Vulnerability Summary for the Week of May 5, 2014 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The !" indentity number is the #ublicly $nown %& given to that #articular vulnerability. Therefore you can search the status of that #articular vulnerability using that %&. • The !'S (Common !ulnerability 'coring System) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity acuneti* ++ 'tac$+based buffer overflow in -cuneti* .eb 2014-04-27 10.0 CVE-2014-2994 web,vulnerability_scanne !ulnerability 'canner (.!') / build 01201314 r allows remote attac$ers to e*ecute arbitrary code via an HTML file containing an %M5 element with a long 67L (src attribute). adobe ++ flash,#layer 8uffer overflow in -dobe 9lash Player before 2014-04-29 10.0 CVE-2014-0515 22.7.711.03: and 22.8.x through 2;.0.x before 2;.0.0.21< on .indows and =' >, and before 22.2.210.;?< on Linu*, allows remote attac$ers to e*ecute arbitrary code via uns#ecified vectors, as e*#loited in the wild in -#ril 0124. a#ache ++ struts Parameters%nterce#tor in -#ache 'truts before 2014-04-29 7.5 CVE-2014-0112 0.;.1<.2 does not #roperly restrict access to the get lass method, which allows remote attac$ers to @mani#ulate@ the lassLoader and e*ecute arbitrary code via a crafted reAuest. NOTE: this vulnerability e*ists because of an incom#lete fi* for !"+0124+11:4. a#ache ++ struts oo$ie%nterce#tor in -#ache 'truts before 2014-04-29 7.5 CVE-2014-0113 0.;.1<.2, when a wildcard cookiesName value is used, does not #roperly restrict access to the get lass method, which allows remote attac$ers to @mani#ulate@ the lassLoader and e*ecute arbitrary code via a crafted reAuest. NOTE: this vulnerability e*ists because of an incom#lete fi* for !"+0124+11:4. a#ache ++ struts The -ction9orm obBect in -#ache 'truts 2.x 2014-04-30 7.5 CVE-2014-0114 through 2.3.11 allows remote attac$ers to @mani#ulate@ the lassLoader and e*ecute arbitrary code via the class #arameter, which is #assed to the get lass method. cisco ++ isco TelePresence 'ystem M>P 'eries 'oftware 2014-05-02 7.1 CVE-2014-2156 tele#resence,system,soft before 9:.3.2 allows remote attac$ers to cause a ware denial of service (device reload) via crafted '%P #ac$ets, a$a 8ug %D ' ty4?3;:. cisco ++ isco TelePresence 'ystem M>P 'eries 'oftware 2014-05-02 7.1 CVE-2014-2157 tele#resence,system,soft before 9:.3.2 allows remote attac$ers to cause a ware denial of service (device reload) via crafted '%P #ac$ets, a$a 8ug %D ' ty4?3;;. cisco ++ isco TelePresence 'ystem M>P 'eries 'oftware 2014-05-02 7.8 CVE-2014-2158 tele#resence,system,soft before 9:.3.2 allows remote attac$ers to cause a ware denial of service (device reload) via crafted '%P #ac$ets, a$a 8ug %D ' ty4?301. cisco ++ The H.20? subsystem in isco TelePresence 2014-05-02 7.8 CVE-2014-2159 tele#resence,system,soft 'ystem M>P 'eries 'oftware before 9:.3.1 allows ware remote attac$ers to cause a denial of service (device reload) via crafted #ac$ets, a$a 8ug %D ' tA3/300. cisco ++ The H.20? subsystem in isco TelePresence 2014-05-02 7.8 CVE-2014-2160 tele#resence,system,soft 'ystem M>P 'eries 'oftware before 9:.3.1 allows ware remote attac$ers to cause a denial of service (device reload) via crafted #ac$ets, a$a 8ug %D ' ty4?34?. cisco ++ The H.20? subsystem in isco TelePresence 2014-05-02 7.8 CVE-2014-2161 tele#resence,system,soft 'ystem M>P 'eries 'oftware before 9:.3.1 allows ware remote attac$ers to cause a denial of service (device reload) via crafted #ac$ets, a$a 8ug %D ' ty4?3;2. cisco ++ The '%P im#lementation in isco TelePresence T 2014-05-02 7.8 CVE-2014-2162 tele#resence,tc,software 'oftware 4.x and ?.x and TE 'oftware 4.x and <.0 allows remote attac$ers to cause a denial of service (device reload) via crafted '%P #ac$ets, a$a 8ug %D ' ud2:?<<. cisco ++ The '%P im#lementation in isco TelePresence T 2014-05-02 7.8 CVE-2014-2163 tele#resence,tc,software 'oftware 4.x and ?.x and TE 'oftware 4.x allows remote attac$ers to cause a denial of service (device reload) via crafted '%P #ac$ets, a$a 8ug %D ' ua<4:<2. cisco ++ The '%P im#lementation in isco TelePresence T 2014-05-02 7.8 CVE-2014-2164 tele#resence,tc,software 'oftware 4.x and ?.x and TE 'oftware 4.x and <.0 allows remote attac$ers to cause a denial of service (device reload) via crafted '%P #ac$ets, a$a 8ug %D ' uB:4<?2. cisco ++ The '%P im#lementation in isco TelePresence T 2014-05-02 7.8 CVE-2014-2165 tele#resence,tc,software 'oftware 4.x and ?.x and TE 'oftware 4.x and <.0 allows remote attac$ers to cause a denial of service (device reload) via crafted '%P #ac$ets, a$a 8ug %D ' tA30<::. cisco ++ The '%P im#lementation in isco TelePresence T 2014-05-02 7.8 CVE-2014-2166 tele#resence,tc,software 'oftware 4.x and T" 'oftware 4.x allows remote attac$ers to cause a denial of service (device reload) via crafted '%P #ac$ets, a$a 8ug %& ' to71?<0. cisco ++ The '%P im#lementation in isco TelePresence T 2014-05-02 7.8 CVE-2014-2167 tele#resence,tc,software 'oftware 4.x and ?.x and TE 'oftware 4.x and <.0 allows remote attac$ers to cause a denial of service (device reload) via crafted '%P #ac$ets, a$a 8ug %D ' ua/<?/:. cisco ++ 8uffer overflow in isco TelePresence T 2014-05-02 7.6 CVE-2014-2168 tele#resence,tc,software 'oftware 4.x and ?.x and TE 'oftware 4.x and <.0 allows remote attac$ers to e*ecute arbitrary code via crafted DNS res#onse #ac$ets, a$a 8ug %D ' ty44/14. cisco ++ isco TelePresence T 'oftware 4.x through <.x 2014-05-02 9.0 CVE-2014-2169 tele#resence,tc,software before <.2.1 and TE 'oftware 4.x and <.0 allow remote authenticated users to e*ecute arbitrary commands by using the commands as arguments to internal system scri#ts, a$a 8ug %D ' ue<1022. cisco ++ isco TelePresence T 'oftware 4.x and ?.x 2014-05-02 9.0 CVE-2014-2170 tele#resence,tc,software before ?.1.3 and <.x before <.0.2 and TE 'oftware 4.x and <.0 allow remote authenticated users to e*ecute arbitrary commands by using the commands as arguments to tshell (a$a tcsh) scri#ts, a$a 8ug %D ' ue<1010. cisco ++ Hea#+based buffer overflow in isco 2014-05-02 10.0 CVE-2014-2171 tele#resence,tc,software TelePresence T 'oftware 4.x through <.x before <.1.1 and TE 'oftware 4.x and <.0.x before <.0.2 allows remote attac$ers to e*ecute arbitrary code via crafted '%P #ac$ets, a$a 8ug %& ' ud823:<. cisco ++ isco TelePresence T 'oftware 4.x and ?.x and 2014-05-02 7.2 CVE-2014-2173 tele#resence,tc,software TE 'oftware 4.x and <.0 do not #ro#erly restrict access to the serial #ort, which allows local users to gain #rivileges via uns#ecified commands, a$a 8ug %D ' ub<3<:0. cisco ++ isco TelePresence T 'oftware 4.x and ?.x and 2014-05-02 7.8 CVE-2014-2175 tele#resence,tc,software TE 'oftware 4.x and <.0 allow remote attac$ers to cause a denial of service (memory consum#tion) via crafted H.20? #ac$ets, a$a 8ug %D ' tA3//4:. citri* ++ 6ns#ecified vulnerability in the Diffie+Hellman 2014-05-01 7.5 CVE-2014-2881 netscaler,access,gateway $ey agreement im#lementation in the ,firmware management 56% Cava a##let in itri* Net'caler -##lication &elivery ontroller (-& ) and Net'caler 5ateway before :.;+<<.5 and 21.x before 21.2+200.23 has un$nown im#act and vectors. citri* ++ 6ns#ecified vulnerability in the management 2014-05-01 7.5 CVE-2014-2882 netscaler,access,gateway 56% in itri* Net'caler -##lication Delivery ,firmware ontroller (-& ) and Net'caler 5ateway before :.;+<<.5 and 21.x before 21.1+200.13 has uns#ecified im#act and vectors, related to certificate validation. debian ++ dp$g Directory traversal vulnerability in the un#ac$ing 2014-04-30 9.3 CVE-2014-0471 functionality in dp$g before 2.1?.9, 2.1<.x before 2.2<.1;, and 2.23.x before 2.13./ allows remote attac$ers to write arbitrary files via a crafted source #ac$age, related to @ +style filename Auoting." fortinet ++ 9orti5uard 9orti-uthenticator before ;.0 allows 2014-04-30 9.0 CVE-2013-6990 fortiauthenticator remote administrators to gain #rivileges via the command line interface. fortinet ++ fortiweb 7L9 inBection vulnerability in 9orti5uard 2014-04-30 7.5 CVE-2014-1956 9orti.eb before ?.0.3 allows remote attac$ers to inBect arbitrary HTTP headers and conduct HTTP res#onse s#litting attac$s via uns#ecified vectors. google ++ android -ndroid before 4.4 does not #ro#erly arrange for 2014-04-29 7.5 CVE-2013-7373 seeding of the =#en''L P7NG, which ma$es it easier for attac$ers to defeat cry#togra#hic #rotection mechanisms by leveraging use of the P7NG within multi#le a##lications.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages26 Page
-
File Size-