Weekly Vulnerabilities Reports > August 25 to 31, 2014

Overview

93 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 99 products from 51 vendors including IBM, Google, Cisco, Opensuse, and Debian. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Cross-site Scripting", "Cross-Site Request Forgery (CSRF)", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 70 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 15 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 70 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 15 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

6 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-08-27 CVE-2014-3177 Google Code Injection vulnerability in Google Chrome

Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3176.

10.0
2014-08-27 CVE-2014-3176 Google Code Injection vulnerability in Google Chrome

Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177.

10.0
2014-08-27 CVE-2014-3175 Google Security vulnerability in Google Chrome

Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors, related to the load_truetype_glyph function in truetype/ttgload.c in FreeType and other functions in other components.

10.0
2014-08-28 CVE-2014-4619 EMC Improper Authentication vulnerability in EMC RSA Identity Management and Governance

EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers to bypass authentication via an arbitrary valid username.

9.3
2014-08-26 CVE-2014-3524 Apache Command Injection vulnerability in Apache OpenOffice Calc

Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.

9.3
2014-08-29 CVE-2014-2593 Arubanetworks Permissions, Privileges, and Access Controls vulnerability in Arubanetworks Clearpass Policy Manager 6.3.0.60730

The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as demonstrated by the (1) system status-rasession and (2) network ping commands.

9.0

18 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-08-29 CVE-2014-0600 Novell Information Exposure vulnerability in Novell Groupwise 2014

FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.

7.8
2014-08-28 CVE-2014-2380 Invensys Weak Encryption Security Weakness in Wonderware Information Server

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file.

7.8
2014-08-29 CVE-2014-5119 GNU
Debian
Numeric Errors vulnerability in multiple products

Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.

7.5
2014-08-29 CVE-2014-5073 Vmturbo Remote Command Execution vulnerability in VMTurbo Operations Manager '/cgi-bin/vmtadmin.cgi'

vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call.

7.5
2014-08-28 CVE-2014-5399 Invensys SQL Injection vulnerability in Invensys Wonderware Information Server

SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2014-08-27 CVE-2014-3171 Google Use After Free Remote Code Execution vulnerability in Google Chrome

Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations instead of HashMap set operations, related to bindings/core/v8/DOMWrapperMap.h and bindings/core/v8/SerializedScriptValue.cpp.

7.5
2014-08-27 CVE-2014-3169 Debian
Opensuse
Google
Use After Free Remote Code Execution vulnerability in Google Chrome

Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs before notification of node removal.

7.5
2014-08-27 CVE-2014-3168 Google
Debian
Opensuse
Use After Free Remote Code Execution vulnerability in Google Chrome

Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation.

7.5
2014-08-25 CVE-2014-5458 PHP Sqrl Project SQL Injection vulnerability in PHP-Sqrl Project PHP-Sqrl

SQL injection vulnerability in sqrl_verify.php in php-sqrl allows remote attackers to execute arbitrary SQL commands via the message parameter.

7.5
2014-08-25 CVE-2014-2216 Fortinet Denial of Service vulnerability in Fortinet FortiOS

The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted request.

7.5
2014-08-31 CVE-2013-2597 Codeaurora Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Codeaurora Android-Msm

Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that leverages /dev/msm_acdb access and provides a large size value in an ioctl argument.

7.2
2014-08-31 CVE-2013-2595 Codeaurora Permissions, Privileges, and Access Controls vulnerability in Codeaurora Android-Msm

The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which allows attackers to gain privileges via a crafted application.

7.2
2014-08-29 CVE-2013-5467 IBM
Linux
Permissions, Privileges, and Access Controls vulnerability in IBM products

Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM) on UNIX allow local users to gain privileges via unspecified vectors.

7.2
2014-08-26 CVE-2014-5307 Pandasecurity Buffer Errors vulnerability in Pandasecurity products

Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Panda Security 2014 products before hft131306s24_r1 allows local users to gain privileges via a crafted argument to a 0x222008 IOCTL call.

7.2
2014-08-25 CVE-2014-5453 UBI Permissions, Privileges, and Access Controls vulnerability in UBI Uplay PC

Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: Full Control) for the program installation directory (%PROGRAMFILES%\Ubisoft Game Launcher), which allows local users to gain privileges via a Trojan horse file.

7.2
2014-08-25 CVE-2014-4325 Little Kernel Project Improper Authentication vulnerability in Little Kernel Project Little Kernel Bootloader

The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by using fastboot mode in a boot command for an arbitrary kernel image.

7.2
2014-08-25 CVE-2014-0973 Little Kernel Project Improper Authentication vulnerability in Little Kernel Project Little Kernel Bootloader

The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSA_public_decrypt API specification, which makes it easier for attackers to bypass boot-image authentication requirements via trailing data.

7.2
2014-08-28 CVE-2014-0761 Qeiinc Improper Input Validation vulnerability in Qeiinc Epaq-9410 Substation Gateway

The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.

7.1

54 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-08-25 CVE-2014-5455 Openvpn
Privatetunnel
Unquoted Search Path OR Element vulnerability in multiple products

Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.

6.9
2014-08-29 CVE-2014-2390 Mcafee Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Network Security Manager

Cross-site request forgery (CSRF) vulnerability in the User Management module in McAfee Network Security Manager (NSM) before 6.1.15.39 7.1.5.x before 7.1.5.15, 7.1.15.x before 7.1.15.7, 7.5.x before 7.5.5.9, and 8.x before 8.1.7.3 allows remote attackers to hijack the authentication of users for requests that modify user accounts via unspecified vectors.

6.8
2014-08-26 CVE-2014-5263 Qemu Buffer Errors vulnerability in Qemu 1.6.0

vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infinite loop, and memory corruption) and possibly gain privileges via unspecified vectors.

6.8
2014-08-26 CVE-2014-5035 Opendaylight XML External Entity Injection vulnerability in Opendaylight 1.0

The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, related to an XML External Entity (XXE) issue.

6.8
2014-08-26 CVE-2014-3907 Mailpoet Cross-Site Request Forgery (CSRF) vulnerability in Mailpoet Newsletters

Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary users.

6.8
2014-08-26 CVE-2014-3061 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Emptoris Spend Analysis

Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

6.8
2014-08-26 CVE-2014-2528 Kdirstat Project
Opensuse
kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' (single quote) character in the directory name, a different vulnerability than CVE-2014-2527.
6.8
2014-08-26 CVE-2014-2527 Kdirstat Project
Opensuse
Remote Command Injection vulnerability in K4DirStat

kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a " (double quote) character in the directory name, a different vulnerability than CVE-2014-2528.

6.8
2014-08-25 CVE-2014-5335 Innovaphone Cross-Site Request Forgery (CSRF) vulnerability in Innovaphone PBX 10.00

Multiple cross-site request forgery (CSRF) vulnerabilities in innovaphone PBX 10.00 sr11 and earlier allow remote attackers to hijack the authentication of administrators for requests that modify configurations or user accounts, as demonstrated by (1) changing the administrator password via a crafted request to CMD0/mod_cmd.xml or (2) adding a new SIP user via a crafted request to PBX0/ADMIN/mod_cmd_login.xml.

6.8
2014-08-31 CVE-2013-2598 Codeaurora Improper Input Validation vulnerability in Codeaurora Android-Msm

app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory locations within bootloader memory.

6.6
2014-08-26 CVE-2014-3041 IBM SQL Injection vulnerability in IBM Emptoris Contract Management

SQL injection vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2014-08-27 CVE-2014-3172 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL.

6.4
2014-08-27 CVE-2014-3170 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character.

6.4
2014-08-29 CVE-2014-3346 Cisco Improper Input Validation vulnerability in Cisco Transport Gateway Installation Software 4.0

The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) does not validate an unspecified parameter, which allows remote authenticated users to cause a denial of service (service crash) via a crafted string, aka Bug ID CSCuq31819.

6.3
2014-08-28 CVE-2014-4199 Vmware Link Following vulnerability in VMWare Tools, Vm-Support and Workstation

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.

6.3
2014-08-29 CVE-2014-3024 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Maximo Asset Management and Smartcloud Control Desk

Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbitrary users.

6.0
2014-08-26 CVE-2014-0482 Opensuse
Djangoproject
Improper Authentication vulnerability in multiple products

The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.

6.0
2014-08-26 CVE-2014-3040 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM products

Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4; and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

6.0
2014-08-25 CVE-2014-5454 SAS Arbitrary File Upload vulnerability in SAS Visual Analytics 6.4

Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.

6.0
2014-08-30 CVE-2014-3908 Amazon Cryptographic Issues vulnerability in Amazon Kindle 4.4.0/4.4.4

The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.8
2014-08-29 CVE-2014-5127 III Open Redirection vulnerability in III Encore Discovery Solution 4.3

Open redirect vulnerability in Innovative Interfaces Encore Discovery Solution 4.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter.

5.8
2014-08-27 CVE-2014-3596 Apache SSL Certificate Validation Security Bypass vulnerability in Apache Axis Incomplete Fix

The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field.

5.8
2014-08-26 CVE-2014-0480 Opensuse
Djangoproject
Improper Input Validation vulnerability in multiple products

The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.

5.8
2014-08-28 CVE-2014-3347 Cisco Resource Management Errors vulnerability in Cisco products

Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid state of the hardware encryption module, aka Bug ID CSCul77897.

5.4
2014-08-31 CVE-2013-2599 Codeaurora Local Information Disclosure vulnerability in Multiple Code Aurora Forum Products

A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption passwords via a logcat call.

5.0
2014-08-29 CVE-2014-5337 Wordpress Mobile Pack Project
Wpmobilepack
Permissions, Privileges, and Access Controls vulnerability in multiple products

The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php.

5.0
2014-08-29 CVE-2014-5128 III Information Exposure vulnerability in III Encore Discovery Solution 4.3

Innovative Interfaces Encore Discovery Solution 4.3 places a session token in the URI, which might allow remote attackers to obtain sensitive information via unspecified vectors.

5.0
2014-08-29 CVE-2014-3351 Cisco Information Exposure vulnerability in Cisco Cloud Portal

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, aka Bug IDs CSCuh87398 and CSCuh87380.

5.0
2014-08-28 CVE-2014-3345 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Transport Gateway Installation Software 4.0

The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which allows remote attackers to modify the product via a crafted URL, aka Bug ID CSCuq31503.

5.0
2014-08-27 CVE-2014-3174 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service (read of uninitialized memory) via crafted API calls.

5.0
2014-08-27 CVE-2014-3173 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service (read of uninitialized memory) via a crafted CANVAS element, related to gpu/command_buffer/service/framebuffer_manager.cc and gpu/command_buffer/service/gles2_cmd_decoder.cc.

5.0
2014-08-25 CVE-2014-3589 Debian
Python
Opensuse
Improper Input Validation vulnerability in multiple products

PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.

5.0
2014-08-29 CVE-2014-3084 IBM Permissions, Privileges, and Access Controls vulnerability in IBM products

IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2.8, 7.1, and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended write-access restrictions on calendar entries via unspecified vectors.

4.9
2014-08-29 CVE-2014-0888 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Mobile Foundation and Worklight

IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in Worklight and Mobile Foundation, allows remote authenticated users to bypass the application-authenticity feature via unspecified vectors.

4.9
2014-08-26 CVE-2014-4790 IBM Permissions, Privileges, and Access Controls vulnerability in IBM products

IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue.

4.9
2014-08-25 CVE-2014-5253 Openstack
Canonical
Credentials Management vulnerability in multiple products

OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.

4.9
2014-08-25 CVE-2014-5252 Openstack
Canonical
Credentials Management vulnerability in multiple products

The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.

4.9
2014-08-25 CVE-2014-5251 Openstack
Canonical
Credentials Management vulnerability in multiple products

The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.

4.9
2014-08-28 CVE-2014-4200 Vmware Permissions, Privileges, and Access Controls vulnerability in VMWare Tools, Vm-Support and Workstation

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.

4.7
2014-08-28 CVE-2014-0762 Qeiinc Improper Input Validation vulnerability in Qeiinc Epaq-9410 Substation Gateway

The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows physically proximate attackers to cause a denial of service (infinite loop or process crash) via crafted input over a serial line.

4.7
2014-08-26 CVE-2014-3335 Cisco Improper Input Validation vulnerability in Cisco products

Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750.

4.6
2014-08-30 CVE-2014-3352 Cisco Improper Input Validation vulnerability in Cisco Cloud Portal

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID CSCuh84801.

4.3
2014-08-29 CVE-2014-5147 XEN Permissions, Privileges, and Access Controls vulnerability in XEN 4.4.0

Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process.

4.3
2014-08-29 CVE-2010-5110 Freedesktop Improper Input Validation vulnerability in Freedesktop Poppler

DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

4.3
2014-08-29 CVE-2014-4930 Zohocorp Cross-Site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 7.0/9.0

Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the (1) width, (2) height, (3) url, (4) helpP, (5) tab, (6) module, (7) completeData, (8) RBBNAME, (9) TC, (10) rtype, (11) eventCriteria, (12) q, (13) flushCache, or (14) product parameter.

4.3
2014-08-29 CVE-2012-1503 Sixapart Cross-Site Scripting vulnerability in Sixapart Movable Type 5.13

Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.

4.3
2014-08-28 CVE-2014-5397 Invensys Cross-Site Scripting vulnerability in Invensys Wonderware Information Server

Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-08-28 CVE-2014-3344 Cisco Cross-Site Scripting vulnerability in Cisco Transport Gateway Installation Software 4.0

Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq31129, CSCuq31134, CSCuq31137, and CSCuq31563.

4.3
2014-08-27 CVE-2014-3575 Redhat
Apache
SUN
Permissions, Privileges, and Access Controls vulnerability in multiple products

The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.

4.3
2014-08-26 CVE-2014-5336 Monkey Project Improper Input Validation vulnerability in Monkey-Project Monkey

Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) is enabled and custom error messages are set, allows remote attackers to cause a denial of service (file descriptor consumption) via an HTTP request that triggers an error message.

4.3
2014-08-26 CVE-2014-0481 Opensuse
Opensuse Project
Djangoproject
Debian
Resource Management Errors vulnerability in multiple products

The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.

4.3
2014-08-29 CVE-2014-3350 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Cloud Portal

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly implement URL redirection, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCuh84870.

4.0
2014-08-29 CVE-2014-3349 Cisco Improper Input Validation vulnerability in Cisco Cloud Portal

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files via a crafted request, aka Bug ID CSCuh87410.

4.0
2014-08-25 CVE-2014-5356 Openstack
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.

4.0

15 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-08-29 CVE-2014-0897 IBM Cryptographic Issues vulnerability in IBM Flex System Manager

The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account creation, which makes it easier for remote authenticated users to defeat cryptographic protection mechanisms via unspecified vectors.

3.5
2014-08-26 CVE-2014-3035 IBM Cross-Site Scripting vulnerability in IBM Emptoris Spend Analysis

Cross-site scripting (XSS) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2014-08-26 CVE-2014-3034 IBM Cross-Site Scripting vulnerability in IBM Emptoris Contract Management

Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2014-08-26 CVE-2014-0483 Opensuse
Djangoproject
Permissions, Privileges, and Access Controls vulnerability in multiple products

The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field parameter in a popup action to an admin change form page, as demonstrated by a /admin/auth/user/?pop=1&t=password URI.

3.5
2014-08-26 CVE-2014-3033 IBM Cross-Site Scripting vulnerability in IBM Emptoris Sourcing Portfolio

Cross-site scripting (XSS) vulnerability in IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2014-08-31 CVE-2013-6124 Codeaurora Link Following vulnerability in Codeaurora Android-Msm

The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary file via an attack on the sensor-settings file.

3.3
2014-08-26 CVE-2013-6335 IBM
Linux
HP
Oracle
Improper Preservation of Permissions vulnerability in IBM Tivoli Storage Manager

The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.

3.3
2014-08-29 CVE-2014-5247 Ganeti Project Permissions, Privileges, and Access Controls vulnerability in Ganeti Project Ganeti

The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other sensitive information by reading the file, related to the upgrade command.

2.1
2014-08-29 CVE-2014-4806 IBM
Linux
Cryptographic Issues vulnerability in IBM Security Appscan

The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file.

2.1
2014-08-29 CVE-2014-3093 IBM Cryptographic Issues vulnerability in IBM Powervc

IBM PowerVC 1.2.0 before FP3 and 1.2.1 before FP2 uses cleartext passwords in (1) api-paste.ini, (2) debug logs, (3) the installation process, (4) environment checks, (5) powervc-ldap-config, (6) powervc-restore, and (7) powervc-diag, which allows local users to obtain sensitive information by entering a ps command or reading a file.

2.1
2014-08-28 CVE-2014-5398 Invensys Improper Input Validation vulnerability in Invensys Wonderware Information Server

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

2.1
2014-08-28 CVE-2014-2381 Invensys Weak Encryption Security Weakness in Wonderware Information Server

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file.

2.1
2014-08-25 CVE-2014-5457 Qnap Permissions, Privileges, and Access Controls vulnerability in Qnap products

QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed passwords by reading the password.

2.1
2014-08-25 CVE-2014-5456 Social Stats Project Cross-Site Scripting vulnerability in Social Stats Project Social Stats

Cross-site scripting (XSS) vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the "[Content Type]: Create new content" permission to inject arbitrary web script or HTML via vectors related to the configuration.

2.1
2014-08-25 CVE-2014-0974 Little Kernel Project Permissions, Privileges, and Access Controls vulnerability in Little Kernel Project Little Kernel Bootloader

The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a controllable memory location by leveraging the ability to initiate an attempted boot of an arbitrary image.

1.9