2014-02-24

Original release date: February 24, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary

Vendor -- Product

Description

Published

CVSS Score

Source & Patch Info

adobe -- adobe_air

Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors.

2014-02-21

10.0

CVE-2014-0498

adobe -- adobe_air

Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 do not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors.

2014-02-21

7.8

CVE-2014-0499

adobe -- adobe_air

Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.

2014-02-21

10.0

CVE-2014-0502

cisco -- unified_communications_manager

SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483.

2014-02-20

7.5

CVE-2014-0734

csounds -- csound

Multiple stack-based buffer overflows in Csound before 5.16.6 allow remote attackers to execute arbitrary code via a crafted (1) hetro file to the getnum function in util/heti_main.c or (2) PVOC file to the getnum function in util/pv_import.c.

2014-02-17

7.5

CVE-2012-0270

freepbx -- freepbx

admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.

2014-02-18

7.5

CVE-2014-1903

ibm -- sametime

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors.

2014-02-14

7.5

CVE-2013-3983

ibm -- sametime

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

2014-02-14

7.5

CVE-2013-6742

irfanview -- irfanview

Heap-based buffer overflow in IrfanView before 4.37 allows remote attackers to execute arbitrary code via the LZW code stream in a GIF file.

2014-02-14

7.5

CVE-2013-5351

jetroplatforms -- jetro_cockpit_secure_browsing

The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 does not validate the FileName element in an RDP_FILE_TRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension.

2014-02-18

9.3

CVE-2014-1861

linux -- linux_kernel

The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service (kernel resource consumption) via a flood of SYN+FIN TCP packets, a different vulnerability than CVE-2012-2663.

2014-02-15

7.8

CVE-2012-6638

linux-nfs -- nfs-utils

The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records.

2014-02-15

7.5

CVE-2011-2500

linuxcontainers -- lxc

The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file.

2014-02-14

7.2

CVE-2013-6441

litech -- router_advertisement_daemon

Buffer overflow in the process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative value in a label_len value.

2014-02-17

7.5

CVE-2011-3601

litech -- router_advertisement_daemon

The process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to cause a denial of service (stack-based buffer over-read and crash) via unspecified vectors.

2014-02-17

7.5

CVE-2011-3604

microsoft -- internet_explorer

Use-after-free vulnerability in Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, as exploited in the wild in January and February 2014.

2014-02-14

9.3

CVE-2014-0322

netfilter_core_team -- iptables

extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this issue less relevant.

2014-02-15

7.5

CVE-2012-2663

parcimonie_project -- parcimonie

parcimonie before 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows attackers to correlate key fetches via unspecified vectors.

2014-02-14

7.5

CVE-2014-1921

qualcomm -- quic_mobile_station_modem_kernel

The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly consider certain memory sections, which makes it easier for attackers to bypass intended access restrictions by leveraging the presence of RWX memory at a fixed location.

2014-02-15

9.3

CVE-2013-4737

Back to top

Medium Vulnerabilities

Primary

Vendor -- Product

Description

Published

CVSS Score

Source & Patch Info

apache -- subversion

The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command.

2014-02-14

4.3

CVE-2014-0032

apple -- iphone_os

The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value.

2014-02-18

4.9

CVE-2014-2019

bandisoft -- bandizip

Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory.

2014-02-14

6.9

CVE-2014-1680

bean_project -- bean

Cross-site scripting (XSS) vulnerability in the Bean module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via the bean title.

2014-02-14

4.3

CVE-2013-4499

ca -- 2e_web_option

CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.

2014-02-14

5.1

CVE-2014-1219

cisco -- unified_communications_manager

The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495.

2014-02-20

5.0

CVE-2014-0732

cisco -- unified_communications_manager

The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494.

2014-02-20

5.0

CVE-2014-0733

cisco -- unified_communications_manager

Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470.

2014-02-20

4.3

CVE-2014-0735

cisco -- unified_communications_manager

Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468.

2014-02-20

6.8

CVE-2014-0736

citrix -- sharefile_mobile

Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

2014-02-21

5.8

CVE-2014-1910

dell -- sonicwall_analyzer

Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id parameter in a ScreenDisplayManager genNetwork action.

2014-02-14

4.3

CVE-2014-0332

ecryptfs -- ecryptfs-utils

utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call.

2014-02-15

4.6

CVE-2011-1831

ecryptfs -- ecryptfs-utils

The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps.

2014-02-15

4.4

CVE-2011-1835

ecryptfs -- ecryptfs-utils

utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.

2014-02-15

4.6

CVE-2011-1836

emc -- rsa_bsafe_ssl-j

The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.

2014-02-17

5.0

CVE-2014-0625

emc -- rsa_bsafe_ssl-j

The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.

2014-02-17

5.0

CVE-2014-0626

emc -- rsa_bsafe_ssl-j

The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.

2014-02-17

5.0

CVE-2014-0627

feep -- libtar

Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (dot dot) in a crafted tar file.

2014-02-20

5.8

CVE-2013-4420

fine_free_file_project -- fine_free_file

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

2014-02-18

5.0

CVE-2014-1943

google -- chrome

Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.

2014-02-15

6.8

CVE-2013-6166

ibm -- sametime

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.

2014-02-14

5.0

CVE-2013-3978

ibm -- sametime

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

2014-02-14

6.8

CVE-2013-3988

internet2 -- opensaml

The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.

2014-02-14

5.0

CVE-2013-6440

linux -- linux_kernel

The do_devinfo_ioctl function in drivers/staging/comedi/comedi_fops.c in the Linux kernel before 3.1 allows local users to obtain sensitive information from kernel memory via a copy of a short string.

2014-02-15

4.9

CVE-2011-2909

litech -- router_advertisement_daemon

The process_rs function in the router advertisement daemon (radvd) before 1.8.2, when UnicastOnly is enabled, allows remote attackers to cause a denial of service (temporary service hang) via a large number of ND_ROUTER_SOLICIT requests.

2014-02-17

5.0

CVE-2011-3605

livezilla -- livezilla

Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an uploaded file or (2) customer name in a resource created from an uploaded file, a different vulnerability than CVE-2013-7003.

2014-02-14

4.3

CVE-2013-7032

mozilla -- firefox

Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.

2014-02-15

6.8

CVE-2013-6167

mozilla -- seamonkey

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.

2014-02-17

4.3

CVE-2013-6674

mozilla -- seamonkey

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674.

2014-02-17

4.3

CVE-2014-2018

openstack -- swift

The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

2014-02-18

5.8

CVE-2013-6396

php -- php

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.

2014-02-15

5.0

CVE-2012-1171

php -- php

Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer overflow.

2014-02-18

6.8

CVE-2013-7226

php -- php

The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226.

2014-02-18

6.8

CVE-2013-7327

php -- php

Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension, a different vulnerability than CVE-2013-7226.

2014-02-18

5.8

CVE-2013-7328

php -- php

ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.

2014-02-18

5.0

CVE-2014-2020

phpmyfaq -- phpmyfaq

Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings.

2014-02-14

6.8

CVE-2014-0813

phpmyfaq -- phpmyfaq

Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

2014-02-14

4.3

CVE-2014-0814

puppetlabs -- puppet

Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.

2014-02-17

5.5

CVE-2011-0528

redhat -- kexec-tools

The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers, and obtain sensitive core information, by using an arbitrary SSH key.

2014-02-15

5.7

CVE-2011-3588

redhat -- kexec-tools

The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file content, as demonstrated by a search for a root SSH key.

2014-02-15

5.7

CVE-2011-3589

redhat -- kexec-tools

The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive information by inspecting the file content.

2014-02-15

5.7

CVE-2011-3590

redhat -- sos

The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes (1) Certificate-based Red Hat Network private entitlement keys and the (2) private key for the entitlement in an archive of debugging information, which might allow remote attackers to obtain sensitive information by reading the archive.

2014-02-17

4.3

CVE-2011-4083

redhat -- network_satellite

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variable in a software channels search; (2) end_year, (3) start_hour, (4) end_am_pm, (5) end_day, (6) end_hour, (7) end_minute, (8) end_month, (9) end_year, (10) optionScanDateSearch, (11) result_filter, (12) search_string, (13) show_as, (14) start_am_pm, (15) start_day, (16) start_hour, (17) start_minute, (18) start_month, (19) start_year, or (20) whereToSearch variable in an scap audit results search; (21) end_minute, (22) end_month, (23) end_year, (24) errata_type_bug, (25) errata_type_enhancement, (26) errata_type_security, (27) fineGrained, (28) list_1892635924_sortdir, (29) optionIssueDateSearch, (30) start_am_pm, (31) start_day, (32) start_hour, (33) start_minute, (34) start_month, (35) start_year, or (36) view_mode variable in an errata search; or (37) fineGrained variable in a systems search, related to PAGE_SIZE_LABEL_SELECTED.

2014-02-14

4.3

CVE-2013-4415

rubyonrails -- ruby_on_rails

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns.

2014-02-20

6.8

CVE-2014-0080

rubyonrails -- ruby_on_rails

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.

2014-02-20

4.3

CVE-2014-0081

rubyonrails -- ruby_on_rails

actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.

2014-02-20

5.0

CVE-2014-0082

ryan_ohara -- piranha

The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request.

2014-02-14

5.8

CVE-2013-6492

sap -- netweaver

The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors.

2014-02-14

5.0

CVE-2014-1960

sap -- netweaver

Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors.

2014-02-14

5.0

CVE-2014-1961

sap -- customer_relationship_management

Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue.

2014-02-14

5.0

CVE-2014-1962

sap -- netweaver

Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors.

2014-02-14

5.0

CVE-2014-1963

sap -- netweaver

Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error.

2014-02-14

4.3

CVE-2014-1964

sap -- netweaver

Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP.

2014-02-14

4.3

CVE-2014-1965

ubuntu -- metal_as_a_service

Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/.

2014-02-17

4.3

CVE-2013-1070

vtiger -- vtiger_crm

Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) return_url parameter to modules\com_vtiger_workflow\savetemplate.php, or unspecified vectors to (2) deletetask.php, (3) edittask.php, (4) savetask.php, or (5) saveworkflow.php.

2014-02-14

4.3

CVE-2013-7326

xen -- xen

Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors.

2014-02-14

4.6

CVE-2014-1950

Back to top

Low Vulnerabilities

Primary

Vendor -- Product

Description

Published

CVSS Score

Source & Patch Info

apache -- tomcat

** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."

2014-02-15

2.1

CVE-2013-0346

ecryptfs -- ecryptfs-utils

utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call.

2014-02-15

2.1

CVE-2011-1832

ecryptfs -- ecryptfs-utils

utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call.

2014-02-15

2.1

CVE-2011-1834

ecryptfs -- ecryptfs-utils

The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors.

2014-02-15

3.6

CVE-2011-1837

hp -- linux_imaging_and_printing_project
</t

Show more