Vulnerability Summary for the Week of July 21, 2014Please Note:

• The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low.

• The CVE indentity number is the publicly known ID given to that particular vulnerability. Therefore you can

search the status of that particular vulnerability using that ID.

• The CVSS (Common Vulnerability Scoring System) score is a standard scoring system used to determine the

severity of the vulnerability.

High Severity Vulnerabilities

The Primary Vendor --- Product

Description Date Published

CVSS Score

The CVE Identity

acme -- micro_httpd Buffer overflow in ACME micro_httpd, as used in

D-Link DSL2750U and DSL2740U and NetGear

WGR614 and MR-ADSL-DG834 routers allows

remote attackers to cause a denial of service

(crash) via a long string in the URI in a GET

request.

2014-07-24 7.8 CVE-2014-4927BIDEXPLOIT-DBMISCOSVDB

advantech --

advantech_webaccess

Multiple stack-based buffer overflows in

Advantech WebAccess before 7.2 allow remote

attackers to execute arbitrary code via a long

string in the (1) ProjectName, (2) SetParameter,

(3) NodeName, (4) CCDParameter, (5) SetColor,

(6) AlarmImage, (7) GetParameter, (8) GetColor,

(9) ServerResponse, (10) SetBaud, or (11)

IPAddress parameter to an ActiveX control in (a)

webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx.

2014-07-19 7.5 CVE-2014-2364

attachmate --

verastream_process_desi

gner

Unrestricted file upload vulnerability in

Attachmate Verastream Process Designer (VPD)

before R6 SP1 Hotfix 1 allows remote attackers

to execute arbitrary code by uploading and

launching an executable file.

2014-07-24 10.0 CVE-2014-0607

autodesk --

sketchbook_pro

Integer overflow in Autodesk SketchBook Pro

before 6.2.6 allows remote attackers to execute

arbitrary code via crafted layer mask data in a

PSD file, which triggers a heap-based buffer

overflow.

2014-07-23 9.3 CVE-2014-3938MISCSECUNIA

autodesk --

sketchbook_pro

Heap-based buffer overflow in Autodesk

SketchBook Pro before 6.2.6 allows remote

attackers to execute arbitrary code via crafted

layer bitmap data in a PXD file.

2014-07-23 9.3 CVE-2014-3939MISCSECUNIA

bfgminer -- bfgminer Multiple stack-based buffer overflows in sgminer

before 4.2.2, cgminer before 4.3.5, and BFGMiner

before 3.3.0 allow remote pool servers to have

unspecified impact via a long URL in a

client.reconnect stratum message to the (1)

extract_sockaddr or (2) parse_reconnect

functions in util.c.

2014-07-23 10.0 CVE-2014-4501FULLDISC

bfgminer -- bfgminer Multiple heap-based buffer overflows in the

parse_notify function in sgminer before 4.2.2,

cgminer before 4.3.5, and BFGMiner before 4.1.0

allow remote pool servers to have unspecified

impact via a (1) large or (2) negative value in the

Extranonc2_size parameter in a

mining.subscribe response and a crafted

mining.notify request.

2014-07-23 10.0 CVE-2014-4502CONFIRMFULLDISC

blogengine -- e2 SQL injection vulnerability in E2 before 2.4

(2845) allows remote attackers to execute

arbitrary SQL commands via the note-id

parameter to @actions/comment-process.

2014-07-24 7.5 CVE-2014-4736MISCBIDBUGTRAQ

citrix -- xenserver Buffer overflow in the HVM graphics console

support in Citrix XenServer 6.2 Service Pack 1

and earlier has unspecified impact and attack

vectors.

2014-07-22 10.0 CVE-2014-4947BID

cybozu -- garoon The CGI component in Cybozu Garoon 3.1.0

through 3.7 SP3 allows remote attackers to

execute arbitrary commands via unspecified

vectors.

2014-07-20 10.0 CVE-2014-1987

cybozu -- garoon Cybozu Garoon 3.7 before SP4 allows remote

authenticated users to bypass intended access

2014-07-20 7.5 CVE-2014-1996

restrictions, and execute arbitrary code or cause

a denial of service, via an API call.

elasticsearch -- logstash Elasticsearch Logstash 1.0.14 through 1.4.x

before 1.4.2 allows remote attackers to execute

arbitrary commands via a crafted event in (1)

zabbix.rb or (2) nagios_nsca.rb in outputs/.

2014-07-22 7.5 CVE-2014-4326BUGTRAQCONFIRM

fuelphp -- fuelphp The auto-format feature in the Request_Curl

class in FuelPHP 1.1 through 1.7.1 allows remote

attackers to execute arbitrary code via a crafted

response.

2014-07-20 7.5 CVE-2014-1999

gitlist -- gitlist Gitlist allows remote attackers to execute

arbitrary commands via shell metacharacters in a

file name to Source/.

2014-07-22 7.5 CVE-2013-7392MISCMISC

gitlist -- gitlist Gitlist before 0.5.0 allows remote attackers to

execute arbitrary commands via shell

metacharacters in the file name in the URI of a

request for a (1) blame, (2) file, or (3) stats page,

as demonstrated by requests to blame/master/,

master/, and stats/master/.

2014-07-22 7.5 CVE-2014-4511CONFIRMEXPLOIT-DBEXPLOIT-DBMISCMISCMISC

google -- chrome The ResourceFetcher::canRequest function in

core/fetch/ResourceFetcher.cpp in Blink, as used

in Google Chrome before 36.0.1985.125, does

not properly restrict subresource requests

associated with SVG files, which allows remote

attackers to bypass the Same Origin Policy via a

crafted file.

2014-07-20 7.5 CVE-2014-3160CONFIRMCONFIRM

google -- chrome The WebMediaPlayerAndroid::load function in

content/renderer/media/android/webmediaplay

er_android.cc in Google Chrome before

36.0.1985.122 on Android does not properly

interact with redirects, which allows remote

attackers to bypass the Same Origin Policy via a

crafted web site that hosts a video stream.

2014-07-20 7.5 CVE-2014-3161CONFIRMCONFIRM

honeywell --

falcon_xlweb_linux_contr

oller

Honeywell FALCON XLWeb Linux controller

devices 2.04.01 and earlier and FALCON XLWeb

XLWebExe controller devices 2.02.11 and earlier

allow remote attackers to bypass authentication

and obtain administrative access by visiting the

2014-07-24 7.6 CVE-2014-2717

change-password page.

joomlaboat --

com_youtubegallery

Multiple SQL injection vulnerabilities in

models\gallery.php in Youtube Gallery

(com_youtubegallery) component 4.x through

4.1.7, and possibly 3.x, for Joomla! allow remote

attackers to execute arbitrary SQL commands via

the (1) listid or (2) themeid parameter to

index.php.

2014-07-21 7.5 CVE-2014-4960BIDEXPLOIT-DB

limesurvey -- limesurvey SQL injection vulnerability in CPDB in

application/controllers/admin/participantsactio

n.php in LimeSurvey 2.05+ Build 140618 allows

remote attackers to execute arbitrary SQL

commands via the sidx parameter in a JSON

request to

admin/participants/sa/getParticipants_json,

related to a search parameter.

2014-07-21 7.5 CVE-2014-5017MISC

mozilla -- firefox Use-after-free vulnerability in the

CERT_DestroyCertificate function in libnss3.so in

Mozilla Network Security Services (NSS) 3.x, as

used in Firefox before 31.0, Firefox ESR 24.x

before 24.7, and Thunderbird before 24.7, allows

remote attackers to execute arbitrary code via

vectors that trigger certain improper removal of

an NSSCertificate structure from a trust domain.

2014-07-23 10.0 CVE-2014-1544CONFIRM

mozilla -- firefox Multiple unspecified vulnerabilities in the

browser engine in Mozilla Firefox before 31.0,

Firefox ESR 24.x before 24.7, and Thunderbird

before 24.7 allow remote attackers to cause a

denial of service (memory corruption and

application crash) or possibly execute arbitrary

code via unknown vectors.

2014-07-23 10.0 CVE-2014-1547CONFIRMCONFIRMCONFIRMCONFIRM

mozilla -- firefox Multiple unspecified vulnerabilities in the

browser engine in Mozilla Firefox before 31.0

and Thunderbird before 31.0 allow remote

attackers to cause a denial of service (memory

corruption and application crash) or possibly

execute arbitrary code via unknown vectors.

2014-07-23 10.0 CVE-2014-1548CONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRM

CONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRM

mozilla -- firefox The

mozilla::dom::AudioBufferSourceNodeEngine::C

opyFromInputBuffer function in Mozilla Firefox

before 31.0 and Thunderbird before 31.0 does

not properly allocate Web Audio buffer memory,

which allows remote attackers to execute

arbitrary code or cause a denial of service (buffer

overflow and application crash) via crafted audio

content that is improperly handled during

playback buffering.

2014-07-23 9.3 CVE-2014-1549CONFIRM

mozilla -- firefox Use-after-free vulnerability in the

MediaInputPort class in Mozilla Firefox before

31.0 and Thunderbird before 31.0 allows remote

attackers to execute arbitrary code or cause a

denial of service (heap memory corruption) by

leveraging incorrect Web Audio control-message

ordering.

2014-07-23 10.0 CVE-2014-1550CONFIRM

mozilla -- firefox Use-after-free vulnerability in the FontTableRec

destructor in Mozilla Firefox before 31.0, Firefox

ESR 24.x before 24.7, and Thunderbird before

24.7 on Windows allows remote attackers to

execute arbitrary code via crafted use of fonts in

MathML content, leading to improper handling

of a DirectWrite font-face object.

2014-07-23 10.0 CVE-2014-1551CONFIRM

mozilla -- firefox Use-after-free vulnerability in the

nsDocLoader::OnProgress function in Mozilla

Firefox before 31.0, Firefox ESR 24.x before 24.7,

and Thunderbird before 24.7 allows remote

attackers to execute arbitrary code via vectors

that trigger a FireOnStateChange event.

2014-07-23 9.3 CVE-2014-1555CONFIRM

mozilla -- firefox Mozilla Firefox before 31.0, Firefox ESR 24.x

before 24.7, and Thunderbird before 24.7 allow

remote attackers to execute arbitrary code via

crafted WebGL content constructed with the

2014-07-23 9.3 CVE-2014-1556CONFIRM

Cesium JavaScript library.

mozilla -- firefox The ConvolveHorizontally function in Skia, as

used in Mozilla Firefox before 31.0, Firefox ESR

24.x before 24.7, and Thunderbird before 24.7,

does not properly handle the discarding of

image data during function execution, which

allows remote attackers to execute arbitrary

code by triggering prolonged image scaling, as

demonstrated by scaling of a high-quality

image.

2014-07-23 9.3 CVE-2014-1557CONFIRM

oleumtech --

sensor_wireless_i/o_mod

ule

OleumTech WIO DH2 Wireless Gateway and

Sensor Wireless I/O Modules allow remote

attackers to execute arbitrary code via packets

that report a high battery voltage.

2014-07-24 7.5 CVE-2014-2360

oleumtech --

sensor_wireless_i/o_mod

ule

OleumTech WIO DH2 Wireless Gateway and

Sensor Wireless I/O Modules, when BreeZ is

used, do not require authentication for reading

the site security key, which allows physically

proximate attackers to spoof communication by

obtaining this key after use of direct hardware

access or manual-setup mode.

2014-07-24 7.2 CVE-2014-2361

oleumtech --

sensor_wireless_i/o_mod

ule

OleumTech WIO DH2 Wireless Gateway and

Sensor Wireless I/O Modules rely exclusively on a

time value for entropy in key generation, which

makes it easier for remote attackers to defeat

cryptographic protection mechanisms by

predicting the time of project creation.

2014-07-24 7.8 CVE-2014-2362

redhat --

jboss_enterprise_applicati

on_platform

The

org.picketlink.common.util.DocumentUtil.getDo

cumentBuilderFactory method in PicketLink, as

used in Red Hat JBoss Enterprise Application

Platform (JBEAP) 5.2.0 and 6.2.4, expands entity

references, which allows remote attackers to

read arbitrary code and possibly have other

unspecified impact via unspecified vectors,

related to an XML External Entity (XXE) issue.

2014-07-22 7.5 CVE-2014-3530

Medium Severity Vulnerabilities

The Primary Vendor --- Product

Description Date Published CVSSScore

The CVE Identity

advantech --

advantech_webacc

ess

Unspecified vulnerability in Advantech WebAccess

before 7.2 allows remote authenticated users to

create or delete arbitrary files via unknown vectors.

2014-07-19 5.5 CVE-2014-2365

advantech --

advantech_webacc

ess

upAdminPg.asp in Advantech WebAccess before

7.2 allows remote authenticated users to discover

credentials by reading HTML source code.

2014-07-19 4.0 CVE-2014-2366

advantech --

advantech_webacc

ess

The ChkCookie subroutine in an ActiveX control in

broadweb/include/gChkCook.asp in Advantech

WebAccess before 7.2 allows remote attackers to

read arbitrary files via a crafted call.

2014-07-19 4.3 CVE-2014-2367

advantech --

advantech_webacc

ess

The BrowseFolder method in the bwocxrun ActiveX

control in Advantech WebAccess before 7.2 allows

remote attackers to read arbitrary files via a crafted

call.

2014-07-19 5.0 CVE-2014-2368

apache --

http_server

The cache_invalidate function in

modules/cache/cache_storage.c in the mod_cache

module in the Apache HTTP Server 2.4.6, when a

caching forward proxy is enabled, allows remote

HTTP servers to cause a denial of service (NULL

pointer dereference and daemon crash) via vectors

that trigger a missing hostname value.

2014-07-20 4.3 CVE-2013-4352CONFIRMCONFIRMCONFIRM

apache --

http_server

The mod_proxy module in the Apache HTTP Server

2.4.x before 2.4.10, when a reverse proxy is enabled,

allows remote attackers to cause a denial of service

(child-process crash) via a crafted HTTP Connection

header.

2014-07-20 4.3 CVE-2014-0117CONFIRMMISCCONFIRMCONFIRMCONFIRMCONFIRM

apache --

http_server

The deflate_in_filter function in mod_deflate.c in

the mod_deflate module in the Apache HTTP Server

before 2.4.10, when request body decompression is

enabled, allows remote attackers to cause a denial

of service (resource consumption) via crafted

request data that decompresses to a much larger

size.

2014-07-20 4.3 CVE-2014-0118CONFIRMCONFIRMCONFIRM

apache --

http_server

Race condition in the mod_status module in the

Apache HTTP Server before 2.4.10 allows remote

attackers to cause a denial of service (heap-based

buffer overflow), or possibly obtain sensitive

credential information or execute arbitrary code,

via a crafted request that triggers improper

scoreboard handling within the status_handler

function in modules/generators/mod_status.c and

the lua_ap_scoreboard_worker function in

modules/lua/lua_request.c.

2014-07-20 6.8 CVE-2014-0226CONFIRMMISCCONFIRMCONFIRMCONFIRMCONFIRM

apache --

http_server

The mod_cgid module in the Apache HTTP Server

before 2.4.10 does not have a timeout mechanism,

which allows remote attackers to cause a denial of

service (process hang) via a request to a CGI script

that does not read from its stdin file descriptor.

2014-07-20 5.0 CVE-2014-0231CONFIRMCONFIRMCONFIRMCONFIRM

apache --

http_server

Memory leak in the winnt_accept function in

server/mpm/winnt/child.c in the WinNT MPM in the

Apache HTTP Server 2.4.x before 2.4.10 on

Windows, when the default AcceptFilter is enabled,

allows remote attackers to cause a denial of service

(memory consumption) via crafted requests.

2014-07-20 5.0 CVE-2014-3523CONFIRMCONFIRM

canonical -- acpi-

support

Race condition in the power policy functions in

policy-funcs in acpi-support before 0.142 allows

local users to gain privileges via unspecified

vectors.

2014-07-24 6.9 CVE-2014-1419CONFIRM

cgminer_project --

cgminer

The parse_notify function in util.c in sgminer before

4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-

in-the-middle attackers to cause a denial of service

(application exit) via a crafted (1) bbversion, (2)

prev_hash, (3) nbit, or (4) ntime parameter in a

mining.notify action stratum message.

2014-07-23 4.3 CVE-2014-4503FULLDISC

cisco --

asr_9000_rsp440_r

outer

Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices

does not properly perform NetFlow sampling of IP

packets, which allows remote attackers to cause a

denial of service (chip and card hangs) via

malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID

CSCuo68417.

2014-07-24 6.1 CVE-2014-3322

cisco --

unified_customer_v

oice_portal

Multiple cross-site scripting (XSS) vulnerabilities in

Cisco Unified Customer Voice Portal (CVP) allow

remote attackers to inject arbitrary web script or

HTML via a crafted parameter, aka Bug IDs

CSCuh61711, CSCuh61720, CSCuh61723,

CSCuh61726, CSCuh61727, CSCuh61731, and

CSCuh61733.

2014-07-19 4.3 CVE-2014-3325

citrix -- xenserver Unspecified vulnerability in Citrix XenServer 6.2

Service Pack 1 and earlier allows attackers to cause

a denial of service and obtain sensitive information

by modifying the guest virtual hard disk (VHD).

2014-07-22 6.4 CVE-2014-4948BID

cybozu -- garoon The Portlets subsystem in Cybozu Garoon 2.x and

3.x before 3.7 SP4 allows remote authenticated

users to bypass intended access restrictions via

unspecified vectors.

2014-07-20 4.0 CVE-2014-1993

dell --

sonicwall_analyzer

Cross-site scripting (XSS) vulnerability in

sgms/panelManager in Dell SonicWALL GMS,

Analyzer, and UMA before 7.2 SP1 allows remote

attackers to inject arbitrary web script or HTML via

the node_id parameter.

2014-07-24 4.3 CVE-2014-5024BIDFULLDISCMISC

drupal -- drupal The multisite feature in Drupal 6.x before 6.32 and

7.x before 7.29 allows remote attackers to cause a

denial of service via a crafted HTTP Host header,

related to determining which configuration file to

use.

2014-07-22 5.0 CVE-2014-5019DEBIAN

drupal -- drupal The File module in Drupal 7.x before 7.29 does not

properly check permissions to view files, which

allows remote authenticated users with certain

permissions to bypass intended restrictions and

read files by attaching the file to content with a file

field.

2014-07-22 4.9 CVE-2014-5020DEBIAN

drupal -- drupal Cross-site scripting (XSS) vulnerability in the Ajax 2014-07-22 4.3 CVE-2014-5022

system in Drupal 7.x before 7.29 allows remote

attackers to inject arbitrary web script or HTML via

vectors involving forms with an Ajax-enabled

textfield and a file field.

DEBIAN

e107 -- e107 Cross-site scripting (XSS) vulnerability in

e107_admin/db.php in e107 2.0 alpha2 and earlier

allows remote attackers to inject arbitrary web

script or HTML via the type parameter.

2014-07-21 4.3 CVE-2014-4734MISCCONFIRMBIDBUGTRAQ

emc --

recoverpoint_applia

nce

The default configuration of EMC RecoverPoint

Appliance (RPA) 4.1 before 4.1.0.1 does not enable a

firewall, which allows remote attackers to obtain

potentially sensitive information about open ports,

or cause a denial of service, by sending packets to

many ports.

2014-07-19 5.8 CVE-2014-2519BUGTRAQ

entity_api_module_

project --

entity_api_module

The Entity API module 7.x-1.x before 7.x-1.2 for

Drupal does not properly restrict access to node

comments, which allows remote authenticated

users to read the comments via unspecified vectors.

NOTE: this identifier was SPLIT per ADT5 due to

different researcher organizations. CVE-2013-7391

was assigned for the View vector.

2014-07-19 4.0 CVE-2013-4273CONFIRMMLIST

entity_api_module_

project --

entity_api_module

The Entity API module 7.x-1.x before 7.x-1.2 for

Drupal, when using the (a) Views field or (b) area

plugins, allows remote attackers to read restricted

entities via the (1) field, (2) header, or (3) footer of a

View. NOTE: this identifier was SPLIT from CVE-

2013-4273 per ADT5 due to different researcher

organizations.

2014-07-19 5.0 CVE-2013-7391MLIST

eterna -- bozohttpd bozotic HTTP server (aka bozohttpd) before

20140708, as used in NetBSD, truncates paths when

checking .htpasswd restrictions, which allows

remote attackers to bypass the HTTP authentication

scheme and access restrictions via a long path.

2014-07-24 5.0 CVE-2014-5015XFBIDOSVDBCONFIRMMLIST

gitlist -- gitlist Repository.php in Gitter, as used in Gitlist, allows

remote attackers with commit privileges to execute

arbitrary commands via shell metacharacters in a

branch name, as demonstrated by a "git checkout

-b" command.

2014-07-22 6.8 CVE-2014-5023MISC

google -- chrome The

WebContentsDelegateAndroid::OpenURLFromTab

function in

components/web_contents_delegate_android/we

b_contents_delegate_android.cc in Google Chrome

before 36.0.1985.122 on Android does not properly

restrict URL loading, which allows remote attackers

to spoof the URL in the Omnibox via unspecified

vectors.

2014-07-20 6.4 CVE-2014-3159CONFIRMCONFIRM

google -- chrome Multiple unspecified vulnerabilities in Google

Chrome before 36.0.1985.125 allow attackers to

cause a denial of service or possibly have other

impact via unknown vectors.

2014-07-20 5.0 CVE-2014-3162CONFIRM

honeywell --

falcon_xlweb_linux

_controller

Multiple cross-site scripting (XSS) vulnerabilities on

Honeywell FALCON XLWeb Linux controller devices

2.04.01 and earlier and FALCON XLWeb XLWebExe

controller devices 2.02.11 and earlier allow remote

attackers to inject arbitrary web script or HTML via

invalid input.

2014-07-24 4.3 CVE-2014-3110

huawei --

e355_web_ui

Cross-site scripting (XSS) vulnerability in the web

interface on the Huawei E355 CH1E355SM modem

with software 21.157.37.01.910 and Web UI

11.001.08.00.03 allows remote attackers to inject

arbitrary web script or HTML via an SMS message.

2014-07-24 4.3 CVE-2014-2968

ibm --

storwize_unified_v7

000_software

IBM Storwize V7000 Unified 1.3.x and 1.4.x before

1.4.3.3 allows remote authenticated users to gain

privileges by leveraging access to the service

account.

2014-07-19 6.5 CVE-2014-3043

ibm --

infosphere_master_

data_management_

collaboration_serve

r

The GDS component in IBM InfoSphere Master Data

Management - Collaborative Edition 10.x and 11.x

before 11.0 FP4 and InfoSphere Master Data

Management Server for Product Information

Management 9.0 and 9.1 allows remote

authenticated users to read arbitrary files via a

crafted UNIX file parameter.

2014-07-19 6.3 CVE-2014-3064XF

limesurvey --

limesurvey

Multiple cross-site scripting (XSS) vulnerabilities in

LimeSurvey 2.05+ Build 140618 allow remote

attackers to inject arbitrary web script or HTML via

2014-07-21 4.3 CVE-2014-5016MISC

(1) the pid attribute to the getAttribute_json

function to

application/controllers/admin/participantsaction.p

hp in CPDB, (2) the sa parameter to

application/views/admin/globalSettings_view.php,

or (3) a crafted CSV file to the "Import CSV"

functionality.

limesurvey --

limesurvey

Incomplete blacklist vulnerability in the autoEscape

function in common_helper.php in LimeSurvey

2.05+ Build 140618 allows remote attackers to

conduct cross-site scripting (XSS) attacks via the

GBK charset in the loadname parameter to

index.php, related to the survey resume.

2014-07-21 4.3 CVE-2014-5018MISC

linux -- linux_kernel The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the

Linux kernel through 3.15.6 allows local users to

gain privileges by leveraging data-structure

differences between an l2tp socket and an inet

socket.

2014-07-19 6.9 CVE-2014-4943CONFIRMCONFIRMMLIST

mit -- kerberos MIT Kerberos 5 (aka krb5) before 1.12.2 allows

remote attackers to cause a denial of service (buffer

over-read and application crash) by injecting invalid

tokens into a GSSAPI application session.

2014-07-20 5.0 CVE-2014-4341CONFIRM

mit -- kerberos MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x

before 1.12.2 allows remote attackers to cause a

denial of service (buffer over-read or NULL pointer

dereference, and application crash) by injecting

invalid tokens into a GSSAPI application session.

2014-07-20 5.0 CVE-2014-4342CONFIRM

mozilla -- firefox Mozilla Firefox before 31.0 and Thunderbird before

31.0 do not properly implement the sandbox

attribute of the IFRAME element, which allows

remote attackers to bypass intended restrictions on

same-origin content via a crafted web site in

conjunction with a redirect.

2014-07-23 5.8 CVE-2014-1552CONFIRM

mozilla -- firefox Mozilla Firefox before 31.0 and Thunderbird before

31.0 allow remote attackers to cause a denial of

service (X.509 certificate parsing outage) via a

crafted certificate that does not use UTF-8 character

encoding in a required context, a different

2014-07-23 4.3 CVE-2014-1558CONFIRM

vulnerability than CVE-2014-1559.

mozilla -- firefox Mozilla Firefox before 31.0 and Thunderbird before

31.0 allow remote attackers to cause a denial of

service (X.509 certificate parsing outage) via a

crafted certificate that does not use UTF-8 character

encoding in a required context, a different

vulnerability than CVE-2014-1558.

2014-07-23 4.3 CVE-2014-1559CONFIRM

mozilla -- firefox Mozilla Firefox before 31.0 and Thunderbird before

31.0 allow remote attackers to cause a denial of

service (X.509 certificate parsing outage) via a

crafted certificate that does not use ASCII character

encoding in a required context.

2014-07-23 4.3 CVE-2014-1560CONFIRM

mozilla -- firefox Mozilla Firefox before 31.0 does not properly

restrict use of drag-and-drop events to spoof

customization events, which allows remote

attackers to alter the placement of UI icons via

crafted JavaScript code that is encountered during

(1) page, (2) panel, or (3) toolbar customization.

2014-07-23 5.8 CVE-2014-1561CONFIRMCONFIRM

nexatechnologies --

meridian

Cross-site scripting (XSS) vulnerability in Nexa

Meridian before 2014 allows remote attackers to

inject arbitrary web script or HTML via unspecified

vectors.

2014-07-20 4.3 CVE-2014-3892

nextapp --

file_explorer

Directory traversal vulnerability in the NextApp File

Explorer application before 2.1.0.3 for Android

allows remote attackers to overwrite or create

arbitrary files via a crafted filename.

2014-07-20 5.0 CVE-2014-1973

octavocms --

octavocms

Cross-site scripting (XSS) vulnerability in

admin/viewer.php in OctavoCMS allows remote

attackers to inject arbitrary web script or HTML via

the src parameter.

2014-07-19 4.3 CVE-2014-4331BIDBUGTRAQVIM

omeka -- omeka Multiple cross-site request forgery (CSRF)

vulnerabilities in Omeka before 2.2.1 allow remote

attackers to hijack the authentication of

administrators for requests that (1) add a new super

user account via a request to admin/users/add, (2)

insert cross-site scripting (XSS) sequences via the

api_key_label parameter to admin/users/api-

keys/1, or (3) disable file validation via a request to

2014-07-25 6.8 CVE-2014-5100XFXFMISCMISCBIDEXPLOIT-DBMISC

admin/settings/edit-security.

omron --

ns10_hmi_terminal

Cross-site request forgery (CSRF) vulnerability in the

web application on Omron NS5, NS8, NS10, NS12,

and NS15 HMI terminals 8.1xx through 8.68x allows

remote authenticated users to hijack the

authentication of unspecified victims via unknown

vectors.

2014-07-24 6.0 CVE-2014-2369

openstack --

neutron

OpenStack Neutron before 2013.2.4, 2014.x before

2014.1.2, and Juno before Juno-2 allows remote

authenticated users to cause a denial of service

(crash or long firewall rule updates) by creating a

large number of allowed address pairs.

2014-07-23 4.0 CVE-2014-3555MISCBIDMLIST

php_kobo --

multifunctional_mai

lform_free

Cross-site scripting (XSS) vulnerability in PHP Kobo

Multifunctional MailForm Free 2014/1/28 and

earlier allows remote attackers to inject arbitrary

web script or HTML via an HTTP Referer header.

2014-07-20 4.3 CVE-2014-3894

phpmyadmin --

phpmyadmin

server_user_groups.php in phpMyAdmin 4.1.x

before 4.1.14.2 and 4.2.x before 4.2.6 allows remote

authenticated users to bypass intended access

restrictions and read the MySQL user list via a

viewUsers request.

2014-07-20 4.0 CVE-2014-4987CONFIRM

polarssl -- polarssl The ssl_decrypt_buf function in library/ssl_tls.c in

PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows

remote attackers to cause a denial of service (crash)

via vectors related to the GCM ciphersuites, as

demonstrated using the Codenomicon Defensics

toolkit.

2014-07-22 5.0 CVE-2014-4911DEBIAN

redhat --

enterprise_mrg

Cumin (aka MRG Management Console), as used in

Red Hat Enterprise MRG 2.5, allows attackers with

certain database privileges to cause a denial of

service (inaccessible page) via a non-ASCII character

in the name of a link.

2014-07-19 5.0 CVE-2012-2682CONFIRM

redhat --

jboss_enterprise_ap

plication_platform

jmx-remoting.sar in JBoss Remoting, as used in Red

Hat JBoss Enterprise Application Platform (JEAP)

5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss

Portal Platform 5.2.2, and Red Hat JBoss SOA

Platform 5.3.1, does not properly implement the

JSR 160 specification, which allows remote

2014-07-22 6.8 CVE-2014-3518

attackers to execute arbitrary code via unspecified

vectors.

reviewboard --

review_board

Cross-site scripting (XSS) vulnerability in Review

Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4

allows remote attackers to inject arbitrary web

script or HTML via a query parameter to a diff

fragment page.

2014-07-25 4.3 CVE-2014-5027BIDMLISTMLIST

siemens --

simatic_pcs7

The WebNavigator server in Siemens SIMATIC

WinCC before 7.3, as used in PCS7 and other

products, allows remote attackers to obtain

sensitive information via an HTTP request.

2014-07-24 5.0 CVE-2014-4682

siemens --

simatic_pcs7

The WebNavigator server in Siemens SIMATIC

WinCC before 7.3, as used in PCS7 and other

products, allows remote authenticated users to

gain privileges via a (1) HTTP or (2) HTTPS request.

2014-07-24 4.9 CVE-2014-4683

siemens --

simatic_pcs7

The database server in Siemens SIMATIC WinCC

before 7.3, as used in PCS7 and other products,

allows remote authenticated users to gain

privileges via a request to TCP port 1433.

2014-07-24 6.0 CVE-2014-4684

siemens --

simatic_pcs7

Siemens SIMATIC WinCC before 7.3, as used in PCS7

and other products, allows local users to gain

privileges by leveraging weak system-object access

control.

2014-07-24 4.6 CVE-2014-4685

siemens --

simatic_pcs7

The Project administration application in Siemens

SIMATIC WinCC before 7.3, as used in PCS7 and

other products, has a hardcoded encryption key,

which allows remote attackers to obtain sensitive

information by extracting this key from another

product installation and then employing this key

during the sniffing of network traffic on TCP port

1030.

2014-07-24 6.8 CVE-2014-4686

sophos -- anti-virus Multiple cross-site scripting (XSS) vulnerabilities in

the web UI in Sophos Anti-Virus for Linux before

9.6.1 allow local users to inject arbitrary web script

or HTML via the (1)

newListList:ExcludeFileOnExpression, (2)

newListList:ExcludeFilesystems, or (3)

newListList:ExcludeMountPaths parameter to

2014-07-22 4.3 CVE-2014-2385MISCSECTRACKFULLDISC

exclusion/configure or (4) text:EmailServer or (5)

newListList:Email parameter to

notification/configure.

tenable -- nessus The /server/properties resource in Tenable Web UI

before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows

remote attackers to obtain sensitive information via

the token parameter.

2014-07-23 5.0 CVE-2014-4980SECTRACKBIDBUGTRAQOSVDBMISCMISC

ubnt -- unifi_video The default Flash cross-domain policy

(crossdomain.xml) in Ubiquiti Networks UniFi Video

(formerly AirVision aka AirVision Controller) before

3.0.1 does not restrict access to the application,

which allows remote attackers to bypass the Same

Origin Policy via a crafted SWF file.

2014-07-25 6.0 CVE-2014-2227BIDMISCFULLDISC

webmin -- usermin Cross-site scripting (XSS) vulnerability in Usermin

before 1.600 allows remote attackers to inject

arbitrary web script or HTML via unspecified

vectors. NOTE: this might overlap CVE-2014-3924.

2014-07-20 4.3 CVE-2014-3884

webmin -- webmin Cross-site scripting (XSS) vulnerability in Webmin

before 1.690 allows remote authenticated users to

inject arbitrary web script or HTML via unspecified

vectors. NOTE: this might overlap CVE-2014-3924.

2014-07-20 4.3 CVE-2014-3885

x -- xf86-video-intel Directory traversal vulnerability in

tools/backlight_helper.c in X.Org xf86-video-intel

2.99.911 allows remote attackers to create or

overwrite arbitrary files via a .. (dot dot) in the

interface name.

2014-07-24 4.6 CVE-2014-4910XFMLISTMLISTOSVDBMLIST

Low Severity Vulnerabilities

The Primary Vendor --- Product

Description Date Published CVSSScore

The CVE Identity

apple -- cups The web interface in CUPS before 1.7.4 allows local

users in the lp group to read arbitrary files via a

symlink attack on a file in /var/cache/cups/rss/.

2014-07-23 1.2 CVE-2014-3537CONFIRMUBUNTUSECTRACKCONFIRMSECUNIAFEDORA

cybozu -- garoon Cross-site scripting (XSS) vulnerability in the

Messages functionality in Cybozu Garoon 3.1.x, 3.5.x,

and 3.7.x before 3.7 SP4 allows remote

authenticated users to inject arbitrary web script or

HTML via unspecified vectors.

2014-07-20 3.5 CVE-2014-1992

cybozu -- garoon Cross-site scripting (XSS) vulnerability in the Notices

portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4

allows remote authenticated users to inject arbitrary

web script or HTML via unspecified vectors.

2014-07-20 3.5 CVE-2014-1994

cybozu -- garoon Cross-site scripting (XSS) vulnerability in the Map

search functionality in Cybozu Garoon 2.x and 3.x

before 3.7 SP4 allows remote authenticated users to

inject arbitrary web script or HTML via unspecified

vectors.

2014-07-20 3.5 CVE-2014-1995

d-bus_project -- d-

bus

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when

running on Linux 2.6.37-rc4 or later, allows local

users to cause a denial of service (system-bus

disconnect of other services or applications) by

sending a message containing a file descriptor, then

exceeding the maximum recursion depth before the

initial message is forwarded.

2014-07-19 2.1 CVE-2014-3532DEBIANSECUNIAMLIST

d-bus_project -- d-

bus

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows

local users to cause a denial of service (disconnect)

via a certain sequence of crafted messages that

cause the dbus-daemon to forward a message

containing an invalid file descriptor.

2014-07-19 2.1 CVE-2014-3533CONFIRMDEBIANSECUNIAMLIST

drupal -- drupal Cross-site scripting (XSS) vulnerability in the Form

API in Drupal 6.x before 6.32 and possibly 7.x before

7.29 allows remote authenticated users with the

2014-07-22 2.1 CVE-2014-5021DEBIAN

"administer taxonomy" permission to inject arbitrary

web script or HTML via an option group label.

ibm --

infosphere_master

_data_managemen

t_collaboration_ser

ver

Cross-site scripting (XSS) vulnerability in the GDS

component in IBM InfoSphere Master Data

Management - Collaborative Edition 10.x and 11.x

before 11.0 FP4 and InfoSphere Master Data

Management Server for Product Information

Management 9.0 and 9.1 allows remote

authenticated users to inject arbitrary web script or

HTML via a crafted URL.

2014-07-19 3.5 CVE-2014-0967XF

ibm --

infosphere_master

_data_managemen

t_collaboration_ser

ver

Cross-site scripting (XSS) vulnerability in the GDS

component in IBM InfoSphere Master Data

Management - Collaborative Edition 10.x and 11.x

before 11.0 FP4 and InfoSphere Master Data

Management Server for Product Information

Management 9.0 and 9.1 allows remote

authenticated users to inject arbitrary web script or

HTML via a crafted URL for an MHTML document.

2014-07-19 3.5 CVE-2014-0968XF

ibm --

infosphere_master

_data_managemen

t_collaboration_ser

ver

The GDS component in IBM InfoSphere Master Data

Management - Collaborative Edition 10.x and 11.x

before 11.0 FP4 and InfoSphere Master Data

Management Server for Product Information

Management 9.0 and 9.1 allows remote

authenticated users to inject links via unspecified

vectors.

2014-07-19 3.5 CVE-2014-0970XF

ibm --

scale_out_network

_attached_storage

IBM Scale Out Network Attached Storage (SONAS)

1.3.x and 1.4.x before 1.4.3.3 places an

administrative password in the shell history upon

use of the -p option to chuser, which allows local

users to obtain sensitive information by leveraging

root access.

2014-07-19 1.7 CVE-2014-3045

micropact --

icomplaints

Cross-site scripting (XSS) vulnerability in

AddStdLetter.jsp in MicroPact iComplaints before

8.0.2.1.8.8014 allows remote authenticated users to

inject arbitrary web script or HTML via the

description parameter.

2014-07-24 3.5 CVE-2014-2971

omron --

ns10_hmi_terminal

Cross-site scripting (XSS) vulnerability in the web

application on Omron NS5, NS8, NS10, NS12, and

2014-07-24 3.5 CVE-2014-2370

NS15 HMI terminals 8.1xx through 8.68x allows

remote authenticated users to inject arbitrary web

script or HTML via crafted data.

phpmyadmin --

phpmyadmin

Cross-site scripting (XSS) vulnerability in the

PMA_getHtmlForActionLinks function in

libraries/structure.lib.php in phpMyAdmin 4.2.x

before 4.2.6 allows remote authenticated users to

inject arbitrary web script or HTML via a crafted table

comment that is improperly handled during

construction of a database structure page.

2014-07-20 3.5 CVE-2014-4954CONFIRM

phpmyadmin --

phpmyadmin

Cross-site scripting (XSS) vulnerability in the

PMA_TRI_getRowForList function in

libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x

before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x

before 4.2.6 allows remote authenticated users to

inject arbitrary web script or HTML via a crafted

trigger name that is improperly handled on the

database triggers page.

2014-07-20 3.5 CVE-2014-4955CONFIRM

phpmyadmin --

phpmyadmin

Multiple cross-site scripting (XSS) vulnerabilities in

js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1,

4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow

remote authenticated users to inject arbitrary web

script or HTML via a crafted (1) table name or (2)

column name that is improperly handled during

construction of an AJAX confirmation message.

2014-07-20 3.5 CVE-2014-4986CONFIRM

webmin -- webmin Cross-site scripting (XSS) vulnerability in Webmin

before 1.690, when referrer checking is disabled,

allows remote attackers to inject arbitrary web script

or HTML via unspecified vectors. NOTE: this might

overlap CVE-2014-3924.

2014-07-20 2.6 CVE-2014-3886

apple -- cups The web interface in CUPS before 1.7.4 allows local

users in the lp group to read arbitrary files via a

symlink attack on a file in /var/cache/cups/rss/.

2014-07-23 1.2 CVE-2014-3537CONFIRMUBUNTUSECTRACKCONFIRMSECUNIAFEDORA

cybozu -- garoon Cross-site scripting (XSS) vulnerability in the

Messages functionality in Cybozu Garoon 3.1.x, 3.5.x,

and 3.7.x before 3.7 SP4 allows remote

2014-07-20 3.5 CVE-2014-1992

authenticated users to inject arbitrary web script or

HTML via unspecified vectors.

cybozu -- garoon Cross-site scripting (XSS) vulnerability in the Notices

portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4

allows remote authenticated users to inject arbitrary

web script or HTML via unspecified vectors.

2014-07-20 3.5 CVE-2014-1994

cybozu -- garoon Cross-site scripting (XSS) vulnerability in the Map

search functionality in Cybozu Garoon 2.x and 3.x

before 3.7 SP4 allows remote authenticated users to

inject arbitrary web script or HTML via unspecified

vectors.

2014-07-20 3.5 CVE-2014-1995

d-bus_project -- d-

bus

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when

running on Linux 2.6.37-rc4 or later, allows local

users to cause a denial of service (system-bus

disconnect of other services or applications) by

sending a message containing a file descriptor, then

exceeding the maximum recursion depth before the

initial message is forwarded.

2014-07-19 2.1 CVE-2014-3532DEBIANSECUNIAMLIST

d-bus_project -- d-

bus

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows

local users to cause a denial of service (disconnect)

via a certain sequence of crafted messages that

cause the dbus-daemon to forward a message

containing an invalid file descriptor.

2014-07-19 2.1 CVE-2014-3533CONFIRMDEBIANSECUNIAMLIST

drupal -- drupal Cross-site scripting (XSS) vulnerability in the Form

API in Drupal 6.x before 6.32 and possibly 7.x before

7.29 allows remote authenticated users with the

"administer taxonomy" permission to inject arbitrary

web script or HTML via an option group label.

2014-07-22 2.1 CVE-2014-5021DEBIAN

ibm --

infosphere_master

_data_managemen

t_collaboration_ser

ver

Cross-site scripting (XSS) vulnerability in the GDS

component in IBM InfoSphere Master Data

Management - Collaborative Edition 10.x and 11.x

before 11.0 FP4 and InfoSphere Master Data

Management Server for Product Information

Management 9.0 and 9.1 allows remote

authenticated users to inject arbitrary web script or

HTML via a crafted URL.

2014-07-19 3.5 CVE-2014-0967XF

ibm --

infosphere_master

Cross-site scripting (XSS) vulnerability in the GDS

component in IBM InfoSphere Master Data

2014-07-19 3.5 CVE-2014-0968XF

_data_managemen

t_collaboration_ser

ver

Management - Collaborative Edition 10.x and 11.x

before 11.0 FP4 and InfoSphere Master Data

Management Server for Product Information

Management 9.0 and 9.1 allows remote

authenticated users to inject arbitrary web script or

HTML via a crafted URL for an MHTML document.

ibm --

infosphere_master

_data_managemen

t_collaboration_ser

ver

The GDS component in IBM InfoSphere Master Data

Management - Collaborative Edition 10.x and 11.x

before 11.0 FP4 and InfoSphere Master Data

Management Server for Product Information

Management 9.0 and 9.1 allows remote

authenticated users to inject links via unspecified

vectors.

2014-07-19 3.5 CVE-2014-0970XF

ibm --

scale_out_network

_attached_storage

IBM Scale Out Network Attached Storage (SONAS)

1.3.x and 1.4.x before 1.4.3.3 places an

administrative password in the shell history upon

use of the -p option to chuser, which allows local

users to obtain sensitive information by leveraging

root access.

2014-07-19 1.7 CVE-2014-3045

micropact --

icomplaints

Cross-site scripting (XSS) vulnerability in

AddStdLetter.jsp in MicroPact iComplaints before

8.0.2.1.8.8014 allows remote authenticated users to

inject arbitrary web script or HTML via the

description parameter.

2014-07-24 3.5 CVE-2014-2971

omron --

ns10_hmi_terminal

Cross-site scripting (XSS) vulnerability in the web

application on Omron NS5, NS8, NS10, NS12, and

NS15 HMI terminals 8.1xx through 8.68x allows

remote authenticated users to inject arbitrary web

script or HTML via crafted data.

2014-07-24 3.5 CVE-2014-2370

phpmyadmin --

phpmyadmin

Cross-site scripting (XSS) vulnerability in the

PMA_getHtmlForActionLinks function in

libraries/structure.lib.php in phpMyAdmin 4.2.x

before 4.2.6 allows remote authenticated users to

inject arbitrary web script or HTML via a crafted table

comment that is improperly handled during

construction of a database structure page.

2014-07-20 3.5 CVE-2014-4954CONFIRM

phpmyadmin --

phpmyadmin

Cross-site scripting (XSS) vulnerability in the

PMA_TRI_getRowForList function in

2014-07-20 3.5 CVE-2014-4955CONFIRM

libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x

before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x

before 4.2.6 allows remote authenticated users to

inject arbitrary web script or HTML via a crafted

trigger name that is improperly handled on the

database triggers page.

phpmyadmin --

phpmyadmin

Multiple cross-site scripting (XSS) vulnerabilities in

js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1,

4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow

remote authenticated users to inject arbitrary web

script or HTML via a crafted (1) table name or (2)

column name that is improperly handled during

construction of an AJAX confirmation message.

2014-07-20 3.5 CVE-2014-4986CONFIRM

webmin -- webmin Cross-site scripting (XSS) vulnerability in Webmin

before 1.690, when referrer checking is disabled,

allows remote attackers to inject arbitrary web script

or HTML via unspecified vectors. NOTE: this might

overlap CVE-2014-3924.

2014-07-20 2.6 CVE-2014-3886

• Sources: http://nvd.nist.gov (For more information visit the National Vulnerabilities Database (NVD) which

contains a database of every vulnerability that has ever been published).

Uganda Communications Commission – UGCERTEmail: info@ug-cert.ug Tel + 256 414 302 100/150 Toll Free: 0800 133 911

Website www.ug-cert.ug Face book / Twitter: UGCERT