Weekly Vulnerabilities Reports > October 6 to 12, 2014

Overview

160 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 42 high severity vulnerabilities. This weekly summary report vulnerabilities in 131 products from 82 vendors including Redhat, Cisco, Google, Drupal, and HP. Vulnerabilities are notably categorized as "Cross-site Scripting", "Cryptographic Issues", "Resource Management Errors", "Permissions, Privileges, and Access Controls", and "Code Injection".

  • 136 reported vulnerabilities are remotely exploitables.
  • 11 reported vulnerabilities have public exploit available.
  • 47 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 126 reported vulnerabilities are exploitable by an anonymous user.
  • Redhat has the most reported vulnerabilities, with 18 reported vulnerabilities.
  • Cyberoam has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

15 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-10-10 CVE-2014-2648 HP
Linux
Remote Code Execution vulnerability in HP Operations Manager

Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.

10.0
2014-10-08 CVE-2014-7205 Bassmaster Project Code Injection vulnerability in Bassmaster Project Bassmaster

Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors.

10.0
2014-10-08 CVE-2014-3188 Google
Redhat
Code Injection vulnerability in Google Chrome and Chrome OS

Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h.

10.0
2014-10-07 CVE-2014-7235 Freepbx
Sangoma
Code Injection vulnerability in multiple products

htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.

10.0
2014-10-07 CVE-2014-6434 Gopro OS Command Injection vulnerability in Gopro Hero and Gopro Hero Firmware

gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action.

10.0
2014-10-07 CVE-2014-6433 Gopro Code Injection vulnerability in Gopro Hero and Gopro Hero Firmware

gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action.

10.0
2014-10-07 CVE-2014-5503 Cyberoam SQL Injection vulnerability in Cyberoam OS

SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode.

10.0
2014-10-07 CVE-2014-6287 Rejetto Code Injection vulnerability in Rejetto Http File Server 2.3/2.3A/2.3B

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.

10.0
2014-10-06 CVE-2014-0397 Oracle Buffer Errors vulnerability in Oracle Solaris 10/11.1

Multiple unspecified vulnerabilities in libXtsol in Oracle Solaris 10 and 11.1 have unspecified impact and attack vectors related to "Buffer errors."

10.0
2014-10-07 CVE-2014-5501 Cyberoam Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cyberoam OS

Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary code via a crafted webpage or file.

9.3
2014-10-06 CVE-2013-2645 TP Link Cross-Site Request Forgery (CSRF) vulnerability in Tp-Link Firmware Tlwr1043Ndv1120405

Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for requests that (1) enable FTP access (aka "FTP directory traversal") to /tmp via the shareEntire parameter to userRpm/NasFtpCfgRpm.htm, (2) change the FTP administrative password via the nas_admin_pwd parameter to userRpm/NasUserAdvRpm.htm, (3) enable FTP on the WAN interface via the internetA parameter to userRpm/NasFtpCfgRpm.htm, (4) launch the FTP service via the startFtp parameter to userRpm/NasFtpCfgRpm.htm, or (5) enable or disable bandwidth limits via the QoSCtrl parameter to userRpm/QoSCfgRpm.htm.

9.3
2014-10-10 CVE-2014-3389 Cisco Command Injection vulnerability in Cisco Adaptive Security Appliance (ASA) Software

The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.6), and 9.3 before 9.3(1.1) does not properly implement a tunnel filter, which allows remote authenticated users to obtain failover-unit access via crafted packets, aka Bug ID CSCuq28582.

9.0
2014-10-08 CVE-2014-5308 Testlink SQL Injection vulnerability in Testlink 1.9.11

Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php.

9.0
2014-10-07 CVE-2014-5502 Cyberoam OS Command Injection vulnerability in Cyberoam OS

The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode.

9.0
2014-10-07 CVE-2014-4868 Brocade OS Command Injection vulnerability in Brocade Vyatta 5400 Vrouter and Vyatta 5400 Vrouter Software

The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command.

9.0

42 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-10-10 CVE-2014-3392 Cisco Improper Input Validation vulnerability in Cisco Adaptive Security Appliance Software

The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows remote attackers to obtain sensitive information from process memory or modify memory contents via crafted parameters, aka Bug ID CSCuq29136.

8.3
2014-10-10 CVE-2014-3388 Cisco Resource Management Errors vulnerability in Cisco ASA 9.0/9.1/9.2

The DNS inspection engine in Cisco ASA Software 9.0 before 9.0(4.13), 9.1 before 9.1(5.7), and 9.2 before 9.2(2) allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCuo68327.

7.8
2014-10-10 CVE-2014-3387 Cisco Resource Management Errors vulnerability in Cisco ASA

The SunRPC inspection engine in Cisco ASA Software 7.2 before 7.2(5.14), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.3) allows remote attackers to cause a denial of service (device reload) via crafted SunRPC packets, aka Bug ID CSCun11074.

7.8
2014-10-10 CVE-2014-3386 Cisco Resource Management Errors vulnerability in Cisco ASA

The GPRS Tunneling Protocol (GTP) inspection engine in Cisco ASA Software 8.2 before 8.2(5.51), 8.4 before 8.4(7.15), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted series of GTP packets, aka Bug ID CSCum56399.

7.8
2014-10-10 CVE-2014-3385 Cisco Race Condition vulnerability in Cisco ASA

Race condition in the Health and Performance Monitoring (HPM) for ASDM feature in Cisco ASA Software 8.3 before 8.3(2.42), 8.4 before 8.4(7.11), 8.5 before 8.5(1.19), 8.6 before 8.6(1.13), 8.7 before 8.7(1.11), 9.0 before 9.0(4.8), and 9.1 before 9.1(4.5) allows remote attackers to cause a denial of service (device reload) via TCP traffic that triggers many half-open connections at the same time, aka Bug ID CSCum00556.

7.8
2014-10-10 CVE-2014-3384 Cisco Resource Management Errors vulnerability in Cisco ASA

The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted packet that is sent during tunnel creation, aka Bug ID CSCum96401.

7.8
2014-10-10 CVE-2014-3383 Cisco Resource Management Errors vulnerability in Cisco ASA 9.1/9.1.5

The IKE implementation in the VPN component in Cisco ASA Software 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted UDP packets, aka Bug ID CSCul36176.

7.8
2014-10-10 CVE-2014-3382 Cisco SQL Injection vulnerability in Cisco ASA

The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted SQL REDIRECT packets, aka Bug ID CSCum46027.

7.8
2014-10-07 CVE-2014-3632 Openstack Permissions, Privileges, and Access Controls vulnerability in Openstack Neutron 2014.1/2014.1.1/2014.1.2

The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file.

7.6
2014-10-10 CVE-2014-7201 Kevin Renskers SQL Injection vulnerability in Kevin Renskers Dmmjobcontrol

Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via the (1) education, (2) region, or (3) sector fields, as demonstrated by the tx_dmmjobcontrol_pi1[search][sector][] parameter to jobs/.

7.5
2014-10-10 CVE-2014-4313 Epicor SQL Injection vulnerability in Epicor Procurement

SQL injection vulnerability in Epicor Procurement before 7.4 SP2 allows remote attackers to execute arbitrary SQL commands via the User field.

7.5
2014-10-10 CVE-2014-4872 BMC Improper Authentication vulnerability in BMC Track-It! 11.3.0.355

BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService.

7.5
2014-10-10 CVE-2014-7226 Rejetto Code Injection vulnerability in Rejetto Http File Server

The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols.

7.5
2014-10-10 CVE-2014-5297 X2Engine Code Injection vulnerability in X2Engine 2.8/4.1.7

The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery (SSRF) attacks via crafted serialized data in the report parameter.

7.5
2014-10-10 CVE-2014-2649 HP
Linux
Remote Code Execution vulnerability in HP Operations Manager

Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.

7.5
2014-10-10 CVE-2014-2638 HP Remote Code Execution vulnerability in HP Sprinter 12.01

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2344.

7.5
2014-10-10 CVE-2014-2637 HP Remote Code Execution vulnerability in HP Sprinter 12.01

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2342.

7.5
2014-10-10 CVE-2014-2636 HP Remote Code Execution vulnerability in HP Sprinter 12.01

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2336.

7.5
2014-10-10 CVE-2014-2635 HP Remote Code Execution vulnerability in HP Sprinter 12.01

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2343.

7.5
2014-10-08 CVE-2014-7984 Joomla Permissions, Privileges, and Access Controls vulnerability in Joomla Joomla!

Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication.

7.5
2014-10-08 CVE-2014-7981 Joomla SQL Injection vulnerability in Joomla Joomla!

SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2014-10-08 CVE-2014-6632 Joomla Improper Authentication vulnerability in Joomla Joomla!

Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication.

7.5
2014-10-08 CVE-2014-6394 Fedoraproject
Apple
Joyent
Path Traversal vulnerability in multiple products

visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.

7.5
2014-10-08 CVE-2014-7967 Google Multiple Security vulnerability in Google Chrome

Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, as used in Google Chrome before 38.0.2125.101, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5
2014-10-08 CVE-2014-3200 Google
Redhat
Multiple Security vulnerability in Google Chrome

Multiple unspecified vulnerabilities in Google Chrome before 38.0.2125.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5
2014-10-08 CVE-2014-3196 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors.

7.5
2014-10-08 CVE-2014-3194 Redhat
Google
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5
2014-10-08 CVE-2014-3193 Redhat
Google
USE After Free vulnerability in multiple products

The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors that leverage "type confusion" for callback processing.

7.5
2014-10-08 CVE-2014-3192 Redhat
Apple
Google
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5
2014-10-08 CVE-2014-3191 Google
Redhat
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers a widget-position update that improperly interacts with the render tree, related to the FrameView::updateLayoutAndStyleForPainting function in core/frame/FrameView.cpp and the RenderLayerScrollableArea::setScrollOffset function in core/rendering/RenderLayerScrollableArea.cpp.

7.5
2014-10-08 CVE-2014-3190 Google
Redhat
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that accesses the path property of an Event object.

7.5
2014-10-08 CVE-2014-3189 Google
Redhat
Permissions, Privileges, and Access Controls vulnerability in Google Chrome

The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via unknown vectors.

7.5
2014-10-08 CVE-2014-7299 Arubanetworks Information Disclosure vulnerability in Arubaos 6.3.11/6.4.2.1

Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain potentially sensitive information or add guest accounts, via an SSH session.

7.5
2014-10-06 CVE-2014-6607 Mmonit Credentials Management vulnerability in Mmonit M/Monit

M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409.

7.5
2014-10-06 CVE-2014-6389 Phpcompta Code Injection vulnerability in PHPcompta PHPcompta/Noalyss

backup.php in PHPCompta/NOALYSS before 6.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the d parameter.

7.5
2014-10-06 CVE-2014-4043 GNU
Opensuse
Code Injection vulnerability in multiple products

The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.

7.5
2014-10-06 CVE-2014-2044 Owncloud Code Injection vulnerability in Owncloud

Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program.

7.5
2014-10-06 CVE-2013-1436 Xmonad Code Injection vulnerability in Xmonad Xmonad-Contrab 0.11

The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 allows remote attackers to execute arbitrary commands via a web page title, which activates the commands when the user clicks on the xmobar window title, as demonstrated using an action tag.

7.5
2014-10-06 CVE-2014-5389 Content Audit Project SQL Injection vulnerability in Content Audit Project Content Audit 1.6/1.6.0

SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content types" option in the content-audit page to wp-admin/options-general.php.

7.5
2014-10-06 CVE-2014-0074 Apache Improper Authentication vulnerability in Apache Shiro

Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.

7.5
2014-10-10 CVE-2014-2646 HP Permissions, Privileges, and Access Controls vulnerability in HP Network Automation 9.10/9.20

Unspecified vulnerability in HP Network Automation 9.10 and 9.20 allows local users to bypass intended access restrictions via unknown vectors.

7.2
2014-10-07 CVE-2014-4870 Brocade Improper Input Validation vulnerability in Brocade Vyatta 5400 Vrouter and Vyatta 5400 Vrouter Software

/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parameters, which allows local users to gain privileges by leveraging the sudo configuration.

7.2

86 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-10-12 CVE-2014-5328 Huawei Resource Management Errors vulnerability in Huawei E5332 and E5332 Firmware

Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long parameter in an API service request message.

6.8
2014-10-12 CVE-2014-5327 Huawei Resource Management Errors vulnerability in Huawei E5332 and E5332 Firmware

Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long URI.

6.8
2014-10-10 CVE-2014-4867 Cryoserver Permissions, Privileges, and Access Controls vulnerability in Cryoserver Security Appliance

Cryoserver Security Appliance 7.3.x uses weak permissions for /etc/init.d/cryoserver, which allows local users to gain privileges by leveraging access to the support account and running the /bin/cryo-mgmt program.

6.8
2014-10-10 CVE-2014-3391 Cisco Improper Input Validation vulnerability in Cisco Adaptive Security Appliance Software

Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external memory, leading to library use after device reload because of an incorrect LD_LIBRARY_PATH value, aka Bug ID CSCtq52661.

6.8
2014-10-10 CVE-2014-3390 Cisco Improper Input Validation vulnerability in Cisco Adaptive Security Appliance Software

The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root access by leveraging administrative privileges and executing a crafted script, aka Bug IDs CSCuq41510 and CSCuq47574.

6.8
2014-10-08 CVE-2014-7296 ENG Code Injection vulnerability in ENG Spagobi 5.0

The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL document.

6.8
2014-10-08 CVE-2014-3187 Google
Apple
Cross-Site Scripting vulnerability in Google Chrome

Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site.

6.8
2014-10-08 CVE-2014-7273 Getmail Cryptographic Issues vulnerability in Getmail

The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate.

6.8
2014-10-06 CVE-2014-6409 Mmonit Cross-Site Request Forgery (CSRF) vulnerability in Mmonit M/Monit

Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update.

6.8
2014-10-06 CVE-2014-0994 Embarcadero Buffer Errors vulnerability in Embarcadero products

Heap-based buffer overflow in the ReadDIB function in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows context-dependent attackers to execute arbitrary code via the BITMAPINFOHEADER.biClrUsed field in a BMP file.

6.8
2014-10-06 CVE-2014-0168 Jolokia Cross-Site Request Forgery (CSRF) vulnerability in Jolokia

Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page.

6.8
2014-10-10 CVE-2014-4873 BMC SQL Injection vulnerability in BMC Track-It! 11.3.0.355

SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data.

6.5
2014-10-06 CVE-2014-3642 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat products

vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method."

6.5
2014-10-08 CVE-2014-7185 Python
Apple
Numeric Errors vulnerability in multiple products

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.

6.4
2014-10-08 CVE-2014-7275 Getmail Cryptographic Issues vulnerability in Getmail

The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate.

5.8
2014-10-08 CVE-2014-7274 Getmail Cryptographic Issues vulnerability in Getmail 4.44.0

The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority.

5.8
2014-10-06 CVE-2014-3633 Canonical
Libvirt
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.

5.8
2014-10-07 CVE-2014-3399 Cisco Code Injection vulnerability in Cisco Adaptive Security Appliance Software

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information during creation of a SharePoint handler, which allows remote authenticated users to overwrite arbitrary RAMFS cache files or inject Lua programs, and consequently cause a denial of service (portal outage or system reload), via crafted HTTP requests, aka Bug ID CSCup54208.

5.5
2014-10-06 CVE-2014-3521 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Conga 0.12.2

The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL.

5.5
2014-10-11 CVE-2014-6941 NOS Cryptographic Issues vulnerability in NOS Alive 5.1

The NOS Alive (aka pt.optimus.optimusalive2011) application 5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-11 CVE-2014-6940 Mibizapps Cryptographic Issues vulnerability in Mibizapps Absolute Lending Solutions 1.0073.B0073

The Absolute Lending Solutions (aka com.soln.S008F6C05EC0B63264B429F6D76286562) application 1.0073.b0073 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-11 CVE-2014-6939 Xlabz Cryptographic Issues vulnerability in Xlabz Sketch W Friends Free -Tablets 5.0.0

The Sketch W Friends FREE -Tablets (aka air.com.xlabz.SketchWFriendsFree) application 5.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-11 CVE-2014-6938 Webizz Cryptographic Issues vulnerability in Webizz Apostilas Musicais 1

The Apostilas musicais (aka com.apostilas) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-11 CVE-2014-6937 Ecitic Cryptographic Issues vulnerability in Ecitic China Citic Bank Credit Card 3.3.6

The China CITIC Bank Credit Card (aka com.citiccard.mobilebank) application 3.3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-11 CVE-2014-6936 Mobileeventguide Cryptographic Issues vulnerability in Mobileeventguide IDS 2013 1.21

The IDS 2013 (aka de.mobileeventguide.ids2013) application 1.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-11 CVE-2014-6935 Rgsmartapps Cryptographic Issues vulnerability in Rgsmartapps Colormania - Color Quiz Game 1.4

The ColorMania - Color Quiz Game (aka com.ColormaniaColoringGames) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-11 CVE-2014-6934 Physics Chemistry Biology Quiz Project Cryptographic Issues vulnerability in Physics Chemistry Biology Quiz Project Physics Chemistry Biology Quiz 1.8

The Physics Chemistry Biology Quiz (aka com.pdevsmcqs.pcbmcqseries) application 1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-11 CVE-2014-6904 Cloudacl Cryptographic Issues vulnerability in Cloudacl Safe Browser - the web Filter 1.2.5

The Safe Browser - The Web Filter (aka com.cloudacl) application 1.2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-11 CVE-2014-6891 Vodafone Cryptographic Issues vulnerability in Vodafone Avantaj Cepte 1.4

The Vodafone Avantaj Cepte (aka com.vodafone.avantajcepte.main) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-11 CVE-2014-6887 Express Cryptographic Issues vulnerability in Express 2.5.3

The EXPRESS (aka com.gpshopper.express.android) application 2.5.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-10 CVE-2014-7047 Oceanavenue Cryptographic Issues vulnerability in Oceanavenue Ocean Avenue Mobile PRO 2

The Ocean Avenue Mobile Pro (aka com.oceanavenue.mobile) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-10 CVE-2014-7046 George Wassouf Project Cryptographic Issues vulnerability in George Wassouf Project George Wassouf 1

The George Wassouf (aka com.devkhr32.georgewassouf) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-10 CVE-2014-3581 Apache Resource Management Errors vulnerability in Apache Http Server

The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.

5.0
2014-10-10 CVE-2014-3402 Cisco Improper Authentication vulnerability in Cisco Intrusion Prevention System

The authentication-manager process in the web framework in Cisco Intrusion Prevention System (IPS) 7.0(8)E4 and earlier in Cisco Intrusion Detection System (IDS) does not properly manage user tokens, which allows remote attackers to cause a denial of service (temporary MainApp hang) via a crafted connection request to the management interface, aka Bug ID CSCuq39550.

5.0
2014-10-10 CVE-2014-3394 Cisco Configuration vulnerability in Cisco Adaptive Security Appliance Software

The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916.

5.0
2014-10-10 CVE-2014-5298 X2Engine Permissions, Privileges, and Access Controls vulnerability in X2Engine

FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated using a PHP program.

5.0
2014-10-10 CVE-2014-3403 Cisco Cryptographic Issues vulnerability in Cisco IOS XE

The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647.

5.0
2014-10-10 CVE-2014-3201 Google Buffer Errors vulnerability in Google Chrome 38.0.2125.101

core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar.

5.0
2014-10-09 CVE-2014-8068 Adobe Information Exposure vulnerability in Adobe Digital Editions 4.0

Adobe Digital Editions (DE) 4 does not use encryption for transmission of data to adelogs.adobe.com, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by book-navigation information.

5.0
2014-10-08 CVE-2014-7229 Joomla Remote Denial of Service vulnerability in Joomla! Core

Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors.

5.0
2014-10-08 CVE-2014-5300 Adaptivecomputing Improper Authentication vulnerability in Adaptivecomputing Moab 8.0

Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote attackers to bypass the signature check, impersonate arbitrary users, and execute commands via a message without a signature.

5.0
2014-10-08 CVE-2014-3199 Redhat
Google
Resource Management Errors vulnerability in multiple products

The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 38.0.2125.101, has an erroneous fallback outcome for wrapper-selection failures, which allows remote attackers to cause a denial of service via vectors that trigger stopping a worker process that had been handling an Event object.

5.0
2014-10-08 CVE-2014-3198 Google
Redhat
Buffer Errors vulnerability in Google Chrome

The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5.0
2014-10-08 CVE-2014-3197 Google
Redhat
Permissions, Privileges, and Access Controls vulnerability in Google Chrome

The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site.

5.0
2014-10-08 CVE-2014-3195 Google
Redhat
Resource Management Errors vulnerability in Google Chrome

Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_ArrayConcat function in runtime.cc.

5.0
2014-10-07 CVE-2014-7204 Canonical
Debian
Mageia
Resource Management Errors vulnerability in multiple products

jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.

5.0
2014-10-07 CVE-2014-6603 Openinfosecfoundation Resource Management Errors vulnerability in Openinfosecfoundation Suricata

The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service (crash), or possibly have unspecified other impact via a crafted banner, which triggers a large memory allocation or an out-of-bounds write.

5.0
2014-10-07 CVE-2014-3565 Apple
Canonical
NET Snmp
Resource Management Errors vulnerability in multiple products

snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.

5.0
2014-10-07 CVE-2014-4869 Brocade Permissions, Privileges, and Access Controls vulnerability in Brocade Vyatta 5400 Vrouter and Vyatta 5400 Vrouter Software

The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group.

5.0
2014-10-06 CVE-2014-1868 Restlet Unspecified vulnerability in Restlet Framework

Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack.

5.0
2014-10-06 CVE-2013-7329 Perl Information Exposure vulnerability in Perl CGI Application Module

The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function.

5.0
2014-10-06 CVE-2014-3657 Libvirt Resource Management Errors vulnerability in Libvirt

The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.

5.0
2014-10-06 CVE-2013-6496 Redhat Information Exposure vulnerability in Redhat Conga 0.12.2

Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension.

5.0
2014-10-10 CVE-2014-3405 Cisco Security vulnerability in Cisco IOS XE Software

Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces, which allows remote attackers to conduct route-injection attacks via crafted RPL advertisements on an ANI interface, aka Bug ID CSCuq22673.

4.8
2014-10-10 CVE-2014-7200 Kevin Renskers Cross-Site Scripting vulnerability in Kevin Renskers Dmmjobcontrol

Cross-site scripting (XSS) vulnerability in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via the tx_dmmjobcontrol_pi1[search][keyword] parameter to jobs/.

4.3
2014-10-10 CVE-2014-7139 Cfdbplugin Cross-Site Scripting vulnerability in Cfdbplugin Contact Form DB 2.8.15

Multiple cross-site scripting (XSS) vulnerabilities in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.16 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) form or (2) enc parameter in the CF7DBPluginShortCodeBuilder page to wp-admin/admin.php.

4.3
2014-10-10 CVE-2014-6315 Photo Gallery Plugin Project Cross-Site Scripting vulnerability in Photo Gallery Plugin Project Photo Gallery Plugin 1.1.30

Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php.

4.3
2014-10-10 CVE-2014-6243 Ewww Image Optimizer Plugin Project Cross-Site Scripting vulnerability in Ewww Image Optimizer Plugin Project Ewww Image Optimizer Plugin 2.0.0/2.01

Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the error parameter in the ewww-image-optimizer.php page to wp-admin/options-general.php, which is not properly handled in a pngout error message.

4.3
2014-10-10 CVE-2014-4737 Textpattern Cross-Site Scripting vulnerability in Textpattern

Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php.

4.3
2014-10-10 CVE-2014-4312 Epicor Cross-Site Scripting vulnerability in Epicor Enterprise

Multiple cross-site scripting (XSS) vulnerabilities in Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allow remote attackers to inject arbitrary web script or HTML via the (1) Notes section to Order details; (2) Description section to "Order to consume"; (3) Favorites name section to Favorites; (4) FiltKeyword parameter to Procurement/EKPHTML/search_item_bt.asp; (5) Act parameter to Procurement/EKPHTML/EnterpriseManager/Budget/ImportBudget_fr.asp; (6) hdnOpener or (7) hdnApproverFieldName parameter to Procurement/EKPHTML/EnterpriseManager/UserSearchDlg.asp; or (8) INTEGRATED parameter to Procurement/EKPHTML/EnterpriseManager/Codes.asp.

4.3
2014-10-10 CVE-2014-3678 Jenkins CI Cross-Site Scripting vulnerability in Jenkins-Ci Monitoring Plugin

Cross-site scripting (XSS) vulnerability in the Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-10-10 CVE-2014-3393 Cisco Improper Input Validation vulnerability in Cisco Adaptive Security Appliance Software

The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829.

4.3
2014-10-10 CVE-2014-6439 Elasticsearch Cross-Site Scripting vulnerability in Elasticsearch 1.1.1/1.2.0

Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-10-10 CVE-2014-4661 HP Cross-Site Scripting vulnerability in HP Records Manager 8.1

Cross-site scripting (XSS) vulnerability in HP Records Manager before 7.3.5 and 8.x before 8.1 Patch 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-10-10 CVE-2014-3404 Cisco Cryptographic Issues vulnerability in Cisco IOS XE

The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to trigger acceptance of an invalid message via crafted messages, aka Bug ID CSCuq22677.

4.3
2014-10-10 CVE-2013-4488 Libgadu Cryptographic Issues vulnerability in Libgadu

libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers.

4.3
2014-10-08 CVE-2014-7983 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-10-08 CVE-2014-7982 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-10-08 CVE-2014-7203 Zeromq Security Bypass vulnerability in ZeroMQ

libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors.

4.3
2014-10-08 CVE-2014-7202 Zeromq Security Bypass vulnerability in Zeromq 4.0.0/4.0.4

stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request.

4.3
2014-10-08 CVE-2014-6631 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-10-07 CVE-2014-7189 Golang Permissions, Privileges, and Access Controls vulnerability in Golang GO

crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.

4.3
2014-10-07 CVE-2014-4871 Netcommwireless Cross-Site Scripting vulnerability in Netcommwireless Nb604N and Nb604N Firmware

Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter.

4.3
2014-10-07 CVE-2014-0940 IBM Cross-Site Scripting vulnerability in IBM Tivoli Service Automation Manager 7.2.2.2

Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Service Automation Manager 7.2.2.2 before 7.2.2.2-TIV-TSAM-LA0041 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) REST API or (2) Self Service UI.

4.3
2014-10-06 CVE-2014-4510 Debian Cross-Site Request Forgery (CSRF) vulnerability in Debian Apt-Cacher 0.7.26

Cross-site scripting (XSS) vulnerability in job.cc in apt-cacher-ng 0.7.26 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2014-10-06 CVE-2014-1224 Rexx Systems Cross-Site Scripting vulnerability in Rexx-Systems Recruitment R6.1/R7.0

Incomplete blacklist vulnerability in the user registration feature in rexx Recruitment R6.1 and R7 without "fixes from 2014-01-15" allows remote attackers to conduct cross-site scripting (XSS) attacks via the oninput event handler in the fname parameter to the default URI in /reg.

4.3
2014-10-06 CVE-2014-6054 Libvncserver
Debian
Canonical
Numeric Errors vulnerability in multiple products

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.

4.3
2014-10-06 CVE-2014-2644 HP Cross-Site Scripting vulnerability in HP Systems Insight Manager

Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2014-10-10 CVE-2014-4874 BMC Information Exposure vulnerability in BMC Track-It! 11.3.0.355

BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page.

4.0
2014-10-10 CVE-2014-4761 IBM Information Exposure vulnerability in IBM Websphere Portal

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code.

4.0
2014-10-09 CVE-2014-8079 Drupal Cross-Site Scripting vulnerability in Drupal Mayo 7.X1.1/7.X1.2/7.X1.Xdev

Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to header background setting.

4.0
2014-10-08 CVE-2014-5376 Adaptivecomputing Improper Input Validation vulnerability in Adaptivecomputing Moab 8.0

Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a pre-generated key is used, does not validate that the requesting user matches the actor in the message, which allows remote authenticated users to impersonate arbitrary users via the actor field in a message.

4.0
2014-10-08 CVE-2014-5375 Adaptivecomputing Improper Input Validation vulnerability in Adaptivecomputing Moab 8.0

The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 does not properly validate the message owner matches the submitting user, which allows remote authenticated users to impersonate arbitrary users via the UserId and Owner tags.

4.0
2014-10-08 CVE-2014-3641 Openstack Information Exposure vulnerability in Openstack Cinder

The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.

4.0
2014-10-07 CVE-2014-4802 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager

The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 through 8.5.5 does not properly restrict task and instance listings in result sets, which allows remote authenticated users to bypass authorization checks and obtain sensitive information by executing a saved search.

4.0
2014-10-06 CVE-2014-0140 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat products

Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request.

4.0

17 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-10-06 CVE-2014-1875 Cspan Link Following vulnerability in Cspan Capture-Tiny 0.20/0.21/0.22

The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file.

3.6
2014-10-10 CVE-2014-3147 Splunk Cross-Site Scripting vulnerability in Splunk

Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file.

3.5
2014-10-09 CVE-2014-8078 Drupal Cross-Site Scripting vulnerability in Drupal Print

Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 6.x-1.x before 6.x-1.19, 7.x-1.x before 7.x-1.3, and 7.x-2.x before 7.x-2.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes.

3.5
2014-10-09 CVE-2014-8077 Drupal Cross-Site Scripting vulnerability in Drupal Newsflash

Cross-site scripting (XSS) vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to font family CSS property.

3.5
2014-10-09 CVE-2014-8076 Drupal Cross-Site Scripting vulnerability in Drupal Professional Theme

Cross-site scripting (XSS) vulnerability in the Professional theme 7.x before 7.x-2.04 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to custom copyright information.

3.5
2014-10-09 CVE-2014-8075 Drupal Cross-Site Scripting vulnerability in Drupal Tribune 6.X1.13/6.X1.2/7.X3.0

Cross-site scripting (XSS) vulnerability in the Tribune module 6.x-1.x and 7.x-3.x for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title.

3.5
2014-10-08 CVE-2014-7980 Drupal Cross-Site Scripting vulnerability in Drupal ZEN

Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the skip_link_text setting and unspecified other theme settings.

3.5
2014-10-08 CVE-2014-7979 Drupal Cross-Site Scripting vulnerability in Drupal Simplecorp 7.X1.0

Cross-site scripting (XSS) vulnerability in the SimpleCorp theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings.

3.5
2014-10-08 CVE-2014-7978 Drupal Cross-Site Scripting vulnerability in Drupal Bluemasters 7.X2.0

Cross-site scripting (XSS) vulnerability in the BlueMasters theme 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings.

3.5
2014-10-07 CVE-2014-7295 Mediawiki Cross-Site Scripting vulnerability in Mediawiki

The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css.

3.5
2014-10-06 CVE-2014-7870 Drupal Cross-Site Scripting vulnerability in Drupal Custom Search Module

Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with the "administer custom search" permission to inject arbitrary web script or HTML via the "Label text" field to admin/config/search/custom_search/results.

3.5
2014-10-06 CVE-2014-7869 Drupal Cross-Site Scripting vulnerability in Drupal Context Form Alteration Module 7.X1.0/7.X1.1

Cross-site scripting (XSS) vulnerability in the configuration UI in the Context Form Alteration module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer contexts" permission to inject arbitrary web script or HTML via unspecified vectors.

3.5
2014-10-06 CVE-2014-3608 Openstack Resource Management Errors vulnerability in Openstack Nova

The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image.

2.7
2014-10-10 CVE-2014-5351 MIT Credentials Management vulnerability in MIT Kerberos 5 1.12.2

The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.

2.1
2014-10-10 CVE-2014-5270 Gnupg
Debian
Information Exposure vulnerability in multiple products

Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.

2.1
2014-10-08 CVE-2014-7231 Openstack
Redhat
Information Exposure vulnerability in multiple products

The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.

2.1
2014-10-08 CVE-2014-7230 Openstack
Redhat
Canonical
Information Exposure vulnerability in multiple products

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.

2.1