Weekly Vulnerabilities Reports > December 15 to 21, 2014

Overview

147 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 23 high severity vulnerabilities. This weekly summary report vulnerabilities in 157 products from 74 vendors including IBM, Zenoss, Canonical, Ettercap Project, and Debian. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Information Exposure", "Cross-Site Request Forgery (CSRF)", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 135 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 35 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 122 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 25 reported vulnerabilities.
  • Zohocorp has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

11 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-12-19 CVE-2014-7249 Alliedtelesis Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Alliedtelesis products

Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 9924SP, CentreCOM 9924T/4SP, Rapier 48i, and SwitchBlade4000 with firmware before 2.9.1-21 allows remote attackers to execute arbitrary code via a crafted HTTP POST request.

10.0
2014-12-18 CVE-2014-9406 Arris Credentials Management vulnerability in Arris Touchstone Tg862G/Ct Firmware 7.6.59S.Ct

ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access via a request to home_loggedout.php.

10.0
2014-12-17 CVE-2014-9387 SAP Permissions, Privileges, and Access Controls vulnerability in SAP Businessobjects 4.1

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905.

10.0
2014-12-16 CVE-2014-9373 Manageengine Path Traversal vulnerability in Manageengine Netflow Analyzer

Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a ..

10.0
2014-12-16 CVE-2014-9371 Zohocorp Improper Input Validation vulnerability in Zohocorp Manageengine Desktop Central 9.0

The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object.

10.0
2014-12-16 CVE-2014-9357 Docker Permissions, Privileges, and Access Controls vulnerability in Docker 1.3.2

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.

10.0
2014-12-16 CVE-2014-8118 RPM Numeric Errors vulnerability in RPM

Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.

10.0
2014-12-16 CVE-2014-4936 Malwarebytes Insufficient Verification of Data Authenticity vulnerability in Malwarebytes products

The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable.

9.3
2014-12-15 CVE-2014-6261 Zenoss Code Injection vulnerability in Zenoss Core

Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome server or (2) deploying a crafted web site that is visited during a login session, aka ZEN-12657.

9.3
2014-12-20 CVE-2014-9193 Innominate Permissions, Privileges, and Access Controls vulnerability in Innominate Mguard Firmware

Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting.

9.0
2014-12-17 CVE-2014-4626 EMC Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Content Server

EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object's owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105.

9.0

23 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-12-16 CVE-2014-5359 Safenet INC Path Traversal vulnerability in Safenet-Inc Safenet Authentication Service Outlook web Access Agent 1.03.20212

Directory traversal vulnerability in SafeNet Authentication Service (SAS) Outlook Web Access Agent (formerly CRYPTOCard) before 1.03.30109 allows remote attackers to read arbitrary files via a ..

7.8
2014-12-16 CVE-2013-6435 RPM
Debian
Injection vulnerability in multiple products

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.

7.6
2014-12-20 CVE-2014-8142 PHP Remote Code Execution vulnerability in PHP 'process_nested_data()' Function Use After Free

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019.

7.5
2014-12-20 CVE-2014-9295 NTP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in NTP

Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.

7.5
2014-12-20 CVE-2014-9294 NTP Unspecified vulnerability in NTP

util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

7.5
2014-12-20 CVE-2014-9293 NTP Unspecified vulnerability in NTP

The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

7.5
2014-12-19 CVE-2014-9379 Ettercap Project Buffer Errors vulnerability in Ettercap-Project Ettercap 0.8.1

The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 0.8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which triggers a stack-based buffer overflow.

7.5
2014-12-19 CVE-2014-9378 Ettercap Project Improper Input Validation vulnerability in Ettercap-Project Ettercap 0.8.1

Ettercap 0.8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted (1) name to the parse_line function in mdns_spoof/mdns_spoof.c or (2) base64 encoded password to the dissector_imap function in dissectors/ec_imap.c.

7.5
2014-12-19 CVE-2014-9377 Ettercap Project Buffer Errors vulnerability in Ettercap-Project Ettercap 0.8.1

Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet.

7.5
2014-12-19 CVE-2014-9376 Ettercap Project Denial of Service vulnerability in Ettercap-Project Ettercap 0.8.1

Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the dissector_dhcp function in dissectors/ec_dhcp.c, (2) length value to the dissector_gg function in dissectors/ec_gg.c, or (3) string length to the get_decode_len function in ec_utils.c or a request without a (4) username or (5) password to the dissector_TN3270 function in dissectors/ec_TN3270.c.

7.5
2014-12-19 CVE-2014-6396 Ettercap Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ettercap-Project Ettercap

The dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted password length, which triggers a 0 character to be written to an arbitrary memory location.

7.5
2014-12-19 CVE-2014-6395 Ettercap Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ettercap-Project Ettercap

Heap-based buffer overflow in the dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual length of the password.

7.5
2014-12-16 CVE-2014-9057 Debian
Sixapart
SQL Injection vulnerability in multiple products

SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2014-12-16 CVE-2014-8340 Zoneo Soft SQL Injection vulnerability in Zoneo-Soft PHPtraffica 2.2.1

SQL injection vulnerability in Php/Functions/log_function.php in phpTrafficA 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via a User-Agent HTTP header.

7.5
2014-12-15 CVE-2014-9249 Zenoss Permissions, Privileges, and Access Controls vulnerability in Zenoss Core

The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408.

7.5
2014-12-15 CVE-2014-8507 Google SQL Injection vulnerability in Google Android

Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135.

7.5
2014-12-15 CVE-2014-6256 Zenoss Permissions, Privileges, and Access Controls vulnerability in Zenoss Core

Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions and place files in a directory with public (1) read or (2) execute access via a move action, aka ZEN-15386.

7.5
2014-12-15 CVE-2014-6052 Libvncserver
Oracle
Debian
Canonical
Improper Input Validation vulnerability in multiple products

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.

7.5
2014-12-15 CVE-2014-1569 Mozilla Security Bypass vulnerability in Mozilla Network Security Services

The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function's improper handling of an arbitrary-length encoding of 0x00.

7.5
2014-12-19 CVE-2014-7208 Gparted Command Injection vulnerability in Gparted 14.1

GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label.

7.2
2014-12-17 CVE-2014-9322 Linux
Redhat
Canonical
Opensuse
Suse
Google
Improper Privilege Management vulnerability in multiple products

arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.

7.2
2014-12-15 CVE-2014-8609 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category information via a third-party authenticator in a crafted application, aka Bug 17356824.

7.2
2014-12-15 CVE-2014-7911 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291.

7.2

101 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-12-16 CVE-2014-8583 Modwsgi 7PK - Security Features vulnerability in Modwsgi MOD Wsgi

mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.

6.9
2014-12-19 CVE-2014-9407 Revive Adserver Cross-Site Request Forgery (CSRF) vulnerability in Revive-Adserver Revive Adserver

Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-delete.php in admin/ or (4) unlink accounts via a request to admin-user-unlink.php.

6.8
2014-12-19 CVE-2014-9368 Twitterdash Project Cross-Site Request Forgery (CSRF) vulnerability in Twitterdash Project Twitterdash

Cross-site request forgery (CSRF) vulnerability in the twitterDash plugin 2.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the username_twitterDash parameter in the twitterDash.php page to wp-admin/options-general.php.

6.8
2014-12-19 CVE-2014-9341 Yurl Retwitt Project Cross-Site Request Forgery (CSRF) vulnerability in Yurl Retwitt Project Yurl Retwitt 1.4

Multiple cross-site request forgery (CSRF) vulnerabilities in the yURL ReTwitt plugin 1.4 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) yurl_login or (2) yurl_anchor parameter in the yurl page to wp-admin/options-general.php.

6.8
2014-12-19 CVE-2014-9340 Wpcommenttwit Project Cross-Site Request Forgery (CSRF) vulnerability in Wpcommenttwit Project Wpcommenttwit 0.5

Multiple cross-site request forgery (CSRF) vulnerabilities in the wpCommentTwit plugin 0.5 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) username or (2) password parameter in the wpCommentTwit.php page to wp-admin/options-general.php.

6.8
2014-12-19 CVE-2014-9339 Jayde Online Cross-Site Request Forgery (CSRF) vulnerability in Jayde Online Spnbabble 1.4.1

Multiple cross-site request forgery (CSRF) vulnerabilities in the SPNbabble plugin 1.4.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) username or (2) password parameter in the spnbabble.php page to wp-admin/options-general.php.

6.8
2014-12-19 CVE-2014-9338 O2Tweet Project Cross-Site Request Forgery (CSRF) vulnerability in O2Tweet Project O2Tweet

Multiple cross-site request forgery (CSRF) vulnerabilities in the O2Tweet plugin 0.0.4 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) o2t_username or (2) o2t_tags parameter to wp-admin/options-general.php.

6.8
2014-12-19 CVE-2014-9337 Mikiurl Wordpress Eklentisi Project Cross-Site Request Forgery (CSRF) vulnerability in Mikiurl Wordpress Eklentisi Project Mikiurl Wordpress Eklentisi 2.0

Multiple cross-site request forgery (CSRF) vulnerabilities in the Mikiurl Wordpress Eklentisi plugin 2.0 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) twitter_kullanici or (2) twitter_sifre parameter in a kaydet action in the mikiurl.php page to wp-admin/options-general.php.

6.8
2014-12-19 CVE-2014-9336 Itwitter Project Cross-Site Request Forgery (CSRF) vulnerability in Itwitter Project Itwitter 0.04

Multiple cross-site request forgery (CSRF) vulnerabilities in the iTwitter plugin 0.04 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) itex_t_twitter_username or (2) itex_t_twitter_userpass parameter in the iTwitter.php page to wp-admin/options-general.php.

6.8
2014-12-19 CVE-2014-9335 Dandyid Services Project Cross-Site Request Forgery (CSRF) vulnerability in Dandyid Services Project Dandyid Services 1.5.9

Multiple cross-site request forgery (CSRF) vulnerabilities in the DandyID Services plugin 1.5.9 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) email_address or (2) sidebarTitle parameter in the dandyid-services.php page to wp-admin/options-general.php.

6.8
2014-12-19 CVE-2014-7241 Tsutaya Improper Input Validation vulnerability in Tsutaya 5.3

The TSUTAYA application 5.3 and earlier for Android allows remote attackers to execute arbitrary Java methods via a crafted HTML document.

6.8
2014-12-18 CVE-2014-6077 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM products

Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

6.8
2014-12-17 CVE-2014-5437 Arris Cross-Site Request Forgery (CSRF) vulnerability in Arris Touchstone Tg862G/Ct Firmware 7.6.59S.Ct

Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php, (2) add a port forwarding rule via a request to port_forwarding_add.php, (3) change the wireless network to open via a request to wireless_network_configuration_edit.php, or (4) conduct cross-site scripting (XSS) attacks via the keyword parameter to managed_sites_add_keyword.php.

6.8
2014-12-16 CVE-2014-8246 Broadcom Cross-Site Request Forgery (CSRF) vulnerability in Broadcom Release Automation 4.7.1

Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2014-12-15 CVE-2014-9386 Zenoss Remote Security vulnerability in Zenoss Core

Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the session ID cookie, which makes it easier for remote attackers to hijack sessions by leveraging an unattended workstation, aka ZEN-12691.

6.8
2014-12-15 CVE-2014-9385 Zenoss Cross-Site Request Forgery (CSRF) vulnerability in Zenoss Core

Cross-site request forgery (CSRF) vulnerability in Zenoss Core through 5 Beta 3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger arbitrary code execution via a ZenPack upload, aka ZEN-15388.

6.8
2014-12-15 CVE-2014-8967 Microsoft Use After Free Remote Code Execution vulnerability in Microsoft Internet Explorer

Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted HTML document in conjunction with a Cascading Style Sheets (CSS) token sequence specifying the run-in value for the display property, leading to improper CElement reference counting.

6.8
2014-12-15 CVE-2014-6260 Zenoss Command Injection vulnerability in Zenoss Core

Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of service (paging outage) by leveraging an unattended workstation, aka ZEN-15412.

6.8
2014-12-15 CVE-2014-6253 Zenoss Cross-Site Request Forgery (CSRF) vulnerability in Zenoss Core

Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to hijack the authentication of arbitrary users, aka ZEN-12653.

6.8
2014-12-19 CVE-2014-9258 Glpi Project SQL Injection vulnerability in Glpi-Project Glpi

SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.

6.5
2014-12-19 CVE-2014-9185 Morfy CMS Project Code Injection vulnerability in Morfy CMS Project Morfy CMS 1.04

Static code injection vulnerability in install.php in Morfy CMS 1.05 allows remote authenticated users to inject arbitrary PHP code into config.php via the site_url parameter.

6.5
2014-12-18 CVE-2014-6080 IBM SQL Injection vulnerability in IBM products

SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2014-12-17 CVE-2014-7285 Symantec Command Injection vulnerability in Symantec web Gateway

The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

6.5
2014-12-17 CVE-2014-4844 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager

The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a (1) process application or (2) toolkit.

6.5
2014-12-16 CVE-2014-8248 Broadcom SQL Injection vulnerability in Broadcom Release Automation 4.7.1

SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query.

6.5
2014-12-16 CVE-2014-9372 Manageengine Path Traversal vulnerability in Manageengine Password Manager PRO

Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a ..

6.4
2014-12-16 CVE-2014-9358 Docker Improper Input Validation vulnerability in Docker

Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."

6.4
2014-12-15 CVE-2014-6255 Zenoss Open Redirection vulnerability in Zenoss

Open redirect vulnerability in the login form in Zenoss Core before 4.2.5 SP161 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the came_from parameter, aka ZEN-11998.

6.4
2014-12-19 CVE-2014-9324 Otrs Permissions, Privileges, and Access Controls vulnerability in Otrs Help Desk

The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors.

6.0
2014-12-18 CVE-2014-8890 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations.

5.1
2014-12-20 CVE-2014-9296 NTP Code vulnerability in NTP

The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.

5.0
2014-12-20 CVE-2014-8019 Cisco Path Traversal vulnerability in Cisco Enterprise Content Delivery System

Directory traversal vulnerability in Cisco Enterprise Content Delivery System (ECDS) allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCuo90148.

5.0
2014-12-19 CVE-2013-7401 C Icap Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in C-Icap Project C-Icap

The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

5.0
2014-12-19 CVE-2014-9408 Ekahau Information Exposure vulnerability in Ekahau products

Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack.

5.0
2014-12-19 CVE-2014-9381 Ettercap Project Numeric Errors vulnerability in Ettercap-Project Ettercap 0.8.1

Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a large memory allocation.

5.0
2014-12-19 CVE-2014-9380 Ettercap Project Buffer Errors vulnerability in Ettercap-Project Ettercap 0.8.1

The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature.

5.0
2014-12-19 CVE-2014-8875 Revive Adserver Denial of Service vulnerability in Revive Adserver 'XML/RPC.php' XML Entity Expansion

The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack.

5.0
2014-12-19 CVE-2013-4442 Pwgen Project Cryptographic Issues vulnerability in Pwgen Project Pwgen 2.06

Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

5.0
2014-12-19 CVE-2013-4440 Pwgen Project Credentials Management vulnerability in Pwgen Project Pwgen 2.06

Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

5.0
2014-12-19 CVE-2014-8272 Dell
Intel
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.
5.0
2014-12-19 CVE-2014-8016 Cisco Resource Management Errors vulnerability in Cisco Ironport Email Security Appliances

The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages, aka Bug ID CSCzv93864.

5.0
2014-12-18 CVE-2014-8014 Cisco Data Processing Errors vulnerability in Cisco IOS XR

Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710.

5.0
2014-12-18 CVE-2014-6164 IBM Information Exposure vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4 allows remote attackers to spoof OpenID and OpenID Connect cookies, and consequently obtain sensitive information, via a crafted URL.

5.0
2014-12-18 CVE-2014-6088 IBM Information Exposure vulnerability in IBM products

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive information by sniffing the network during use of the null SSL cipher.

5.0
2014-12-18 CVE-2014-6087 IBM Cryptographic Issues vulnerability in IBM products

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive information by sniffing the network during use of a weak algorithm in an SSL cipher suite.

5.0
2014-12-18 CVE-2014-6086 IBM Information Exposure vulnerability in IBM products

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers to obtain sensitive information by sniffing the network during an HTTP session.

5.0
2014-12-18 CVE-2014-6084 IBM Cryptographic Issues vulnerability in IBM products

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive information by sniffing the network during use of a weak SSL cipher.

5.0
2014-12-18 CVE-2014-6083 IBM Information Exposure vulnerability in IBM products

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.

5.0
2014-12-18 CVE-2014-6078 IBM Improper Access Control vulnerability in IBM products

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack.

5.0
2014-12-18 CVE-2014-8108 Redhat
Apache
Apple
Remote Denial of Service vulnerability in Apache Subversion

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.

5.0
2014-12-18 CVE-2014-3580 Redhat
Apache
Debian
Apple
Remote Denial of Service vulnerability in Apache Subversion

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

5.0
2014-12-17 CVE-2014-9388 Mantisbt Improper Access Control vulnerability in Mantisbt

bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter.

5.0
2014-12-17 CVE-2014-8553 Mantisbt Information Exposure vulnerability in Mantisbt

The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_issues SOAP request.

5.0
2014-12-17 CVE-2014-8117 File Project
Freebsd
Mageia
Canonical
Resource Management Errors vulnerability in multiple products

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.

5.0
2014-12-17 CVE-2014-8116 File Project
Freebsd
Mageia
Canonical
Resource Management Errors vulnerability in multiple products

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.

5.0
2014-12-17 CVE-2013-7402 C Icap Project Denial of Service vulnerability in c-icap Server

Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request.

5.0
2014-12-17 CVE-2014-7880 HP Remote Denial of Service vulnerability in HP TCP IP Services Openvms 5.6/5.7

Multiple unspecified vulnerabilities in the POP implementation in HP OpenVMS TCP/IP 5.7 before ECO5 allow remote attackers to cause a denial of service via unspecified vectors.

5.0
2014-12-16 CVE-2014-9323 Firebirdsql
Opensuse
Debian
Canonical
Null Pointer Dereference vulnerability in multiple products

The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.

5.0
2014-12-16 CVE-2014-8964 Pcre Buffer Errors vulnerability in Pcre Perl Compatible Regular Expression Library 8.36

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.

5.0
2014-12-15 CVE-2014-9251 Zenoss Credentials Management vulnerability in Zenoss Core

Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack on hash values in the database, aka ZEN-15413.

5.0
2014-12-15 CVE-2014-9250 Zenoss Information Exposure vulnerability in Zenoss Core

Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain credential information via script access to this cookie, aka ZEN-10418.

5.0
2014-12-15 CVE-2014-9248 Zenoss Credentials Management vulnerability in Zenoss Core

Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406.

5.0
2014-12-15 CVE-2014-9245 Zenoss Information Exposure vulnerability in Zenoss Core

Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by internal URL information, aka ZEN-15382.

5.0
2014-12-15 CVE-2014-6259 Zenoss Resource Management Errors vulnerability in Zenoss Core

Zenoss Core through 5 Beta 3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka ZEN-15414, a similar issue to CVE-2003-1564.

5.0
2014-12-15 CVE-2014-6258 Zenoss Resource Management Errors vulnerability in Zenoss Core

An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote attackers to cause a denial of service (CPU consumption) by triggering an arbitrary regular-expression match attempt, aka ZEN-15411.

5.0
2014-12-15 CVE-2014-6257 Zenoss Permissions, Privileges, and Access Controls vulnerability in Zenoss Core

Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions by using a web-endpoint URL to invoke an object helper method, aka ZEN-15407.

5.0
2014-12-15 CVE-2014-6053 Libvncserver
Canonical
Debian
Data Processing Errors vulnerability in multiple products

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.

5.0
2014-12-15 CVE-2014-3583 Apple
Apache
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.

5.0
2014-12-19 CVE-2014-6193 IBM Remote Security vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0

IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages setting is enabled, allows remote authenticated users to write to pages via an XML injection attack.

4.9
2014-12-18 CVE-2014-8120 Thermostat Project Local Privilege Escalation vulnerability in Thermostat

The agent in Thermostat before 1.0.6, when using unspecified configurations, allows local users to obtain the JMX management URLs of all local Java virtual machines and gain privileges via unknown vectors.

4.4
2014-12-20 CVE-2014-3410 Cisco Information Exposure vulnerability in Cisco Adaptive Security Appliance Software

The syslog-management subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and then (1) sniffing the network for a syslog message or (2) reading a syslog message in a file on a syslog server, aka Bug IDs CSCuq22357 and CSCur41860.

4.3
2014-12-19 CVE-2014-5212 Novell Cross-Site Scripting vulnerability in Novell Edirectory 8.7.3/8.8

Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter.

4.3
2014-12-19 CVE-2014-9135 Huawei Permissions, Privileges, and Access Controls vulnerability in Huawei P7-L10 Firmware V100R001C00B135

The PackageInstaller module in Huawei P7-L10 smartphones before V100R001C00B136 allows remote attackers to spoof the origin website and bypass the website whitelist protection mechanism via a crafted package.

4.3
2014-12-19 CVE-2014-8793 Revive Adserver Cross-Site Scripting vulnerability in Revive-Adserver Revive Adserver

Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php.

4.3
2014-12-19 CVE-2014-8724 W3Edge Cross-Site Scripting vulnerability in W3Edge Total Cache 0.9.4

Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATH_INFO to the default URI.

4.3
2014-12-19 CVE-2014-2716 Ekahau Cryptographic Issues vulnerability in Ekahau products

Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts.

4.3
2014-12-19 CVE-2014-2026 Unitedplanet Cross-Site Scripting vulnerability in Unitedplanet Intrexx 5.2/6.0

Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

4.3
2014-12-19 CVE-2014-7268 Ricksoft Cross-Site Scripting vulnerability in Ricksoft WBS Gantt-Chart 7.8.1

Cross-site scripting (XSS) vulnerability in the data-export feature in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7267.

4.3
2014-12-19 CVE-2014-8902 IBM Cross-Site Scripting vulnerability in IBM Websphere Portal

Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2014-12-19 CVE-2014-6171 IBM Cross-Site Scripting vulnerability in IBM Websphere Portal

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2014-12-18 CVE-2014-8012 Cisco Cross-Site Scripting vulnerability in Cisco Adaptive Security Appliance Software

Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via crafted attributes in a cookie, aka Bug ID CSCuh24695.

4.3
2014-12-18 CVE-2014-6174 IBM 7PK - Security Features vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to conduct clickjacking attacks via a crafted web site.

4.3
2014-12-18 CVE-2014-6167 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the URL rewriting feature in IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2014-12-18 CVE-2014-6166 IBM Unspecified vulnerability in IBM Websphere Application Server

The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4, and Feature Pack for CEA 1.x before 1.0.0.15, allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

4.3
2014-12-18 CVE-2014-6076 IBM 7PK - Security Features vulnerability in IBM products

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site.

4.3
2014-12-17 CVE-2014-9253 Dokuwiki
Mageia
Cross-Site Scripting vulnerability in multiple products

The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php.

4.3
2014-12-17 CVE-2014-8006 Cisco Improper Authentication vulnerability in Cisco Isb8320-E High-Definition Ip-Only DVR

The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID CSCup85422.

4.3
2014-12-16 CVE-2014-8247 Broadcom Cross-Site Scripting vulnerability in Broadcom Release Automation 4.7.1

Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-12-16 CVE-2014-6176 IBM Cryptographic Issues vulnerability in IBM products

IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher.

4.3
2014-12-16 CVE-2014-8751 Goywp Cross-Site Scripting vulnerability in Goywp Webpress 13.00.06

Multiple cross-site scripting (XSS) vulnerabilities in goYWP WebPress 13.00.06 allow remote attackers to inject arbitrary web script or HTML via the (1) search_param parameter to search.php or (2) name, (3) address, or (4) comment parameter to forms.php.

4.3
2014-12-16 CVE-2014-5466 Splunk Cross-Site Scripting vulnerability in Splunk

Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.7, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-12-15 CVE-2014-6254 Zenoss Cross-Site Scripting vulnerability in Zenoss Core

Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script or HTML via an attribute in a (1) device name, (2) device detail, (3) report name, (4) report detail, or (5) portlet name, or (6) a string to a helper method, aka ZEN-15381 and ZEN-15410.

4.3
2014-12-20 CVE-2014-8007 Cisco Information Exposure vulnerability in Cisco Prime Infrastructure

Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019.

4.0
2014-12-19 CVE-2014-5213 Novell Information Exposure vulnerability in Novell Edirectory 8.7.3/8.8

nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request.

4.0
2014-12-19 CVE-2014-9403 ZNC Denial of Service vulnerability in ZNC 'CWebAdminMod::ChanPage()' Function

The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel with the same name as an existing channel but without the leading # character, related to a "use-after-delete" error.

4.0
2014-12-19 CVE-2014-9355 Puppet Information Exposure vulnerability in Puppet Enterprise

Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint.

4.0
2014-12-18 CVE-2014-8901 IBM Resource Management Errors vulnerability in IBM DB2

IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted XML query.

4.0
2014-12-18 CVE-2014-6089 IBM Data Processing Errors vulnerability in IBM products

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (disrupted system operations) by uploading a file to a protected area.

4.0
2014-12-18 CVE-2014-6082 IBM Denial-Of-Service vulnerability in IBM products

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (administration UI outage) via unspecified vectors.

4.0
2014-12-17 CVE-2014-6182 IBM Path Traversal vulnerability in IBM Business Process Manager

Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a ..

4.0
2014-12-15 CVE-2014-9247 Zenoss Information Exposure vulnerability in Zenoss Core

Zenoss Core through 5 Beta 3 allows remote authenticated users to obtain sensitive (1) user account, (2) e-mail address, and (3) role information by visiting the ZenUsers (aka User Manager) page, aka ZEN-15389.

4.0

12 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-12-19 CVE-2014-7267 Ricksoft Cross-Site Scripting vulnerability in Ricksoft WBS Gantt-Chart 7.8.1

Cross-site scripting (XSS) vulnerability in the output-page generator in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7268.

3.5
2014-12-19 CVE-2014-6173 IBM Cross-Site Scripting vulnerability in IBM Business Process Manager

Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2014-12-19 CVE-2014-4801 IBM Cross-Site Scripting vulnerability in IBM Rational Quality Manager

Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x through 2.0.1.1, 3.x before 3.0.1.6 iFix 4, 4.x before 4.0.7 iFix 2, and 5.x before 5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2014-12-17 CVE-2014-5438 Arris Cross-Site Scripting vulnerability in Arris Touchstone Tg862G/Ct Firmware 7.6.59S.Ct

Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php.

3.5
2014-12-16 CVE-2014-5354 MIT NULL Pointer Dereference Remote Denial of Service vulnerability in MIT Kerberos 5

plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin "add_principal -nokey" or "purgekeys -all" command.

3.5
2014-12-16 CVE-2014-5353 MIT
Redhat
Fedoraproject
Debian
Canonical
Oracle
Opensuse
Null Pointer Dereference vulnerability in multiple products

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.

3.5
2014-12-15 CVE-2014-8610 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795.

3.3
2014-12-19 CVE-2014-8136 Mageia
Redhat
Canonical
Opensuse
Permissions, Privileges, and Access Controls vulnerability in multiple products

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.

2.1
2014-12-19 CVE-2014-8135 Redhat Unspecified vulnerability in Redhat Libvirt

The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command.

2.1
2014-12-17 CVE-2014-8133 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value.

2.1
2014-12-15 CVE-2014-9252 Zenoss Information Exposure vulnerability in Zenoss Core

Zenoss Core through 5 Beta 3 stores cleartext passwords in the session database, which might allow local users to obtain sensitive information by reading database entries, aka ZEN-15416.

2.1
2014-12-17 CVE-2014-7170 Puppet Race Condition vulnerability in Puppet Server 0.2.0

Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.

1.9