Weekly Vulnerabilities Reports > August 18 to 24, 2014

Overview

97 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 15 high severity vulnerabilities. This weekly summary report vulnerabilities in 134 products from 54 vendors including IBM, EMC, Opensuse, Canonical, and Apache. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Cross-Site Request Forgery (CSRF)", "Information Exposure", and "SQL Injection".

  • 84 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 30 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 80 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • HP has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

6 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-08-23 CVE-2014-2632 HP Remote Privilege Escalation vulnerability in HP Service Manager

Unspecified vulnerability in the WebTier component in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to execute arbitrary code via unknown vectors.

10.0
2014-08-22 CVE-2014-5246 Tenda Permissions, Privileges, and Access Controls vulnerability in Tenda A5S and A5S Firmware

The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.

10.0
2014-08-22 CVE-2014-3525 Apache Security vulnerability in Apache Traffic Server

Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.

10.0
2014-08-21 CVE-2014-5210 Alienvault Code Injection vulnerability in Alienvault Open Source Security Information Management

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.

10.0
2014-08-21 CVE-2014-5158 Alienvault Code Injection vulnerability in Alienvault Open Source Security Information Management

The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors.

10.0
2014-08-23 CVE-2014-2634 HP Remote Unauthorized Access vulnerability in HP Service Manager

Unspecified vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to bypass intended access restrictions, and modify data or cause a denial of service, via unknown vectors.

9.4

15 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-08-20 CVE-2014-4618 EMC Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Content Server

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object.

8.5
2014-08-20 CVE-2014-2515 EMC Permissions, Privileges, and Access Controls vulnerability in EMC Documentum D2

EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket.

8.5
2014-08-22 CVE-2014-5396 Schrack Unspecified vulnerability in Schrack products

The web interface in Schrack Technik microControl with firmware before 1.7.0 (937) has a hardcoded password of not for the "user" account, which makes it easier for remote attackers to obtain access via unspecified vectors.

7.5
2014-08-22 CVE-2014-5262 Cacti SQL Injection vulnerability in Cacti

SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2014-08-22 CVE-2014-5261 Cacti Code Injection vulnerability in Cacti

The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php.

7.5
2014-08-22 CVE-2014-5097 Freereprintables SQL Injection vulnerability in Freereprintables Articlefr 3.0.4

Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to rate.php.

7.5
2014-08-22 CVE-2014-4197 Bssys SQL Injection vulnerability in Bssys RBS Bs-Client 3.17.9

Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allow remote attackers to execute arbitrary SQL commands via the (1) CARDS or (2) XACTION parameter.

7.5
2014-08-21 CVE-2014-5159 Alienvault SQL Injection vulnerability in Alienvault Open Source Security Information Management

SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter.

7.5
2014-08-20 CVE-2014-3514 Rubyonrails Permissions, Privileges, and Access Controls vulnerability in Rubyonrails Rails

activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls.

7.5
2014-08-19 CVE-2014-3490 Redhat Information Disclosure vulnerability in RESTEasy Incomplete Fix XML Entity References

RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue.

7.5
2014-08-19 CVE-2014-3906 KK OSK SQL Injection vulnerability in Kk-Osk Advance-Flow and Advance-Flow Forms

SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and Advance-Flow Forms 4.41 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2014-08-18 CVE-2014-5203 Wordpress Unspecified vulnerability in Wordpress 3.9.0/3.9.1

wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.

7.5
2014-08-22 CVE-2014-3563 Saltstack Link Following vulnerability in Saltstack Salt

Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

7.2
2014-08-18 CVE-2014-5206 Linux
Canonical
Improper Privilege Management vulnerability in multiple products

The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount" command within a user namespace.

7.2
2014-08-22 CVE-2014-4764 IBM Denial of Service vulnerability in IBM WebSphere Application Server

IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3, when Load Balancer for IPv4 Dispatcher is enabled, allows remote attackers to cause a denial of service (Load Balancer crash) via unspecified vectors.

7.1

68 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-08-19 CVE-2014-5033 Debian
Canonical
KDE
Race Condition vulnerability in multiple products

KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."

6.9
2014-08-23 CVE-2014-2633 HP Cross-Site Request Forgery (CSRF) vulnerability in HP Service Manager

Cross-site request forgery (CSRF) vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2014-08-23 CVE-2014-3597 PHP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP

Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function.

6.8
2014-08-22 CVE-2014-5241 Mediawiki Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki

The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with a restricted character set.

6.8
2014-08-20 CVE-2014-4929 Owncloud Path Traversal vulnerability in Owncloud

Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a ..

6.8
2014-08-20 CVE-2014-2518 EMC Cross-Site Request Forgery (CSRF) vulnerability in EMC products

Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users.

6.8
2014-08-20 CVE-2014-0641 EMC Cross-Site Request Forgery (CSRF) vulnerability in EMC RSA Archer Egrc 5.3/5.4/5.5

Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.

6.8
2014-08-19 CVE-2014-5347 Disqus Cross-Site Request Forgery (CSRF) vulnerability in Disqus Comment System

Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin before 2.76 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) disqus_replace, (2) disqus_public_key, or (3) disqus_secret_key parameter to wp-admin/edit-comments.php in manage.php or that (4) reset or (5) delete plugin options via the reset parameter to wp-admin/edit-comments.php.

6.8
2014-08-19 CVE-2014-5346 Disqus Cross-Site Request Forgery (CSRF) vulnerability in Disqus Comment System 2.77

Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) activate or (2) deactivate the plugin via the active parameter to wp-admin/edit-comments.php, (3) import comments via an import_comments action, or (4) export comments via an export_comments action to wp-admin/index.php.

6.8
2014-08-18 CVE-2014-5205 Wordpress Cross-Site Request Forgery (CSRF) vulnerability in Wordpress

wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.

6.8
2014-08-18 CVE-2014-5204 Debian
Wordpress
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.

6.8
2014-08-22 CVE-2014-4767 IBM Code Injection vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.3 does not properly use the Liberty Repository for feature installation, which allows remote authenticated users to execute arbitrary code via unspecified vectors.

6.5
2014-08-21 CVE-2014-5383 Alienvault SQL Injection vulnerability in Alienvault Open Source Security Information Management

SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2014-08-20 CVE-2014-2517 EMC Privilege Escalation vulnerability in EMC RSA Archer Egrc 5.3/5.4/5.5

Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors.

6.5
2014-08-23 CVE-2014-5120 PHP Improper Input Validation vulnerability in PHP

gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.

6.4
2014-08-20 CVE-2014-2521 EMC Information Exposure vulnerability in EMC Documentum Content Server

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command.

6.3
2014-08-20 CVE-2014-2520 EMC Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Content Server

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request.

6.3
2014-08-18 CVE-2014-5207 Linux
Canonical
Improper Privilege Management vulnerability in multiple products

fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace.

6.2
2014-08-18 CVE-2014-2388 Blackberry Permissions, Privileges, and Access Controls vulnerability in Blackberry products

The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode.

6.1
2014-08-22 CVE-2014-5122 Esri Open Redirection vulnerability in Esri Arcgis for Server 10.1.1

Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, related to login.

5.8
2014-08-21 CVE-2014-3577 Apache Unspecified vulnerability in Apache Httpasyncclient and Httpclient

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.

5.8
2014-08-19 CVE-2014-3464 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform 6.2.0/6.3.0

The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.

5.5
2014-08-20 CVE-2014-2505 EMC Remote Code Execution vulnerability in EMC RSA Archer Egrc 5.3/5.4/5.5

EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.

5.4
2014-08-22 CVE-2014-5368 WP Content Source Control Project Path Traversal vulnerability in WP Content Source Control Project WP Content Source Control 3.0.0

Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a ..

5.0
2014-08-22 CVE-2014-3436 Symantec Cryptographic Issues vulnerability in Symantec Encryption Desktop and PGP Desktop

Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size.

5.0
2014-08-22 CVE-2014-3083 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.3 does not properly restrict resource access, which allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2014-08-22 CVE-2014-3070 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server

The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task in IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3 does not properly create accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

5.0
2014-08-21 CVE-2014-5385 Shopizer Improper Authentication vulnerability in Shopizer 1.1.5

com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 and earlier does not restrict the number of authentication attempts, which makes it easier for remote attackers to guess passwords via a brute force attack.

5.0
2014-08-21 CVE-2014-5384 Freebsd
Netbsd
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function.

5.0
2014-08-21 CVE-2014-3951 Freebsd
Netbsd
The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted argument to the iconv_open function.
5.0
2014-08-21 CVE-2014-3562 Fedoraproject
Redhat
Information Exposure vulnerability in multiple products

Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.

5.0
2014-08-19 CVE-2014-5350 Bitdefender Path Traversal vulnerability in Bitdefender Gravityzone 5.1.5.386

Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) ..

5.0
2014-08-19 CVE-2014-5349 Baidu Buffer Errors vulnerability in Baidu Spark Browser 26.5.9999.3511

Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function.

5.0
2014-08-19 CVE-2014-4615 Redhat
Canonical
Openstack
Information Exposure vulnerability in multiple products

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request).

5.0
2014-08-19 CVE-2014-3341 Cisco Information Exposure vulnerability in Cisco products

The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616.

5.0
2014-08-18 CVE-2014-5266 Wordpress
Drupal
Debian
Resource Management Errors vulnerability in multiple products

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.

5.0
2014-08-18 CVE-2014-5265 Wordpress
Drupal
Debian
Resource Management Errors vulnerability in multiple products

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

5.0
2014-08-22 CVE-2014-3089 IBM Cryptographic Issues vulnerability in IBM products

The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading a library file.

4.9
2014-08-19 CVE-2014-3472 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform 6.3.0

The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors.

4.9
2014-08-18 CVE-2014-1469 Blackberry Cryptographic Issues vulnerability in Blackberry products

BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Service 10.x before 10.2.2 log cleartext credentials during exception handling, which allows local users to obtain sensitive information by reading the exception log file.

4.9
2014-08-22 CVE-2014-5149 Opensuse
XEN
Resource Management Errors vulnerability in multiple products

Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5146.

4.7
2014-08-22 CVE-2014-5146 Opensuse
XEN
Resource Management Errors vulnerability in multiple products

Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149.

4.7
2014-08-22 CVE-2013-6306 IBM Local Privilege Escalation vulnerability in IBM Power 7 Systems

Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.

4.6
2014-08-23 CVE-2013-6222 HP Cross-Site Scripting vulnerability in HP Service Manager

Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-08-23 CVE-2014-3587 Christos Zoulas
PHP
Numeric Errors vulnerability in multiple products

Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

4.3
2014-08-22 CVE-2014-5243 Mediawiki Improper Input Validation vulnerability in Mediawiki

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

4.3
2014-08-22 CVE-2014-5242 Mediawiki Cross-Site Scripting vulnerability in Mediawiki

Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox class in conjunction with an action=raw value.

4.3
2014-08-22 CVE-2014-5121 Esri Cross-Site Scripting vulnerability in Esri Arcgis for Server 10.1.1

Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.

4.3
2014-08-22 CVE-2014-0232 Apache Cross-Site Scripting vulnerability in Apache Ofbiz

Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1) result or (2) error message.

4.3
2014-08-22 CVE-2014-3022 IBM Information Exposure vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition.

4.3
2014-08-22 CVE-2014-0965 IBM Information Exposure vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response.

4.3
2014-08-21 CVE-2010-5303 Binarymoon Cross-Site Scripting vulnerability in Binarymoon Timthumb 1.09

Cross-site scripting (XSS) vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 (r85), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to $errorString.

4.3
2014-08-21 CVE-2010-5302 Binarymoon Cross-Site Scripting vulnerability in Binarymoon Timthumb 1.09

Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb before 1.15 as of 20100908 (r88), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.

4.3
2014-08-21 CVE-2009-5142 Binarymoon
Prothemedesign
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter.

4.3
2014-08-20 CVE-2014-5382 Schrack Cross-Site Scripting vulnerability in Schrack products

Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Schrack Technik microControl with firmware 1.7.0 (937) allow remote attackers to inject arbitrary web script or HTML via the position textbox in the configuration menu or other unspecified vectors.

4.3
2014-08-20 CVE-2014-4749 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Powervc 1.2.0.0/1.2.0.1/1.2.0.2

IBM PowerVC 1.2.0 before FixPack3 does not properly use the known_hosts file, which allows man-in-the-middle attackers to spoof SSH servers via an arbitrary server key.

4.3
2014-08-20 CVE-2014-3331 Cisco Improper Input Validation vulnerability in Cisco ASR 5000 Series Software

The Session Manager component in Packet Data Network Gateway (aka PGW) in Cisco ASR 5000 Series Software 11.0, 12.0, 12.1, 12.2, 14.0, 15.0, 16.x through 16.1.2, and 17.0 allows remote attackers to cause a denial of service (process crash) via a crafted TCP packet, aka Bug ID CSCuo21914.

4.3
2014-08-20 CVE-2014-2511 EMC Cross-Site Scripting vulnerability in EMC products

Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter.

4.3
2014-08-19 CVE-2014-5348 Riverbed Cross-Site Scripting vulnerability in Riverbed Steelapp Traffic Manager 9.6

Cross-site scripting (XSS) vulnerability in apps/zxtm/locallog.cgi in Riverbed Stingray (aka SteelApp) Traffic Manager Virtual Appliance 9.6 patchlevel 9620140312 allows remote attackers to inject arbitrary web script or HTML via the logfile parameter.

4.3
2014-08-19 CVE-2014-5345 Disqus Cross-Site Scripting vulnerability in Disqus Comment System

Cross-site scripting (XSS) vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter.

4.3
2014-08-19 CVE-2014-5344 Mobiloud Cross-Site Scripting vulnerability in Mobiloud

Multiple cross-site scripting (XSS) vulnerabilities in the Mobiloud (mobiloud-mobile-app-plugin) plugin before 2.3.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-08-19 CVE-2014-5343 Fengoffice Cross-Site Scripting vulnerability in Fengoffice Feng Office

Cross-site scripting (XSS) vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field.

4.3
2014-08-19 CVE-2014-5333 Adobe
Google
Apple
Microsoft
Linux
Cross-Site Request Forgery (CSRF) vulnerability in Adobe Air, Adobe AIR SDK and Flash Player

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API, in conjunction with a manipulation involving a '$' (dollar sign) or '(' (open parenthesis) character.

4.3
2014-08-20 CVE-2014-3340 Cisco Path Traversal vulnerability in Cisco Webex Meetmenow

Directory traversal vulnerability in an unspecified PHP script in the server in Cisco WebEx MeetMeNow allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCuo16166.

4.0
2014-08-20 CVE-2014-0640 EMC Permissions, Privileges, and Access Controls vulnerability in EMC RSA Archer Egrc 5.3/5.4/5.5

EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors.

4.0
2014-08-19 CVE-2014-3528 Opensuse
Apache
Canonical
Apple
Redhat
Credentials Management vulnerability in multiple products

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.

4.0
2014-08-19 CVE-2014-3522 Apache
Opensuse
Canonical
Apple
Improper Validation of Certificate With Host Mismatch vulnerability in multiple products

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

4.0
2014-08-19 CVE-2014-3504 Apache
Canonical
Serf Project
SSL Certificate Validation Information Disclosure vulnerability in Serf

The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

4.0

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-08-22 CVE-2014-5338 Check MK Project Cross-Site Scripting vulnerability in Check MK Project Check MK 1.2.4/1.2.5

Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) render_status_icons function in htmllib.py or (2) ajax_action function in actions.py.

3.5
2014-08-22 CVE-2014-3594 Openstack
Opensuse
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.

3.5
2014-08-22 CVE-2014-5274 Phpmyadmin
Opensuse
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js.

3.5
2014-08-22 CVE-2014-5273 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php.

3.5
2014-08-19 CVE-2014-3903 Jayj Cross-Site Scripting vulnerability in Jayj Cakifo

Cross-site scripting (XSS) vulnerability in the Cakifo theme 1.x before 1.6.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via crafted Exif data.

3.5
2014-08-20 CVE-2014-2524 Mageia
GNU
Opensuse
Fedoraproject
Link Following vulnerability in multiple products

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

3.3
2014-08-20 CVE-2014-4750 IBM Information Exposure vulnerability in IBM Powervc 1.2.0.0/1.2.0.1/1.2.0.2

IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP session for transferring files to a managed IVM, which allows remote attackers to discover credentials by sniffing the network.

2.9
2014-08-18 CVE-2014-5240 Wordpress
Debian
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.

2.1