Original release date: September 01, 2014
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
apache -- openoffice
Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.
2014-08-26
9.3
CVE-2014-3524
XF
SECTRACK
BID
BUGTRAQ
emc -- rsa_identity_management_and_governance
EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers to bypass authentication via an arbitrary valid username.
2014-08-27
9.3
CVE-2014-4619
BUGTRAQ
fortinet -- fortios
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted request.
2014-08-25
7.5
CVE-2014-2216
SECUNIA
freereprintables -- articlefr
Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to rate.php.
2014-08-22
7.5
CVE-2014-5097
MISC
BID
BUGTRAQ
MISC
google -- chrome
Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation.
2014-08-26
7.5
CVE-2014-3168
CONFIRM
google -- chrome
Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs before notification of node removal.
2014-08-26
7.5
CVE-2014-3169
CONFIRM
google -- chrome
Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations instead of HashMap set operations, related to bindings/core/v8/DOMWrapperMap.h and bindings/core/v8/SerializedScriptValue.cpp.
2014-08-26
7.5
CVE-2014-3171
CONFIRM
google -- chrome
Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors, related to the load_truetype_glyph function in truetype/ttgload.c in FreeType and other functions in other components.
2014-08-26
10.0
CVE-2014-3175
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chrome
Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177.
2014-08-26
10.0
CVE-2014-3176
CONFIRM
google -- chrome
Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3176.
2014-08-26
10.0
CVE-2014-3177
CONFIRM
hp -- service_manager
Unspecified vulnerability in the WebTier component in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to execute arbitrary code via unknown vectors.
2014-08-23
10.0
CVE-2014-2632
hp -- service_manager
Unspecified vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to bypass intended access restrictions, and modify data or cause a denial of service, via unknown vectors.
2014-08-23
9.4
CVE-2014-2634
ibm -- monitoring_agent_for_unix_logs
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM) on UNIX allow local users to gain privileges via unspecified vectors.
2014-08-29
7.2
CVE-2013-5467
XF
invensys -- wonderware_information_server
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file.
2014-08-27
7.8
CVE-2014-2380
MISC
invensys -- wonderware_information_server
SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
2014-08-27
7.5
CVE-2014-5399
MISC
little_kernel_project -- little_kernel_bootloader
The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSA_public_decrypt API specification, which makes it easier for attackers to bypass boot-image authentication requirements via trailing data.
2014-08-24
7.2
CVE-2014-0973
little_kernel_project -- little_kernel_bootloader
The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by using fastboot mode in a boot command for an arbitrary kernel image.
2014-08-24
7.2
CVE-2014-4325
novell -- groupwise
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.
2014-08-29
7.8
CVE-2014-0600
CONFIRM
MISC
pandasecurity -- panda_av_pro_2014
Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Panda Security 2014 products before hft131306s24_r1 allows local users to gain privileges via a crafted argument to a 0x222008 IOCTL call.
2014-08-26
7.2
CVE-2014-5307
MISC
XF
BID
BUGTRAQ
FULLDISC
MISC
php-sqrl_project -- php-sqrl
SQL injection vulnerability in sqrl_verify.php in php-sqrl allows remote attackers to execute arbitrary SQL commands via the message parameter.
2014-08-25
7.5
CVE-2014-5458
CONFIRM
MISC
FULLDISC
qeiinc -- epaq-9410_substation_gateway
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.
2014-08-27
7.1
CVE-2014-0761
MISC
saltstack -- salt
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.
2014-08-22
7.2
CVE-2014-3563
XF
BID
schrack -- technik_microcontrol
The web interface in Schrack Technik microControl with firmware before 1.7.0 (937) has a hardcoded password of not for the "user" account, which makes it easier for remote attackers to obtain access via unspecified vectors.
2014-08-22
7.5
CVE-2014-5396
MISC
FULLDISC
tenda -- a5s
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.
2014-08-22
10.0
CVE-2014-5246
XF
BID
EXPLOIT-DB
MISC
OSVDB
ubi -- uplay_pc
Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: Full Control) for the program installation directory (%PROGRAMFILES%\Ubisoft Game Launcher), which allows local users to gain privileges via a Trojan horse file.
2014-08-25
7.2
CVE-2014-5453
MISC
EXPLOIT-DB
OSVDB
Back to top
Medium Vulnerabilities
Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
apache -- openoffice
The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.
2014-08-26
4.3
CVE-2014-3575
XF
SECTRACK
BUGTRAQ
apache -- axis
The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.
2014-08-26
5.8
CVE-2014-3596
XF
SECTRACK
BID
MLIST
check_mk_project -- check_mk
Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) render_status_icons function in htmllib.py or (2) ajax_action function in actions.py.
2014-08-22
4.3
CVE-2014-5338
XF
BID
BUGTRAQ
MISC
christos_zoulas -- file
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
2014-08-22
4.3
CVE-2014-3587
CONFIRM
DEBIAN
CONFIRM
cisco -- asr_9000_rsp440_router
Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750.
2014-08-26
4.6
CVE-2014-3335
cisco -- transport_gateway_installation_software
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq31129, CSCuq31134, CSCuq31137, and CSCuq31563.
2014-08-27
4.3
CVE-2014-3344
cisco -- transport_gateway_installation_software
The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which allows remote attackers to modify the product via a crafted URL, aka Bug ID CSCuq31503.
2014-08-28
5.0
CVE-2014-3345
cisco -- transport_gateway_installation_software
The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) does not validate an unspecified parameter, which allows remote authenticated users to cause a denial of service (service crash) via a crafted string, aka Bug ID CSCuq31819.
2014-08-29
6.3
CVE-2014-3346
cisco -- 1801_integrated_service_router
Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid state of the hardware encryption module, aka Bug ID CSCul77897.
2014-08-28
5.4
CVE-2014-3347
cisco -- cloud_portal
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files via a crafted request, aka Bug ID CSCuh87410.
2014-08-29
4.0
CVE-2014-3349
cisco -- cloud_portal
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly implement URL redirection, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCuh84870.
2014-08-29
4.0
CVE-2014-3350
cisco -- cloud_portal
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, aka Bug IDs CSCuh87398 and CSCuh87380.
2014-08-29
5.0
CVE-2014-3351
debian -- python-imaging
PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.
2014-08-25
5.0
CVE-2014-3589
DEBIAN
djangoproject -- django
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.
2014-08-26
5.8
CVE-2014-0480
DEBIAN
djangoproject -- django
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.
2014-08-26
4.3
CVE-2014-0481
DEBIAN
djangoproject -- django
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.
2014-08-26
6.0
CVE-2014-0482
DEBIAN
esri -- arcgis_for_server
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
2014-08-22
4.3
CVE-2014-5121
BUGTRAQ
MISC
esri -- arcgis_for_server
Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, related to login.
2014-08-22
5.8
CVE-2014-5122
BID
BUGTRAQ
MISC
google -- chrome
extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character.
2014-08-26
6.4
CVE-2014-3170
CONFIRM
google -- chrome
The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL.
2014-08-26
6.4
CVE-2014-3172
CONFIRM
google -- chrome
The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service (read of uninitialized memory) via a crafted CANVAS element, related to gpu/command_buffer/service/framebuffer_manager.cc and gpu/command_buffer/service/gles2_cmd_decoder.cc.
2014-08-26
5.0
CVE-2014-3173
CONFIRM
google -- chrome
modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service (read of uninitialized memory) via crafted API calls.
2014-08-26
5.0
CVE-2014-3174
CONFIRM
hp -- service_manager
Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2014-08-23
4.3
CVE-2013-6222
hp -- service_manager
Cross-site request forgery (CSRF) vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
2014-08-23
6.8
CVE-2014-2633
ibm -- power_710
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.
2014-08-22
4.6
CVE-2013-6306
XF
ibm -- mobile_foundation
IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in Worklight and Mobile Foundation, allows remote authenticated users to bypass the application-authenticity feature via unspecified vectors.
2014-08-29
4.9
CVE-2014-0888
XF
ibm -- maximo_asset_management
Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbitrary users.
2014-08-29
6.0
CVE-2014-3024
XF
AIXAPAR
ibm -- emptoris_contract_management
Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4; and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
2014-08-26
6.0
CVE-2014-3040
XF
ibm -- emptoris_contract_management
SQL injection vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
2014-08-26
6.5
CVE-2014-3041
XF
ibm -- emptoris_spend_analysis
Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
2014-08-26
6.8
CVE-2014-3061
XF
ibm -- maximo_asset_management
IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2.8, 7.1, and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended write-access restrictions on calendar entries via unspecified vectors.
2014-08-29
4.9
CVE-2014-3084
XF
AIXAPAR
ibm -- emptoris_sourcing_portfolio
IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 does not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue.
2014-08-26
4.9
CVE-2014-4790
XF
innovaphone -- innovaphone_pbx
Multiple cross-site request forgery (CSRF) vulnerabilities in innovaphone PBX 10.00 sr11 and earlier allow remote attackers to hijack the authentication of administrators for requests that modify configurations or user accounts, as demonstrated by (1) changing the administrator password via a crafted request to CMD0/mod_cmd.xml or (2) adding a new SIP user via a crafted request to PBX0/ADMIN/mod_cmd_login.xml.
2014-08-25
6.8
CVE-2014-5335
BUGTRAQ
invensys -- wonderware_information_server
Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2014-08-27
4.3
CVE-2014-5397
MISC
kdirstat_project -- kdirstat
kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a " (double quote) character in the directory name, a different vulnerability than CVE-2014-2528.
2014-08-26
6.8
CVE-2014-2527
CONFIRM
CONFIRM
MLIST
SUSE
kdirstat_project -- kdirstat
kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' (single quote) character in the directory name, a different vulnerability than CVE-2014-2527.
2014-08-26
6.8
CVE-2014-2528
CONFIRM
MLIST
mailpoet -- mailpoet_newsletters
Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary users.
2014-08-26
6.8
CVE-2014-3907
JVNDB
JVN
mediawiki -- mediawiki
The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with a restricted character set.
2014-08-22
6.8
CVE-2014-5241
MLIST
mediawiki -- mediawiki
Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox class in conjunction with an action=raw value.
2014-08-22
4.3
CVE-2014-5242</