Weekly Vulnerabilities Reports > November 17 to 23, 2014

Overview

117 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 22 high severity vulnerabilities. This weekly summary report vulnerabilities in 102 products from 64 vendors including Apple, Google, IBM, Arubanetworks, and Opensuse. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Information Exposure", "Resource Management Errors", and "SQL Injection".

  • 103 reported vulnerabilities are remotely exploitables.
  • 20 reported vulnerabilities have public exploit available.
  • 36 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 95 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 14 reported vulnerabilities.
  • Arubanetworks has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

9 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-11-20 CVE-2014-9002 Lantronix Permissions, Privileges, and Access Controls vulnerability in Lantronix Xprintserver

Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action.

10.0
2014-11-19 CVE-2014-6626 Arubanetworks Improper Access Control vulnerability in Arubanetworks Clearpass

Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors.

10.0
2014-11-19 CVE-2014-5342 Arubanetworks Unspecified vulnerability in Arubanetworks Clearpass

Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-6627.

10.0
2014-11-18 CVE-2014-4461 Apple Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Tvos

The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.

9.3
2014-11-20 CVE-2014-8387 Advantech OS Command Injection vulnerability in Advantech Eki-6340 and Eki-6340 Firmware

cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi.

9.0
2014-11-19 CVE-2014-6627 Arubanetworks Improper Access Control vulnerability in Arubanetworks Clearpass

Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342.

9.0
2014-11-19 CVE-2014-6625 Arubanetworks Improper Access Control vulnerability in Arubanetworks Clearpass

The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors.

9.0
2014-11-19 CVE-2013-3678 SAP Security vulnerability in SAP GRC

Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request.

9.0
2014-11-18 CVE-2014-6324 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability."

9.0

22 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-11-23 CVE-2014-8626 PHP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP

Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding.

7.5
2014-11-21 CVE-2014-8682 Gogits SQL Injection vulnerability in Gogits Gogs

Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go.

7.5
2014-11-21 CVE-2014-8681 Gogits SQL Injection vulnerability in Gogits Gogs

SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues.

7.5
2014-11-20 CVE-2014-9024 Protected Pages Project Permissions, Privileges, and Access Controls vulnerability in Protected Pages Project Protected Pages 7.X1.0/7.X2.0/7.X2.2

The Protected Pages module 7.x-2.x before 7.x-2.4 for Drupal allows remote attackers to bypass the password protection via a crafted path.

7.5
2014-11-20 CVE-2014-9005 VLD Interactive SQL Injection vulnerability in VLD Interactive Vldpersonals

Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search action to index.php.

7.5
2014-11-20 CVE-2014-8997 Digitalvidhya Code Injection vulnerability in Digitalvidhya Digi Online Examination System 2.0

Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/uploads/images/.

7.5
2014-11-19 CVE-2014-7910 Google Multiple Security vulnerability in Google Chrome

Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5
2014-11-19 CVE-2014-7908 Google Numeric Errors vulnerability in Google Chrome

Multiple integer overflows in the CheckMov function in media/base/container_names.cc in Google Chrome before 39.0.2171.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a large atom in (1) MPEG-4 or (2) QuickTime .mov data.

7.5
2014-11-19 CVE-2014-7907 Google Resource Management Errors vulnerability in Google Chrome

Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger improper handling of a detached frame, related to the (1) lock and (2) unlock methods.

7.5
2014-11-19 CVE-2014-7906 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of the object's lifetime.

7.5
2014-11-19 CVE-2014-7904 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5
2014-11-19 CVE-2014-7903 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG image.

7.5
2014-11-19 CVE-2014-7902 Google Code vulnerability in Google Chrome 39.0.2171.63

Use-after-free vulnerability in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.

7.5
2014-11-19 CVE-2014-7901 Google Numeric Errors vulnerability in Google Chrome

Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long segment in a JPEG image.

7.5
2014-11-19 CVE-2014-7900 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.

7.5
2014-11-18 CVE-2014-7146 Mantisbt Improper Input Validation vulnerability in Mantisbt 1.2.17

The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.

7.5
2014-11-18 CVE-2014-4457 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled.

7.5
2014-11-17 CVE-2014-8596 PHP Fusion SQL Injection vulnerability in PHP-Fusion 7.02.07

Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php.

7.5
2014-11-17 CVE-2014-8517 Apple
Netbsd
Command Injection vulnerability in multiple products

The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.

7.5
2014-11-21 CVE-2014-8388 Advantech Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess

Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document.

7.2
2014-11-20 CVE-2014-2382 Faronics Resource Management Errors vulnerability in Faronics Deep Freeze

The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, related to the IofCallDriver function.

7.2
2014-11-18 CVE-2014-4451 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses.

7.2

77 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-11-23 CVE-2014-6477 Oracle Information Exposure vulnerability in Oracle Database Server

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, and CVE-2014-6547.

6.8
2014-11-21 CVE-2014-5395 Huawei Cross-Site Request Forgery (CSRF) vulnerability in Huawei products

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors.

6.8
2014-11-20 CVE-2014-9027 Zteusa Cross-Site Request Forgery (CSRF) vulnerability in Zteusa Zxdsl 831Cii

Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the (1) enblftp, (2) enblhttp, (3) enblsnmp, (4) enbltelnet, (5) enbltftp, (6) enblicmp, or (7) enblssh parameter to accesslocal.cmd.

6.8
2014-11-20 CVE-2014-9019 ZTE Cross-Site Request Forgery (CSRF) vulnerability in ZTE Zxdsl 831Cii

Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name or (2) conduct cross-site scripting (XSS) attacks via the sysUserName parameter in a save action to adminpasswd.cgi or (3) change the admin user password via the sysPassword parameter in a save action to adminpasswd.cgi.

6.8
2014-11-20 CVE-2014-9003 Lantronix Cross-Site Request Forgery (CSRF) vulnerability in Lantronix Xprintserver

Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action.

6.8
2014-11-19 CVE-2014-6624 Arubanetworks Information Exposure vulnerability in Arubanetworks Clearpass

The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to read arbitrary files via unspecified vectors.

6.8
2014-11-18 CVE-2014-7996 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Computing System

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477.

6.8
2014-11-18 CVE-2014-4459 Apple Memory Corruption vulnerability in WebKit

Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.

6.8
2014-11-17 CVE-2014-8953 Phpscriptlerim Cross-Site Request Forgery (CSRF) vulnerability in PHPscriptlerim PHP Scriptlerim Who'S WHO

Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php.

6.8
2014-11-21 CVE-2014-7871 Open Xchange SQL Injection vulnerability in Open-Xchange Appsuite

SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.

6.5
2014-11-21 CVE-2014-7137 Dolibarr SQL Injection vulnerability in Dolibarr

Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet/tasks/contact.php; (4) lineid parameter in a deletecontact action, (5) ligne parameter in a swapstatut action, or (6) ref parameter to projet/contact.php; (7) id parameter to compta/bank/fiche.php, (8) contact/info.php, (9) holiday/index.php, (10) product/stock/fiche.php, (11) product/stock/info.php, or (12) in an edit action to product/stock/fiche.php; (13) productid parameter in an addline action to product/stock/massstockmove.php; (14) project_ref parameter to projet/tasks/note.php; (15) ref parameter to element.php, (16) ganttview.php, (17) note.php, or (18) tasks.php in projet/; (19) sall or (20) sref parameter to comm/mailing/liste.php; (21) search_bon, (22) search_ligne, (23) search_societe, or (24) search_code parameter to compta/prelevement/liste.php; (25) search_label parameter to compta/sociales/index.php; (26) search_project parameter to projet/tasks/index.php; (27) search_societe parameter to compta/prelevement/demandes.php; (28) search_statut parameter to user/index.php; (29) socid parameter to compta/recap-compta.php, (30) societe/commerciaux.php, or (31) societe/rib.php; (32) sortorder, (33) sref, (34) sall, or (35) sortfield parameter to product/stock/liste.php; (36) statut parameter to adherents/liste.php or (37) compta/dons/liste.php; (38) tobuy or (39) tosell parameter to product/liste.php; (40) tobuy, (41) tosell, (42) search_categ, or (43) sref parameter to product/reassort.php; (44) type parameter to product/index.php; or the (a) sortorder or (b) sortfield parameter to (45) compta/paiement/cheque/liste.php, (46) compta/prelevement/bons.php, (47) compta/prelevement/rejets.php, (48) product/stats/commande.php, (49) product/stats/commande_fournisseur.php, (50) product/stats/contrat.php, (51) product/stats/facture.php, (52) product/stats/facture_fournisseur.php, (53) product/stats/propal.php, or (54) product/stock/replenishorders.php.

6.5
2014-11-20 CVE-2014-9001 Incrediblepbx Code Injection vulnerability in Incrediblepbx Incredible PBX 11 2.0.6.5.0

reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5) APPTYR, or (6) APPTPHONE parameters.

6.5
2014-11-20 CVE-2014-9000 Mulesoft Permissions, Privileges, and Access Controls vulnerability in Mulesoft Mule Enterprise Management Console

Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user.

6.5
2014-11-20 CVE-2014-8999 Xoops SQL Injection vulnerability in Xoops 2.5.6

SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter.

6.5
2014-11-20 CVE-2014-8998 X7Chat Code Injection vulnerability in X7Chat X7 Chat

lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.

6.5
2014-11-17 CVE-2014-8499 Manageengine SQL Injection vulnerability in Manageengine Password Manager PRO

Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc.

6.5
2014-11-17 CVE-2014-8498 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Password Manager PRO

SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter.

6.5
2014-11-21 CVE-2014-7194 Tibco Permissions, Privileges, and Access Controls vulnerability in Tibco products

TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive information or modify data by leveraging agent access.

6.4
2014-11-20 CVE-2014-9022 WEB Component Roles Project Permissions, Privileges, and Access Controls vulnerability in web Component Roles Project web Component Roles

The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x before 7.x-1.8 for Drupal allows remote attackers to bypass the "disabled" restriction and modify read-only components via a crafted form.

6.4
2014-11-20 CVE-2014-8769 Redhat Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Redhat Tcpdump

tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access.

6.4
2014-11-18 CVE-2014-8598 Mantisbt Data Processing Errors vulnerability in Mantisbt

The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page.

6.4
2014-11-17 CVE-2014-8727 F5 Path Traversal vulnerability in F5 Big-Ip Local Traffic Manager

Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a ..

6.2
2014-11-18 CVE-2014-4462 Apple Resource Management Errors vulnerability in Apple Iphone OS and Tvos

WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452.

5.8
2014-11-20 CVE-2014-9023 Twilio Project Permissions, Privileges, and Access Controls vulnerability in Twilio Project Twilio

The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restrict access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tokens by leveraging the "access administration pages" Drupal permission.

5.5
2014-11-19 CVE-2014-8594 Opensuse
Debian
XEN
Improper Input Validation vulnerability in multiple products

The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP).

5.4
2014-11-18 CVE-2014-4452 Apple Resource Management Errors vulnerability in Apple products

WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.

5.4
2014-11-23 CVE-2014-8714 Wireshark Resource Management Errors vulnerability in Wireshark

The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

5.0
2014-11-23 CVE-2014-8713 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5.0
2014-11-23 CVE-2014-8712 Wireshark Resource Management Errors vulnerability in Wireshark

The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5.0
2014-11-23 CVE-2014-8711 Wireshark Numeric Errors vulnerability in Wireshark

Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet.

5.0
2014-11-23 CVE-2014-8710 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.

5.0
2014-11-21 CVE-2014-8090 Ruby Lang Incomplete Fix XML External Entity Denial of Service vulnerability in Ruby

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack.

5.0
2014-11-21 CVE-2014-8000 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1)

Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497.

5.0
2014-11-20 CVE-2014-9025 Commerceguys Information Exposure vulnerability in Commerceguys Commerce 7.X1.0/7.X1.1

The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2014-11-20 CVE-2014-8768 Opensuse
Canonical
Oracle
Redhat
Integer Underflow (Wrap OR Wraparound) vulnerability in multiple products

Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.

5.0
2014-11-20 CVE-2014-8767 Redhat
Opensuse
Numeric Errors vulnerability in Redhat Tcpdump

Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.

5.0
2014-11-20 CVE-2014-8493 ZTE Permissions, Privileges, and Access Controls vulnerability in ZTE Zxhn H108L Firmware 4.0.0Dzrqgr4

ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.

5.0
2014-11-20 CVE-2014-3625 Pivotal Software Path Traversal vulnerability in Pivotal Software Spring Framework

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

5.0
2014-11-20 CVE-2014-9006 Monstra Credentials Management vulnerability in Monstra

Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values.

5.0
2014-11-20 CVE-2014-8995 Maarch SQL Injection vulnerability in Maarch Letterbox 2.8

SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie.

5.0
2014-11-19 CVE-2014-6622 Arubanetworks Information Exposure vulnerability in Arubanetworks Clearpass

Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to determine the validity of filenames via unspecified vectors.

5.0
2014-11-19 CVE-2014-6621 Arubanetworks Information Exposure vulnerability in Arubanetworks Clearpass

Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting and diagnostics page in production systems, which allows remote attackers to obtain version numbers, module configuration, and other sensitive information by reading the page.

5.0
2014-11-19 CVE-2014-7909 Google Numeric Errors vulnerability in Google Chrome

effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data.

5.0
2014-11-19 CVE-2014-7905 Google Improper Access Control vulnerability in Google Chrome 38.0.2125.101

Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended access restrictions via a crafted web site.

5.0
2014-11-19 CVE-2014-7899 Google Improper Input Validation vulnerability in Google Chrome

Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string.

5.0
2014-11-18 CVE-2014-7829 Opensuse
Rubyonrails
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \ (backslash) character, a similar issue to CVE-2014-7818.

5.0
2014-11-18 CVE-2014-3620 Haxx
Apple
Cryptographic Issues vulnerability in multiple products

cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.

5.0
2014-11-18 CVE-2014-3613 Haxx
Apple
Cryptographic Issues vulnerability in multiple products

cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.

5.0
2014-11-18 CVE-2014-4458 Apple Information Exposure vulnerability in Apple mac OS X

The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors.

5.0
2014-11-18 CVE-2014-4453 Apple Information Exposure vulnerability in Apple Iphone OS and mac OS X

Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors.

5.0
2014-11-18 CVE-2014-7992 Cisco Information Exposure vulnerability in Cisco IOS

The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.

5.0
2014-11-18 CVE-2014-6098 IBM Credentials Management vulnerability in IBM Security Identity Manager

IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request.

5.0
2014-11-18 CVE-2014-6095 IBM Path Traversal vulnerability in IBM Security Identity Manager

Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors.

5.0
2014-11-17 CVE-2014-5277 Docker Code vulnerability in Docker and Docker-Py

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.

5.0
2014-11-21 CVE-2014-8683 Gogits Cross-Site Scripting vulnerability in Gogits Gogs

Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown.

4.3
2014-11-21 CVE-2014-8539 Simple Email Form Project Cross-Site Scripting vulnerability in Simple Email Form Project Simple Email Form 1.8.5

Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the mod_simpleemailform_field2_1 parameter to index.php.

4.3
2014-11-21 CVE-2014-8469 Moxi9 Cross-Site Scripting vulnerability in Moxi9 PHPfox

Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header.

4.3
2014-11-20 CVE-2014-9021 Zteusa Cross-Site Scripting vulnerability in Zteusa Zxdsl 831

Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 allow remote attackers to inject arbitrary web script or HTML via the (1) tr69cAcsURL, (2) tr69cAcsUser, (3) tr69cAcsPwd, (4) tr69cConnReqPwd, or (5) tr69cDebugEnable parameter to the TR-069 client page (tr69cfg.cgi); the (6) timezone parameter to the Time and date page (sntpcfg.sntp); or the (7) hostname parameter in a save action to the Quick Stats page (psilan.cgi).

4.3
2014-11-20 CVE-2014-9020 ZTE Cross-Site Scripting vulnerability in ZTE Zxdsl 831 and Zxdsl 831Cii

Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action.

4.3
2014-11-20 CVE-2014-9004 VLD Interactive Cross-Site Scripting vulnerability in VLD Interactive Vldpersonals

Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a member_profile action to index.php.

4.3
2014-11-20 CVE-2014-8996 Nibbleblog Cross-Site Scripting vulnerability in Nibbleblog 4.0.1

Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) author_name or (2) content parameter to index.php.

4.3
2014-11-19 CVE-2014-8629 Pandorafms Cross-Site Scripting vulnerability in Pandorafms Pandora Flexible Monitoring System

Cross-site scripting (XSS) vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via the refr parameter to index.php.

4.3
2014-11-19 CVE-2014-7290 Atlas Systems Cross-Site Scripting vulnerability in Atlas Systems Aeon 3.5/3.6

Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems Aeon 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) Action or (2) Form parameter to aeon.dll.

4.3
2014-11-18 CVE-2014-8475 Freebsd Code vulnerability in Freebsd 10.0/9.1/9.2

FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and prevention of new connections) by ending multiple connections before authentication is completed.

4.3
2014-11-18 CVE-2014-6107 IBM Information Exposure vulnerability in IBM Security Identity Manager

IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.

4.3
2014-11-18 CVE-2014-6105 IBM Improper Input Validation vulnerability in IBM Security Identity Manager

IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

4.3
2014-11-18 CVE-2014-6096 IBM Cross-Site Scripting vulnerability in IBM Security Identity Manager

Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2014-11-17 CVE-2012-6665 Phpmoneybooks Path Traversal vulnerability in PHPmoneybooks 1.0.4

Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a ..

4.3
2014-11-17 CVE-2012-1669 Phpmoneybooks Path Traversal vulnerability in PHPmoneybooks 1.0.2

Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a ..

4.3
2014-11-17 CVE-2014-8955 Megnicholas Cross-Site Scripting vulnerability in Megnicholas Clean and Simple Contact Form 4.4.0

Cross-site scripting (XSS) vulnerability in the Contact Form Clean and Simple (clean-and-simple-contact-form-by-meg-nicholas) plugin 4.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the cscf[name] parameter to contact-us/.

4.3
2014-11-17 CVE-2014-8954 Codecanyon Cross-Site Scripting vulnerability in Codecanyon PHPsound 1.0.5

Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Description fields in a playlist or the (3) filter parameter in an explore action to index.php.

4.3
2014-11-17 CVE-2014-8732 Phpmemcachedadmin Project Cross-Site Scripting vulnerability in PHPmemcachedadmin Project PHPmemcachedadmin 1.2.2

Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-11-17 CVE-2014-3629 Apache Data Processing Errors vulnerability in Apache Qpid 0.30

XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message.

4.3
2014-11-23 CVE-2014-6183 IBM Resource Management Errors vulnerability in IBM products

IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors.

4.0
2014-11-23 CVE-2014-4807 IBM Resource Management Errors vulnerability in IBM Sterling Selling and Fulfillment Foundation

Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character.

4.0
2014-11-21 CVE-2014-7195 Tibco Information Exposure vulnerability in Tibco products

Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6.0.2 and 6.5.x before 6.5.2, Spotfire Deployment Kit 6.0.x before 6.0.2 and 6.5.x before 6.5.2, and Silver Fabric Enabler for Spotfire Web Player before 1.6.1 allows remote authenticated users to obtain sensitive information via unspecified vectors.

4.0
2014-11-20 CVE-2014-9026 Ubercart Permissions, Privileges, and Access Controls vulnerability in Ubercart

The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtain sensitive information via unspecified vectors.

4.0

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-11-19 CVE-2014-7828 Freeipa Permissions, Privileges, and Access Controls vulnerability in Freeipa

FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind.

3.5
2014-11-18 CVE-2014-4817 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager

The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename.

2.1
2014-11-18 CVE-2014-7824 D BUS Project
Debian
Mageia Project
Canonical
Resource Management Errors vulnerability in multiple products

D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors.

2.1
2014-11-18 CVE-2014-4463 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature.

2.1
2014-11-18 CVE-2014-4460 Apple Information Exposure vulnerability in Apple Iphone OS and mac OS X

CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files.

2.1
2014-11-18 CVE-2014-4455 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS and Tvos

dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.

2.1
2014-11-18 CVE-2014-6110 IBM Improper Access Control vulnerability in IBM Security Identity Manager

IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation.

2.1
2014-11-17 CVE-2014-0059 Redhat Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform

JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file.

2.1
2014-11-19 CVE-2014-8595 Debian
XEN
Opensuse
Code vulnerability in multiple products

arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction.

1.9