Weekly Vulnerabilities Reports > November 3 to 9, 2014

Overview

141 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 52 high severity vulnerabilities. This weekly summary report vulnerabilities in 138 products from 69 vendors including Qemu, SAP, Canonical, Ffmpeg, and IBM. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "SQL Injection", and "Information Exposure".

  • 128 reported vulnerabilities are remotely exploitables.
  • 10 reported vulnerabilities have public exploit available.
  • 42 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 121 reported vulnerabilities are exploitable by an anonymous user.
  • Qemu has the most reported vulnerabilities, with 23 reported vulnerabilities.
  • SAP has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

6 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-11-06 CVE-2014-8669 SAP Code Injection vulnerability in SAP Customer Relationship Management

The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors.

10.0
2014-11-06 CVE-2014-8661 SAP Code Injection vulnerability in SAP Customer Relationship Management Internet Sales

The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors.

10.0
2014-11-06 CVE-2014-8656 Compal Broadband Networks Credentials Management vulnerability in Compal Broadband Networks products

The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors.

10.0
2014-11-07 CVE-2014-4627 EMC SQL Injection vulnerability in EMC RSA web Threat Detection 4.0/4.1/4.6.1.0

SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

9.0
2014-11-07 CVE-2014-2177 Cisco Code Injection vulnerability in Cisco products

The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126.

9.0
2014-11-04 CVE-2014-7875 HP Remote Denial of Service vulnerability in HP LaserJet Printers

Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Printer CC519A and CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.

9.0

52 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-11-06 CVE-2014-8662 SAP Denial of Service vulnerability in SAP Payroll Process

Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling.

7.8
2014-11-07 CVE-2014-3693 Redhat
Canonical
Libreoffice
Opensuse
Use After Free Remote Code Execution vulnerability in LibreOffice

Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.

7.5
2014-11-07 CVE-2014-3437 Symantec XML External Entity Injection vulnerability in Symantec Endpoint Protection Manager

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

7.5
2014-11-06 CVE-2014-8668 SAP SQL Injection vulnerability in SAP Contract Accounting

SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2014-11-06 CVE-2014-8664 SAP SQL Injection vulnerability in SAP Environment Health and Safety

SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2014-11-06 CVE-2014-8663 SAP SQL Injection vulnerability in SAP Netweaver Business Warehouse

SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2014-11-06 CVE-2014-8351 French National Commission ON Informatics AND Liberty SQL Injection vulnerability in French National Commission ON Informatics and Liberty Cookieviz 1.0

SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the domain parameter.

7.5
2014-11-05 CVE-2014-8549 Ffmpeg Numeric Errors vulnerability in Ffmpeg

libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data.

7.5
2014-11-05 CVE-2014-8548 Ffmpeg
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data.

7.5
2014-11-05 CVE-2014-8547 Canonical
Ffmpeg
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data.

7.5
2014-11-05 CVE-2014-8546 Ffmpeg Numeric Errors vulnerability in Ffmpeg

Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data.

7.5
2014-11-05 CVE-2014-8545 Ffmpeg Numeric Errors vulnerability in Ffmpeg

libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data.

7.5
2014-11-05 CVE-2014-8544 Ffmpeg
Canonical
Improper Input Validation vulnerability in multiple products

libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.

7.5
2014-11-05 CVE-2014-8543 Canonical
Ffmpeg
Improper Input Validation vulnerability in multiple products

libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data.

7.5
2014-11-05 CVE-2014-8542 Ffmpeg
Canonical
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.

7.5
2014-11-05 CVE-2014-8541 Canonical
Ffmpeg
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data.

7.5
2014-11-05 CVE-2014-2374 Accuenergy Information Exposure vulnerability in Accuenergy Acuvim II and Axm-Net

The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript.

7.5
2014-11-05 CVE-2014-2373 Accuenergy Improper Authentication vulnerability in Accuenergy Acuvim II and Axm-Net

The web server on the AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to bypass authentication and modify settings via a direct request to an unspecified URL.

7.5
2014-11-04 CVE-2014-0222 Suse
Qemu
Numeric Errors vulnerability in multiple products

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.

7.5
2014-11-04 CVE-2014-0182 Qemu Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qemu

Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image.

7.5
2014-11-04 CVE-2013-6399 Qemu Code Injection vulnerability in Qemu

Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image.

7.5
2014-11-04 CVE-2013-4542 Qemu Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qemu

The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access.

7.5
2014-11-04 CVE-2013-4541 Qemu Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qemu

The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value.

7.5
2014-11-04 CVE-2013-4540 Qemu
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image.

7.5
2014-11-04 CVE-2013-4539 Qemu Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qemu

Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image.

7.5
2014-11-04 CVE-2013-4538 Qemu Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qemu

Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image.

7.5
2014-11-04 CVE-2013-4537 Qemu Code Injection vulnerability in Qemu

The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image.

7.5
2014-11-04 CVE-2013-4534 Qemu Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qemu

Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements.

7.5
2014-11-04 CVE-2013-4533 Qemu Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qemu

Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image.

7.5
2014-11-04 CVE-2013-4531 Qemu Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qemu

Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len in a savevm image.

7.5
2014-11-04 CVE-2013-4530 Qemu Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qemu

Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image.

7.5
2014-11-04 CVE-2013-4529 Qemu Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qemu

Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image.

7.5
2014-11-04 CVE-2013-4527 Qemu Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qemu

Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers.

7.5
2014-11-04 CVE-2013-4526 Qemu Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qemu

Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports.

7.5
2014-11-04 CVE-2013-4151 Qemu Code Injection vulnerability in Qemu

The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write.

7.5
2014-11-04 CVE-2013-4150 Qemu Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qemu

The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an out-of-bounds write.

7.5
2014-11-04 CVE-2013-4149 Qemu Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qemu

Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table.

7.5
2014-11-04 CVE-2013-4148 Qemu Numeric Errors vulnerability in Qemu

Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow.

7.5
2014-11-04 CVE-2014-8474 CA XML External Entity Injection vulnerability in CA Cloud Service Management

CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

7.5
2014-11-04 CVE-2014-8588 SAP SQL Injection vulnerability in SAP Hana 1.00.60.379371

SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2014-11-04 CVE-2014-8587 SAP Cryptographic Issues vulnerability in SAP products

SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.

7.5
2014-11-04 CVE-2014-8586 CP Multi View Event Calendar Project SQL Injection vulnerability in CP Multi View Event Calendar Project CP Multi View Event Calendar 1.0.1

SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter.

7.5
2014-11-04 CVE-2014-8339 Nuevolab
Clip Share
SQL Injection vulnerability in multiple products

SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ClipShare 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ch parameter.

7.5
2014-11-03 CVE-2014-7228 Joomla Cryptographic Issues vulnerability in Joomla Joomla!

Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive.

7.5
2014-11-03 CVE-2014-0490 Debian
Linux
Improper Input Validation vulnerability in Debian Advanced Package Tool

The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.

7.5
2014-11-03 CVE-2014-0489 Debian Improper Input Validation vulnerability in Debian Advanced Package Tool 1.0.3/1.0.5/1.0.7

APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.

7.5
2014-11-03 CVE-2014-0487 Debian Security Bypass vulnerability in apt

APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.

7.5
2014-11-03 CVE-2014-8350 Smarty Code Injection vulnerability in Smarty

Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.

7.5
2014-11-03 CVE-2014-5271 Ffmpeg
Libav
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.

7.5
2014-11-06 CVE-2014-8660 SAP Code Injection vulnerability in SAP Document Management Services

SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors.

7.2
2014-11-03 CVE-2014-5507 PRO Softnet Corporation Permissions, Privileges, and Access Controls vulnerability in PRO Softnet Corporation Ibackup

iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Control) for ib_service.exe, which allows local users to gain privileges via a Trojan horse file.

7.2
2014-11-04 CVE-2014-2718 T Mobile
Asus
Insufficient Verification of Data Authenticity vulnerability in multiple products

ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image.

7.1

74 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-11-07 CVE-2014-5430 ABB Local Code Execution vulnerability in Multiple ABB Products

Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.61.02 and Test Signal Viewer 1.5 allows local users to gain privileges via a Trojan horse DLL that is accessed as a result of incorrect DLL configuration by an optional installation program.

6.9
2014-11-07 CVE-2014-7990 Cisco Improper Input Validation vulnerability in Cisco products

Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the "request system shell" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815.

6.8
2014-11-07 CVE-2014-7989 Cisco Improper Input Validation vulnerability in Cisco products

Cisco Unified Computing System on B-Series blade servers allows local users to gain shell privileges via a crafted (1) ping6 or (2) traceroute6 command, aka Bug ID CSCuq38176.

6.8
2014-11-07 CVE-2014-2178 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco products

Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145.

6.8
2014-11-06 CVE-2014-8654 Compal Broadband Networks Cross-Site Request Forgery (CSRF) vulnerability in Compal Broadband Networks products

Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attackers to hijack the authentication of administrators for requests that (1) have unspecified impact on DDNS configuration via a request to basicDDNS.html, (2) change the wifi password via the psKey parameter to setWirelessSecurity.html, (3) add a static MAC address via the MacAddress parameter in an add_static action to setBasicDHCP1.html, or (4) enable or disable UPnP via the UPnP parameter in an apply action to setAdvancedOptions.html.

6.8
2014-11-04 CVE-2014-3461 Qemu Buffer Errors vulnerability in Qemu 1.6.2

hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."

6.8
2014-11-04 CVE-2014-8473 CA Cross-Site Request Forgery (CSRF) vulnerability in CA Cloud Service Management

Cross-site request forgery (CSRF) vulnerability in CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2014-11-04 CVE-2014-8472 CA Improper Authentication vulnerability in CA Cloud Service Management

CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.

6.8
2014-11-04 CVE-2013-7057 Axway Cross-Site Request Forgery (CSRF) vulnerability in Axway Securetransport

Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/.

6.8
2014-11-03 CVE-2014-0488 Debian Improper Input Validation vulnerability in Debian Advanced Package Tool 1.0.3/1.0.7

APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.

6.8
2014-11-03 CVE-2014-5272 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats.

6.8
2014-11-06 CVE-2014-6030 Classapps SQL Injection vulnerability in Classapps Selectsurvey.Net 4.125.000

Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx.

6.5
2014-11-06 CVE-2014-7959 AIT PRO SQL Injection vulnerability in Ait-Pro Bulletproof-Security and Bulletproof Security

SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter.

6.5
2014-11-04 CVE-2014-7176 Enalean SQL Injection vulnerability in Enalean Tuleap

SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman.

6.5
2014-11-04 CVE-2014-5387 Ellislab
Expressionengine
SQL Injection vulnerability in multiple products

Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php.

6.5
2014-11-03 CVE-2014-0204 Openstack Improper Privilege Management vulnerability in Openstack Keystone 2014.1

OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.

6.5
2014-11-07 CVE-2014-3439 Symantec Arbitrary File Write vulnerability in Symantec Endpoint Protection Manager

ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors.

6.1
2014-11-06 CVE-2014-8670 Vbulletin Unspecified vulnerability in Vbulletin 4.2.1

Open redirect vulnerability in go.php in vBulletin 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.

5.8
2014-11-08 CVE-2014-7819 Sprockets Project Path Traversal vulnerability in Sprockets Project Sprockets

Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.

5.0
2014-11-07 CVE-2014-2179 Cisco Improper Input Validation vulnerability in Cisco products

The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998.

5.0
2014-11-06 CVE-2014-8666 SAP Information Exposure vulnerability in SAP Business Intelligence Development Workbench

The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors.

5.0
2014-11-06 CVE-2014-8665 SAP Information Exposure vulnerability in SAP Business Intelligence Development Workbench

The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files.

5.0
2014-11-06 CVE-2014-8659 SAP Path Traversal vulnerability in SAP Environment Health and Safety

Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors.

5.0
2014-11-06 CVE-2014-8657 Compal Broadband Networks Configuration vulnerability in Compal Broadband Networks products

The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to cause a denial of service (disconnect all wifi clients) via a request to wirelessChannelStatus.html.

5.0
2014-11-06 CVE-2014-8655 Compal Broadband Networks Permissions, Privileges, and Access Controls vulnerability in Compal Broadband Networks products

The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via an (a) admin or a (b) root value in the userData cookie in a request to (1) CmgwWirelessSecurity.xml, (2) DocsisConfigFile.xml, or (3) CmgwBasicSetup.xml in xml/ or (4) basicDDNS.html, (5) basicLanUsers.html, or (6) rootDesc.xml.

5.0
2014-11-06 CVE-2014-8483 Canonical
Debian
Quassel IRC
Opensuse
Out-Of-Bounds Read vulnerability in multiple products

The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.

5.0
2014-11-06 CVE-2014-0995 SAP Improper Input Validation vulnerability in SAP Netweaver

The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern.

5.0
2014-11-05 CVE-2014-3710 PHP Improper Input Validation vulnerability in PHP 5.4.34

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

5.0
2014-11-04 CVE-2014-6130 IBM Information Exposure vulnerability in IBM Notes Traveler 9.0.1.2

The IBM Notes Traveler application before 9.0.1.3 for Android lacks a warning message during selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which the user had intended to use HTTPS.

5.0
2014-11-04 CVE-2014-3660 Xmlsoft
Apple
Canonical
Debian
Redhat
Denial of Service vulnerability in Libxml2 Entities Expansion

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.

5.0
2014-11-04 CVE-2014-8592 SAP Denial of Service vulnerability in SAP Netweaver 7.02/7.30

Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request.

5.0
2014-11-04 CVE-2014-8591 SAP Denial of Service vulnerability in SAP Netweaver 7.02/7.30

Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors.

5.0
2014-11-04 CVE-2014-8589 SAP Numeric Errors vulnerability in SAP Network Interface Router 40.4

Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests.

5.0
2014-11-04 CVE-2014-8585 Wpdownloadmanager Link Following vulnerability in Wpdownloadmanager Wordpress Download Manager

Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a ..

5.0
2014-11-04 CVE-2014-4311 Epicor Information Exposure vulnerability in Epicor Enterprise

Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection and email settings page.

5.0
2014-11-03 CVE-2013-0336 Redhat Improper Input Validation vulnerability in Redhat Freeipa

The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server.

5.0
2014-11-03 CVE-2012-6661 Plone
Zope
Cryptographic Issues vulnerability in multiple products

Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors.

5.0
2014-11-03 CVE-2012-5508 Plone Information Exposure vulnerability in Plone

The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors.

5.0
2014-11-03 CVE-2014-8080 Opensuse
Canonical
Ruby Lang
Redhat
XML External Entity Denial of Service vulnerability in Ruby

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.

5.0
2014-11-03 CVE-2014-3712 Katello Resource Management Errors vulnerability in Katello

Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/controllers/katello/, which is passed to the to_sym method.

5.0
2014-11-07 CVE-2014-8580 Citrix Permissions, Privileges, and Access Controls vulnerability in Citrix products

Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316.e before 10.1-129.1105.e, when using unspecified configurations, allows remote authenticated users to access "network resources" of other users via unknown vectors.

4.9
2014-11-04 CVE-2014-0223 Suse
Qemu
Numeric Errors vulnerability in multiple products

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.

4.6
2014-11-03 CVE-2014-8494 Estsoft Permissions, Privileges, and Access Controls vulnerability in Estsoft Alupdate 8.5.1.0.0

ESTsoft ALUpdate 8.5.1.0.0 uses weak permissions (Users: Full Control) for the (1) AlUpdate folder and (2) AlUpdate.exe, which allows local users to gain privileges via a Trojan horse file.

4.6
2014-11-08 CVE-2014-7818 Rubyonrails
Opensuse
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence.

4.3
2014-11-08 CVE-2014-6300 Opensuse
Phpmyadmin
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.

4.3
2014-11-07 CVE-2014-6623 Arubanetworks Cross-Site Scripting vulnerability in Arubanetworks Clearpass

Cross-site request forgery (CSRF) vulnerability in the Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to hijack the authentication of a logged in user via unspecified vectors.

4.3
2014-11-07 CVE-2014-6620 Arubanetworks Cross-Site Scripting vulnerability in Arubanetworks Clearpass

Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-11-07 CVE-2014-8672 Rewardingyourself Cross-Site Scripting vulnerability in Rewardingyourself

Cross-site scripting (XSS) vulnerability in the RewardingYourself application for Android and BlackBerry OS allows remote attackers to inject arbitrary web script or HTML via a crafted QR code.

4.3
2014-11-07 CVE-2014-8671 GWT Mobile Phonegap Showcase Project Cross-Site Scripting vulnerability in GWT Mobile Phonegap Showcase Project GWT Mobile Phonegap Showcase 1.6

Cross-site scripting (XSS) vulnerability in the GWT Mobile PhoneGap Showcase application for Android allows remote attackers to inject arbitrary web script or HTML via a crafted Bluetooth Device Name field.

4.3
2014-11-07 CVE-2014-3438 Symantec Cross-Site Scripting vulnerability in Symantec Endpoint Protection Manager

Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-11-06 CVE-2014-5451 Modx Cross-Site Scripting vulnerability in Modx Revolution

Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the "a" parameter to manager/.

4.3
2014-11-06 CVE-2014-8667 SAP Cross-Site Scripting vulnerability in SAP Hana Web-Based Development Workbench

Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-11-06 CVE-2014-8653 Compal Broadband Networks Cross-Site Scripting vulnerability in Compal Broadband Networks products

Cross-site scripting (XSS) vulnerability in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to inject arbitrary web script or HTML via the userData cookie.

4.3
2014-11-06 CVE-2014-8508 Denon Cross-Site Scripting vulnerability in Denon Avr-3313Ci

Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname.

4.3
2014-11-06 CVE-2014-8352 French National Commission ON Informatics AND Liberty Cross-Site Scripting vulnerability in French National Commission ON Informatics and Liberty Cookieviz

Cross-site scripting (XSS) vulnerability in json.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz allows remote we servers to inject arbitrary web script or HTML via the max_date parameter.

4.3
2014-11-06 CVE-2014-7958 AIT PRO Cross-Site Scripting vulnerability in Ait-Pro Bulletproof-Security and Bulletproof Security

Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter.

4.3
2014-11-06 CVE-2014-5257 Formalms Cross-Site Scripting vulnerability in Formalms

Multiple cross-site scripting (XSS) vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the (1) id_custom parameter in an amanmenu request or (2) id_game parameter in an alms/games/edit request to appCore/index.php.

4.3
2014-11-06 CVE-2014-4664 Wordfence Security Project Cross-Site Scripting vulnerability in Wordfence Security Project Wordfence Security

Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the whoisval parameter on the WordfenceWhois page to wp-admin/admin.php.

4.3
2014-11-05 CVE-2014-5417 Meinberg Cross-Site Scripting vulnerability in Meinberg products

Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-11-05 CVE-2014-5408 Nordex Cross-Site Scripting vulnerability in Nordex Control 2 Scada

Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.

4.3
2014-11-05 CVE-2014-4834 IBM XML External Entity Denial of Service vulnerability in IBM WebSphere Commerce

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application crash) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

4.3
2014-11-05 CVE-2014-4810 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Cognos Mobile 10.1.1/10.2.0/10.2.1

IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and 10.2.1 before FP4 IF1 preserves a session between the Cognos Mobile server and the Cognos Business Intelligence server after a logoff action on a mobile device, which makes it easier for remote attackers to bypass intended Business Intelligence restrictions by leveraging access to authentication data that was captured before this logoff.

4.3
2014-11-04 CVE-2014-8471 CA Replay Security Bypass vulnerability in CA Cloud Service Management

CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to conduct replay attacks via unspecified vectors.

4.3
2014-11-04 CVE-2014-8593 Allomani Cross-Site Scripting vulnerability in Allomani Weblinks 1.0

Multiple cross-site scripting (XSS) vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default URI to admin.php or the (2) id parameter to admin.php or (3) go.php.

4.3
2014-11-04 CVE-2014-8590 SAP XML External Entity Information Disclosure vulnerability in SAP NetWeaver AS Java

XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request.

4.3
2014-11-04 CVE-2014-8584 WEB Dorado Cross-Site Scripting vulnerability in Web-Dorado Spider Video Player

Cross-site scripting (XSS) vulnerability in the Web Dorado Spider Video Player (aka WordPress Video Player) plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-11-03 CVE-2012-5500 Plone Cross-Site Request Forgery (CSRF) vulnerability in Plone

The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request.

4.3
2014-11-03 CVE-2014-3654 Redhat Cross-Site Scripting vulnerability in Redhat Network Satellite and Spacewalk-Java

Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do.

4.3
2014-11-08 CVE-2014-6097 IBM Improper Input Validation vulnerability in IBM DB2 9.7/9.8

IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement.

4.0
2014-11-07 CVE-2014-8510 Trendmicro Improper Input Validation vulnerability in Trendmicro Interscan web Security Virtual Appliance

The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration input when saving filters.

4.0
2014-11-07 CVE-2014-7988 Cisco Information Exposure vulnerability in Cisco Unity Connection

The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCur06493.

4.0
2014-11-06 CVE-2014-5258 Webedition Path Traversal vulnerability in Webedition CMS 6.2.7.0/6.3.3.0/6.3.8.0

Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a ..

4.0
2014-11-06 CVE-2014-8658 Refinedwiki Cross-Site Scripting vulnerability in Refinedwiki Original Theme

Cross-site scripting (XSS) vulnerability in RefinedWiki Original Theme 3.x before 3.5.13 and 4.x before 4.0.12 for Confluence allows remote authenticated users with permissions to create or edit content to inject arbitrary web script or HTML via the versionComment parameter to pages/doeditpage.action.

4.0
2014-11-05 CVE-2014-4769 IBM XML External Entity Information Disclosure vulnerability in IBM WebSphere Commerce

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

4.0

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-11-08 CVE-2014-6161 IBM Cross-Site Scripting vulnerability in IBM Tivoli Netcool/Impact 6.1.1

Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool/Impact 6.1.1 before 6.1.1.1-TIV-NCI-IF0001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2014-11-08 CVE-2014-6159 IBM Improper Input Validation vulnerability in IBM DB2

IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement.

3.5
2014-11-05 CVE-2014-8622 Compfight Project Cross-Site Scripting vulnerability in Compfight Project Compfight 1.4

Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter.

3.5
2014-11-05 CVE-2014-8326 Phpmyadmin
Opensuse
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page.

3.5
2014-11-07 CVE-2014-5038 Eucalyptus Information Exposure vulnerability in Eucalyptus

Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or lower, logs user and system passwords, which allows local users to obtain sensitive information by reading the cloud log files.

2.1
2014-11-07 CVE-2014-5037 Eucalyptus Information Exposure vulnerability in Eucalyptus 4.0.0/4.0.1

Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obtain sensitive information by reading cloud-requests.log.

2.1
2014-11-07 CVE-2014-3640 Debian
Qemu
Redhat
Canonical
Null Pointer Dereference vulnerability in multiple products

The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.

2.1
2014-11-04 CVE-2014-4974 Eset Information Exposure vulnerability in Eset Personal Firewall Ndis Filter 1183(20140214)

The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls.

2.1
2014-11-08 CVE-2014-6146 IBM Information Exposure vulnerability in IBM Sterling B2B Integrator 5.2.1/5.2.2/5.2.4

IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the Connect:Direct Server Adapter is configured, does not properly process the logging configuration, which allows local users to obtain sensitive information by reading log files.

1.9