Vulnerability Summary for the Week of November 3, 2014 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The !" indentity number is the #ublicly $nown %& given to that #articular vulnerability. Therefore you can search the status of that #articular vulnerability using that %&. • The !'S (Common !ulnerability 'coring System) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity accuenergy ** acuvim+ii The web server on the ,-N-NET Ethernet 2014-11-05 7.5 CVE-2014-2373 module accessory ../0 for the ,ccuenergy ,cuvim %% allows remote attac$ers to bypass authentication and modify settings via a direct re1uest to an uns#ecified 23L. accuenergy ** acuvim+ii The ,-N-NET Ethernet module accessory ..00 for 2014-11-05 7.5 CVE-2014-2374 the ,ccuenergy ,cuvim %% allows remote attac$ers to discover #asswords and modify settings via vectors involving 4ava'cri#t. asus ** rt+firmware ,'2' 3T*, 562, 3T*, 553, 3T*, 552, 3T* 2014-11-04 7.8 CVE-2014-2718 XF (link is , 753, 3T*, 752, 3T*N653, 3T*N652, 3T*N553, external) 3T*N552, and #ossibly other 3T*series routers BID (link is before firmware ..0.0.0.385.x do not verify the external) FULLDISC integrity of firmware (:) u#date information or MISC (link is (;) downloaded u#dates, which allows man*in* external) the*middle (M%TM) attac$ers to e9ecute arbitrary MISC (link is code via a crafted image. external) bittorrent ** bootstra#*dht The lazy+bdecode function in <itTorrent 2014-10-31 7.5 CVE-2014-8509 CONFIRM (link bootstra#*dht (a$a <ootstra#) allows remote is external) attac$ers to e9ecute arbitrary code via a crafted MISC (link is external) #ac$et, which triggers an out*of*bounds read, BID (link is related to =%m#roper %nde9ing." external) ca ** , loud 'ervice Management ( 'M) before 2014-11-04 7.5 CVE-2014-8474 cloud_service+manageme 'ummer ;/:0 allows remote attac$ers to read nt arbitrary files, send HTTP re1uests to intranet servers, or cause a denial of service ( P2 and memory consum#tion) via an -ML document containing an e9ternal entity declaration in con>unction with an entity reference, related to an -ML "9ternal Entity (--") issue. cisco ** rv1;/w The networ$*diagnostics administration 2014-11-07 9.0 CVE-2014-2177 interface in the isco 3! router firmware on 3!;;/? devices, before :.0.5.9 on 3!:;/? devices, and before :.0.4.10 on 3!:6/ and 3!:6/? devices allows remote authenticated users to e9ecute arbitrary commands via a crafted HTTP re1uest, a$a <ug %D ' uh68:;5. cisco ** rv1;/w ross*site re1uest forgery ( '3A) vulnerability in 2014-11-07 7.5 CVE-2014-2178 the administrative web interface in the isco 3! router firmware on 3!;;/? devices, before :./.5.9 on 3!:;/? devices, and before :.0.0.10 on 3!:6/ and 3!:6/? devices allows remote attac$ers to hi>ac$ the authentication of administrators, a$a <ug %& ' uh68:07. cli#*share ** cli#share 'QL in>ection vulnerability in midroll.#h# in 2014-11-04 7.5 CVE-2014-8339 XF (link is Nuevolab Nuevoplayer for li#'hare 6.0 and external) earlier allows remote attac$ers to e9ecute MISC (link is arbitrary 'BL commands via the ch #arameter. external) MISC (link is external) com#al_broadband_netw The om#al <roadband Networ$s ( <N) 2014-11-06 10.0 CVE-2014-8656 MISC (link is or$s ** firmware H550/E and C550/E ?ireless Cateway :.0 external) with firmware H550/*..5.::.7*NOSH have a EXPLOIT-DB default #assword of (:) admin for the admin (link is external) MISC (link is account and (;) com#albn for the root account, external) which ma$es it easier for remote attac$ers to OSVDB obtain access to certain sensitive information via uns#ecified vectors. c#+multi+view_event+cal 'QL in>ection vulnerability in the P Multi !iew 2014-11-04 7.5 CVE-2014-8586 XF (link is endar+#roject ** Event alendar #lugin :./: for ?ordPress allows external) c#+multi+view_event+cal remote attac$ers to e9ecute arbitrary 'QL BID (link is endar commands via the calid #arameter. external) EXPLOIT-DB (link is external) MISC (link is external) OSVDB debian ** a#t ,PT before :.0.9 does not verify downloaded 2014-11-03 7.5 CVE-2014-0487 SECUNIA (link files if they have been modified as indicated is external) using the %f*Modified-'ince header, which has SECUNIA (link uns#ecified im#act and attac$ vectors. is external) debian ** a#t ,PT before :.0.9, when the ,c1uire::Czi#%nde9es 2014-11-03 7.5 CVE-2014-0489 SECUNIA (link option is enabled, does not validate chec$sums, is external) which allows remote attac$ers to e9ecute SECUNIA (link arbitrary code via a crafted #ac$age. is external) debian ** a#t The a#t*get download command in ,PT before 2014-11-03 7.5 CVE-2014-0490 SECUNIA (link :./.9 does not #roperly validate signatures for is external) #ac$ages, which allows remote attac$ers to SECUNIA (link e9ecute arbitrary code via a crafted #ac$age. is external) emc ** 'QL in>ection vulnerability in EM 3', ?eb 2014-11-07 9.0 CVE-2014-4627 BUGTRAQ rsa+web+threat+detectio Threat Detection 0.x before 0.5.1.1 allows (link is external) n remote authenticated users to e9ecute arbitrary 'QL commands via uns#ecified vectors. es#ocrm ** es#ocrm Directory traversal vulnerability in Es#oC3M 2014-10-31 10.0 CVE-2014-7985 MISC (link is before ;.6./ allows remote attac$ers to include external) and e9ecute arbitrary local files via a .. (dot dot) BID (link is in the action #arameter to install/inde9.ph#. external) BUGTRAQ (link is external) MISC (link is external) ffm#eg ** ffm#eg Hea#*based buffer overflow in the encode+slice 2014-11-03 7.5 CVE-2014-5271 CONFIRM function in libavcodecE#roresenc+$ostya.c in OSVDB AAM#eg before :.1.:0, :.2.x before :.;.8, ;.x CONFIRM before ;.2.8, and ;.3.x before ;.3.. and Libav before :/.7 allows remote attac$ers to cause a denial of service (crash) or #ossibly e9ecute arbitrary code via uns#ecified vectors. ffm#eg ** ffm#eg libavcodecEm>#egdec.c in AAm#eg before ;.4.2 2014-11-05 7.5 CVE-2014-8541 CONFIRM considers only dimension differences, and not CONFIRM bits*#er*#i9el differences, when determining whether an image size has changed, which allows remote attac$ers to cause a denial of service (out*of*bounds access) or #ossibly have uns#ecified other im#act via crafted M4P"C data. ffm#eg ** ffm#eg libavcodecEutils.c in AAm#eg before ;.4.2 omits a 2014-11-05 7.5 CVE-2014-8542 CONFIRM certain codec %D during enforcement of CONFIRM alignment, which allows remote attac$ers to cause a denial of service (out*of*bounds access) or #ossibly have uns#ecified other im#act via crafted 4! data. ffm#eg ** ffm#eg libavcodecEmmvideo.c in AAm#eg before ;.0.2 2014-11-05 7.5 CVE-2014-8543 CONFIRM does not consider all lines of HH! %ntra bloc$s CONFIRM during validation of image height, which allows remote attac$ers to cause a denial of service (out*of*bounds access) or #ossibly have uns#ecified other im#act via crafted MM video data. ffm#eg ** ffm#eg libavcodecEtiff.c in AAm#eg before ;.4.2 does not 2014-11-05 7.5 CVE-2014-8544 CONFIRM #roperly validate bits*#er*#i9el fields, which CONFIRM allows remote attac$ers to cause a denial of service (out*of*bounds access) or #ossibly have uns#ecified other im#act via crafted T%AA data. ffm#eg ** ffm#eg libavcodecE#ngdec.c in AAm#eg before ;.4.2 2014-11-05 7.5 CVE-2014-8545 CONFIRM acce#ts the monochrome*blac$ format without CONFIRM verifying that the bits*#er*#i9el value is :, which allows remote attac$ers to cause a denial of service (out*of*bounds access) or #ossibly have uns#ecified other im#act via crafted PNG data. ffm#eg ** ffm#eg %nteger underflow in libavcodecEcine#a$.c in 2014-11-05 7.5 CVE-2014-8546 CONFIRM AAm#eg before ;.4.2 allows remote attac$ers to CONFIRM cause a denial of service (out*of*bounds access) or #ossibly have uns#ecified other im#act via crafted ine#a$ video data. ffm#eg ** ffm#eg libavcodecEgifdec.c in AAm#eg before ;.0.2 does 2014-11-05 7.5 CVE-2014-8547 CONFIRM not #roperly com#ute image heights, which CONFIRM allows remote attac$ers to cause a denial of service (out*of*bounds access) or #ossibly have uns#ecified other im#act via crafted C%A data. ffm#eg ** ffm#eg Dff*by-one error in libavcodecEsmc.c in AAm#eg 2014-11-05 7.5 CVE-2014-8548 CONFIRM before ;.4.; allows remote attac$ers to cause a CONFIRM denial of service (out*of*bounds access) or #ossibly have uns#ecified other im#act via crafted Quic$time Cra#hics (a$a 'M ) video data. ffm#eg ** ffm#eg libavcodecEon;avc.c in AAm#eg before ;.4.2 2014-11-05 7.5 CVE-2014-8549 CONFIRM does not constrain the number of channels to at CONFIRM most ;, which allows remote attac$ers to cause a denial of service (out*of*bounds access) or #ossibly have uns#ecified other im#act via crafted On; data. fortinet ** AortiNet Aorti,& *E with firmware ..1.1 before 2014-11-01 7.5 CVE-2014-8582 XF (link is coyote+#oint+e1ualizer 0./.5 and oyote Point "1ualizer with firmware external) :/.2.0a allows remote attac$ers to obtain access CONFIRM (link to arbitrary subnets via uns#ecified vectors.