Original release date: November 18, 2014
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
adobe -- air
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0588 and CVE-2014-8438.
2014-11-11
10.0
CVE-2014-0573
adobe -- air
Double free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors.
2014-11-11
10.0
CVE-2014-0574
adobe -- air
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0581, CVE-2014-8440, and CVE-2014-8441.
2014-11-11
10.0
CVE-2014-0576
adobe -- air
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, and CVE-2014-0590.
2014-11-11
10.0
CVE-2014-0577
adobe -- air
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-8440, and CVE-2014-8441.
2014-11-11
10.0
CVE-2014-0581
adobe -- air
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0589.
2014-11-11
10.0
CVE-2014-0582
adobe -- air
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to complete a transition from Low Integrity to Medium Integrity via unspecified vectors.
2014-11-11
7.5
CVE-2014-0583
adobe -- air
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0585, CVE-2014-0586, and CVE-2014-0590.
2014-11-11
10.0
CVE-2014-0584
adobe -- air
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0586, and CVE-2014-0590.
2014-11-11
10.0
CVE-2014-0585
adobe -- air
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, and CVE-2014-0590.
2014-11-11
10.0
CVE-2014-0586
adobe -- air
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0573 and CVE-2014-8438.
2014-11-11
10.0
CVE-2014-0588
adobe -- air
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0582.
2014-11-11
10.0
CVE-2014-0589
adobe -- air
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, and CVE-2014-0586.
2014-11-11
10.0
CVE-2014-0590
adobe -- air
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0573 and CVE-2014-0588.
2014-11-11
10.0
CVE-2014-8438
adobe -- air
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8441.
2014-11-11
10.0
CVE-2014-8440
adobe -- air
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8440.
2014-11-11
10.0
CVE-2014-8441
adobe -- air
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to complete a transition from Low Integrity to Medium Integrity by leveraging incorrect permissions.
2014-11-11
7.5
CVE-2014-8442
apache -- mod_auth_mellon
The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request.
2014-11-14
9.4
CVE-2014-8567
MLIST
CONFIRM
belkin -- n750_wireless_router
Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long sting in the jump parameter.
2014-11-12
10.0
CVE-2014-1635
MISC
MISC
BID
EXPLOIT-DB
OSVDB
checkpoint -- security_gateway
Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS request.
2014-11-16
7.1
CVE-2014-8950
CONFIRM
SECUNIA
checkpoint -- security_gateway
Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) Anti-Bot, or (6) Anti-Virus blade is used, allows remote attackers to cause a denial of service (fwk0 process crash, core dump, and restart) via a redirect to the UserCheck page.
2014-11-16
7.1
CVE-2014-8951
SECUNIA
checkpoint -- security_gateway
Multiple unspecified vulnerabilities in Check Point Security Gateway R75.40VS, R75.45, R75.46, R75.47, R76, R77, and R77.10, when the (1) IPS blade, (2) IPsec Remote Access, (3) Mobile Access / SSL VPN blade, (4) SSL Network Extender, (5) Identify Awareness blade, (6) HTTPS Inspection, (7) UserCheck, or (8) Data Leak Prevention blade module is enabled, allow remote attackers to cause a denial of service ("stability issue") via an unspecified "traffic condition."
2014-11-16
7.1
CVE-2014-8952
SECUNIA
cisco -- ios
Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509.
2014-11-14
7.1
CVE-2014-7998
freerdp_project -- freerdp
Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated.
2014-11-16
10.0
CVE-2014-0250
CONFIRM
BID
MLIST
SUSE
hp -- helion_cloud_development_platform
The Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers' installations, which allows remote attackers to execute arbitrary code by leveraging these keys for a connection.
2014-11-13
10.0
CVE-2014-7878
huawei -- ec156
Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll in the Mobile Partner directory.
2014-11-13
7.2
CVE-2014-8359
XF
BID
MISC
MISC
libreoffice -- libreoffice
Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.
2014-11-07
7.5
CVE-2014-3693
SECUNIA
SECUNIA
linux -- linux_kernel
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.
2014-11-10
7.8
CVE-2014-3673
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernel
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.
2014-11-10
7.8
CVE-2014-3687
CONFIRM
CONFIRM
CONFIRM
magentocommerce -- magmi
Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/.
2014-11-13
9.0
CVE-2014-8770
EXPLOIT-DB
OSVDB
mantisbt -- mantisbt
SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1609.
2014-11-13
7.5
CVE-2014-8554
XF
BID
CONFIRM
MLIST
MLIST
microsoft -- windows_server_2003
Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability."
2014-11-11
7.2
CVE-2014-4076
microsoft -- office
Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanese) Elevation of Privilege Vulnerability," as exploited in the wild in 2014.
2014-11-11
9.3
CVE-2014-4077
microsoft -- xml_core_services
XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (system-state corruption) via crafted XML content, aka "MSXML Remote Code Execution Vulnerability."
2014-11-11
9.3
CVE-2014-4118
microsoft -- internet_explorer
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6341.
2014-11-11
9.3
CVE-2014-4143
microsoft -- .net_framework
Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka "TypeFilterLevel Vulnerability."
2014-11-11
9.3
CVE-2014-4149
microsoft -- windows_7
Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font, aka "Denial of Service in Windows Kernel Mode Driver Vulnerability."
2014-11-11
7.1
CVE-2014-6317
MS
CONFIRM
microsoft -- windows_7
Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka "Microsoft Schannel Remote Code Execution Vulnerability."
2014-11-11
10.0
CVE-2014-6321
microsoft -- windows_7
OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."
2014-11-11
9.3
CVE-2014-6332
microsoft -- office_compatibility_pack
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Double Delete Remote Code Execution Vulnerability."
2014-11-11
9.3
CVE-2014-6333
microsoft -- office_compatibility_pack
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Bad Index Remote Code Execution Vulnerability."
2014-11-11
9.3
CVE-2014-6334
microsoft -- office_compatibility_pack
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Invalid Pointer Remote Code Execution Vulnerability."
2014-11-11
9.3
CVE-2014-6335
microsoft -- internet_explorer
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
2014-11-11
9.3
CVE-2014-6337
microsoft -- internet_explorer
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4143.
2014-11-11
9.3
CVE-2014-6341
microsoft -- internet_explorer
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6348.
2014-11-11
9.3
CVE-2014-6342
microsoft -- internet_explorer
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
2014-11-11
9.3
CVE-2014-6343
microsoft -- internet_explorer
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
2014-11-11
9.3
CVE-2014-6344
microsoft -- internet_explorer
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
2014-11-11
9.3
CVE-2014-6347
microsoft -- internet_explorer
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6342.
2014-11-11
9.3
CVE-2014-6348
microsoft -- internet_explorer
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
2014-11-11
9.3
CVE-2014-6351
microsoft -- internet_explorer
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
2014-11-11
9.3
CVE-2014-6353
netbsd -- netbsd
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.
2014-11-17
7.5
CVE-2014-8517
SECUNIA
SECUNIA
MLIST
MLIST
SUSE
php-fusion -- php-fusion
Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php.
2014-11-17
7.5
CVE-2014-8596
MISC
XF
BID
EXPLOIT-DB
MISC
OSVDB
qemu -- qemu
The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.
2014-11-14
7.2
CVE-2014-3689
MLIST
UBUNTU
OSVDB
DEBIAN
DEBIAN
SECUNIA
SECUNIA
SECUNIA
redhat -- openshift
Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors.
2014-11-13
7.5
CVE-2014-3674
rockwellautomation -- connected_components_workbench
Rockwell Automation Connected Components Workbench (CCW) before 7.00.00 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an invalid property value to an ActiveX control that was built with an outdated compiler.
2014-11-13
7.5
CVE-2014-5424
samba -- ppp
Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[corrupts] security-relevant variables."
2014-11-15
7.5
CVE-2014-3158
CONFIRM
MLIST
FEDORA
webfs -- webfs
The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file.
2014-11-16
7.2
CVE-2013-0347
XF
BID
MLIST
MLIST
MLIST
OSVDB
Back to top
Medium Vulnerabilities
Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
adobe -- air
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow remote attackers to discover session tokens via unspecified vectors.
2014-11-11
5.0
CVE-2014-8437
apache -- cordova
Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL.
2014-11-15
6.4
CVE-2014-3500
BID
apache -- cordova
Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.
2014-11-15
4.3
CVE-2014-3501
BID
apache -- cordova
Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent.
2014-11-15
4.3
CVE-2014-3502
BID
apache -- qpid
XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message.
2014-11-17
4.3
CVE-2014-3629
XF
BID
BUGTRAQ
SECUNIA
MISC
arubanetworks -- clearpass
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2014-11-07
4.3
CVE-2014-6620
SECUNIA
arubanetworks -- clearpass
Cross-site request forgery (CSRF) vulnerability in the Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to hijack the authentication of a logged in user via unspecified vectors.
2014-11-07
4.3
CVE-2014-6623
SECUNIA
bad_behavior_project -- bad_behavior
The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log file.
2014-11-12
4.0
CVE-2014-8735
bestpractical -- rt-extension-mobileui
The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and caches via unspecified vectors.
2014-11-15
5.0
CVE-2013-3737
OSVDB
SECUNIA
cisco -- unified_communications_manager
The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376.
2014-11-13
4.3
CVE-2014-7991
cisco -- ios
The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.
2014-11-17
5.0
CVE-2014-7992
cisco -- ios
The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281.
2014-11-14
6.1
CVE-2014-7997
<td scope="row" width="20%" style="text-al