 Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. | 5.0 |
2014-08-19 | CVE-2014-5349 | Baidu | Buffer Errors vulnerability in Baidu Spark Browser 26.5.9999.3511 Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function. | 5.0 |
2014-08-19 | CVE-2014-4615 | Redhat Canonical Openstack | Information Exposure vulnerability in multiple products The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request). | 5.0 |
2014-08-19 | CVE-2014-3341 | Cisco | Information Exposure vulnerability in Cisco products The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616. | 5.0 |
2014-08-18 | CVE-2014-5266 | Wordpress Drupal Debian | Resource Management Errors vulnerability in multiple products The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265. | 5.0 |
2014-08-18 | CVE-2014-5265 | Wordpress Drupal Debian | Resource Management Errors vulnerability in multiple products The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 5.0 |
2014-08-22 | CVE-2014-3089 | IBM | Cryptographic Issues vulnerability in IBM products The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading a library file. | 4.9 |
2014-08-19 | CVE-2014-3472 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform 6.3.0 The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors. | 4.9 |
2014-08-18 | CVE-2014-1469 | Blackberry | Cryptographic Issues vulnerability in Blackberry products BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Service 10.x before 10.2.2 log cleartext credentials during exception handling, which allows local users to obtain sensitive information by reading the exception log file. | 4.9 |
2014-08-22 | CVE-2014-5149 | Opensuse XEN | Resource Management Errors vulnerability in multiple products Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5146. | 4.7 |
2014-08-22 | CVE-2014-5146 | Opensuse XEN | Resource Management Errors vulnerability in multiple products Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149. | 4.7 |
2014-08-22 | CVE-2013-6306 | IBM | Local Privilege Escalation vulnerability in IBM Power 7 Systems Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors. | 4.6 |
2014-08-23 | CVE-2013-6222 | HP | Cross-Site Scripting vulnerability in HP Service Manager Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-08-23 | CVE-2014-3587 | Christos Zoulas PHP | Numeric Errors vulnerability in multiple products Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. | 4.3 |
2014-08-22 | CVE-2014-5243 | Mediawiki | Improper Input Validation vulnerability in Mediawiki MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | 4.3 |
2014-08-22 | CVE-2014-5242 | Mediawiki | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox class in conjunction with an action=raw value. | 4.3 |
2014-08-22 | CVE-2014-5121 | Esri | Cross-Site Scripting vulnerability in Esri Arcgis for Server 10.1.1 Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 4.3 |
2014-08-22 | CVE-2014-0232 | Apache | Cross-Site Scripting vulnerability in Apache Ofbiz Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1) result or (2) error message. | 4.3 |
2014-08-22 | CVE-2014-3022 | IBM | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition. | 4.3 |
2014-08-22 | CVE-2014-0965 | IBM | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response. | 4.3 |
2014-08-21 | CVE-2010-5303 | Binarymoon | Cross-Site Scripting vulnerability in Binarymoon Timthumb 1.09 Cross-site scripting (XSS) vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 (r85), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to $errorString. | 4.3 |
2014-08-21 | CVE-2010-5302 | Binarymoon | Cross-Site Scripting vulnerability in Binarymoon Timthumb 1.09 Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb before 1.15 as of 20100908 (r88), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. | 4.3 |
2014-08-21 | CVE-2009-5142 | Binarymoon Prothemedesign | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter. | 4.3 |
2014-08-20 | CVE-2014-5382 | Schrack | Cross-Site Scripting vulnerability in Schrack products Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Schrack Technik microControl with firmware 1.7.0 (937) allow remote attackers to inject arbitrary web script or HTML via the position textbox in the configuration menu or other unspecified vectors. | 4.3 |
2014-08-20 | CVE-2014-4749 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Powervc 1.2.0.0/1.2.0.1/1.2.0.2 IBM PowerVC 1.2.0 before FixPack3 does not properly use the known_hosts file, which allows man-in-the-middle attackers to spoof SSH servers via an arbitrary server key. | 4.3 |
2014-08-20 | CVE-2014-3331 | Cisco | Improper Input Validation vulnerability in Cisco ASR 5000 Series Software The Session Manager component in Packet Data Network Gateway (aka PGW) in Cisco ASR 5000 Series Software 11.0, 12.0, 12.1, 12.2, 14.0, 15.0, 16.x through 16.1.2, and 17.0 allows remote attackers to cause a denial of service (process crash) via a crafted TCP packet, aka Bug ID CSCuo21914. | 4.3 |
2014-08-20 | CVE-2014-2511 | EMC | Cross-Site Scripting vulnerability in EMC products Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter. | 4.3 |
2014-08-19 | CVE-2014-5348 | Riverbed | Cross-Site Scripting vulnerability in Riverbed Steelapp Traffic Manager 9.6 Cross-site scripting (XSS) vulnerability in apps/zxtm/locallog.cgi in Riverbed Stingray (aka SteelApp) Traffic Manager Virtual Appliance 9.6 patchlevel 9620140312 allows remote attackers to inject arbitrary web script or HTML via the logfile parameter. | 4.3 |
2014-08-19 | CVE-2014-5345 | Disqus | Cross-Site Scripting vulnerability in Disqus Comment System Cross-site scripting (XSS) vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter. | 4.3 |
2014-08-19 | CVE-2014-5344 | Mobiloud | Cross-Site Scripting vulnerability in Mobiloud Multiple cross-site scripting (XSS) vulnerabilities in the Mobiloud (mobiloud-mobile-app-plugin) plugin before 2.3.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-08-19 | CVE-2014-5343 | Fengoffice | Cross-Site Scripting vulnerability in Fengoffice Feng Office Cross-site scripting (XSS) vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field. | 4.3 |
2014-08-19 | CVE-2014-5333 | Adobe Apple Microsoft Linux | Cross-Site Request Forgery (CSRF) vulnerability in Adobe Air, Adobe AIR SDK and Flash Player Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API, in conjunction with a manipulation involving a '$' (dollar sign) or '(' (open parenthesis) character. | 4.3 |
2014-08-20 | CVE-2014-3340 | Cisco | Path Traversal vulnerability in Cisco Webex Meetmenow Directory traversal vulnerability in an unspecified PHP script in the server in Cisco WebEx MeetMeNow allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCuo16166. | 4.0 |
2014-08-20 | CVE-2014-0640 | EMC | Permissions, Privileges, and Access Controls vulnerability in EMC RSA Archer Egrc 5.3/5.4/5.5 EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors. | 4.0 |
2014-08-19 | CVE-2014-3528 | Opensuse Apache Canonical Apple Redhat | Credentials Management vulnerability in multiple products Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. | 4.0 |
2014-08-19 | CVE-2014-3522 | Apache Opensuse Canonical Apple | Improper Validation of Certificate With Host Mismatch vulnerability in multiple products The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | 4.0 |
2014-08-19 | CVE-2014-3504 | Apache Canonical Serf Project | SSL Certificate Validation Information Disclosure vulnerability in Serf The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | 4.0 |
7 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-08-22 | CVE-2014-5338 | Check MK Project | Cross-Site Scripting vulnerability in Check MK Project Check MK 1.2.4/1.2.5 Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) render_status_icons function in htmllib.py or (2) ajax_action function in actions.py. | 3.5 |
2014-08-22 | CVE-2014-5274 | Phpmyadmin Opensuse | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js. | 3.5 |
2014-08-22 | CVE-2014-5273 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php. | 3.5 |
2014-08-19 | CVE-2014-3903 | Jayj | Cross-Site Scripting vulnerability in Jayj Cakifo Cross-site scripting (XSS) vulnerability in the Cakifo theme 1.x before 1.6.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via crafted Exif data. | 3.5 |
2014-08-20 | CVE-2014-2524 | Mageia GNU Opensuse Fedoraproject | Link Following vulnerability in multiple products The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. | 3.3 |
2014-08-20 | CVE-2014-4750 | IBM | Information Exposure vulnerability in IBM Powervc 1.2.0.0/1.2.0.1/1.2.0.2 IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP session for transferring files to a managed IVM, which allows remote attackers to discover credentials by sniffing the network. | 2.9 |
2014-08-18 | CVE-2014-5240 | Wordpress Debian | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL. | 2.1 |