Vulnerability Summary for the Week of February 3, 2014

Released
Feb 10, 2014
Document ID
SB14-041

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- flash_playerInteger underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.2014-02-0510.0CVE-2014-0497
aloha -- aloaha_pdf_suite_freeStack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in Aloaha PDF Suite FREE allows remote attackers to execute arbitrary code via a crafted PDF file.2014-02-057.5CVE-2013-4978
cisco -- unified_communications_managerCisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908.2014-02-047.2CVE-2014-0686
codeaurora -- android-msmMultiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c, or (2) a crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c.2014-02-027.2CVE-2013-4738
csounds -- csoundInteger overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.2014-02-049.3CVE-2012-2106
csounds -- csoundInteger overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.2014-02-049.3CVE-2012-2107
csounds -- csoundStack-based buffer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file.2014-02-049.3CVE-2012-2108
emc -- documentum_foundation_servicesThe web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, which allows remote authenticated users to bypass intended content access restrictions via unspecified vectors.2014-02-069.0CVE-2014-0622
gatehouse -- gatehouseThe firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals has hardcoded credentials, which makes it easier for attackers to obtain unspecified login access via unknown vectors.2014-02-0410.0CVE-2013-6034
gatehouse -- gatehouseThe firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals does not require authentication for sessions on TCP port 1827, which allows remote attackers to execute arbitrary code via unspecified protocol operations.2014-02-0410.0CVE-2013-6035
ibm -- algo_oneUnrestricted file upload vulnerability in IBM Algo One UDS 4.7.0 through 5.0.0 allows remote authenticated users to execute arbitrary code by uploading a .jsp file and then launching it.2014-02-068.5CVE-2013-6332
ibm -- spss_samplepowerUnspecified vulnerability in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 IF1 allows remote attackers to execute arbitrary code via a crafted ComboList property value.2014-02-019.3CVE-2013-6724
ibm -- lotus_domino_serverThe IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, aka SPR KLYH9F4S2Z.2014-02-067.8CVE-2014-0822
ideamk -- eps_viewerBuffer overflow in the gldll32.dll module in EPS Viewer 3.2 and earlier allows remote attackers to execute arbitrary code via a crafted EPS file.2014-01-317.5CVE-2013-4979
jetaudio -- jetaudioStack-based buffer overflow in the JetMPG.ax module in jetAudio 8.0.17 allows remote attackers to execute arbitrary code via a crafted MPEG2-TS video file, related to the MPEG2 transport stream.2014-02-059.3CVE-2013-2691
kolja_schleich -- leaguemanagerSQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.2014-02-057.5CVE-2013-1852
lexmark -- 25xxncgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter.2014-02-0410.0CVE-2013-6032
mariadb -- mariadbBuffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.2014-01-317.5CVE-2014-0001
mozilla -- firefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2014-02-0610.0CVE-2014-1477
mozilla -- firefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors.2014-02-0610.0CVE-2014-1478
mozilla -- firefoxRasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create.2014-02-0610.0CVE-2014-1482
mozilla -- firefoxThe Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.2014-02-067.5CVE-2014-1485
mozilla -- firefoxUse-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.2014-02-0610.0CVE-2014-1486
mozilla -- firefoxThe Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.2014-02-0610.0CVE-2014-1488
openstack -- computeThe i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.2014-02-067.1CVE-2013-7130
otrs -- otrsSQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL.2014-02-047.5CVE-2014-1471
pidgin -- pidgingtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185.2014-02-069.3CVE-2013-6486
pidgin -- pidginInteger overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow.2014-02-067.5CVE-2013-6487
pidgin -- pidginThe SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow.2014-02-0610.0CVE-2013-6490
seowon_intech -- swc-9100The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the ping_ipaddr parameter.2014-02-048.3CVE-2013-7179
seowon_intech -- swc-9100cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote attackers to (1) cause a denial of service (reboot) via a default_reboot action or (2) reset all configuration values via a factory_default action.2014-02-048.3CVE-2013-7183
siemens -- simatic_wincc_open_architectureThe integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999.2014-02-067.5CVE-2014-1697
tableau_software -- tableau_serverSQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be exploited by unauthenticated remote attackers if the guest user is enabled.2014-01-317.5CVE-2014-1204
trendnet -- tew-812druTRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp username, or (8) l2tp password to internet/wan.asp; (9) NtpDstStart, (10) NtpDstEnd, or (11) NtpDstOffset to adm/time.asp; or (12) device url to adm/management.asp. NOTE: vectors 9, 10, and 11 can be exploited by unauthenticated remote attackers by leveraging CVE-2013-3098.2014-02-048.5CVE-2013-3365
zte -- zxv10_w300The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.2014-02-049.3CVE-2014-0329

Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- activemqCross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.2014-02-054.3CVE-2013-1880
citrix -- xenmobile_device_managerUnspecified vulnerability in Citrix XenMobile Device Manager server (formerly Zenprise Device Manager server) 8.5, 8.6, and MDM 8.0.1 allows remote attackers to obtain sensitive information via unknown vectors.2014-02-065.0CVE-2014-1663
codeaurora -- android-msmThe MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to obtain sensitive information from kernel stack memory via (1) a crafted MSM_MCR_IOCTL_EVT_GET ioctl call, related to drivers/media/platform/msm/camera_v1/mercury/msm_mercury_sync.c, or (2) a crafted MSM_JPEG_IOCTL_EVT_GET ioctl call, related to drivers/media/platform/msm/camera_v2/jpeg_10/msm_jpeg_sync.c.2014-02-024.9CVE-2013-4739
craig_drummond -- cantataAbsolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2013-7301.2014-02-015.0CVE-2013-7300
craig_drummond -- cantataCantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue.2014-02-015.0CVE-2013-7301
d-link -- dap_2253Cross-site request forgery (CSRF) vulnerability in D-Link DAP-2253 Access Point (Rev. A1) with firmware before 1.30 allows remote attackers to hijack the authentication of administrators for requests that modify configuration settings via unspecified vectors.2014-02-066.8CVE-2013-7320
d-link -- dap_2253Cross-site scripting (XSS) vulnerability in D-Link DAP-2253 Access Point (Rev. A1) with firmware before 1.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-02-064.3CVE-2013-7321
dell -- kace_k1000_systems_management_appliance_softwareCross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter.2014-02-064.3CVE-2014-0330
devscripts_devel_team -- devscriptsDirectory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink.2014-02-055.0CVE-2014-1833
doug_poulin -- command_school_student_management_systemMultiple cross-site scripting (XSS) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to inject arbitrary web script or HTML via the (1) topic parameter to sw/add_topic.php or (2) nick parameter to sw/chat/message.php.2014-02-074.3CVE-2014-1914
doug_poulin -- command_school_student_management_systemMultiple cross-site request forgery (CSRF) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of (1) administrators for requests that change the administrator password via an update action to sw/admin_change_password.php or (2) unspecified victims for requests that add a topic or blog entry to sw/add_topic.php. NOTE: vector 2 can be leveraged to bypass the authentication requirements for exploiting vector 1 in CVE-2014-1914.2014-02-076.8CVE-2014-1915
download_manager_project -- download_managerCross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field.2014-02-064.3CVE-2013-7319
easyxdm -- easyxdmCross-site scripting (XSS) vulnerability in name.html in easyXDM before 2.4.19 allows remote attackers to inject arbitrary web script or HTML via the location.hash value.2014-02-054.3CVE-2014-1403
elgg_foundation -- elggCross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save.2014-02-024.3CVE-2013-0234
fail2ban -- fail2banconfig/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression.2014-02-015.0CVE-2013-7176
fail2ban -- fail2banconfig/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression.2014-02-015.0CVE-2013-7177
fortinet -- fortiwebCross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote attackers to inject arbitrary web script or HTML via the filter parameter.2014-02-044.3CVE-2013-7181
fortinet -- fortiosCross-site scripting (XSS) vulnerability in firewall/schedule/recurrdlg in Fortinet FortiOS 5.0.5 allows remote attackers to inject arbitrary web script or HTML via the mkey parameter.2014-02-044.3CVE-2013-7182
geeklog -- geeklogCross-site scripting (XSS) vulnerability in calendar/index.php in the Calendar plugin in Geeklog before 1.8.2sr1 and 2.0.0 before 2.0.0rc2 allows remote attackers to inject arbitrary web script or HTML via the calendar_type parameter to submit.php.2014-02-054.3CVE-2013-1470
glfusion -- glfusionMultiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, or (9) zipcode parameter to calendar/index.php; (10) title or (11) url parameter to links/index.php; or (12) PATH_INFO to admin/plugins/mediagallery/xppubwiz.php/.2014-02-054.3CVE-2013-1466
gnu -- cpiocpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive.2014-02-065.0CVE-2010-4226
gpsd_project -- gpsdThe NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.2014-02-064.3CVE-2013-2038
guppy -- guppyMultiple cross-site scripting (XSS) vulnerabilities in GuppY before 4.6.28 allow remote attackers to inject arbitrary web script or HTML via the (1) "an" parameter to agenda.php or (2) cat parameter to mobile/thread.php.2014-02-064.3CVE-2013-5983
haxx -- curlcURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.2014-02-014.0CVE-2014-0015
hiphop_virtual_machine_for_php_project -- hiphop_virtual_machine_for_phpThe libxml_disable_entity_loader function in runtime/ext/ext_simplexml.cpp in HipHop Virtual Machine for PHP (HHVM) before 2.4.0 and 2.3.x before 2.3.3 does not properly disable a certain libxml handler, which allows remote attackers to conduct XML External Entity (XXE) attacks.2014-02-055.0CVE-2014-1439
ibm -- websphere_transformation_extenderBuffer overflow in the Launcher in IBM WebSphere Transformation Extender 8.4.x before 8.4.0.4 allows local users to cause a denial of service (process crash or Admin Console command-stream outage) via unspecified vectors.2014-02-064.9CVE-2013-2962
ibm -- spss_collaboration_and_deployment_servicesThe server in IBM SPSS Collaboration and Deployment Services 4.x before 4.2.1.3 IF3, 5.x before 5.0 FP3, and 6.x before 6.0 IF1 allows remote attackers to read arbitrary files via an unspecified HTTP request.2014-02-015.0CVE-2013-4043
ibm -- infosphere_master_data_management_collaboration_serverCross-site request forgery (CSRF) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 FP8 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote attackers to hijack the authentication of arbitrary users.2014-02-046.8CVE-2013-5427
ibm -- financial_transaction_managerDirectory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authenticated users to read arbitrary files via a modified pathname.2014-02-014.0CVE-2014-0830
ibm -- financial_transaction_managerCross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data.2014-02-016.8CVE-2014-0831
ibm -- financial_transaction_managerThe OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intended access restrictions via an unspecified process step.2014-02-015.5CVE-2014-0833
ibm -- general_parallel_file_systemIBM General Parallel File System (GPFS) 3.4 through 3.4.0.27 and 3.5 through 3.5.0.16 allows attackers to cause a denial of service (daemon crash) via crafted arguments to a setuid program.2014-02-044.0CVE-2014-0834
kde -- arkDirectory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.2014-02-046.8CVE-2011-2725
kent-web -- joyful_noteCross-site scripting (XSS) vulnerability in KENT-WEB Joyful Note 2.8 and earlier, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-02-014.3CVE-2014-0812
linux -- linux_kernelThe compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.2014-02-066.9CVE-2014-0038
mediaelementjs -- mediaelement.jsCross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter.2014-02-054.3CVE-2013-1967
mozilla -- firefoxThe System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes.2014-02-065.0CVE-2014-1479
mozilla -- firefoxThe file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.2014-02-064.3CVE-2014-1480
mozilla -- firefoxMozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.2014-02-065.0CVE-2014-1481
mozilla -- firefoxMozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions.2014-02-064.3CVE-2014-1483
mozilla -- firefoxMozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application.2014-02-065.0CVE-2014-1484
mozilla -- firefoxThe Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.2014-02-065.0CVE-2014-1487
mozilla -- firefoxMozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.2014-02-064.3CVE-2014-1489
mozilla -- firefoxRace condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.2014-02-065.0CVE-2014-1490
mozilla -- firefoxMozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.2014-02-065.0CVE-2014-1491
openldap -- openldapThe rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.2014-02-054.3CVE-2013-4449
openstack -- osloThe python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.2014-02-014.3CVE-2013-6491
opensuse -- oscosc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted (1) build log or (2) build status that contains an escape sequence for a terminal emulator.2014-02-064.3CVE-2012-1095
opera -- opera_browserThe intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies.2014-02-064.3CVE-2014-0815
opera -- opera_browserOpera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation.2014-02-064.3CVE-2014-1870
otrs -- otrsMultiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets.2014-02-046.8CVE-2014-1694
pidgin -- pidginThe Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences.2014-02-065.0CVE-2012-6152
pidgin -- pidginMultiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message.2014-02-065.0CVE-2013-6477
pidgin -- pidgingtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip.2014-02-064.3CVE-2013-6478
pidgin -- pidginutil.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted response.2014-02-065.0CVE-2013-6479
pidgin -- pidginlibpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read.2014-02-065.0CVE-2013-6481
pidgin -- pidginPidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header.2014-02-065.0CVE-2013-6482
pidgin -- pidginThe XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply.2014-02-065.0CVE-2013-6483
pidgin -- pidginThe STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error.2014-02-065.0CVE-2013-6484
pidgin -- pidginBuffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data.2014-02-065.0CVE-2013-6485
pidgin -- pidginInteger signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow.2014-02-065.0CVE-2013-6489
pidgin -- pidginThe IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message.2014-02-065.0CVE-2014-0020
pyyaml -- libyamlThe yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.2014-02-066.8CVE-2013-6393
rapid7 -- nexposeCross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.2014-02-046.8CVE-2012-6493
redhat -- network_satelliteOpen redirect vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url_bounce parameter.2014-02-054.3CVE-2011-1594
redhat -- network_satelliteCross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page.2014-02-054.3CVE-2011-2919
redhat -- network_satelliteMultiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via the "Filter by Synopsis" field and other unspecified filter forms.2014-02-054.3CVE-2011-2920
redhat -- network_satelliteMultiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via vectors related to Search forms.2014-02-054.3CVE-2011-2927
redhat -- network_satelliteCross-site scripting (XSS) vulnerability in the Lookup Login/Password form in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the URI.2014-02-054.3CVE-2011-3344
redhat -- icedtea-webThe web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.2014-02-054.3CVE-2011-3377
redhat -- network_proxySpacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading (1) the server log and (2) an email.2014-02-054.3CVE-2012-0059
redhat -- kdelibskioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.2014-02-055.0CVE-2013-2074
rockwellautomation -- rslogix_5000_design_and_configuration_softwareRockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.2014-02-056.9CVE-2014-0755
schneider-electric -- telvent_sage_3030_firmwareThe Schneider Electric Telvent SAGE 3030 RTU with firmware C3413-500-001D3_P4 and C3413-500-001F0_PB allows remote attackers to cause a denial of service (temporary outage and CPU consumption) via malformed DNP3 traffic.2014-01-315.0CVE-2013-6143
siemens -- simatic_wincc_open_architectureSiemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack.2014-02-065.0CVE-2014-1696
siemens -- simatic_wincc_open_architectureDirectory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999.2014-02-065.0CVE-2014-1698
siemens -- simatic_wincc_open_architectureSiemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999.2014-02-065.0CVE-2014-1699
steve_souza -- java_application_monitorMultiple cross-site scripting (XSS) vulnerabilities in JAMon (Java Application Monitor) 2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listenertype or (2) currentlistener parameter to mondetail.jsp or ArraySQL parameter to (3) mondetail.jsp, (4) jamonadmin.jsp, (5) sql.jsp, or (6) exceptions.jsp.2014-01-314.3CVE-2013-6235
symantec -- encryption_management_serverThe Web Email Protection component in Symantec Encryption Management Server (aka PGP Universal Server) before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL.2014-02-064.0CVE-2014-1643
systemtap -- systemtapSystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service (kernel panic and crash) via vectors related to crafted DWARF data, which triggers a read of an invalid pointer.2014-02-045.6CVE-2012-0875
torproject -- torTor before 0.2.3.23-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a renegotiation attempt that occurs after the initiation of the V3 link protocol.2014-02-025.0CVE-2012-2249
torproject -- torTor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol negotiation incorrectly.2014-02-025.0CVE-2012-2250
trendnet -- tew-812druMultiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet TEW-812DRU router with firmware before 1.0.9.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change admin credentials in a request to setSysAdm.cgi, (2) enable remote management or (3) enable port forwarding in an Apply action to uapply.cgi, or (4) have unspecified impact via a request to setNTP.cgi. NOTE: some of these details are obtained from third party information.2014-02-046.8CVE-2013-3098
x -- x_serverThe X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.2014-02-054.6CVE-2011-4613
xaraya -- xarayaMultiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) interface, (3) name, or (4) tabmodule parameter to index.php.2014-02-054.3CVE-2013-3639

Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
dennis_bruecke -- jquery_countdownCross-site scripting (XSS) vulnerability in the jQuery Countdown module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors.2014-01-312.1CVE-2013-4383
dest-unreach -- socatStack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line.2014-02-041.9CVE-2014-0019
fortinet -- fortiwebCross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors.2014-02-043.5CVE-2014-1458
ibm -- financial_transaction_managerMultiple cross-site scripting (XSS) vulnerabilities in configuration-details screens in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted text value.2014-02-013.5CVE-2014-0832
lexmark -- c52xMultiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allow remote authenticated users to inject arbitrary web script or HTML by using (1) SNMP or (2) the Embedded Web Server (EWS) to set the (a) Contact or (b) Location field.2014-02-043.5CVE-2013-6033
openbsd -- opensshssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.2014-02-022.1CVE-2011-4327
openstack -- folsomOpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096.2014-02-062.1CVE-2013-4463
redhat -- jboss_enterprise_application_platformEC2 Amazon Machine Image (AMI) in JBoss Enterprise Application Platform (EAP) 5.1.2 uses 755 permissions for /var/cache/jboss-ec2-eap/, which allows local users to read sensitive information such as Amazon Web Services (AWS) credentials by reading files in the directory.2014-02-022.1CVE-2012-3427
robert_ancell -- lightdmLight Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain sensitive information by reading the file.2014-02-012.1CVE-2013-4331

Back to top

 

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.