Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Vulnerability Summary for the Week of May 5, 2014

apache — cxf Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error. 2014-05-08 4.3 CVE-2014-0109 apache — cxf Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message. 2014-05-08 4.3 CVE-2014-0110 apache — struts CookieInterceptor in Apache Struts 2.x before 2.3.16.3, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to “manipulate” the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113. 2014-05-08 5.8 CVE-2014-0116 ayatana_project — unity Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash. 2014-05-06 4.4 CVE-2014-3202 ayatana_project — unity Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restrict access to the Dash when the lock screen is active, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by pressing the SUPER key before the screen auto-locks. 2014-05-06 4.4 CVE-2014-3203 ayatana_project — unity Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle keyboard shortcuts, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by right-clicking on the indicator bar and then pressing the ALT and F2 keys. 2014-05-06 4.4 CVE-2014-3204 bestpractical — request_tracker Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the name of an attached file. 2014-05-05 4.3 CVE-2013-3736 bradesco_gateway_plugin_project — bradesco_gateway Cross-site scripting (XSS) vulnerability in falha.php in the Bradesco Gateway plugin 2.0 for WordPress, as used in the WP e-Commerce plugin, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. 2014-05-08 4.3 CVE-2013-5916 cisco — nexus_7000 Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136. 2014-05-07 4.6 CVE-2014-0684 cisco — cisco_nexus_1000v_intercloud Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691. 2014-05-07 5.0 CVE-2014-0685 cisco — adaptive_security_appliance_software Cisco Adaptive Security Appliance (ASA) Software allows remote authenticated users to read files by sending a crafted URL to the HTTP server, as demonstrated by reading the running configuration, aka Bug ID CSCun78551. 2014-05-07 6.8 CVE-2014-2181 cisco — broadband_access_center_telco_wireless_software Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to hijack the authentication of arbitrary users for requests that make BAC-TW changes, aka Bug IDs CSCuo23804 and CSCuo26389. 2014-05-07 6.8 CVE-2014-2190 cisco — broadband_access_center_telco_wireless_software Cross-site scripting (XSS) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun91113. 2014-05-07 4.3 CVE-2014-2191 citrix — netscaler_access_gateway Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-05-02 4.3 CVE-2014-1899 cristian_gafton — pam_userdb The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack. 2014-05-08 4.3 CVE-2013-7041 david_leonard — pkstat tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log. 2014-05-05 6.3 CVE-2013-0350 debian — xbuffy Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subject lines. 2014-05-05 6.8 CVE-2014-0469 debian — strongswan strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload. 2014-05-07 5.0 CVE-2014-2891 digia — qt The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. 2014-05-08 4.3 CVE-2014-0190 fishshell — fish fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions. 2014-05-02 6.9 CVE-2014-2905 fortinet — fortiweb Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via unspecified vectors. 2014-05-08 6.8 CVE-2014-3115 freebsd — freebsd The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jailed device node process. 2014-05-02 5.8 CVE-2014-3001 gnu — rush GNU Rush 1.7 does not properly drop privileges, which allows local users to read arbitrary files via the –lint option. 2014-05-08 4.9 CVE-2013-6889 google — search_appliance_software Cross-site scripting (XSS) vulnerability on Google Search Appliance (GSA) devices before 7.0.14.G.216 and 7.2 before 7.2.0.G.114, when dynamic navigation is configured, allows remote attackers to inject arbitrary web script or HTML via input included in a SCRIPT element. 2014-05-08 4.3 CVE-2014-0362 hp — oneview Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors. 2014-05-08 6.5 CVE-2014-2602 ibm — websphere_mq inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0.4 allows remote attackers to cause a denial of service (disk or CPU consumption) via unspecified vectors. 2014-05-07 4.3 CVE-2014-0911 ibm — lotus_domino Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka SPR BFEY9GXHZE. 2014-05-08 4.3 CVE-2014-0913 ibm — aix The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation. 2014-05-08 4.7 CVE-2014-0930 ibm — operational_decision_manager Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. 2014-05-09 6.0 CVE-2014-0944 ibm — operational_decision_manager The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation. 2014-05-09 4.3 CVE-2014-0946 intra-mart — webplatform/appframework Open redirect vulnerability in WebPlatform / AppFramework 6.0 through 7.2 in NTT DATA INTRAMART intra-mart allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2014-05-09 5.8 CVE-2014-1991 isc — bind The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a DNS query that triggers a response with unspecified attributes. 2014-05-08 5.0 CVE-2014-3214 libpng — libpng Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow. 2014-05-06 5.0 CVE-2013-7353 libpng — libpng Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow. 2014-05-06 5.0 CVE-2013-7354 linux — linux_kernel The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the “LECHO & !OPOST” case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. 2014-05-07 6.9 CVE-2014-0196 livezilla — livezilla Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) filename to chat.php. 2014-05-05 4.3 CVE-2013-7003 nagios — plugins The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping. 2014-05-05 4.4 CVE-2013-4215 netty_project — netty WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames. 2014-05-06 5.0 CVE-2014-0193 openssl — openssl The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. 2014-05-06 4.3 CVE-2014-0198 phplist — phplist Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/. 2014-05-05 6.8 CVE-2014-2916 plone — plone Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope. 2014-05-02 5.0 CVE-2013-7060 plone — plone Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API. 2014-05-02 4.0 CVE-2013-7061 pywbem_project — pywbem PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate. 2014-05-05 5.8 CVE-2013-6418 pywbem_project — pywbem PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. 2014-05-05 5.8 CVE-2013-6444 qemu — qemu hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information. 2014-05-08 4.9 CVE-2013-4544 randall_hand — yerase’s_tnef_stream_reader Off-by-one error in the DecompressRTF function in ytnef.c in Yerase’s TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow. 2014-05-05 4.3 CVE-2010-5109 redhat — jboss_web_framework_kit Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id name. 2014-05-05 4.3 CVE-2014-0149 redhat — policycoreutils seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges. 2014-05-08 6.9 CVE-2014-3215 rubyonrails — ruby_on_rails Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request. 2014-05-07 4.3 CVE-2014-0130 semantictitle_project — semantictitle Cross-site scripting (XSS) vulnerability in the SemanticTitle extension before 1.1.0 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-05-08 4.3 CVE-2014-2854 sitepark — information_enterprise_server Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and obtain sensitive information via a request to install/. 2014-05-02 6.8 CVE-2014-3006 sks_keyserver_project — sks_keyserver Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1. 2014-05-08 4.3 CVE-2014-3207 skyphe — file-gallery The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a ‘ (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function. 2014-05-06 6.5 CVE-2014-2558 slashes&dots — offria Cross-site scripting (XSS) vulnerability in Offiria 2.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to installer/index.php. 2014-05-08 4.3 CVE-2014-2689 theforeman — foreman Foreman before 1.1 uses a salt of “foreman” to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack. 2014-05-08 5.0 CVE-2013-0173 theforeman — foreman The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request. 2014-05-08 5.0 CVE-2013-0174 theforeman — foreman Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request. 2014-05-08 6.5 CVE-2013-0187 theforeman — foreman Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie. 2014-05-08 6.8 CVE-2014-0090 theforeman — foreman Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to “spoof.” 2014-05-08 5.0 CVE-2014-0192 xen — xen The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types. 2014-05-07 6.7 CVE-2014-3124 xen — xen Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash) via unspecified vectors. 2014-05-02 6.2 CVE-2014-3125 zabbix — zabbix The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request. 2014-05-08 4.0 CVE-2014-1682 zabbix — zabbix The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote “Zabbix Admin” users to modify the media of arbitrary users via unspecified vectors. 2014-05-08 5.5 CVE-2014-1685

Related News

New Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails

New Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails

The primary targets of this phishing campaign are located in the Ukrainian regions of Crimea, Donetsk, and Lugansk, which were…
CyberSecure Announces Strategic Alliance

CyberSecure Announces Strategic Alliance

BETHESDA, Md.,¬†March 24, 2023¬†/PRNewswire/ — Cybersecure IPS and LockDown Inc. jointly announce that they have entered a strategic alliance to…
Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Researchers from France-based pen-testing firm Synacktiv demonstrated two separate exploits against the Tesla Model 3 this week at the Pwn2Own…