sign in sign up
<<
Home , 389 Directory Server, EllisLab

Vulnerability Summary for the Week of November 3, 2014

Please Note:

• The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low.

• The CVE indentity number is the publicly known ID given to that particular vulnerability. Therefore you can search the status of that particular vulnerability using that ID.

• The CVSS (Common Vulnerability Scoring System) score is a standard scoring system used to determine the severity of the vulnerability.

High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity accuenergy -- acuvim_ii The web server on the AXN-NET Ethernet 2014-11-05 7.5 CVE-2014-2373 module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to bypass authentication and modify settings via a direct request to an unspecified URL. accuenergy -- acuvim_ii The AXN-NET Ethernet module accessory 3.04 for 2014-11-05 7.5 CVE-2014-2374 the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript. asus -- rt_firmware ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT- 2014-11-04 7.8 CVE-2014-2718 XF (link is AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, external) RT-N56U, and possibly other RT-series routers BID (link is before firmware 3.0.0.4.376.x do not verify the external) FULLDISC integrity of firmware (1) update information or MISC (link is (2) downloaded updates, which allows man-in- external) the-middle (MITM) attackers to execute arbitrary MISC (link is code via a crafted image. external) bittorrent -- bootstrap-dht The lazy_bdecode function in BitTorrent 2014-10-31 7.5 CVE-2014-8509 CONFIRM (link bootstrap-dht (aka Bootstrap) allows remote is external) attackers to execute arbitrary code via a crafted MISC (link is external) packet, which triggers an out-of-bounds read, BID (link is related to "Improper Indexing." external) ca -- CA Cloud Service Management (CSM) before 2014-11-04 7.5 CVE-2014-8474 cloud_service_manageme Summer 2014 allows remote attackers to read nt arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. cisco -- rv120w The network-diagnostics administration 2014-11-07 9.0 CVE-2014-2177 interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126. cisco -- rv120w Cross-site request forgery (CSRF) vulnerability in 2014-11-07 7.5 CVE-2014-2178 the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145. clip-share -- clipshare SQL injection vulnerability in midroll. in 2014-11-04 7.5 CVE-2014-8339 XF (link is Nuevolab Nuevoplayer for ClipShare 8.0 and external) earlier allows remote attackers to execute MISC (link is arbitrary SQL commands via the ch parameter. external) MISC (link is external) compal_broadband_netw The Compal Broadband Networks (CBN) 2014-11-06 10.0 CVE-2014-8656 MISC (link is orks -- firmware CH6640E and CG6640E Wireless Gateway 1.0 external) with firmware CH6640-3.5.11.7-NOSH have a EXPLOIT-DB default password of (1) admin for the admin (link is external) MISC (link is account and (2) compalbn for the root account, external) which makes it easier for remote attackers to OSVDB obtain access to certain sensitive information via unspecified vectors. cp_multi_view_event_cal SQL injection vulnerability in the CP Multi View 2014-11-04 7.5 CVE-2014-8586 XF (link is endar_project -- Event Calendar plugin 1.01 for WordPress allows external) cp_multi_view_event_cal remote attackers to execute arbitrary SQL BID (link is endar commands via the calid parameter. external) EXPLOIT-DB (link is external) MISC (link is external) OSVDB -- apt APT before 1.0.9 does not verify downloaded 2014-11-03 7.5 CVE-2014-0487 SECUNIA (link files if they have been modified as indicated is external) using the If-Modified-Since header, which has SECUNIA (link unspecified impact and attack vectors. is external) debian -- apt APT before 1.0.9, when the Acquire::GzipIndexes 2014-11-03 7.5 CVE-2014-0489 SECUNIA (link option is enabled, does not validate checksums, is external) which allows remote attackers to execute SECUNIA (link arbitrary code via a crafted package. is external) debian -- apt The apt-get download command in APT before 2014-11-03 7.5 CVE-2014-0490 SECUNIA (link 1.0.9 does not properly validate signatures for is external) packages, which allows remote attackers to SECUNIA (link execute arbitrary code via a crafted package. is external) emc -- SQL injection vulnerability in EMC RSA Web 2014-11-07 9.0 CVE-2014-4627 BUGTRAQ rsa_web_threat_detectio Threat Detection 4.x before 4.6.1.1 allows (link is external) n remote authenticated users to execute arbitrary SQL commands via unspecified vectors. espocrm -- espocrm Directory traversal vulnerability in EspoCRM 2014-10-31 10.0 CVE-2014-7985 MISC (link is before 2.6.0 allows remote attackers to include external) and execute arbitrary local files via a .. (dot dot) BID (link is in the action parameter to install/index.php. external) BUGTRAQ (link is external) MISC (link is external) ffmpeg -- ffmpeg Heap-based buffer overflow in the encode_slice 2014-11-03 7.5 CVE-2014-5271 CONFIRM function in libavcodec/proresenc_kostya. in OSVDB FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x CONFIRM before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors. ffmpeg -- ffmpeg libavcodec/mjpegdec.c in FFmpeg before 2.4.2 2014-11-05 7.5 CVE-2014-8541 CONFIRM considers only dimension differences, and not CONFIRM bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data. ffmpeg -- ffmpeg libavcodec/utils.c in FFmpeg before 2.4.2 omits a 2014-11-05 7.5 CVE-2014-8542 CONFIRM certain codec ID during enforcement of CONFIRM alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data. ffmpeg -- ffmpeg libavcodec/mmvideo.c in FFmpeg before 2.4.2 2014-11-05 7.5 CVE-2014-8543 CONFIRM does not consider all lines of HHV Intra blocks CONFIRM during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data. ffmpeg -- ffmpeg libavcodec/tiff.c in FFmpeg before 2.4.2 does not 2014-11-05 7.5 CVE-2014-8544 CONFIRM properly validate bits-per-pixel fields, which CONFIRM allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data. ffmpeg -- ffmpeg libavcodec/pngdec.c in FFmpeg before 2.4.2 2014-11-05 7.5 CVE-2014-8545 CONFIRM accepts the monochrome-black format without CONFIRM verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data. ffmpeg -- ffmpeg Integer underflow in libavcodec/cinepak.c in 2014-11-05 7.5 CVE-2014-8546 CONFIRM FFmpeg before 2.4.2 allows remote attackers to CONFIRM cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data. ffmpeg -- ffmpeg libavcodec/gifdec.c in FFmpeg before 2.4.2 does 2014-11-05 7.5 CVE-2014-8547 CONFIRM not properly compute image heights, which CONFIRM allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data. ffmpeg -- ffmpeg Off-by-one error in libavcodec/smc.c in FFmpeg 2014-11-05 7.5 CVE-2014-8548 CONFIRM before 2.4.2 allows remote attackers to cause a CONFIRM denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data. ffmpeg -- ffmpeg libavcodec/on2avc.c in FFmpeg before 2.4.2 2014-11-05 7.5 CVE-2014-8549 CONFIRM does not constrain the number of channels to at CONFIRM most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data. fortinet -- FortiNet FortiADC-E with firmware 3.1.1 before 2014-11-01 7.5 CVE-2014-8582 XF (link is coyote_point_equalizer 4.0.5 and Coyote Point Equalizer with firmware external) 10.2.0a allows remote attackers to obtain access CONFIRM (link to arbitrary subnets via unspecified vectors. is external) freeradius -- freeradius Stack-based buffer overflow in the normify 2014-11-01 7.5 CVE-2014-2015 CONFIRM (link function in the rlm_pap module is external) (modules/rlm_pap/rlm_pap.c) in FreeRADIUS UBUNTU (link 2.x, possibly 2.2.3 and earlier, and 3.x, possibly is external) MLIST 3.0.1 and earlier, might allow attackers to cause MLIST a denial of service (crash) and possibly execute MLIST arbitrary code via a long password hash, as demonstrated by an SSHA hash. french_national_commissi SQL injection vulnerability in info.php in French 2014-11-06 7.5 CVE-2014-8351 XF (link is on_on_informatics_and_li National Commission on Informatics and Liberty external) berty -- cookieviz (aka CNIL) CookieViz before 1.0.1 allows remote FULLDISC web servers to execute arbitrary SQL commands via the domain parameter. hp -- Unspecified vulnerability on the HP LaserJet 2014-11-04 9.0 CVE-2014-7875 laserjet_cm3530_multifun CM3530 Multifunction Printer CC519A and ction_printer_firmware CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. -- joomla! Akeeba Restore (restore.php), as used in Joomla! 2014-11-03 7.5 CVE-2014-7228 MISC (link is 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 external) through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive. linksys -- e4200v2 Linksys SMART WiFi firmware on EA2700 and 2014-11-01 7.5 CVE-2014-8244 EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain sensitive information or modify data via a JNAP action in a JNAP/ HTTP request. pro_softnet_corporation iBackup 10.0.0.32 and earlier uses weak 2014-11-03 7.2 CVE-2014-5507 XF (link is -- ibackup permissions (Everyone: Full Control) for external) ib_service.exe, which allows local users to gain BID (link is privileges via a Trojan horse file. external) EXPLOIT-DB (link is external) MISC (link is external) qemu -- qemu Integer signedness error in the virtio_net_load 2014-11-04 7.5 CVE-2013-4148 FEDORA function in hw/net/virtio-net.c in QEMU 1.x CONFIRM before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow. qemu -- qemu Buffer overflow in virtio_net_load function in 2014-11-04 7.5 CVE-2013-4149 FEDORA net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to CONFIRM execute arbitrary code via a large MAC table. qemu -- qemu The virtio_net_load function in hw/net/virtio- 2014-11-04 7.5 CVE-2013-4150 FEDORA net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 CONFIRM allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an out- of-bounds write. qemu -- qemu The virtio_load function in virtio/virtio.c in 2014-11-04 7.5 CVE-2013-4151 FEDORA QEMU 1.x before 1.7.2 allows remote attackers to CONFIRM execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write. qemu -- qemu Buffer overflow in hw/ide/ahci.c in QEMU before 2014-11-04 7.5 CVE-2013-4526 MLIST 1.7.2 allows remote attackers to cause a denial of FEDORA service and possibly execute arbitrary code via CONFIRM vectors related to migrating ports. qemu -- qemu Buffer overflow in hw/timer/hpet.c in QEMU 2014-11-04 7.5 CVE-2013-4527 MLIST before 1.7.2 might allow remote attackers to FEDORA execute arbitrary code via vectors related to the CONFIRM number of timers. qemu -- qemu Buffer overflow in hw/pci/pcie_aer.c in QEMU 2014-11-04 7.5 CVE-2013-4529 MLIST before 1.7.2 allows remote attackers to cause a FEDORA denial of service and possibly execute arbitrary code via a large log_num value in a savevm image. qemu -- qemu Buffer overflow in hw/ssi/pl022.c in QEMU 2014-11-04 7.5 CVE-2013-4530 MLIST before 1.7.2 allows remote attackers to cause a FEDORA denial of service or possibly execute arbitrary CONFIRM code via crafted tx_fifo_head and rx_fifo_head values in a savevm image. qemu -- qemu Buffer overflow in target-arm/machine.c in 2014-11-04 7.5 CVE-2013-4531 MLIST QEMU before 1.7.2 allows remote attackers to FEDORA cause a denial of service and possibly execute CONFIRM arbitrary code via a negative value in cpreg_vmstate_array_len in a savevm image. qemu -- qemu Buffer overflow in the pxa2xx_ssp_load function 2014-11-04 7.5 CVE-2013-4533 MLIST in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows FEDORA CONFIRM remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s- >rx_level value in a savevm image. qemu -- qemu Buffer overflow in hw/intc/openpic.c in QEMU 2014-11-04 7.5 CVE-2013-4534 MLIST before 1.7.2 allows remote attackers to cause a FEDORA denial of service or possibly execute arbitrary CONFIRM code via vectors related to IRQDest elements. qemu -- qemu The ssi_sd_transfer function in hw/sd/ssi-sd.c in 2014-11-04 7.5 CVE-2013-4537 MLIST QEMU before 1.7.2 allows remote attackers to FEDORA execute arbitrary code via a crafted arglen value CONFIRM in a savevm image. qemu -- qemu Multiple buffer overflows in the ssd0323_load 2014-11-04 7.5 CVE-2013-4538 MLIST function in hw/display/ssd0323.c in QEMU FEDORA before 1.7.2 allow remote attackers to cause a CONFIRM denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image. qemu -- qemu Multiple buffer overflows in the tsc210x_load 2014-11-04 7.5 CVE-2013-4539 MLIST function in hw/input/tsc210x.c in QEMU before FEDORA 1.7.2 might allow remote attackers to execute CONFIRM arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image. qemu -- qemu Buffer overflow in scoop_gpio_handler_update 2014-11-04 7.5 CVE-2013-4540 MLIST in QEMU before 1.7.2 might allow remote FEDORA attackers to execute arbitrary code via a large (1) CONFIRM prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image. qemu -- qemu The usb_device_post_load function in 2014-11-04 7.5 CVE-2013-4541 FEDORA hw/usb/bus.c in QEMU before 1.7.2 might allow CONFIRM remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value. qemu -- qemu The virtio_scsi_load_request function in 2014-11-04 7.5 CVE-2013-4542 FEDORA hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code CONFIRM via a crafted savevm image, which triggers an out-of-bounds array access. qemu -- qemu Array index error in the virtio_load function in 2014-11-04 7.5 CVE-2013-6399 FEDORA hw/virtio/virtio.c in QEMU before 1.7.2 allows CONFIRM remote attackers to execute arbitrary code via a crafted savevm image. qemu -- qemu Heap-based buffer overflow in the virtio_load 2014-11-04 7.5 CVE-2014-0182 FEDORA function in hw/virtio/virtio.c in QEMU before CONFIRM 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image. qemu -- qemu Integer overflow in the qcow_open function in 2014-11-04 7.5 CVE-2014-0222 MLIST block/qcow.c in QEMU before 1.7.2 allows FEDORA remote attackers to cause a denial of service FEDORA (crash) via a large L2 table in a QCOW version 1 image. rsyslog -- rsyslog rsyslog before 7.6.6 and 8.x before 8.4.1 and 2014-11-01 7.5 CVE-2014-3634 MLIST (link is sysklogd 1.5 and earlier allows remote attackers external) to cause a denial of service (crash), possibly DEBIAN execute arbitrary code, or have other SECUNIA (link is external) unspecified impact via a crafted priority (PRI) SECUNIA (link value that triggers an out-of-bounds array is external) access. sap -- commoncryptolib SAPCRYPTOLIB before 5.555.38, SAPSECULIB, 2014-11-04 7.5 CVE-2014-8587 CONFIRM (link and CommonCryptoLib before 8.4.30, as used in is external) SAP NetWeaver AS for ABAP and SAP HANA, CONFIRM (link allows remote attackers to spoof Digital is external) SECUNIA (link Signature Algorithm (DSA) signatures via is external) unspecified vectors. MISC (link is external) sap -- hana SQL injection vulnerability in metadata.xsjs in 2014-11-04 7.5 CVE-2014-8588 MISC (link is SAP HANA 1.00.60.379371 allows remote external) attackers to execute arbitrary SQL commands via MISC (link is unspecified vectors. external) MISC (link is external) sap -- SAP Document Management Services allows 2014-11-06 7.2 CVE-2014-8660 MISC (link is document_management_ local users to execute arbitrary commands via external) MISC (link is services unspecified vectors. external) MISC (link is external) sap -- The SAP CRM Internet Sales module allows 2014-11-06 10.0 CVE-2014-8661 MISC (link is customer_relationship_m remote attackers to execute arbitrary commands external) anagement_internet_sale via unspecified vectors. MISC (link is s external) sap -- payroll_process Unspecified vulnerability in SAP Payroll Process 2014-11-06 7.8 CVE-2014-8662 MISC (link is allows remote attackers to cause a denial of external) service via vectors related to session handling. MISC (link is external) sap -- SQL injection vulnerability in Data Basis (BW- 2014-11-06 7.5 CVE-2014-8663 MISC (link is netweaver_business_war WHM-DBA) in SAP NetWeaver Business external) ehouse Warehouse allows remote attackers to execute MISC (link is arbitrary SQL commands via unspecified vectors. external) sap -- SQL injection vulnerability in Product Safety 2014-11-06 7.5 CVE-2014-8664 MISC (link is environment_health_and (EHS-SAF) component in SAP Environment, external) _safety Health, and Safety Management allows remote MISC (link is attackers to execute arbitrary SQL commands via external) unspecified vectors. sap -- SQL injection vulnerability in SAP Contract 2014-11-06 7.5 CVE-2014-8668 MISC (link is contract_accounting Accounting allows remote attackers to execute external) arbitrary SQL commands via unspecified vectors. MISC (link is external) sap -- The SAP Promotion Guidelines (CRM-MKT-MPL- 2014-11-06 10.0 CVE-2014-8669 MISC (link is customer_relationship_m TPM-PPG) module for SAP CRM allows remote external) anagement attackers to execute arbitrary code via MISC (link is unspecified vectors. external) MISC (link is external) smarty -- smarty Smarty before 3.1.21 allows remote attackers to 2014-11-03 7.5 CVE-2014-8350 CONFIRM (link bypass the secure mode restrictions and execute is external) arbitrary PHP code as demonstrated by CONFIRM "{literal}<{/literal}script language=php>" in a XF (link is external) template. BID (link is external) MLIST MLIST symantec -- The management console in Symantec Endpoint 2014-11-07 7.5 CVE-2014-3437 BID (link is endpoint_protection_ma Protection Manager (SEPM) 12.1 before RU5 external) nager allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. testlink -- testlink lib/execute/execSetResults.php in TestLink 2014-10-31 7.5 CVE-2014-8081 CONFIRM before 1.9.13 allows remote attackers to conduct XF (link is PHP object injection attacks and execute external) arbitrary PHP code via the filter_result_result BID (link is external) parameter. BUGTRAQ (link is external) Medium Severity Vulnerabilities The Primary Description Date Published CVSS The CVE Vendor --- Product Score Identity abb -- robotstudio Untrusted search path vulnerability in ABB 2014-11-07 6.9 CVE-2014-5430 MISC RobotStudio 5.6x before 5.61.02 and Test Signal Viewer 1.5 allows local users to gain privileges via a Trojan horse DLL that is accessed as a result of incorrect DLL configuration by an optional installation program. ait-pro -- Cross-site scripting (XSS) vulnerability in 2014-11-06 4.3 CVE-2014-7958 BUGTRAQ bulletproof-security admin/htaccess/bpsunlock.php in the BulletProof (link is external) Security plugin before .51.1 for WordPress allows MISC (link is remote attackers to inject arbitrary web script or external) HTML via the dbhost parameter. ait-pro -- SQL injection vulnerability in 2014-11-06 6.5 CVE-2014-7959 BUGTRAQ bulletproof-security admin/htaccess/bpsunlock.php in the BulletProof (link is external) Security plugin before .51.1 for WordPress allows MISC (link is remote authenticated users to execute arbitrary external) SQL commands via the tableprefix parameter. allomani -- Multiple cross-site scripting (XSS) vulnerabilities in 2014-11-04 4.3 CVE-2014-8593 XF (link is allomani_weblinks Allomani Weblinks 1.0 allow remote attackers to external) inject arbitrary web script or HTML via the (1) BID (link is default URI to admin.php or the (2) id parameter to external) MISC (link is admin.php or (3) go.php. external) axway -- Cross-site request forgery (CSRF) vulnerability in 2014-11-04 6.8 CVE-2013-7057 XF (link is securetransport Axway SecureTransport 5.1 SP2 and earlier allows external) remote attackers to hijack the authentication of EXPLOIT-DB unspecified users for requests that upload arbitrary (link is external) OSVDB files via a crafted request to api/v1.0/files/. bundler -- bundler Bundler before 1.7, when multiple top-level source 2014-10-31 5.0 CVE-2013-0334 FEDORA lines are used, allows remote attackers to install FEDORA arbitrary gems by creating a gem with the same FEDORA name as another gem in a different source. ca -- CA Cloud Service Management (CSM) before 2014-11-04 4.3 CVE-2014-8471 cloud_service_man Summer 2014 allows remote attackers to conduct agement replay attacks via unspecified vectors. ca -- CA Cloud Service Management (CSM) before 2014-11-04 6.8 CVE-2014-8472 cloud_service_man Summer 2014 does not properly verify agement authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors. ca -- Cross-site request forgery (CSRF) vulnerability in CA 2014-11-04 6.8 CVE-2014-8473 cloud_service_man Cloud Service Management (CSM) before Summer agement 2014 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. cisco -- rv120w The Cisco RV router firmware on RV220W devices, 2014-11-07 5.0 CVE-2014-2179 before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998. cisco -- The Unified Messaging Service (UMS) in Cisco Unity 2014-11-07 4.0 CVE-2014-7988 unity_connection Connection 10.5 and earlier allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCur06493. cisco -- b200_m3 Cisco Unified Computing System on B-Series blade 2014-11-07 6.8 CVE-2014-7989 servers allows local users to gain shell privileges via a crafted (1) ping6 or (2) traceroute6 command, aka Bug ID CSCuq38176. cisco -- air-ct5760 Cisco IOS XE 3.5E and earlier on WS-C3850, WS- 2014-11-07 6.8 CVE-2014-7990 C3860, and AIR-CT5760 devices does not properly parse the "request system shell" challenge response, which allows local users to obtain root access by leveraging administrative privilege, aka Bug ID CSCur09815. citrix -- xenmobile Citrix XenMobile MDX Toolkit before 9.0.4, when 2014-10-31 5.0 CVE-2014-8495 XF (link is used to wrap iOS 8 applications, does not properly external) encrypt cached application data, which allows BID (link is context-dependent attackers to obtain sensitive external) information by reading the cache. classapps -- Multiple SQL injection vulnerabilities in ClassApps 2014-11-06 6.5 CVE-2014-6030 FULLDISC selectsurvey.net SelectSurvey.NET before 4.125.002 allow (1) remote MISC (link is attackers to execute arbitrary SQL commands via external) the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx. compal_broadband Cross-site scripting (XSS) vulnerability in Compal 2014-11-06 4.3 CVE-2014-8653 XF (link is _networks -- Broadband Networks (CBN) CH6640E and CG6640E external) firmware Wireless Gateway 1.0 with firmware CH6640- MISC (link is 3.5.11.7-NOSH allows remote attackers to inject external) BID (link is arbitrary web script or HTML via the userData external) cookie. EXPLOIT-DB (link is external) MISC (link is external) OSVDB compal_broadband Multiple cross-site request forgery (CSRF) 2014-11-06 6.8 CVE-2014-8654 XF (link is _networks -- vulnerabilities in Compal Broadband Networks external) firmware (CBN) CH6640E and CG6640E Wireless Gateway MISC (link is hardware 1.0 with firmware CH6640-3.5.11.7-NOSH external) BID (link is allow remote attackers to hijack the authentication external) of administrators for requests that (1) have EXPLOIT-DB unspecified impact on DDNS configuration via a (link is external) request to basicDDNS.html, (2) change the wifi MISC (link is external) password via the psKey parameter to OSVDB setWirelessSecurity.html, (3) add a static MAC OSVDB address via the MacAddress parameter in an OSVDB OSVDB add_static action to setBasicDHCP1.html, or (4) enable or disable UPnP via the UPnP parameter in an apply action to setAdvancedOptions.html. compal_broadband The Compal Broadband Networks (CBN) CH6640E 2014-11-06 5.0 CVE-2014-8655 XF (link is _networks -- and CG6640E Wireless Gateway 1.0 with firmware external) firmware CH6640-3.5.11.7-NOSH allows remote attackers to BID (link is bypass authentication and obtain sensitive external) EXPLOIT-DB information via an (a) admin or a (b) root value in (link is external) the userData cookie in a request to (1) MISC (link is CmgwWirelessSecurity.xml, (2) external) DocsisConfigFile.xml, or (3) CmgwBasicSetup.xml in OSVDB xml/ or (4) basicDDNS.html, (5) basicLanUsers.html, or (6) rootDesc.xml. compal_broadband The Compal Broadband Networks (CBN) CH6640E 2014-11-06 5.0 CVE-2014-8657 XF (link is _networks -- and CG6640E Wireless Gateway 1.0 with firmware external) firmware CH6640-3.5.11.7-NOSH allows remote attackers to MISC (link is cause a denial of service (disconnect all wifi clients) external) EXPLOIT-DB via a request to wirelessChannelStatus.html. (link is external) MISC (link is external) OSVDB croogo -- croogo Multiple cross-site scripting (XSS) vulnerabilities in 2014-10-31 4.3 CVE-2014-8577 MISC (link is Croogo before 2.1.0 allow remote attackers to inject external) arbitrary web script or HTML via the (1) XF (link is data[Contact][title] parameter to external) OSVDB admin/contacts/contacts/add page; (2) data[Block] OSVDB [title] or (3) data[Block][alias] parameter to OSVDB admin/blocks/blocks/edit page; (4) data[Region] OSVDB [title] parameter to admin/blocks/regions/add EXPLOIT-DB (link is external) page; (5) data[Menu][title] or (6) data[Menu][alias] MISC (link is parameter to admin/menus/menus/add page; or (7) external) data[Link][title] parameter to admin/menus/links/add/menu page. debian -- apt APT before 1.0.9 does not "invalidate repository 2014-11-03 6.8 CVE-2014-0488 SECUNIA (link data" when moving from an unauthenticated to is external) authenticated state, which allows remote attackers SECUNIA (link to have unspecified impact via crafted repository is external) data. denon -- avr-3313ci Cross-site scripting (XSS) vulnerability in 2014-11-06 4.3 CVE-2014-8508 MISC (link is s_network.asp in the Denon AVR-3313CI external) audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname. download_manager Directory traversal vulnerability in the WordPress 2014-11-04 5.0 CVE-2014-8585 XF (link is _project -- Download Manager plugin for WordPress allows external) download_manager remote attackers to read arbitrary files via a .. (dot BID (link is dot) in the fname parameter to (1) external) MISC (link is views/file_download.php or (2) file_download.php. external) ellislab -- Multiple SQL injection vulnerabilities in EllisLab 2014-11-04 6.5 CVE-2014-5387 expressionengine ExpressionEngine before 2.9.1 allow remote MISC (link is external) authenticated users to execute arbitrary SQL MISC (link is commands via the (1) column_filter or (2) external) category[] parameter to system/index.php or the (3) FULLDISC tbl_sort[0][] parameter in the comment module to system/index.php. enalean -- tuleap SQL injection vulnerability in Enalean Tuleap before 2014-11-04 6.5 CVE-2014-7176 MISC (link is 7.5 allows remote authenticated users to execute external) arbitrary SQL commands via the lobal_txt XF (link is parameter to plugins/docman. external) BID (link is external) EXPLOIT-DB (link is external) FULLDISC MISC (link is external) enalean -- tuleap XML External Entity vulnerability in Enalean Tuleap 2014-10-31 4.0 CVE-2014-7177 MISC (link is 7.2 and earlier allows remote authenticated users to external) read arbitrary files via a crafted xml document in a CONFIRM (link create action to plugins/tracker/. is external) XF (link is external) BID (link is external) OSVDB FULLDISC epicor -- Epicor Enterprise 7.4 before 2014-11-03 5.0 CVE-2014-4311 EXPLOIT-DB epicor_enterprise FS74SP6_HotfixTL054181 allows attackers to obtain (link is external) the (1) Database Connection and (2) E-mail FULLDISC Connection passwords by reading HTML source MISC (link is external) code of the database connection and email settings page. espocrm -- espocrm install/index.php in EspoCRM before 2.6.0 allows 2014-10-31 5.0 CVE-2014-7986 MISC (link is remote attackers to re-install the application via a 1 external) value in the installProcess parameter. BID (link is external) BUGTRAQ (link is external) MISC (link is external) espocrm -- espocrm Cross-site scripting (XSS) vulnerability in EspoCRM 2014-10-31 4.3 CVE-2014-7987 MISC (link is before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter external) BID (link is in an errors action to install/index.php. external) BUGTRAQ (link is external) MISC (link is external) estsoft -- alupdate ESTsoft ALUpdate 8.5.1.0.0 uses weak permissions 2014-11-03 4.6 CVE-2014-8494 XF (link is (Users: Full Control) for the (1) AlUpdate folder and external) (2) AlUpdate.exe, which allows local users to gain BID (link is privileges via a Trojan horse file. external) MISC (link is external) f5 -- big- Multiple XML External Entity (XXE) vulnerabilities in 2014-11-01 5.5 CVE-2014-6032 MISC (link is ip_advanced_firewa the Configuration utility in F5 BIG-IP LTM, ASM, external) ll_manager GTM, and Link Controller 11.0 through 11.6.0 and MISC (link is 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.0, external) FULLDISC ARM 11.3.0 through 11.6.0, Analytics 11.0.0 through FULLDISC 11.6.0, APM and Edge Gateway 11.0.0 through FULLDISC 11.6.0 and 10.1.0 through 10.2.4, PEM 11.3.0 through 11.6.0, PSM 11.0.0 through 11.4.1 and 10.0.0 through 10.2.4, and WOM 11.0.0 through 11.3.0 and 10.0.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allow remote authenticated users to read arbitrary files and cause a denial of service via a crafted request, as demonstrated using (1) viewList or (2) deal elements. ffmpeg -- ffmpeg libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x 2014-11-03 6.8 CVE-2014-5272 CONFIRM before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before MLIST (link is 2.3.2 allows remote attackers to have unspecified external) impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats. formalms_project -- Multiple cross-site scripting (XSS) vulnerabilities in 2014-11-06 4.3 CVE-2014-5257 MISC (link is formalms Forma Lms before 1.2.1 p01 allow remote attackers external) to inject arbitrary web script or HTML via the (1) BUGTRAQ id_custom parameter in an amanmenu request or (link is external) MISC (link is (2) id_game parameter in an alms/games/edit external) request to appCore/index.php. fortinet -- Multiple cross-site scripting (XSS) vulnerabilities in 2014-10-31 4.3 CVE-2014-2334 fortianalyzer_firmw the Web User Interface in Fortinet FortiAnalyzer are before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014- 2336. fortinet -- Multiple cross-site scripting (XSS) vulnerabilities in 2014-10-31 4.3 CVE-2014-2335 fortianalyzer_firmw the Web User Interface in Fortinet FortiManager are before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014- 2336. fortinet -- Multiple cross-site scripting (XSS) vulnerabilities in 2014-10-31 4.3 CVE-2014-2336 fortimanager the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014- 2335. french_national_co Cross-site scripting (XSS) vulnerability in json.php in 2014-11-06 4.3 CVE-2014-8352 XF (link is mmission_on_infor French National Commission on Informatics and external) matics_and_liberty Liberty (aka CNIL) CookieViz allows remote we FULLDISC -- cookieviz servers to inject arbitrary web script or HTML via the max_date parameter. gwt_mobile_phone Cross-site scripting (XSS) vulnerability in the GWT 2014-11-07 4.3 CVE-2014-8671 MISC gap_showcase_proj Mobile PhoneGap Showcase application for MISC ect -- Android allows remote attackers to inject arbitrary gwt_mobile_phone web script or HTML via a crafted Bluetooth Device gap_showcase Name field. -- IBM WebSphere Commerce 6.x through 6.0.0.11 2014-11-05 4.0 CVE-2014-4769 XF (link is websphere_comme and 7.x through 7.0.0.8 allows remote external) rce authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. ibm -- IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 2014-11-05 4.3 CVE-2014-4810 XF (link is cognos_mobile before FP2 IF1, and 10.2.1 before FP4 IF1 preserves external) a session between the Cognos Mobile server and the Cognos Business Intelligence server after a logoff action on a mobile device, which makes it easier for remote attackers to bypass intended Business Intelligence restrictions by leveraging access to authentication data that was captured before this logoff. ibm -- IBM WebSphere Commerce 6.x through 6.0.0.11 2014-11-05 4.3 CVE-2014-4834 XF (link is websphere_comme and 7.x through 7.0.0.8 does not properly detect external) rce recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application crash) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. ibm -- The IBM Notes Traveler application before 9.0.1.3 2014-11-04 5.0 CVE-2014-6130 XF (link is notes_traveler for Android lacks a warning message during external) selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which the user had intended to use HTTPS. katello -- katello Katello allows remote attackers to cause a denial 2014-11-03 5.0 CVE-2014-3712 MISC (link is foser service (memory consumption) via the (1) external) mode parameter in the setup_utils function in XF (link is content_search_controller.rb or (2) action external) BID (link is parameter in the respond function in external) api/api_controller.rb in app/controllers/katello/, MLIST which is passed to the to_sym method. meinberg -- Cross-site scripting (XSS) vulnerability in Meinberg 2014-11-05 4.3 CVE-2014-5417 lantime_m100 NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. modx -- Cross-site scripting (XSS) vulnerability in 2014-11-06 4.3 CVE-2014-5451 MISC (link is modx_revolution manager/templates/default/header.tpl in MODX external) Revolution 2.3.1-pl and earlier allows remote CONFIRM (link attackers to inject arbitrary web script or HTML via is external) BID (link is the "a" parameter to manager/. NOTE: this issue external) exists because of a CVE-2014-2080 regression. BUGTRAQ (link is external) MISC (link is external) nordex -- Cross-site scripting (XSS) vulnerability in the login 2014-11-05 4.3 CVE-2014-5408 nordex_control_2_s script in the Wind Farm Portal on Nordex Control 2 cada (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. openstack -- OpenStack Identity (Keystone) before 2014.1.1 does 2014-11-03 6.5 CVE-2014-0204 CONFIRM keystone not properly handle when a role is assigned to a CONFIRM (link group that has the same ID as a user, which allows is external) remote authenticated users to gain privileges that are assigned to a group with the same ID. openstack -- horizon Cross-site scripting (XSS) vulnerability in the 2014-10-31 4.3 CVE-2014-3473 CONFIRM (link Orchestration/Stack section in the Horizon is external) Orchestration dashboard in OpenStack Dashboard BID (link is (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, external) and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template. openstack -- horizon Cross-site scripting (XSS) vulnerability in the Users 2014-10-31 4.3 CVE-2014-3475 CONFIRM (link panel (admin/users/) in OpenStack Dashboard is external) (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, BID (link is and Juno before Juno-2 allows remote external) administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578. openstack -- OpenStack Compute (Nova) before 2014.1.4 and 2014-10-31 4.0 CVE-2014-3708 CONFIRM (link compute 2014.2.x before 2014.2.1 allows remote is external) authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request. openstack -- The VMware driver in OpenStack Compute (Nova) 2014-10-31 4.0 CVE-2014-8333 CONFIRM (link compute before 2014.1.4 allows remote authenticated users is external) to cause a denial of service (disk consumption) by SECUNIA (link deleting an instance in the resize state. is external) openstack -- horizon Cross-site scripting (XSS) vulnerability in the Groups 2014-10-31 4.3 CVE-2014-8578 CONFIRM (link panel in OpenStack Dashboard (Horizon) before is external) BID (link is 2013.2.4, 2014.1 before 2014.1.2, and Juno before external) Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014- 3475. php -- php The donote function in readelf.c in file through 5.20, 2014-11-05 5.0 CVE-2014-3710 CONFIRM (link as used in the Fileinfo component in PHP 5.4.34, is external) does not ensure that sufficient note headers are CONFIRM (link present, which allows remote attackers to cause a is external) CONFIRM (link denial of service (out-of-bounds read and is external) application crash) via a crafted ELF file. plone -- plone The batch id change script 2014-11-03 4.3 CVE-2012-5500 CONFIRM (link (renameObjectsByPaths.py) in Plone before 4.2.3 is external) and 4.3 before beta 1 allows remote attackers to MLIST (link is change the titles of content items by leveraging a external) REDHAT (link valid CSRF token in a crafted request. is external) plone -- plone The error pages in Plone before 4.2.3 and 4.3 before 2014-11-03 5.0 CVE-2012-5508 CONFIRM beta 1 allow remote attackers to obtain random CONFIRM (link numbers and derive the PRNG state for password is external) resets via unspecified vectors. NOTE: this identifier CONFIRM (link is external) was SPLIT per ADT2 due to different vulnerability MLIST (link is types. CVE-2012-6661 was assigned for the PRNG external) reseeding issue in . plone -- plone Zope before 2.13.19, as used in Plone before 4.2.3 2014-11-03 5.0 CVE-2012-6661 CONFIRM and 4.3 before beta 1, does not reseed the pseudo- CONFIRM (link random number generator (PRNG), which makes it is external) easier for remote attackers to guess the value via CONFIRM (link is external) unspecified vectors. NOTE: this issue was SPLIT from MLIST (link is CVE-2012-5508 due to different vulnerability types external) (ADT2). qemu -- qemu Integer overflow in the qcow_open function in 2014-11-04 4.6 CVE-2014-0223 MLIST block/qcow.c in QEMU before 1.7.2 allows local FEDORA users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of- bounds read. qemu -- qemu hw/usb/bus.c in QEMU 1.6.2 allows remote 2014-11-04 6.8 CVE-2014-3461 attackers to execute arbitrary code via crafted REDHAT (link is external) savevm data, which triggers a heap-based buffer REDHAT (link overflow, related to "USB post load checks." is external) FEDORA MLIST quassel-irc -- The blowfishECB function in core/cipher.cpp in 2014-11-06 5.0 CVE-2014-8483 DEBIAN quassel_irc Quassel IRC 0.10.0 allows remote attackers to cause SECUNIA (link a denial of service (out-of-bounds read) via a is external) malformed string. SECUNIA (link is external) redhat -- The ipapwd_chpwop function in daemons/ipa- 2014-11-03 5.0 CVE-2013-0336 CONFIRM (link slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in is external) the directory server (dirsrv) in FreeIPA before 3.2.0 XF (link is allows remote attackers to cause a denial of service external) BID (link is (crash) via a connection request without a external) username/dn, related to the 389 directory server. SECUNIA (link is external) redhat -- Multiple cross-site scripting (XSS) vulnerabilities in 2014-11-03 4.3 CVE-2014-3654 network_satellite - 2.0.2 in Spacewalk and Network (RHN) 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels//Entitlements.do, or (3) admin/multiorg/OrgUsers.do. refinedwiki -- Cross-site scripting (XSS) vulnerability in 2014-11-06 4.0 CVE-2014-8658 MISC (link is refinedwiki_original RefinedWiki Original Theme 3.x before 3.5.13 and external) _theme 4.x before 4.0.12 for Confluence allows remote XF (link is authenticated users with permissions to create or external) BID (link is edit content to inject arbitrary web script or HTML external) via the versionComment parameter to BUGTRAQ pages/doeditpage.action. (link is external) FULLDISC MISC (link is external) rewardingyourself -- Cross-site scripting (XSS) vulnerability in the 2014-11-07 4.3 CVE-2014-8672 MISC rewardingyourself RewardingYourself application for Android and MISC BlackBerry OS allows remote attackers to inject arbitrary web script or HTML via a crafted QR code. rsyslog -- rsyslog Integer overflow in rsyslog before 7.6.7 and 8.x 2014-11-01 5.0 CVE-2014-3683 before 8.4.2 and sysklogd 1.5 and earlier allows MLIST (link is external) remote attackers to cause a denial of service (crash) SECUNIA (link via a large priority (PRI) value. NOTE: this is external) vulnerability exists because of an incomplete fix for CVE-2014-3634. ruby-lang -- ruby The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2014-11-03 5.0 CVE-2014-8080 SECUNIA (link 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 is external) allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack. sap -- netweaver The Standalone Enqueue Server in SAP Netweaver 2014-11-06 5.0 CVE-2014-0995 CONFIRM (link 7.20, 7.01, and earlier allows remote attackers to is external) cause a denial of service (uncontrolled recursion XF (link is and crash) via a trace level with a wildcard in the external) BUGTRAQ Trace Pattern. (link is external) MISC (link is external) FULLDISC MISC (link is external) MISC (link is external) sap -- Integer overflow in SAP Network Interface Router 2014-11-04 5.0 CVE-2014-8589 CONFIRM (link network_interface_ (SAProuter) 40.4 allows remote attackers to cause a is external) router denial of service (resource consumption) via crafted CONFIRM (link requests. is external) MISC (link is external) MISC (link is external) sap -- XML external entity (XXE) vulnerability in the Web 2014-11-04 4.3 CVE-2014-8590 MISC (link is netweaver_java_ap Service Navigator in SAP NetWeaver Application external) plication_server Server (AS) Java allows remote attackers to access MISC (link is arbitrary files via a crafted request. external) MISC (link is external) sap -- netweaver Unspecified vulnerability in SAP Internet 2014-11-04 5.0 CVE-2014-8591 CONFIRM (link Communication Manager (ICM), as used in SAP is external) NetWeaver 7.02 and 7.3, allows remote attackers to CONFIRM (link cause a denial of service (process termination) via is external) MISC (link is unknown vectors. external) MISC (link is external) sap -- netweaver Unspecified vulnerability in SAP Host Agent, as 2014-11-04 5.0 CVE-2014-8592 CONFIRM (link used in SAP NetWeaver 7.02 and 7.3, allows remote is external) attackers to cause a denial of service (process CONFIRM (link termination) via a crafted request. is external) MISC (link is external) MISC (link is external) MISC (link is external) MISC (link is external) MISC (link is external) MISC (link is external) sap -- Directory traversal vulnerability in SAP 2014-11-06 5.0 CVE-2014-8659 MISC (link is environment_healt Environment, Health, and Safety allows remote external) h_and_safety attackers to read arbitrary files via unspecified MISC (link is vectors. external) MISC (link is external) sap -- The SAP Business Intelligence Development 2014-11-06 5.0 CVE-2014-8665 MISC (link is business_intelligenc Workbench allows remote attackers to obtain external) e_development_wo sensitive information by reading unspecified files. MISC (link is rkbench external) sap -- The User & Server configuration, InfoView refresh, 2014-11-06 5.0 CVE-2014-8666 MISC (link is business_intelligenc user rights (BI-BIP-ADM) component in SAP external) e_development_wo Business Intellignece allows remote attackers to MISC (link is rkbench obtain audit event details via unspecified vectors. external) sap -- hana_web- Cross-site scripting (XSS) vulnerability in SAP HANA 2014-11-06 4.3 CVE-2014-8667 MISC (link is based_developmen Web-based Development Workbench allows external) t_workbench remote attackers to inject arbitrary web script or MISC (link is HTML via unspecified vectors. external) symantec -- Multiple cross-site scripting (XSS) vulnerabilities in 2014-11-07 4.3 CVE-2014-3438 CONFIRM (link endpoint_protectio console interface scripts in Symantec Endpoint is external) n_manager Protection Manager (SEPM) 12.1 before RU5 allow BID (link is remote attackers to inject arbitrary web script or external) HTML via unspecified vectors. symantec -- ConsoleServlet in Symantec Endpoint Protection 2014-11-07 6.1 CVE-2014-3439 CONFIRM (link endpoint_protectio Manager (SEPM) 12.1 before RU5 allows remote is external) n_manager attackers to write to arbitrary files via unspecified BID (link is vectors. external) testlink -- testlink lib/functions/database.class.php in TestLink before 2014-10-31 5.0 CVE-2014-8082 CONFIRM 1.9.13 allows remote attackers to obtain sensitive XF (link is information via unspecified vectors, which reveals external) the installation path in an error message. BID (link is external) vbulletin -- vbulletin Open redirect vulnerability in go.php in vBulletin 2014-11-06 5.8 CVE-2014-8670 BID (link is 4.2.1 allows remote attackers to redirect users to external) arbitrary web sites and conduct phishing attacks via MISC (link is a URL in the url parameter. external) web_dorado_spider Cross-site scripting (XSS) vulnerability in the Web 2014-11-04 4.3 CVE-2014-8584 _video_player_proj Dorado Spider Video Player (aka WordPress Video ect -- Player) plugin before 1.5.2 for WordPress allows web_dorado_spider remote attackers to inject arbitrary web script or _video_player HTML via unspecified vectors. webedition -- Directory traversal vulnerability in 2014-11-06 4.0 CVE-2014-5258 MISC (link is webedition_cms showTempFile.php in webEdition CMS before external) 6.3.9.0 Beta allows remote authenticated users to BUGTRAQ read arbitrary files via a .. (dot dot) in the file (link is external) MISC (link is parameter. external) wordfence_security Cross-site scripting (XSS) vulnerability in the 2014-11-06 4.3 CVE-2014-4664 MISC (link is _project -- Wordfence Security plugin before 5.1.4 for external) wordfence_security WordPress allows remote attackers to inject arbitrary web script or HTML via the whoisval parameter on the WordfenceWhois page to wp- admin/admin.php. wp- The WP-DBManager (aka Database Manager) plugin 2014-10-31 6.5 CVE-2014-8334 XF (link is dbmanager_project before 2.7.2 for WordPress allows remote external) -- wp-dbmanager authenticated users to execute arbitrary commands MISC via shell metacharacters in the (1) BID (link is external) $backup['filepath'] (aka "Path to Backup:" field) or BUGTRAQ (2) $backup['mysqldumppath'] variable. (link is external) MLIST MLIST FULLDISC MISC (link is external) OSVDB xmlsoft -- libxml2 parser.c in libxml2 before 2.9.2 does not properly 2014-11-04 5.0 CVE-2014-3660 MISC (link is prevent entity expansion even when entity external) substitution has been disabled, which allows CONFIRM (link context-dependent attackers to cause a denial of is external) MISC (link is service (CPU consumption) via a crafted XML external) document containing a large number of nested BID (link is entity references, a variant of the "billion laughs" external) attack. DEBIAN REDHAT (link is external) SUSE

Low Severity Vulnerabilities The Primary Description Date Published CVSS The CVE Vendor --- Product Score Identity compfight_project Cross-site scripting (XSS) vulnerability in compfight- 2014-11-05 3.5 CVE-2014-8622 MISC (link is -- compfight search.php in the Compfight plugin 1.4 for external) WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search- value parameter. eset -- The ESET Personal Firewall NDIS filter (EpFwNdis.sys) 2014-11-04 2.1 CVE-2014-4974 MISC (link is personal_firewall_n kernel mode driver, aka Personal Firewall module external) dis_filter before Build 1212 (20140609), as used in multiple XF (link is ESET products 5.0 through 7.0, allows local users to external) BID (link is obtain sensitive information from kernel memory via external) crafted IOCTL calls. FULLDISC MISC (link is external) linksys -- e4200v2 Linksys SMART WiFi firmware on EA2700 and EA3500 2014-11-01 3.3 CVE-2014-8243 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain the administrator's MD5 password hash via a direct request for the /.htpasswd URI. openstack -- Cross-site scripting (XSS) vulnerability in 2014-10-31 3.5 CVE-2014-3474 CONFIRM (link horizon horizon/static/horizon/js/horizon.instances.js in the is external) Launch Instance menu in OpenStack Dashboard BID (link is (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, external) and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name. phpmyadmin -- Multiple cross-site scripting (XSS) vulnerabilities in 2014-11-05 3.5 CVE-2014-8326 CONFIRM (link phpmyadmin phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before is external) 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote CONFIRM (link authenticated users to inject arbitrary web script or is external) HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page. qemu -- qemu The VGA emulator in QEMU allows local guest users 2014-11-01 2.1 CVE-2014-3615 REDHAT (link to read host memory by setting the display to a high is external) resolution. REDHAT (link is external) CONFIRM CONFIRM shim_project -- The default configuration in systemd-shim 8 enables 2014-10-31 2.1 CVE-2014-8399 CONFIRM (link shim the Abandon debugging clause, which allows local is external) users to cause a denial of service via unspecified vectors.

• Sources: http://nvd.nist.gov (For more information visit the National Vulnerabilities Database (NVD) which contains a database of every vulnerability that has ever been published).

Uganda Communications Commission – UGCERT Email: [email protected] Tel + 256 414 302 100/150 Toll Free: 0800 133 911 Website www.ug-cert.ug Face book / Twitter: UGCERT