Vulnerability Summary for the Week of May 5, 2014

Vulnerability Summary for the Week of May 5, 2014

Vulnerability Summary for the Week of May 5, 2014 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The !" indentity number is the #ublicly $nown %& given to that #articular vulnerability. Therefore you can search the status of that #articular vulnerability using that %&. • The !'S (Common !ulnerability 'coring System) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity acuneti* ++ 'tac$+based buffer overflow in -cuneti* .eb 2014-04-27 10.0 CVE-2014-2994 web,vulnerability_scanne !ulnerability 'canner (.!') / build 01201314 r allows remote attac$ers to e*ecute arbitrary code via an HTML file containing an %M5 element with a long 67L (src attribute). adobe ++ flash,#layer 8uffer overflow in -dobe 9lash Player before 2014-04-29 10.0 CVE-2014-0515 22.7.711.03: and 22.8.x through 2;.0.x before 2;.0.0.21< on .indows and =' >, and before 22.2.210.;?< on Linu*, allows remote attac$ers to e*ecute arbitrary code via uns#ecified vectors, as e*#loited in the wild in -#ril 0124. a#ache ++ struts Parameters%nterce#tor in -#ache 'truts before 2014-04-29 7.5 CVE-2014-0112 0.;.1<.2 does not #roperly restrict access to the get lass method, which allows remote attac$ers to @mani#ulate@ the lassLoader and e*ecute arbitrary code via a crafted reAuest. NOTE: this vulnerability e*ists because of an incom#lete fi* for !"+0124+11:4. a#ache ++ struts oo$ie%nterce#tor in -#ache 'truts before 2014-04-29 7.5 CVE-2014-0113 0.;.1<.2, when a wildcard cookiesName value is used, does not #roperly restrict access to the get lass method, which allows remote attac$ers to @mani#ulate@ the lassLoader and e*ecute arbitrary code via a crafted reAuest. NOTE: this vulnerability e*ists because of an incom#lete fi* for !"+0124+11:4. a#ache ++ struts The -ction9orm obBect in -#ache 'truts 2.x 2014-04-30 7.5 CVE-2014-0114 through 2.3.11 allows remote attac$ers to @mani#ulate@ the lassLoader and e*ecute arbitrary code via the class #arameter, which is #assed to the get lass method. cisco ++ isco TelePresence 'ystem M>P 'eries 'oftware 2014-05-02 7.1 CVE-2014-2156 tele#resence,system,soft before 9:.3.2 allows remote attac$ers to cause a ware denial of service (device reload) via crafted '%P #ac$ets, a$a 8ug %D ' ty4?3;:. cisco ++ isco TelePresence 'ystem M>P 'eries 'oftware 2014-05-02 7.1 CVE-2014-2157 tele#resence,system,soft before 9:.3.2 allows remote attac$ers to cause a ware denial of service (device reload) via crafted '%P #ac$ets, a$a 8ug %D ' ty4?3;;. cisco ++ isco TelePresence 'ystem M>P 'eries 'oftware 2014-05-02 7.8 CVE-2014-2158 tele#resence,system,soft before 9:.3.2 allows remote attac$ers to cause a ware denial of service (device reload) via crafted '%P #ac$ets, a$a 8ug %D ' ty4?301. cisco ++ The H.20? subsystem in isco TelePresence 2014-05-02 7.8 CVE-2014-2159 tele#resence,system,soft 'ystem M>P 'eries 'oftware before 9:.3.1 allows ware remote attac$ers to cause a denial of service (device reload) via crafted #ac$ets, a$a 8ug %D ' tA3/300. cisco ++ The H.20? subsystem in isco TelePresence 2014-05-02 7.8 CVE-2014-2160 tele#resence,system,soft 'ystem M>P 'eries 'oftware before 9:.3.1 allows ware remote attac$ers to cause a denial of service (device reload) via crafted #ac$ets, a$a 8ug %D ' ty4?34?. cisco ++ The H.20? subsystem in isco TelePresence 2014-05-02 7.8 CVE-2014-2161 tele#resence,system,soft 'ystem M>P 'eries 'oftware before 9:.3.1 allows ware remote attac$ers to cause a denial of service (device reload) via crafted #ac$ets, a$a 8ug %D ' ty4?3;2. cisco ++ The '%P im#lementation in isco TelePresence T 2014-05-02 7.8 CVE-2014-2162 tele#resence,tc,software 'oftware 4.x and ?.x and TE 'oftware 4.x and <.0 allows remote attac$ers to cause a denial of service (device reload) via crafted '%P #ac$ets, a$a 8ug %D ' ud2:?<<. cisco ++ The '%P im#lementation in isco TelePresence T 2014-05-02 7.8 CVE-2014-2163 tele#resence,tc,software 'oftware 4.x and ?.x and TE 'oftware 4.x allows remote attac$ers to cause a denial of service (device reload) via crafted '%P #ac$ets, a$a 8ug %D ' ua<4:<2. cisco ++ The '%P im#lementation in isco TelePresence T 2014-05-02 7.8 CVE-2014-2164 tele#resence,tc,software 'oftware 4.x and ?.x and TE 'oftware 4.x and <.0 allows remote attac$ers to cause a denial of service (device reload) via crafted '%P #ac$ets, a$a 8ug %D ' uB:4<?2. cisco ++ The '%P im#lementation in isco TelePresence T 2014-05-02 7.8 CVE-2014-2165 tele#resence,tc,software 'oftware 4.x and ?.x and TE 'oftware 4.x and <.0 allows remote attac$ers to cause a denial of service (device reload) via crafted '%P #ac$ets, a$a 8ug %D ' tA30<::. cisco ++ The '%P im#lementation in isco TelePresence T 2014-05-02 7.8 CVE-2014-2166 tele#resence,tc,software 'oftware 4.x and T" 'oftware 4.x allows remote attac$ers to cause a denial of service (device reload) via crafted '%P #ac$ets, a$a 8ug %& ' to71?<0. cisco ++ The '%P im#lementation in isco TelePresence T 2014-05-02 7.8 CVE-2014-2167 tele#resence,tc,software 'oftware 4.x and ?.x and TE 'oftware 4.x and <.0 allows remote attac$ers to cause a denial of service (device reload) via crafted '%P #ac$ets, a$a 8ug %D ' ua/<?/:. cisco ++ 8uffer overflow in isco TelePresence T 2014-05-02 7.6 CVE-2014-2168 tele#resence,tc,software 'oftware 4.x and ?.x and TE 'oftware 4.x and <.0 allows remote attac$ers to e*ecute arbitrary code via crafted DNS res#onse #ac$ets, a$a 8ug %D ' ty44/14. cisco ++ isco TelePresence T 'oftware 4.x through <.x 2014-05-02 9.0 CVE-2014-2169 tele#resence,tc,software before <.2.1 and TE 'oftware 4.x and <.0 allow remote authenticated users to e*ecute arbitrary commands by using the commands as arguments to internal system scri#ts, a$a 8ug %D ' ue<1022. cisco ++ isco TelePresence T 'oftware 4.x and ?.x 2014-05-02 9.0 CVE-2014-2170 tele#resence,tc,software before ?.1.3 and <.x before <.0.2 and TE 'oftware 4.x and <.0 allow remote authenticated users to e*ecute arbitrary commands by using the commands as arguments to tshell (a$a tcsh) scri#ts, a$a 8ug %D ' ue<1010. cisco ++ Hea#+based buffer overflow in isco 2014-05-02 10.0 CVE-2014-2171 tele#resence,tc,software TelePresence T 'oftware 4.x through <.x before <.1.1 and TE 'oftware 4.x and <.0.x before <.0.2 allows remote attac$ers to e*ecute arbitrary code via crafted '%P #ac$ets, a$a 8ug %& ' ud823:<. cisco ++ isco TelePresence T 'oftware 4.x and ?.x and 2014-05-02 7.2 CVE-2014-2173 tele#resence,tc,software TE 'oftware 4.x and <.0 do not #ro#erly restrict access to the serial #ort, which allows local users to gain #rivileges via uns#ecified commands, a$a 8ug %D ' ub<3<:0. cisco ++ isco TelePresence T 'oftware 4.x and ?.x and 2014-05-02 7.8 CVE-2014-2175 tele#resence,tc,software TE 'oftware 4.x and <.0 allow remote attac$ers to cause a denial of service (memory consum#tion) via crafted H.20? #ac$ets, a$a 8ug %D ' tA3//4:. citri* ++ 6ns#ecified vulnerability in the Diffie+Hellman 2014-05-01 7.5 CVE-2014-2881 netscaler,access,gateway $ey agreement im#lementation in the ,firmware management 56% Cava a##let in itri* Net'caler -##lication &elivery ontroller (-& ) and Net'caler 5ateway before :.;+<<.5 and 21.x before 21.2+200.23 has un$nown im#act and vectors. citri* ++ 6ns#ecified vulnerability in the management 2014-05-01 7.5 CVE-2014-2882 netscaler,access,gateway 56% in itri* Net'caler -##lication Delivery ,firmware ontroller (-& ) and Net'caler 5ateway before :.;+<<.5 and 21.x before 21.1+200.13 has uns#ecified im#act and vectors, related to certificate validation. debian ++ dp$g Directory traversal vulnerability in the un#ac$ing 2014-04-30 9.3 CVE-2014-0471 functionality in dp$g before 2.1?.9, 2.1<.x before 2.2<.1;, and 2.23.x before 2.13./ allows remote attac$ers to write arbitrary files via a crafted source #ac$age, related to @ +style filename Auoting." fortinet ++ 9orti5uard 9orti-uthenticator before ;.0 allows 2014-04-30 9.0 CVE-2013-6990 fortiauthenticator remote administrators to gain #rivileges via the command line interface. fortinet ++ fortiweb 7L9 inBection vulnerability in 9orti5uard 2014-04-30 7.5 CVE-2014-1956 9orti.eb before ?.0.3 allows remote attac$ers to inBect arbitrary HTTP headers and conduct HTTP res#onse s#litting attac$s via uns#ecified vectors. google ++ android -ndroid before 4.4 does not #ro#erly arrange for 2014-04-29 7.5 CVE-2013-7373 seeding of the =#en''L P7NG, which ma$es it easier for attac$ers to defeat cry#togra#hic #rotection mechanisms by leveraging use of the P7NG within multi#le a##lications.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    26 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us