Weekly Vulnerabilities Reports > November 24 to 30, 2014

Overview

114 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 90 products from 60 vendors including Moodle, Debian, Linux, Digium, and Wordpress. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Information Exposure", and "Cross-Site Request Forgery (CSRF)".

  • 103 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 33 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 88 reported vulnerabilities are exploitable by an anonymous user.
  • Moodle has the most reported vulnerabilities, with 15 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

9 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-11-28 CVE-2014-8423 Arris Injection vulnerability in Arris Vap2500 Firmware 08.41

Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors.

10.0
2014-11-26 CVE-2014-8551 Siemens Code Injection vulnerability in Siemens products

The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets.

10.0
2014-11-26 CVE-2014-7247 Justsystems Data Processing Errors vulnerability in Justsystems Ichitaro and Ichitaro PRO

Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen; and Ichitaro 2014 Tetsu allows remote attackers to execute arbitrary code via a crafted file.

10.0
2014-11-25 CVE-2014-8439 Adobe
Linux
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.

10.0
2014-11-28 CVE-2014-7178 Enalean Improper Input Validation vulnerability in Enalean Tuleap

Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.

9.3
2014-11-25 CVE-2014-8420 Sonicwall Improper Input Validation vulnerability in Sonicwall Analyzer, Global Management System and UMA Em5000

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors.

9.0
2014-11-25 CVE-2014-8368 Arubanetworks Permissions, Privileges, and Access Controls vulnerability in Arubanetworks Airwave

The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors.

9.0
2014-11-24 CVE-2014-8418 Digium Permissions, Privileges, and Access Controls vulnerability in Digium Asterisk and Certified Asterisk

The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.

9.0
2014-11-24 CVE-2014-5314 Cybozu Buffer Errors vulnerability in Cybozu Dezie, Mailwise and Office

Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.

9.0

18 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-11-28 CVE-2014-8425 Arris Information Exposure vulnerability in Arris Vap2500 Firmware 08.41

The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files.

7.8
2014-11-28 CVE-2014-8424 Arris Improper Authentication vulnerability in Arris Vap2500 Firmware 08.41

ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication.

7.8
2014-11-25 CVE-2014-8678 Manageengine Information Exposure vulnerability in Manageengine Oputils 7.0

The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile."

7.8
2014-11-28 CVE-2014-9089 Debian
Mantisbt
SQL Injection vulnerability in multiple products

Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php.

7.5
2014-11-26 CVE-2014-9097 Apptha SQL Injection vulnerability in Apptha Contus Video Gallery 2.5

Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow (1) remote attackers to execute arbitrary SQL commands via the vid parameter in a myextract action to wp-admin/admin-ajax.php or (2) remote authenticated users to execute arbitrary SQL commands via the playlistId parameter in the newplaylist page or (3) videoId parameter in a newvideo page to wp-admin/admin.php.

7.5
2014-11-26 CVE-2014-9096 Pligg SQL Injection vulnerability in Pligg CMS

Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter.

7.5
2014-11-26 CVE-2014-9095 Raritan SQL Injection vulnerability in Raritan Power IQ 4.1.0/4.2.1

Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records.

7.5
2014-11-26 CVE-2014-9093 Libreoffice
Fedoraproject
Canonical
Debian
Improper Input Validation vulnerability in multiple products

LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.

7.5
2014-11-26 CVE-2014-9028 Flac Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Flac Libflac

Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.

7.5
2014-11-26 CVE-2014-8962 Flac Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Flac Libflac

Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.

7.5
2014-11-25 CVE-2014-8002 Cisco Buffer Errors vulnerability in Cisco Openh264 1.2.0

Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file.

7.5
2014-11-25 CVE-2014-8001 Cisco Buffer Errors vulnerability in Cisco Openh264 1.2.0

Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file.

7.5
2014-11-25 CVE-2014-8367 Arubanetworks SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager

SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2014-11-24 CVE-2014-8413 Digium Permissions, Privileges, and Access Controls vulnerability in Digium Asterisk

The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules.

7.5
2014-11-24 CVE-2014-7845 Moodle Credentials Management vulnerability in Moodle

The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack.

7.5
2014-11-26 CVE-2014-8419 Wibu Permissions, Privileges, and Access Controls vulnerability in Wibu Codemeter Runtime 5.10C

Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file.

7.2
2014-11-25 CVE-2014-1421 Canonical Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu Linux 14.10

mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.

7.2
2014-11-24 CVE-2014-9030 XEN
Debian
Opensuse
Improper Input Validation vulnerability in multiple products

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.

7.1

78 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-11-28 CVE-2014-8429 Xavoc Cross-Site Request Forgery (CSRF) vulnerability in Xavoc Xepan CMS 1.0.1/1.0.4/1.0.4.1

Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the owner/users page.

6.8
2014-11-28 CVE-2014-4829 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM products

Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

6.8
2014-11-26 CVE-2014-9104 Openvpn Cross-Site Request Forgery (CSRF) vulnerability in Openvpn Access Server 1.5.6

Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) disconnecting established VPN sessions, (2) connect to arbitrary VPN servers, or (3) create VPN profiles and execute arbitrary commands via crafted API requests.

6.8
2014-11-26 CVE-2014-9101 Skalfa
Oxwall
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1.7.0 (build 7907 and 7906) and SkaDate Lite 2.0 (build 7651) allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks or possibly have other unspecified impact via the (1) label parameter to admin/users/roles/, (2) lang[1][base][questions_account_type_5615100a931845eca8da20cfdf7327e0] in an AddAccountType action or (3) qst_name parameter in an addQuestion action to admin/questions/ajax-responder/, or (4) form_name or (5) restrictedUsername parameter to admin/restricted-usernames.

6.8
2014-11-26 CVE-2014-9099 Whydowork Adsense Project Cross-Site Request Forgery (CSRF) vulnerability in Whydowork Adsense Project Whydowork Adsense 1.2

Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the whydowork_adsense page in wp-admin/options-general.php.

6.8
2014-11-25 CVE-2014-9037 Mageia Project
Wordpress
Debian
Cryptographic Issues vulnerability in multiple products

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.

6.8
2014-11-25 CVE-2014-9033 Wordpress Cross-Site Request Forgery (CSRF) vulnerability in Wordpress

Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that reset passwords.

6.8
2014-11-24 CVE-2014-9015 Drupal
Debian
Permissions, Privileges, and Access Controls vulnerability in multiple products

Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions.

6.8
2014-11-24 CVE-2014-7838 Moodle Cross-Site Request Forgery (CSRF) vulnerability in Moodle

Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within (1) mod/forum/deprecatedlib.php, (2) mod/forum/forum.js, (3) mod/forum/index.php, or (4) mod/forum/lib.php.

6.8
2014-11-24 CVE-2014-7836 Moodle Cross-Site Request Forgery (CSRF) vulnerability in Moodle

Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a (1) mod/lti/request_tool.php or (2) mod/lti/instructor_edit_tool_type.php request.

6.8
2014-11-30 CVE-2014-8959 Opensuse
Phpmyadmin
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter.

6.5
2014-11-26 CVE-2014-9102 Kunena SQL Injection vulnerability in Kunena

Multiple SQL injection vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote authenticated users to execute arbitrary SQL commands via the index value in an array parameter, as demonstrated by the topics[] parameter in an unfavorite action to index.php.

6.5
2014-11-25 CVE-2014-8558 Jexperts Permissions, Privileges, and Access Controls vulnerability in Jexperts Channel Platform 5.0.33Ccb

JExperts Channel Platform 5.0.33_CCB allows remote authenticated users to bypass access restrictions via crafted action and key parameters.

6.5
2014-11-24 CVE-2014-8417 Digium Permissions, Privileges, and Access Controls vulnerability in Digium Asterisk and Certified Asterisk

ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.

6.5
2014-11-30 CVE-2014-9150 Adobe
Microsoft
Race Condition vulnerability in Adobe Acrobat and Acrobat Reader

Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568.

6.4
2014-11-26 CVE-2014-7142 Oracle
Canonical
Squid Cache
Improper Input Validation vulnerability in multiple products

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

6.4
2014-11-26 CVE-2014-7141 Squid Cache Data Processing Errors vulnerability in Squid-Cache Squid

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.

6.4
2014-11-25 CVE-2014-9038 Wordpress Improper Input Validation vulnerability in Wordpress

wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource.

6.4
2014-11-25 CVE-2014-7839 Redhat Improper Input Validation vulnerability in Redhat Resteasy 2.3.7/3.0.9

DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors.

6.4
2014-11-24 CVE-2014-1424 Ubuntu
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a "miscompilation flaw."

6.4
2014-11-30 CVE-2014-8884 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call.

6.1
2014-11-28 CVE-2014-4831 IBM Improper Authentication vulnerability in IBM Qradar Risk Manager and Qradar vulnerability Manager

IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors.

5.8
2014-11-24 CVE-2014-7837 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to remove wiki pages by leveraging delete access within a different subwiki.

5.5
2014-11-30 CVE-2014-7841 Linux Resource Management Errors vulnerability in Linux Kernel

The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.

5.0
2014-11-30 CVE-2014-3688 Linux Resource Management Errors vulnerability in Linux Kernel

The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c.

5.0
2014-11-28 CVE-2014-8801 Paidmembershipspro Path Traversal vulnerability in Paidmembershipspro Paid Memberships PRO

Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a ..

5.0
2014-11-28 CVE-2014-8799 Dukapress Path Traversal vulnerability in Dukapress

Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a ..

5.0
2014-11-28 CVE-2014-6075 IBM Information Exposure vulnerability in IBM products

IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, place credentials in URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.

5.0
2014-11-28 CVE-2014-3407 Cisco Resource Management Errors vulnerability in Cisco Adaptive Security Appliance Software

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888.

5.0
2014-11-27 CVE-2014-5426 Matrikonopc Code vulnerability in Matrikonopc Dnp3 OPC Server 1.2.3

MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote attackers to cause a denial of service (unhandled exception and DNP3 process crash) via a crafted message.

5.0
2014-11-26 CVE-2014-2037 Xelerance Improper Input Validation vulnerability in Xelerance Openswan 2.6.40

Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.

5.0
2014-11-26 CVE-2014-8552 Siemens Information Exposure vulnerability in Siemens products

The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets.

5.0
2014-11-26 CVE-2014-8005 Cisco Race Condition vulnerability in Cisco IOS XR

Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239.

5.0
2014-11-25 CVE-2014-9034 Wordpress Data Processing Errors vulnerability in Wordpress

wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016.

5.0
2014-11-25 CVE-2014-8004 Cisco Resource Management Errors vulnerability in Cisco IOS XR

Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378.

5.0
2014-11-24 CVE-2014-9016 Secure Password Hashes Project
Drupal
Improper Input Validation vulnerability in multiple products

The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.

5.0
2014-11-24 CVE-2014-8627 Polarssl Cryptographic Issues vulnerability in Polarssl 1.3.8

PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

5.0
2014-11-24 CVE-2014-8416 Digium Improper Input Validation vulnerability in Digium Asterisk

Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up.

5.0
2014-11-24 CVE-2014-8415 Digium Improper Input Validation vulnerability in Digium Asterisk

Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing.

5.0
2014-11-24 CVE-2014-8414 Digium Resource Management Errors vulnerability in Digium Asterisk and Certified Asterisk

ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.

5.0
2014-11-24 CVE-2014-8412 Digium Permissions, Privileges, and Access Controls vulnerability in Digium Asterisk and Certified Asterisk

The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry.

5.0
2014-11-24 CVE-2014-9060 Moodle Improper Input Validation vulnerability in Moodle

The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not properly restrict the parameters used in a return URL, which allows remote attackers to trigger the generation of arbitrary messages via a modified URL, related to mod/lti/locallib.php and mod/lti/return.php.

5.0
2014-11-24 CVE-2014-7848 Moodle Information Exposure vulnerability in Moodle

lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.

5.0
2014-11-24 CVE-2014-7847 Moodle Resource Management Errors vulnerability in Moodle

iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote attackers to cause a denial of service (resource consumption) by triggering the calculation of an estimated latitude and longitude for an IP address.

5.0
2014-11-24 CVE-2014-5325 Directwebremoting Information Exposure vulnerability in Directwebremoting Direct web Remoting 2.0.10/3.0

The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

5.0
2014-11-30 CVE-2014-9090 Linux Code vulnerability in Linux Kernel

The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite.

4.9
2014-11-30 CVE-2014-7843 Linux Code vulnerability in Linux Kernel

The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary.

4.9
2014-11-30 CVE-2014-7842 Linux Race Condition vulnerability in Linux Kernel

Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313.

4.9
2014-11-30 CVE-2010-5313 Linux Race Condition vulnerability in Linux Kernel

Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service (L1 guest OS crash) via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842.

4.9
2014-11-30 CVE-2014-8989 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a "negative groups" issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c.

4.6
2014-11-24 CVE-2014-7817 Canonical
Debian
GNU
Opensuse
Improper Input Validation vulnerability in multiple products

The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".

4.6
2014-11-30 CVE-2014-8958 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is improperly handled during rendering of the table browse page; a crafted ENUM value that is improperly handled during rendering of the (4) table print view or (5) zoom search page; or (6) a crafted pma_fontsize cookie that is improperly handled during rendering of the home page.

4.3
2014-11-28 CVE-2014-7850 Freeipa Cross-Site Scripting vulnerability in Freeipa

Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation.

4.3
2014-11-28 CVE-2014-4883 Lwip Project Insufficient Verification of Data Authenticity vulnerability in Lwip Project Lwip 1.4.1

resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets.

4.3
2014-11-28 CVE-2014-4832 IBM Information Exposure vulnerability in IBM products

IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.

4.3
2014-11-26 CVE-2014-9103 Kunena Cross-Site Scripting vulnerability in Kunena

Multiple cross-site scripting (XSS) vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) index value of an array parameter or the filename parameter in the Content-Disposition header to the (2) file or (3) profile image upload functionality.

4.3
2014-11-26 CVE-2014-9100 Whydowork Adsense Project Cross-Site Scripting vulnerability in Whydowork Adsense Project Whydowork Adsense 1.2

Cross-site scripting (XSS) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the idcode parameter in the whydowork_adsense page to wp-admin/options-general.php.

4.3
2014-11-26 CVE-2014-9094 Digitalzoomstudio Cross-Site Scripting vulnerability in Digitalzoomstudio Video Gallery

Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.

4.3
2014-11-26 CVE-2014-6196 IBM Cross-Site Scripting vulnerability in IBM web Experience Factory

Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere Portal configuration, leading to improper construction of a response page by an application.

4.3
2014-11-25 CVE-2014-9039 Debian
Mageia Project
Wordpress
7PK - Security Features vulnerability in multiple products

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.

4.3
2014-11-25 CVE-2014-9036 Wordpress
Debian
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post.

4.3
2014-11-25 CVE-2014-9035 Wordpress
Debian
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-11-25 CVE-2014-9032 Wordpress Cross-Site Scripting vulnerability in Wordpress

Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-11-25 CVE-2014-9031 Wordpress Cross-Site Scripting vulnerability in Wordpress

Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post.

4.3
2014-11-24 CVE-2012-6662 Redhat
Jqueryui
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.

4.3
2014-11-24 CVE-2010-5312 Debian
Jquery
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

4.3
2014-11-24 CVE-2014-9059 Moodle Cross-Site Scripting vulnerability in Moodle

lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts.

4.3
2014-11-24 CVE-2014-5326 Directwebremoting Cross-Site Scripting vulnerability in Directwebremoting Direct web Remoting 2.0.10/3.0

Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-11-30 CVE-2014-8961 Phpmyadmin
Opensuse
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter.

4.0
2014-11-26 CVE-2014-6610 Digium Data Processing Errors vulnerability in Digium Asterisk and Certified Asterisk

Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application.

4.0
2014-11-26 CVE-2014-6609 Digium Improper Input Validation vulnerability in Digium Asterisk

The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

4.0
2014-11-24 CVE-2014-8988 Mantisbt Permissions, Privileges, and Access Controls vulnerability in Mantisbt 1.2.17

MantisBT before 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a request to the download URL.

4.0
2014-11-24 CVE-2014-7821 Openstack
Fedoraproject
Redhat
Improper Input Validation vulnerability in multiple products

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

4.0
2014-11-24 CVE-2014-7846 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access restrictions via an AJAX request.

4.0
2014-11-24 CVE-2014-7834 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service.

4.0
2014-11-24 CVE-2014-7833 Moodle Information Exposure vulnerability in Moodle

mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by accessing the database after an edit by a teacher.

4.0
2014-11-24 CVE-2014-7832 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by viewing an activity instance.

4.0
2014-11-24 CVE-2014-7831 Moodle Information Exposure vulnerability in Moodle

lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role to access the get_grades web service.

4.0

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-11-28 CVE-2014-8994 Check Diskio Project Source Code vulnerability in Check Diskio Project Check Diskio 3.2.5

The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows local users to write to arbitrary files via a symlink attack on a temporary file with a predictable name (tmp/check_diskio_status-*-*).

3.6
2014-11-30 CVE-2014-8960 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename.

3.5
2014-11-26 CVE-2014-9098 Apptha Cross-Site Scripting vulnerability in Apptha Contus Video Gallery 2.5

Multiple cross-site scripting (XSS) vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly before 2014-07-23, for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the videoadssearchQuery parameter to (1) videoads/videoads.php, (2) video/video.php, or (3) playlist/playlist.php.

3.5
2014-11-26 CVE-2014-6093 IBM Cross-Site Scripting vulnerability in IBM Websphere Portal 7.0.0.0/7.0.0.1/8.0.0.0

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2014-11-24 CVE-2014-8349 Liferay Cross-Site Scripting vulnerability in Liferay Portal 6.2

Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parameter in the comment field in an uploaded file.

3.5
2014-11-24 CVE-2014-8986 Mantisbt Cross-Site Scripting vulnerability in Mantisbt

Cross-site scripting (XSS) vulnerability in the selection list in the filters in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via a crafted config option, a different vulnerability than CVE-2014-8987.

3.5
2014-11-24 CVE-2014-7830 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse capability to provide a searchcourse parameter.

3.5
2014-11-24 CVE-2014-8991 Oracle
Python
Permissions, Privileges, and Access Controls vulnerability in multiple products

pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.

2.1
2014-11-24 CVE-2014-7835 Moodle Cross-Site Scripting vulnerability in Moodle

webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross-site scripting (XSS) attacks, by specifying the profile-picture area.

2.1